Commit 1d1424a0 authored by Gabriel Detraz's avatar Gabriel Detraz

Securise la fonction de recherche

parent 33d70ddf
......@@ -3,6 +3,8 @@ from django import forms
from django.forms import Form
from django.forms import ModelForm
from panier.models import Livraison
CHOICES = (
('0', 'Actifs'),
('1', 'Désactivés'),
......@@ -32,3 +34,4 @@ class SearchFormPlus(Form):
affichage = forms.MultipleChoiceField(label="Filtre affichage", required=False, widget =forms.CheckboxSelectMultiple,choices=CHOICES3)
date_deb = forms.DateField(required=False, label="Date de début", help_text='DD/MM/YYYY', input_formats=['%d/%m/%Y'])
date_fin = forms.DateField(required=False, help_text='DD/MM/YYYY', input_formats=['%d/%m/%Y'], label="Date de fin")
date_livraison = forms.ModelChoiceField(queryset=Livraison.objects.all(), label="Date de livraison", required=False)
......@@ -8,16 +8,18 @@
<h2>Résultats dans les utilisateurs</h2>
{% include "users/aff_users.html" with users_list=users_list %}
{% endif%}
{% if paniers_list %}
{% if article_list %}
<h2>Résultats dans les paniers en vente : </h2>
{% include "panier/aff_article.html" with article_list=paniers_list %}
{% include "panier/aff_article.html" with article_list=article_list %}
{% endif %}
{% if livraison_list %}
<h2>Résultats dans les livraisons : </h2>
{% include "panier/aff_livraison.html" with livraison_list=livraison_list %}
{% endif %}
{% if not users_list and not paniers_list and not livraison_list %}
{% if credit_list or paniers_list %}
{% include "panier/aff_paniers.html" %}
{% endif %}
{% if not users_list and not article_list and not livraison_list and not credit_list and not paniers_list%}
<h3>Aucun résultat</h3>
{% endif %}
<br />
......
......@@ -29,6 +29,7 @@ def search_result(search, type, request):
states = search.cleaned_data['filtre']
date_deb = search.cleaned_data['date_deb']
date_fin = search.cleaned_data['date_fin']
date_livraison = search.cleaned_data['date_livraison']
date_query = Q()
if aff==[]:
aff = ['0','1','2','3','4','5','6']
......@@ -36,6 +37,8 @@ def search_result(search, type, request):
date_query = date_query & Q(date__gte=date_deb)
if date_fin != None:
date_query = date_query & Q(date__lte=date_fin)
if date_livraison != None:
date_query = date_query & Q(date=date_livraison.date)
search = search.cleaned_data['search_field']
query = Q()
for s in states:
......@@ -50,16 +53,22 @@ def search_result(search, type, request):
for i in aff:
if i == '0':
users = User.objects.filter((Q(pseudo__icontains = search) | Q(name__icontains = search) | Q(surname__icontains = search)) & query)
query = Q(user__pseudo__icontains = search) | Q(user__name__icontains = search) | Q(user__surname__icontains = search)
query = Q(user__pseudo__icontains = search) | Q(user__name__icontains = search) | Q(user__surname__icontains = search)
if not request.user.has_perms(('bureau',)):
users = [request.user]
if i == '1':
panier = Panier.objects.filter(nom__icontains = search)
if i == '2':
commande = Commande.objects.filter(query & date_query)
commande = Commande.objects.filter(date=Livraison.objects.filter(date_query))
if not request.user.has_perms(('bureau',)):
commande = commande.filter(user=request.user)
if i == '3':
livraison = Livraison.objects.filter(date_query)
if i == '4':
credit = Credit.objects.filter(query)
return {'users_list': users, 'paniers_list' : panier, 'commandes_list' : commande, 'livraison_list' : livraison, 'credit_list' : credit}
if not request.user.has_perms(('bureau',)):
credit = credit.filter(user=request.user)
return {'users_list': users, 'article_list' : panier, 'paniers_list' : commande, 'livraison_list' : livraison, 'credit_list' : credit}
@login_required
def search(request):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment