CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Orders: Prevent race condition in manual status transition (Z#23203887) (#5385)

Browse Source
This commit is contained in:
Raphael Michel
2025-08-19 12:01:03 +02:00
committed by GitHub
parent a51a6123f5
commit 727ed67ff4
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/pretix/control/views/orders.py
View File

@@ -1458,8 +1458,11 @@ class OrderTransition(OrderView):
}
)
@transaction.atomic()
def post(self, request, *args, **kwargs):
to = self.request.POST.get('status', '')
self.order = Order.objects.select_for_update(of=OF_SELF).get(pk=self.order.pk)
if self.order.status in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) and to == 'p' and self.mark_paid_form.is_valid():
ps = self.mark_paid_form.cleaned_data['amount']
@@ -1489,13 +1492,12 @@ class OrderTransition(OrderView):
for p in self.order.payments.filter(state__in=(OrderPayment.PAYMENT_STATE_PENDING,
OrderPayment.PAYMENT_STATE_CREATED)):
try:
with transaction.atomic():
if p.payment_provider:
p.payment_provider.cancel_payment(p)
self.order.log_action('pretix.event.order.payment.canceled', {
'local_id': p.local_id,
'provider': p.provider,
}, user=self.request.user if self.request.user.is_authenticated else None)
if p.payment_provider:
p.payment_provider.cancel_payment(p)
self.order.log_action('pretix.event.order.payment.canceled', {
'local_id': p.local_id,
'provider': p.provider,
}, user=self.request.user if self.request.user.is_authenticated else None)
except PaymentException as e:
self.order.log_action(
'pretix.event.order.payment.canceled.failed',