forked from CGM_Public/pretix_original
Orders: Prevent race condition in manual status transition (Z#23203887) (#5385)
This commit is contained in:
Raphael Michel
@@ -1458,8 +1458,11 @@ class OrderTransition(OrderView):
|
|||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@transaction.atomic()
|
||||||
def post(self, request, *args, **kwargs):
|
def post(self, request, *args, **kwargs):
|
||||||
to = self.request.POST.get('status', '')
|
to = self.request.POST.get('status', '')
|
||||||
|
self.order = Order.objects.select_for_update(of=OF_SELF).get(pk=self.order.pk)
|
||||||
|
|
||||||
if self.order.status in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) and to == 'p' and self.mark_paid_form.is_valid():
|
if self.order.status in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) and to == 'p' and self.mark_paid_form.is_valid():
|
||||||
ps = self.mark_paid_form.cleaned_data['amount']
|
ps = self.mark_paid_form.cleaned_data['amount']
|
||||||
|
|
||||||
@@ -1489,7 +1492,6 @@ class OrderTransition(OrderView):
|
|||||||
for p in self.order.payments.filter(state__in=(OrderPayment.PAYMENT_STATE_PENDING,
|
for p in self.order.payments.filter(state__in=(OrderPayment.PAYMENT_STATE_PENDING,
|
||||||
OrderPayment.PAYMENT_STATE_CREATED)):
|
OrderPayment.PAYMENT_STATE_CREATED)):
|
||||||
try:
|
try:
|
||||||
with transaction.atomic():
|
|
||||||
if p.payment_provider:
|
if p.payment_provider:
|
||||||
p.payment_provider.cancel_payment(p)
|
p.payment_provider.cancel_payment(p)
|
||||||
self.order.log_action('pretix.event.order.payment.canceled', {
|
self.order.log_action('pretix.event.order.payment.canceled', {
|
||||||
|
|||||||
Reference in New Issue
Block a user