rattail/tailbone
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix bug with mobile receiving UPC lookup; require stronger perm

Browse source 
doing a UPC lookup for mobile receiving now requires "create batch row"
permissions, since the view is capable of just that
This commit is contained in:
Lance Edgar 2017-07-11 11:15:26 -05:00
parent 148cbd2f57
commit dda79a491f
2 changed files with 29 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tailbone/views/master.py
View file

@ -643,6 +643,10 @@ class MasterView(View):
else: else:
grid.configure() grid.configure()
def mobile_row_route_url(self, route_name, **kwargs):
route_name = 'mobile.{}.{}'.format(self.get_row_route_prefix(), route_name)
return self.request.route_url(route_name, **kwargs)
def mobile_view_row(self): def mobile_view_row(self):
""" """
Mobile view for row items Mobile view for row items

14
tailbone/views/purchasing/receiving.py
View file

@ -232,6 +232,9 @@ class ReceivingBatchView(PurchasingBatchView):
url = self.request.route_url('mobile.receiving.rows.view', uuid=row.uuid) url = self.request.route_url('mobile.receiving.rows.view', uuid=row.uuid)
return tags.link_to(title, url) return tags.link_to(title, url)
# TODO: this view can create new rows, with only a GET query. that should
# probably be changed to require POST; for now we just require the "create
# batch row" perm and call it good..
def mobile_lookup(self): def mobile_lookup(self):
""" """
Locate and/or create a row within the batch, according to the given Locate and/or create a row within the batch, according to the given
@ -257,6 +260,8 @@ class ReceivingBatchView(PurchasingBatchView):
upc, batch.id_str, batch)) upc, batch.id_str, batch))
row = rows[0] row = rows[0]
else:
# try to locate general product by UPC; add to batch if found # try to locate general product by UPC; add to batch if found
product = api.get_product_by_upc(self.Session(), provided) product = api.get_product_by_upc(self.Session(), provided)
if not product: if not product:
@ -267,8 +272,9 @@ class ReceivingBatchView(PurchasingBatchView):
batch.add_row(row) batch.add_row(row)
self.handler.refresh_row(row) self.handler.refresh_row(row)
else:
# if product not even in system, add to batch anyway.. # if product not even in system, add to batch anyway..
if not row:
row = model.PurchaseBatchRow() row = model.PurchaseBatchRow()
row.upc = provided # TODO: why not checked? how to know? row.upc = provided # TODO: why not checked? how to know?
row.description = "(unknown product)" row.description = "(unknown product)"
@ -276,7 +282,7 @@ class ReceivingBatchView(PurchasingBatchView):
self.handler.refresh_row(row) self.handler.refresh_row(row)
self.Session.flush() self.Session.flush()
return self.redirect(self.request.route_url('mobile.{}.view'.format(self.get_row_route_prefix()), uuid=row.uuid)) return self.redirect(self.mobile_row_route_url('view', uuid=row.uuid))
def mobile_view_row(self): def mobile_view_row(self):
""" """
@ -379,10 +385,10 @@ class ReceivingBatchView(PurchasingBatchView):
permission_prefix = cls.get_permission_prefix() permission_prefix = cls.get_permission_prefix()
row_permission_prefix = cls.get_row_permission_prefix() row_permission_prefix = cls.get_row_permission_prefix()
# mobile lookup # mobile lookup (note perm; this view can create new rows)
config.add_route('mobile.{}.lookup'.format(route_prefix), '/mobile{}/{{{}}}/lookup'.format(url_prefix, model_key)) config.add_route('mobile.{}.lookup'.format(route_prefix), '/mobile{}/{{{}}}/lookup'.format(url_prefix, model_key))
config.add_view(cls, attr='mobile_lookup', route_name='mobile.{}.lookup'.format(route_prefix), config.add_view(cls, attr='mobile_lookup', route_name='mobile.{}.lookup'.format(route_prefix),
renderer='json', permission='{}.view'.format(row_permission_prefix)) renderer='json', permission='{}.create'.format(row_permission_prefix))
# mobile mark complete # mobile mark complete
config.add_route('mobile.{}.mark_complete'.format(route_prefix), '/mobile{}/{{{}}}/mark-complete'.format(url_prefix, model_key)) config.add_route('mobile.{}.mark_complete'.format(route_prefix), '/mobile{}/{{{}}}/mark-complete'.format(url_prefix, model_key))