0001-general-remove-user-hash-stuff-15374.patch
extra/modules/myspace.py | ||
---|---|---|
52 | 52 |
invoices = [] |
53 | 53 |
invoices.extend(Invoice.get_with_indexed_value( |
54 | 54 |
str('user_id'), str(user.id))) |
55 |
try: |
|
56 |
invoices.extend(Invoice.get_with_indexed_value( |
|
57 |
str('user_hash'), str(user.hash))) |
|
58 |
except AttributeError: |
|
59 |
pass |
|
60 | 55 | |
61 | 56 |
def cmp_invoice(a, b): |
62 | 57 |
t = cmp(a.regie_id, b.regie_id) |
... | ... | |
388 | 383 |
for formdef in formdefs: |
389 | 384 |
user_forms.extend(formdef.data_class().get_with_indexed_value( |
390 | 385 |
'user_id', self.user.id)) |
391 |
try: |
|
392 |
user_forms.extend(formdef.data_class().get_with_indexed_value( |
|
393 |
'user_hash', self.user.hash)) |
|
394 |
except AttributeError: |
|
395 |
pass |
|
396 | 386 |
user_forms.sort(lambda x,y: cmp(x.receipt_time, y.receipt_time)) |
397 | 387 | |
398 | 388 |
get_response().set_content_type('application/json') |
... | ... | |
460 | 450 |
for formdef in formdefs: |
461 | 451 |
user_forms.extend(formdef.data_class().get_with_indexed_value( |
462 | 452 |
'user_id', user.id)) |
463 |
try: |
|
464 |
user_forms.extend(formdef.data_class().get_with_indexed_value( |
|
465 |
'user_hash', user.hash)) |
|
466 |
except AttributeError: |
|
467 |
pass |
|
468 | 453 |
user_forms.sort(lambda x,y: cmp(x.receipt_time, y.receipt_time)) |
469 | 454 | |
470 | 455 |
profile_links = [] |
extra/modules/payments.py | ||
---|---|---|
53 | 53 | |
54 | 54 |
class Invoice(StorableObject): |
55 | 55 |
_names = 'invoices' |
56 |
_hashed_indexes = ['user_id', 'user_hash', 'regie_id']
|
|
56 |
_hashed_indexes = ['user_id', 'regie_id'] |
|
57 | 57 |
_indexes = ['external_id'] |
58 | 58 | |
59 | 59 |
user_id = None |
60 |
user_hash = None |
|
61 | 60 |
regie_id = None |
62 | 61 |
formdef_id = None |
63 | 62 |
formdata_id = None |
... | ... | |
269 | 268 |
def perform(self, formdata): |
270 | 269 |
invoice = Invoice(regie_id=self.regie_id, formdef_id=formdata.formdef.id) |
271 | 270 |
invoice.user_id = formdata.user_id |
272 |
invoice.user_hash = formdata.user_hash |
|
273 | 271 |
invoice.formdata_id = formdata.id |
274 | 272 |
invoice.next_status = self.next_status |
275 | 273 |
if self.subject: |
... | ... | |
351 | 349 |
# select invoices for the selected regie (if not "all regies") |
352 | 350 |
if self.regie_id != '_all': |
353 | 351 |
invoices = [i for i in invoices if i.regie_id == self.regie_id] |
354 |
# security filter: check user |
|
355 |
invoices = [i for i in invoices if (i.user_id == formdata.user_id) \ |
|
356 |
or (i.user_hash == formdata.user_hash)] |
|
352 |
# security filter: check user |
|
353 |
invoices = [i for i in invoices if i.user_id == formdata.user_id] |
|
357 | 354 |
# security filter: check formdata & formdef |
358 | 355 |
invoices = [i for i in invoices if (i.formdata_id == formdata.id) \ |
359 | 356 |
and (i.formdef_id == formdata.formdef.id)] |
360 |
- |