From 861a4b25982f843902edbf89b992a7f0660092fa Mon Sep 17 00:00:00 2001 From: Andrey Date: Sat, 14 Apr 2018 17:03:10 +0300 Subject: [PATCH] finance logging --- finance/models.py | 2 +- finance/views.py | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/finance/models.py b/finance/models.py index 89ad0ec..baf8d70 100755 --- a/finance/models.py +++ b/finance/models.py @@ -31,7 +31,7 @@ class Bill(models.Model): if self.invoice_set.exclude(status='F').exists(): log = False try: - p = Progress.objects.get(user=user, course_token=str(self.course_token)) + p = Progress.objects.get(user=self.user, course_token=str(self.course_token)) p.freeze = True p.save() except Progress.DoesNotExist: diff --git a/finance/views.py b/finance/views.py index bb4e472..66a7df3 100644 --- a/finance/views.py +++ b/finance/views.py @@ -44,12 +44,13 @@ class FreezeView(APIView): @staticmethod def post(request, pk): - if request.user.is_authenticated: - try: - bill = Bill.objects.get(id=pk) - bill.freeze_course(request.user) - except Bill.DoesNotExist: - return Response("Счёт не найден", status=404) + try: + bill = Bill.objects.get(id=pk) + except Bill.DoesNotExist: + return Response("Счёт не найден", status=404) + + if request.user.is_authenticated and request.user.email == bill.user.email: + bill.freeze_course() return Response(status=204) return Response("Permission denied", status=403)