rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix CSRF bug in Ordering Form template, make case quantity pretty

Browse source
This commit is contained in:
Lance Edgar 2016-12-19 14:45:20 -06:00
parent 3db2c9cba4
commit 7a9780e2b8
1 changed files with 19 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
tailbone/templates/purchases/batches/order_form.mako
View file

@ -14,14 +14,12 @@
return true; return true;
} }
if (event.which == 13) { if (event.which == 13) {
var input = $(this);
var row = $(this).parents('tr:first'); var row = $(this).parents('tr:first');
var data = { var form = $('#item-update-form');
product_uuid: row.data('uuid'), form.find('[name="product_uuid"]').val(row.data('uuid'));
cases_ordered: row.find('input[name^="cases_ordered_"]').val() || '0', form.find('[name="cases_ordered"]').val(row.find('input[name^="cases_ordered_"]').val() || '0');
units_ordered: row.find('input[name^="units_ordered_"]').val() || '0' form.find('[name="units_ordered"]').val(row.find('input[name^="units_ordered_"]').val() || '0');
}; $.post(form.attr('action'), form.serialize(), function(data) {
$.post('${url('purchases.batch.order_form_update', uuid=batch.uuid)}', data, function(data) {
if (data.error) { if (data.error) {
alert(data.error); alert(data.error);
} else { } else {
@ -37,6 +35,10 @@
}); });
</script> </script>
</%def>
<%def name="extra_styles()">
${parent.extra_styles()}
<style type="text/css"> <style type="text/css">
.order-form th.department { .order-form th.department {
@ -185,7 +187,7 @@
<td class="upc">${get_upc(cost.product)}</td> <td class="upc">${get_upc(cost.product)}</td>
<td class="brand">${cost.product.brand or ''}</td> <td class="brand">${cost.product.brand or ''}</td>
<td class="desc">${cost.product.description} ${cost.product.size or ''}</td> <td class="desc">${cost.product.description} ${cost.product.size or ''}</td>
<td class="case-qty">${cost.case_size} ${"LB" if cost.product.weighed else "EA"}</td> <td class="case-qty">${h.pretty_quantity(cost.case_size)} ${"LB" if cost.product.weighed else "EA"}</td>
<td class="code">${cost.code or ''}</td> <td class="code">${cost.code or ''}</td>
<td class="preferred">${'X' if cost.preference == 1 else ''}</td> <td class="preferred">${'X' if cost.preference == 1 else ''}</td>
<td class="unit-cost">$${'{:0.2f}'.format(cost.unit_cost)}</td> <td class="unit-cost">$${'{:0.2f}'.format(cost.unit_cost)}</td>
@ -204,10 +206,10 @@
</td> </td>
% endfor % endfor
<td class="current-order"> <td class="current-order">
${h.text('cases_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.cases_ordered) if cost._batchrow else None)} ${h.text('cases_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.cases_ordered or 0) if cost._batchrow else None)}
</td> </td>
<td class="current-order"> <td class="current-order">
${h.text('units_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.units_ordered) if cost._batchrow else None)} ${h.text('units_ordered_{}'.format(cost.uuid), value=int(cost._batchrow.units_ordered or 0) if cost._batchrow else None)}
</td> </td>
<td class="po-total">${'${:0,.2f}'.format(cost._batchrow.po_total) if cost._batchrow else ''}</td> <td class="po-total">${'${:0,.2f}'.format(cost._batchrow.po_total) if cost._batchrow else ''}</td>
${self.extra_td(cost)} ${self.extra_td(cost)}
@ -219,6 +221,13 @@
</table> </table>
</div> </div>
${h.form(url('purchases.batch.order_form_update', uuid=batch.uuid), id='item-update-form', style='display: none;')}
${h.csrf_token(request)}
${h.hidden('product_uuid')}
${h.hidden('cases_ordered')}
${h.hidden('units_ordered')}
${h.end_form()}
<%def name="extra_vendor_fields()"></%def> <%def name="extra_vendor_fields()"></%def>