Fix bug with mobile receiving UPC lookup; require stronger perm
doing a UPC lookup for mobile receiving now requires "create batch row" permissions, since the view is capable of just that
This commit is contained in:
Lance Edgar
parent
148cbd2f57
commit
dda79a491f
2 changed files with 29 additions and 19 deletions
|
|
@ -643,6 +643,10 @@ class MasterView(View):
|
|||
else:
|
||||
grid.configure()
|
||||
|
||||
def mobile_row_route_url(self, route_name, **kwargs):
|
||||
route_name = 'mobile.{}.{}'.format(self.get_row_route_prefix(), route_name)
|
||||
return self.request.route_url(route_name, **kwargs)
|
||||
|
||||
def mobile_view_row(self):
|
||||
"""
|
||||
Mobile view for row items
|
||||
|
|
|
|||
|
|
@ -232,6 +232,9 @@ class ReceivingBatchView(PurchasingBatchView):
|
|||
url = self.request.route_url('mobile.receiving.rows.view', uuid=row.uuid)
|
||||
return tags.link_to(title, url)
|
||||
|
||||
# TODO: this view can create new rows, with only a GET query. that should
|
||||
# probably be changed to require POST; for now we just require the "create
|
||||
# batch row" perm and call it good..
|
||||
def mobile_lookup(self):
|
||||
"""
|
||||
Locate and/or create a row within the batch, according to the given
|
||||
|
|
@ -257,26 +260,29 @@ class ReceivingBatchView(PurchasingBatchView):
|
|||
upc, batch.id_str, batch))
|
||||
row = rows[0]
|
||||
|
||||
# try to locate general product by UPC; add to batch if found
|
||||
product = api.get_product_by_upc(self.Session(), provided)
|
||||
if not product:
|
||||
product = api.get_product_by_upc(self.Session(), checked)
|
||||
if product:
|
||||
row = model.PurchaseBatchRow()
|
||||
row.product = product
|
||||
batch.add_row(row)
|
||||
self.handler.refresh_row(row)
|
||||
else:
|
||||
|
||||
# if product not even in system, add to batch anyway..
|
||||
if not row:
|
||||
row = model.PurchaseBatchRow()
|
||||
row.upc = provided # TODO: why not checked? how to know?
|
||||
row.description = "(unknown product)"
|
||||
batch.add_row(row)
|
||||
self.handler.refresh_row(row)
|
||||
# try to locate general product by UPC; add to batch if found
|
||||
product = api.get_product_by_upc(self.Session(), provided)
|
||||
if not product:
|
||||
product = api.get_product_by_upc(self.Session(), checked)
|
||||
if product:
|
||||
row = model.PurchaseBatchRow()
|
||||
row.product = product
|
||||
batch.add_row(row)
|
||||
self.handler.refresh_row(row)
|
||||
|
||||
else:
|
||||
|
||||
# if product not even in system, add to batch anyway..
|
||||
row = model.PurchaseBatchRow()
|
||||
row.upc = provided # TODO: why not checked? how to know?
|
||||
row.description = "(unknown product)"
|
||||
batch.add_row(row)
|
||||
self.handler.refresh_row(row)
|
||||
|
||||
self.Session.flush()
|
||||
return self.redirect(self.request.route_url('mobile.{}.view'.format(self.get_row_route_prefix()), uuid=row.uuid))
|
||||
return self.redirect(self.mobile_row_route_url('view', uuid=row.uuid))
|
||||
|
||||
def mobile_view_row(self):
|
||||
"""
|
||||
|
|
@ -379,10 +385,10 @@ class ReceivingBatchView(PurchasingBatchView):
|
|||
permission_prefix = cls.get_permission_prefix()
|
||||
row_permission_prefix = cls.get_row_permission_prefix()
|
||||
|
||||
# mobile lookup
|
||||
# mobile lookup (note perm; this view can create new rows)
|
||||
config.add_route('mobile.{}.lookup'.format(route_prefix), '/mobile{}/{{{}}}/lookup'.format(url_prefix, model_key))
|
||||
config.add_view(cls, attr='mobile_lookup', route_name='mobile.{}.lookup'.format(route_prefix),
|
||||
renderer='json', permission='{}.view'.format(row_permission_prefix))
|
||||
renderer='json', permission='{}.create'.format(row_permission_prefix))
|
||||
|
||||
# mobile mark complete
|
||||
config.add_route('mobile.{}.mark_complete'.format(route_prefix), '/mobile{}/{{{}}}/mark-complete'.format(url_prefix, model_key))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue