From 49591fa67e2a9a10705d071cc4412baca42e5a05 Mon Sep 17 00:00:00 2001 From: Ludovic Stephan Date: Tue, 15 Sep 2020 20:03:37 +0200 Subject: [PATCH] Use form to clean data --- kfet/views.py | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/kfet/views.py b/kfet/views.py index 3a3c8cd0..2afbfbc5 100644 --- a/kfet/views.py +++ b/kfet/views.py @@ -15,7 +15,7 @@ from django.contrib.messages.views import SuccessMessageMixin from django.db import transaction from django.db.models import Count, F, Prefetch, Q, Sum from django.forms import formset_factory -from django.http import Http404, JsonResponse +from django.http import Http404, HttpResponseBadRequest, JsonResponse from django.shortcuts import get_object_or_404, redirect, render from django.urls import reverse, reverse_lazy from django.utils import timezone @@ -1407,12 +1407,17 @@ def cancel_operations(request): @login_required def history_json(request): # Récupération des paramètres - from_date = request.POST.get("from", None) - to_date = request.POST.get("to", None) - checkouts = request.POST.getlist("checkouts[]", None) - accounts = request.POST.getlist("accounts[]", None) - transfers_only = request.POST.get("transfersonly", False) - opes_only = request.POST.get("opesonly", False) + form = FilterHistoryForm(request.GET) + + if not form.is_valid(): + return HttpResponseBadRequest() + + start = form.cleaned_data["start"] + end = form.cleaned_data["end"] + account = form.cleaned_data["account"] + checkout = form.cleaned_data["checkout"] + transfers_only = form.cleaned_data["transfers_only"] + opes_only = form.cleaned_data["opes_only"] # Construction de la requête (sur les transferts) pour le prefetch @@ -1421,9 +1426,9 @@ def history_json(request): ) # Le check sur les comptes est dans le prefetch pour les transferts - if accounts: + if account: transfer_queryset_prefetch = transfer_queryset_prefetch.filter( - Q(from_acc__in=accounts) | Q(to_acc__in=accounts) + Q(from_acc=account) | Q(to_acc=account) ) if not request.user.has_perm("kfet.is_team"): @@ -1458,21 +1463,21 @@ def history_json(request): ) # Application des filtres - if from_date: - opegroups = opegroups.filter(at__gte=from_date) - transfergroups = transfergroups.filter(at__gte=from_date) - if to_date: - opegroups = opegroups.filter(at__lt=to_date) - transfergroups = transfergroups.filter(at__lt=to_date) - if checkouts: - opegroups = opegroups.filter(checkout__in=checkouts) + if start: + opegroups = opegroups.filter(at__gte=start) + transfergroups = transfergroups.filter(at__gte=start) + if end: + opegroups = opegroups.filter(at__lt=end) + transfergroups = transfergroups.filter(at__lt=end) + if checkout: + opegroups = opegroups.filter(checkout__in=checkout) transfergroups = TransferGroup.objects.none() if transfers_only: opegroups = OperationGroup.objects.none() if opes_only: transfergroups = TransferGroup.objects.none() - if accounts: - opegroups = opegroups.filter(on_acc__in=accounts) + if account: + opegroups = opegroups.filter(on_acc=account) # Un non-membre de l'équipe n'a que accès à son historique if not request.user.has_perm("kfet.is_team"): opegroups = opegroups.filter(on_acc=request.user.profile.account_kfet)