finance logging

8 years ago · 861a4b2598
parent 07401183a9
commit 861a4b2598
2 changed files with 8 additions and 7 deletions
--- a/finance/models.py
+++ b/finance/models.py
@ -31,7 +31,7 @@ class Bill(models.Model):
        if self.invoice_set.exclude(status='F').exists():
            log = False
            try:
-                p = Progress.objects.get(user=user, course_token=str(self.course_token))
+                p = Progress.objects.get(user=self.user, course_token=str(self.course_token))
                p.freeze = True
                p.save()
            except Progress.DoesNotExist:
--- a/finance/views.py
+++ b/finance/views.py
@ -44,12 +44,13 @@ class FreezeView(APIView):

    @staticmethod
    def post(request, pk):
-        if request.user.is_authenticated:
-            try:
-                bill = Bill.objects.get(id=pk)
-                bill.freeze_course(request.user)
-            except Bill.DoesNotExist:
-                return Response("Счёт не найден", status=404)
+        try:
+            bill = Bill.objects.get(id=pk)
+        except Bill.DoesNotExist:
+            return Response("Счёт не найден", status=404)
+
+        if request.user.is_authenticated and request.user.email == bill.user.email:
+            bill.freeze_course()
            return Response(status=204)
        return Response("Permission denied", status=403)