From d421f9a3656789d220e4bb22056d81539ce0f7f4 Mon Sep 17 00:00:00 2001 From: Antony Lesuisse Date: Wed, 20 Aug 2014 15:07:56 +0200 Subject: [PATCH] [IMP] point_of_sale: track session logins the pos session now keeps track of the session logins, and that number is included in in the order reference. This prevents orders generated in parallely created sessions from having the same reference, and also helps reduce fraud. --- addons/point_of_sale/controllers/main.py | 11 ++++++++--- addons/point_of_sale/point_of_sale.py | 11 +++++++++-- addons/point_of_sale/static/src/js/models.js | 10 ++++++---- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/addons/point_of_sale/controllers/main.py b/addons/point_of_sale/controllers/main.py index fb2a971d041..9a66594369f 100644 --- a/addons/point_of_sale/controllers/main.py +++ b/addons/point_of_sale/controllers/main.py @@ -15,12 +15,17 @@ _logger = logging.getLogger(__name__) class PosController(http.Controller): - @http.route('/pos/web', type='http', auth='none') + @http.route('/pos/web', type='http', auth='user') def a(self, debug=False, **k): + cr, uid, context, session = request.cr, request.uid, request.context, request.session - if not request.session.uid: + if not session.uid: return login_redirect() + PosSession = request.registry['pos.session'] + pos_session_ids = PosSession.search(cr, uid, [('state','=','opened'),('user_id','=',session.uid)], context=context) + PosSession.login(cr,uid,pos_session_ids,context=context) + modules = simplejson.dumps(module_boot(request.db)) init = """ var wc = new s.web.WebClient(); @@ -31,7 +36,7 @@ class PosController(http.Controller): wc.start(); """ - html = request.registry.get('ir.ui.view').render(request.cr, request.session.uid,'point_of_sale.index',{ + html = request.registry.get('ir.ui.view').render(cr, session.uid,'point_of_sale.index',{ 'modules': modules, 'init': init, }) diff --git a/addons/point_of_sale/point_of_sale.py b/addons/point_of_sale/point_of_sale.py index 60e40d13678..bdd1a28cb1a 100644 --- a/addons/point_of_sale/point_of_sale.py +++ b/addons/point_of_sale/point_of_sale.py @@ -239,7 +239,8 @@ class pos_session(osv.osv): required=True, readonly=True, select=1, copy=False), - 'sequence_number': fields.integer('Order Sequence Number'), + 'sequence_number': fields.integer('Order Sequence Number', help='A sequence number that is incremented with each order'), + 'login_number': fields.integer('Login Sequence Number', help='A sequence number that is incremented each time a user resumes the pos session'), 'cash_control' : fields.function(_compute_cash_all, multi='cash', @@ -303,6 +304,7 @@ class pos_session(osv.osv): 'user_id' : lambda obj, cr, uid, context: uid, 'state' : 'opening_control', 'sequence_number': 1, + 'login_number': 0, } _sql_constraints = [ @@ -396,7 +398,6 @@ class pos_session(osv.osv): statement.unlink(context=context) return super(pos_session, self).unlink(cr, uid, ids, context=context) - def open_cb(self, cr, uid, ids, context=None): """ call the Point Of Sale interface and set the pos.session to 'opened' (in progress) @@ -418,6 +419,12 @@ class pos_session(osv.osv): 'target': 'self', } + def login(self, cr, uid, ids, context=None): + this_record = self.browse(cr, uid, ids[0], context=context) + this_record.write({ + 'login_number': this_record.login_number+1, + }) + def wkf_action_open(self, cr, uid, ids, context=None): # second browse because we need to refetch the data from the DB for cash_register_id for record in self.browse(cr, uid, ids, context=context): diff --git a/addons/point_of_sale/static/src/js/models.js b/addons/point_of_sale/static/src/js/models.js index dfebe6b4261..6f3d5b49d15 100644 --- a/addons/point_of_sale/static/src/js/models.js +++ b/addons/point_of_sale/static/src/js/models.js @@ -172,7 +172,7 @@ function openerp_pos_models(instance, module){ //module is instance.point_of_sal loaded: function(self,taxes){ self.taxes = taxes; }, },{ model: 'pos.session', - fields: ['id', 'journal_ids','name','user_id','config_id','start_at','stop_at','sequence_number'], + fields: ['id', 'journal_ids','name','user_id','config_id','start_at','stop_at','sequence_number','login_number'], domain: function(self){ return [['state','=','opened'],['user_id','=',self.session.uid]]; }, loaded: function(self,pos_sessions){ self.pos_session = pos_sessions[0]; @@ -885,7 +885,7 @@ function openerp_pos_models(instance, module){ //module is instance.point_of_sal creationDate: new Date(), orderLines: new module.OrderlineCollection(), paymentLines: new module.PaymentlineCollection(), - name: "Order " + this.uid, + name: _t("Order ") + this.uid, client: null, }); this.selected_orderline = undefined; @@ -900,7 +900,7 @@ function openerp_pos_models(instance, module){ //module is instance.point_of_sal }, // Generates a public identification number for the order. // The generated number must be unique and sequential. They are made 12 digit long - // to fit into EAN-13 barcodes. + // to fit into EAN-13 barcodes, should it be needed generateUniqueId: function() { function zero_pad(num,size){ var s = ""+num; @@ -909,7 +909,9 @@ function openerp_pos_models(instance, module){ //module is instance.point_of_sal } return s; } - return zero_pad(this.pos.pos_session_id,6) + zero_pad(this.sequence_number,6); + return zero_pad(this.pos.pos_session_id,5) +'-'+ + zero_pad(this.pos.pos_session.login_number,3) +'-'+ + zero_pad(this.sequence_number,4); }, addOrderline: function(line){ if(line.order){