Commit c1ebef5b authored by Sebastien Robin's avatar Sebastien Robin

many changes on account incident because specification has changed.

Fixed security problem on currency sale

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@12447 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 55aa6c5d
......@@ -108,6 +108,7 @@
<string>my_source_decision_title</string>
<string>my_responsible_title</string>
<string>my_source_total_asset_price</string>
<string>my_resource_title</string>
</list>
</value>
</item>
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<tuple>
<tuple>
<string>Products.Formulator.StandardFields</string>
<string>StringField</string>
</tuple>
<none/>
</tuple>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_owner</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>my_resource_title</string> </value>
</item>
<item>
<key> <string>message_values</string> </key>
<value>
<dictionary>
<item>
<key> <string>external_validator_failed</string> </key>
<value> <string>The input failed the external validator.</string> </value>
</item>
<item>
<key> <string>required_not_found</string> </key>
<value> <string>Input is required but no input given.</string> </value>
</item>
<item>
<key> <string>too_long</string> </key>
<value> <string>Too much input was given.</string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>overrides</string> </key>
<value>
<dictionary>
<item>
<key> <string>alternate_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>css_class</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>default</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>display_maxwidth</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>display_width</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>editable</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>enabled</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>external_validator</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>extra</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>hidden</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>max_length</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>required</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>truncate</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>unicode</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>whitespace_preserve</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>tales</string> </key>
<value>
<dictionary>
<item>
<key> <string>alternate_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>css_class</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>default</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>display_maxwidth</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>display_width</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>editable</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>enabled</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>external_validator</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>extra</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>hidden</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>max_length</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>required</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>truncate</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>unicode</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>whitespace_preserve</string> </key>
<value> <string></string> </value>
</item>
</dictionary>
</value>
</item>
<item>
<key> <string>values</string> </key>
<value>
<dictionary>
<item>
<key> <string>alternate_name</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>css_class</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>default</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>description</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>display_maxwidth</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>display_width</string> </key>
<value> <int>20</int> </value>
</item>
<item>
<key> <string>editable</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>enabled</string> </key>
<value> <int>1</int> </value>
</item>
<item>
<key> <string>external_validator</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>extra</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>hidden</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>max_length</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>required</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>Currency</string> </value>
</item>
<item>
<key> <string>truncate</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>unicode</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>whitespace_preserve</string> </key>
<value> <int>0</int> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -69,12 +69,22 @@
<item>
<key> <string>_body</string> </key>
<value> <string>request = context.REQUEST\n
currency = context.getResourceId()\n
\n
if currency != context.Baobab_getPortalReferenceCurrencyID():\n
cash_status = [\'not_defined\']\n
emission_letter = [\'not_defined\']\n
variation = [\'not_defined\']\n
else:\n
cash_status = None\n
emission_letter = None\n
variation = context.Baobab_getResourceVintageList(banknote=1, coin=1)\n
\n
cash_detail_dict = {\'line_portal_type\' : \'Incoming Cash Incident Line\'\n
, \'operation_currency\' : context.Baobab_getPortalReferenceCurrencyID()\n
, \'cash_status_list\' : None\n
, \'emission_letter_list\' : None\n
, \'variation_list\' : context.Baobab_getResourceVintageList(banknote=1, coin=1)\n
, \'operation_currency\' : currency\n
, \'cash_status_list\' : cash_status\n
, \'emission_letter_list\' : emission_letter\n
, \'variation_list\' : variation\n
, \'currency_cash_portal_type\': None\n
, \'read_only\' : False\n
, \'column_base_category\' : \'variation\'\n
......@@ -135,6 +145,10 @@ return context.CashDelivery_generateCashDetailInputDialog(listbox = None\n
<string>_getattr_</string>
<string>context</string>
<string>request</string>
<string>currency</string>
<string>cash_status</string>
<string>emission_letter</string>
<string>variation</string>
<string>None</string>
<string>False</string>
<string>cash_detail_dict</string>
......
......@@ -69,12 +69,22 @@
<item>
<key> <string>_body</string> </key>
<value> <string>request = context.REQUEST\n
currency = context.getResourceId()\n
\n
if currency != context.Baobab_getPortalReferenceCurrencyID():\n
cash_status = [\'not_defined\']\n
emission_letter = [\'not_defined\']\n
variation = [\'not_defined\']\n
else:\n
cash_status = None\n
emission_letter = None\n
variation = context.Baobab_getResourceVintageList(banknote=1, coin=1)\n
\n
cash_detail_dict = {\'line_portal_type\' : \'Outgoing Cash Incident Line\'\n
, \'operation_currency\' : context.Baobab_getPortalReferenceCurrencyID()\n
, \'cash_status_list\' : None\n
, \'emission_letter_list\' : None\n
, \'variation_list\' : context.Baobab_getResourceVintageList(banknote=1, coin=1)\n
, \'operation_currency\' : currency\n
, \'cash_status_list\' : cash_status\n
, \'emission_letter_list\' : emission_letter\n
, \'variation_list\' : variation\n
, \'currency_cash_portal_type\': None\n
, \'read_only\' : False\n
, \'column_base_category\' : \'variation\'\n
......@@ -135,6 +145,10 @@ return context.CashDelivery_generateCashDetailInputDialog(listbox = None\n
<string>_getattr_</string>
<string>context</string>
<string>request</string>
<string>currency</string>
<string>cash_status</string>
<string>emission_letter</string>
<string>variation</string>
<string>None</string>
<string>False</string>
<string>cash_detail_dict</string>
......
......@@ -86,27 +86,28 @@ source = context.getSource()\n
baobab_source = None\n
\n
# Get the history of the workflow\n
user_id=\'None\'\n
user_id=None\n
\n
for workflow_item in context.Base_getWorkflowHistoryItemList(\'currency_sale_workflow\',display=0):\n
\n
if workflow_item.getProperty(\'action\')==\'deliver_action\':\n
user_id=workflow_item.getProperty(\'actor\')\n
\n
site_list = context.Baobab_getUserAssignedSiteList(user_id=user_id)\n
if user_id is not None:\n
site_list = context.Baobab_getUserAssignedSiteList(user_id=user_id)\n
\n
for site in site_list:\n
site_value = context.portal_categories.getCategoryValue(site)\n
\n
if site_value.getVaultType().endswith(\'guichet\') and source in site:\n
baobab_source = site + encaisse_devise\n
found = 1\n
for site in site_list:\n
site_value = context.portal_categories.getCategoryValue(site)\n
\n
break\n
if site_value.getVaultType().endswith(\'guichet\') and source in site:\n
baobab_source = site + encaisse_devise\n
found = 1\n
\n
break\n
\n
if not found:\n
msg = Message(domain=\'ui\', message=\'Your user is not well assigned\')\n
raise ValidationFailed, (msg,)\n
if not found:\n
msg = Message(domain=\'ui\', message=\'Your user is not well assigned\')\n
raise ValidationFailed, (msg,)\n
\n
return baobab_source\n
</string> </value>
......
......@@ -335,7 +335,7 @@
</tuple>
<tuple>
<string>source_reference</string>
<string encoding="base64">UsOpZsOpcmVuY2U=</string>
<string>Reference</string>
</tuple>
<tuple>
<string>delivery.start_date</string>
......
......@@ -341,7 +341,7 @@
</tuple>
<tuple>
<string>source_reference</string>
<string encoding="base64">UsOpZsOpcmVuY2U=</string>
<string>Reference</string>
</tuple>
<tuple>
<string>delivery.start_date</string>
......@@ -453,6 +453,10 @@
<list/>
</value>
</item>
<item>
<key> <string>page_template</string> </key>
<value> <string></string> </value>
</item>
<item>
<key> <string>portal_types</string> </key>
<value>
......
......@@ -68,7 +68,8 @@
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>return None\n
<value> <string>#return None\n
return context.getSource()\n
</string> </value>
</item>
<item>
......@@ -119,7 +120,8 @@
<tuple>
<string>args</string>
<string>kw</string>
<string>None</string>
<string>_getattr_</string>
<string>context</string>
</tuple>
</value>
</item>
......
......@@ -68,24 +68,7 @@
</item>
<item>
<key> <string>_body</string> </key>
<value> <string>transaction = state_change[\'object\']\n
bank_account = transaction.getDestinationPaymentValue()\n
price = transaction.getSourceTotalAssetPrice()\n
line = transaction.get(\'movement\')\n
\n
in_list = transaction.objectValues(portal_type=\'Incoming Account Incident Line\')\n
out_list = transaction.objectValues(portal_type=\'Outgoing Account Incident Line\')\n
\n
if (len(in_list)!= 0): \n
if line is not None and line.getPortalType() == \'Banking Operation Line\':\n
# This is a single currency operation, so it is not necessary to convert the price.\n
line.setSourceCredit(price)\n
\n
elif (len(out_list) != 0) :\n
line = transaction.get(\'movement\')\n
if line is not None and line.getPortalType() == \'Banking Operation Line\':\n
# This is a single currency operation, so it is not necessary to convert the price.\n
line.setSourceDebit(price)\n
<value> <string>return None\n
</string> </value>
</item>
<item>
......@@ -108,15 +91,7 @@ elif (len(out_list) != 0) :\n
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>state_change</string> </value>
</item>
<item>
<key> <string>_proxy_roles</string> </key>
<value>
<tuple>
<string>Manager</string>
</tuple>
</value>
<value> <string>*args, **kw</string> </value>
</item>
<item>
<key> <string>errors</string> </key>
......@@ -136,22 +111,14 @@ elif (len(out_list) != 0) :\n
<dictionary>
<item>
<key> <string>co_argcount</string> </key>
<value> <int>1</int> </value>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>co_varnames</string> </key>
<value>
<tuple>
<string>state_change</string>
<string>_getitem_</string>
<string>transaction</string>
<string>_getattr_</string>
<string>bank_account</string>
<string>price</string>
<string>line</string>
<string>in_list</string>
<string>out_list</string>
<string>len</string>
<string>args</string>
<string>kw</string>
<string>None</string>
</tuple>
</value>
......@@ -169,7 +136,7 @@ elif (len(out_list) != 0) :\n
</item>
<item>
<key> <string>id</string> </key>
<value> <string>updateBankingOperation</string> </value>
<value> <string>OutgoingCashIncidentLine_getBaobabSource</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
......
......@@ -74,12 +74,13 @@
from Products.DCWorkflow.DCWorkflow import ValidationFailed\n
from Products.ERP5Type.Message import Message\n
\n
txn = state_change[\'object\']\n
transaction = state_change[\'object\']\n
date = transaction.getStartDate()\n
\n
user_id = txn.portal_membership.getAuthenticatedMember().getUserName()\n
user_id = transaction.portal_membership.getAuthenticatedMember().getUserName()\n
site_list = context.Baobab_getUserAssignedSiteList(user_id=user_id)\n
# context.log(\'validateVaultBalance site_list\',site_list)\n
source = txn.getSource()\n
source = transaction.getSource()\n
baobab_source = None\n
for site in site_list:\n
site_value = context.portal_categories.getCategoryValue(site)\n
......@@ -90,17 +91,17 @@ source = baobab_source\n
source_object = context.portal_categories.getCategoryValue(source)\n
\n
# check again that we are in the good accounting date\n
if not txn.Baobab_checkCounterDateOpen(site=source_object, date=txn.getStartDate()):\n
if not transaction.Baobab_checkCounterDateOpen(site=source_object, date=date):\n
msg = Message(domain = "ui", message="Transaction not in the good accounting date")\n
raise ValidationFailed, (msg,)\n
\n
\n
in_list = txn.objectValues(portal_type=\'Incoming Account Incident Line\')\n
out_list = txn.objectValues(portal_type=\'Outgoing Account Incident Line\')\n
vault = "%s/surface/caisse_courante/encaisse_des_billets_et_monnaies" %(txn.getSource(),)\n
price = txn.getSourceTotalAssetPrice()\n
in_price = txn.getTotalPrice(portal_type=[\'Incoming Account Incident Line\',\'Cash Delivery Cell\'],fast=0)\n
out_price = txn.getTotalPrice(portal_type=[\'Outgoing Account Incident Line\',\'Cash Delivery Cell\'],fast=0)\n
in_list = transaction.objectValues(portal_type=\'Incoming Account Incident Line\')\n
out_list = transaction.objectValues(portal_type=\'Outgoing Account Incident Line\')\n
vault = "%s/surface/caisse_courante/encaisse_des_billets_et_monnaies" %(transaction.getSource(),)\n
price = transaction.getSourceTotalAssetPrice()\n
in_price = transaction.getTotalPrice(portal_type=[\'Incoming Account Incident Line\',\'Cash Delivery Cell\'],fast=0)\n
out_price = transaction.getTotalPrice(portal_type=[\'Outgoing Account Incident Line\',\'Cash Delivery Cell\'],fast=0)\n
\n
if len(in_list) != 0 and len(out_list) != 0:\n
msg = Message(domain = "ui", message="You can\'t have excess and deficit on the document.")\n
......@@ -110,13 +111,56 @@ elif len(in_list) == 0 and len(out_list) == 0:\n
raise ValidationFailed, (msg,)\n
elif len(out_list) !=0:\n
#resource = transaction.CashDelivery_checkCounterInventory(source=vault, portal_type=\'Outgoing Account Incident Line\')\n
resource = txn.CashDelivery_checkCounterInventory(source=vault, portal_type=\'Outgoing Account Incident Line\')\n
resource = transaction.CashDelivery_checkCounterInventory(source=vault, portal_type=\'Outgoing Account Incident Line\')\n
if resource <> 0 :\n
msg = Message(domain="ui", message="Insufficient Balance.")\n
raise ValidationFailed, (msg,)\n
elif (in_price != 0 and in_price != price) or (out_price != 0 and out_price != price):\n
msg = Message(domain = "ui", message="Price differs between document and resource.")\n
raise ValidationFailed, (msg,)\n
\n
# Now we will validate the accounting position\n
transaction = state_change[\'object\']\n
bank_account = transaction.getDestinationPaymentValue()\n
price = transaction.getSourceTotalAssetPrice()\n
line = transaction.get(\'movement\')\n
\n
in_list = transaction.objectValues(portal_type=\'Incoming Account Incident Line\')\n
out_list = transaction.objectValues(portal_type=\'Outgoing Account Incident Line\')\n
\n
debit=0\n
if (len(in_list)!= 0): \n
# This is a single currency operation, so it is not necessary to convert the price.\n
line.setSourceCredit(price)\n
\n
elif (len(out_list) != 0) :\n
# This is a single currency operation, so it is not necessary to convert the price.\n
debit=1\n
line.setSourceDebit(price)\n
\n
# this prevents multiple transactions from being committed at the same time for this bank account.\n
bank_account.serialize()\n
\n
# Make sure there are no other operations pending for this account\n
if transaction.BankAccount_isMessagePending(bank_account):\n
msg = Message(domain=\'ui\', message="There are operations pending for this account that prevent form calculating its position. Please try again later.")\n
raise ValidationFailed, (msg,)\n
\n
# Index the banking operation line so it impacts account position\n
transaction.BankingOperationLine_index(line)\n
\n
if debit:\n
# Test if the account balance is sufficient.\n
error = transaction.BankAccount_checkAvailableBalance(bank_account.getRelativeUrl(), price)\n
if error[\'error_code\'] == 1:\n
msg = Message(domain=\'ui\', message="Bank account is not sufficient.")\n
raise ValidationFailed, (msg,)\n
elif error[\'error_code\'] == 2:\n
msg = Message(domain=\'ui\', message="Bank account is not valid.")\n
raise ValidationFailed, (msg,)\n
elif error[\'error_code\'] != 0:\n
msg = Message(domain=\'ui\', message="Unknown error code.")\n
raise ValidationFailed, (msg,)\n
]]></string> </value>
......@@ -167,8 +211,9 @@ elif (in_price != 0 and in_price != price) or (out_price != 0 and out_price != p
<string>Products.ERP5Type.Message</string>
<string>Message</string>
<string>_getitem_</string>
<string>txn</string>
<string>transaction</string>
<string>_getattr_</string>
<string>date</string>
<string>user_id</string>
<string>context</string>
<string>site_list</string>
......@@ -188,6 +233,10 @@ elif (in_price != 0 and in_price != price) or (out_price != 0 and out_price != p
<string>out_price</string>
<string>len</string>
<string>resource</string>
<string>bank_account</string>
<string>line</string>
<string>debit</string>
<string>error</string>
</tuple>
</value>
</item>
......@@ -204,7 +253,7 @@ elif (in_price != 0 and in_price != price) or (out_price != 0 and out_price != p
</item>
<item>
<key> <string>id</string> </key>
<value> <string>checkConsistency</string> </value>
<value> <string>checkConsistencyAndValidatePositionAccounting</string> </value>
</item>
<item>
<key> <string>warnings</string> </key>
......
......@@ -38,7 +38,7 @@
</item>
<item>
<key> <string>after_script_name</string> </key>
<value> <string>updateBankingOperation</string> </value>
<value> <string></string> </value>
</item>
<item>
<key> <string>description</string> </key>
......
......@@ -60,7 +60,7 @@
</item>
<item>
<key> <string>script_name</string> </key>
<value> <string>checkConsistency</string> </value>
<value> <string>checkConsistencyAndValidatePositionAccounting</string> </value>
</item>
<item>
<key> <string>title</string> </key>
......
......@@ -32,7 +32,7 @@
</item>
<item>
<key> <string>after_script_name</string> </key>
<value> <string></string> </value>
<value> <string>updateBankingOperation</string> </value>
</item>
<item>
<key> <string>description</string> </key>
......
......@@ -88,6 +88,11 @@ if not context.Baobab_checkCounterOpened(site):\n
msg = Message(domain = "ui", message="Counter is not opened")\n
raise ValidationFailed, (msg,)\n
\n
# use of the constraint : Test source and destination\n
vliste = transaction.checkConsistency()\n
transaction.log(\'vliste\', vliste)\n
if len(vliste) != 0:\n
raise ValidationFailed, (vliste[0].getMessage(),)\n
\n
resource = transaction.CashDelivery_checkCounterInventory(source=vault, portal_type=\'Cash Delivery Line\')\n
\n
......@@ -166,6 +171,9 @@ elif resource <> 0 :\n
<string>msg</string>
<string>site</string>
<string>context</string>
<string>vliste</string>
<string>len</string>
<string>_getitem_</string>
<string>resource</string>
<string>amount</string>
<string>total_price</string>
......
144
\ No newline at end of file
146
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment