Issue #449: Display and change order locale (#459)

* Add more security headers (#458) * Include some missing security headers This change adds the following security headers: * X-Content-Type-Options to prevent content type sniffing * Referrer-Policy to prevent leaking referrer information when navigating away from the instance * Migrate from Docker sample to manual configuration Migrate the additional security headers from the Docker configuration sample to the manual configuration guide. Add DS_Store to gitingore * Show order locale in order details * Add OrderLocaleChange view and OrderLocaleForm Refactor OrderLocaleForm. Add test
2017-04-11 13:45:46 +05:00
parent 984d5c716b
commit ccb981e6ce
7 changed files with 114 additions and 1 deletions
--- a/src/pretix/control/forms/orders.py
+++ b/src/pretix/control/forms/orders.py
@@ -1,4 +1,5 @@
 from django import forms
+from django.conf import settings
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils.formats import localize
@@ -118,3 +119,15 @@ class OrderContactForm(forms.ModelForm):
    class Meta:
        model = Order
        fields = ['email']
+
+
+class OrderLocaleForm(forms.ModelForm):
+    locale = forms.ChoiceField()
+
+    class Meta:
+        model = Order
+        fields = ['locale']
+
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.fields['locale'].choices = [(a, a) for a in self.instance.event.settings.locales]
--- a/src/pretix/control/templates/pretixcontrol/order/change_locale.html
+++ b/src/pretix/control/templates/pretixcontrol/order/change_locale.html
@@ -0,0 +1,30 @@
+{% extends "pretixcontrol/event/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}
+    {% trans "Change locale information" %}
+{% endblock %}
+{% block content %}
+    <h1>
+        {% trans "Change locale information" %}
+    </h1>
+    <p>
+        This language will be used whenever emails are sent to the users.
+    </p>
+
+    <form method="post" class="form-horizontal" href="">
+        {% csrf_token %}
+        <input type="hidden" name="status" value="c" />
+        {% bootstrap_form form layout='horizontal' %}
+        <div class="form-group submit-group">
+            <a class="btn btn-default btn-lg"
+                    href="{% url "control:event.order" event=request.event.slug organizer=request.event.organizer.slug code=order.code %}">
+                {% trans "Cancel" %}
+            </a>
+            <button class="btn btn-primary btn-save btn-lg" type="submit">
+                {% trans "Save" %}
+            </button>
+            <div class="clearfix"></div>
+        </div>
+    </form>
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/order/index.html
+++ b/src/pretix/control/templates/pretixcontrol/order/index.html
@@ -71,6 +71,13 @@
                    <dl class="dl-horizontal">
                        <dt>{% trans "Order code" %}</dt>
                        <dd>{{ order.code }}</dd>
+                        <dt>{% trans "Order locale" %}</dt>
+                        <dd>
+                            {{ order.locale }}
+                            <a href="{% url "control:event.order.locale" event=request.event.slug organizer=request.event.organizer.slug code=order.code %}" class="btn btn-default btn-xs">
+                                <span class="fa fa-edit"></span>
+                            </a>
+                        </dd>
                        <dt>{% trans "Order date" %}</dt>
                        <dd>{{ order.datetime }}</dd>
                        {% if order.status == "p" %}
--- a/src/pretix/control/urls.py
+++ b/src/pretix/control/urls.py
@@ -111,6 +111,8 @@ urlpatterns = [
            name='event.order.extend'),
        url(r'^orders/(?P<code>[0-9A-Z]+)/contact$', orders.OrderContactChange.as_view(),
            name='event.order.contact'),
+        url(r'^orders/(?P<code>[0-9A-Z]+)/locale', orders.OrderLocaleChange.as_view(),
+            name='event.order.locale'),
        url(r'^orders/(?P<code>[0-9A-Z]+)/comment$', orders.OrderComment.as_view(),
            name='event.order.comment'),
        url(r'^orders/(?P<code>[0-9A-Z]+)/change$', orders.OrderChange.as_view(),
--- a/src/pretix/control/views/orders.py
+++ b/src/pretix/control/views/orders.py
@@ -30,7 +30,7 @@ from pretix.base.signals import (
    register_data_exporters, register_payment_providers,
 )
 from pretix.control.forms.orders import (
-    CommentForm, ExporterForm, ExtendForm, OrderContactForm,
+    CommentForm, ExporterForm, ExtendForm, OrderContactForm, OrderLocaleForm,
    OrderPositionChangeForm,
 )
 from pretix.control.permissions import EventPermissionRequiredMixin
@@ -552,6 +552,40 @@ class OrderContactChange(OrderView):
        return self.get(*args, **kwargs)


+class OrderLocaleChange(OrderView):
+    permission = 'can_change_orders'
+    template_name = 'pretixcontrol/order/change_locale.html'
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data()
+        ctx['form'] = self.form
+        return ctx
+
+    @cached_property
+    def form(self):
+        return OrderLocaleForm(
+            instance=self.order,
+            data=self.request.POST if self.request.method == "POST" else None
+        )
+
+    def post(self, *args, **kwargs):
+        old_locale = self.order.locale
+        if self.form.is_valid():
+            self.order.log_action(
+                'pretix.event.order.locale.changed',
+                data={
+                    'old_locale': old_locale,
+                    'new_locale': self.form.cleaned_data['locale'],
+                },
+                user=self.request.user,
+            )
+
+            self.form.save()
+            messages.success(self.request, _('The order has been changed.'))
+            return redirect(self.get_order_url())
+        return self.get(*args, **kwargs)
+
+
 class OverView(EventPermissionRequiredMixin, TemplateView):
    template_name = 'pretixcontrol/orders/overview.html'
    permission = 'can_view_orders'
--- a/src/tests/control/test_orders.py
+++ b/src/tests/control/test_orders.py
@@ -40,6 +40,7 @@ def env():
                                 category=None, default_price=23,
                                 admission=True)
    event.settings.set('attendee_names_asked', True)
+    event.settings.set('locales', ['en', 'de'])
    OrderPosition.objects.create(
        order=o,
        item=ticket,
@@ -104,6 +105,30 @@ def test_order_set_contact(client, env):
    assert o.email == 'admin@rami.io'


+@pytest.mark.django_db
+def test_order_set_locale(client, env):
+    q = Quota.objects.create(event=env[0], size=0)
+    q.items.add(env[3])
+    client.login(email='dummy@dummy.dummy', password='dummy')
+    client.post('/control/event/dummy/dummy/orders/FOO/locale', {
+        'locale': 'de'
+    })
+    o = Order.objects.get(id=env[2].id)
+    assert o.locale == 'de'
+
+
+@pytest.mark.django_db
+def test_order_set_locale_with_invalid_locale_value(client, env):
+    q = Quota.objects.create(event=env[0], size=0)
+    q.items.add(env[3])
+    client.login(email='dummy@dummy.dummy', password='dummy')
+    client.post('/control/event/dummy/dummy/orders/FOO/locale', {
+        'locale': 'fr'
+    })
+    o = Order.objects.get(id=env[2].id)
+    assert o.locale == 'en'
+
+
@pytest.mark.django_db
 def test_order_set_comment(client, env):
    q = Quota.objects.create(event=env[0], size=0)