Fix categories and accounts being visible to all users

This commit is contained in:
Edgar P. Burkhart 2022-12-29 21:04:40 +01:00
parent e26f552aff
commit 0e0b9fc927
Signed by: edpibu
GPG key ID: 9833D3C5A25BD227
2 changed files with 23 additions and 2 deletions

View file

@ -12,7 +12,10 @@ from django.utils.translation import gettext as _
class UserModel(models.Model): class UserModel(models.Model):
user = models.ForeignKey( user = models.ForeignKey(
settings.AUTH_USER_MODEL, on_delete=models.CASCADE, verbose_name=_("User"), editable=False settings.AUTH_USER_MODEL,
on_delete=models.CASCADE,
verbose_name=_("User"),
editable=False,
) )
class Meta: class Meta:
@ -330,6 +333,10 @@ class Snapshot(AccountModel):
class NummiForm(ModelForm): class NummiForm(ModelForm):
template_name = "main/form/base.html" template_name = "main/form/base.html"
def __init__(self, *args, **kwargs):
kwargs.pop("user", None)
super().__init__(*args, **kwargs)
class AccountForm(NummiForm): class AccountForm(NummiForm):
class Meta: class Meta:
@ -348,6 +355,12 @@ class TransactionForm(NummiForm):
model = Transaction model = Transaction
fields = "__all__" fields = "__all__"
def __init__(self, *args, **kwargs):
_user = kwargs.pop("user")
super().__init__(*args, **kwargs)
self.fields["category"].queryset = Category.objects.filter(user=_user)
self.fields["account"].queryset = Account.objects.filter(user=_user)
class InvoiceForm(NummiForm): class InvoiceForm(NummiForm):
prefix = "invoice" prefix = "invoice"
@ -361,3 +374,8 @@ class SnapshotForm(NummiForm):
class Meta: class Meta:
model = Snapshot model = Snapshot
fields = "__all__" fields = "__all__"
def __init__(self, *args, **kwargs):
_user = kwargs.pop("user")
super().__init__(*args, **kwargs)
self.fields["account"].queryset = Account.objects.filter(user=_user)

View file

@ -48,8 +48,11 @@ class UserMixin(LoginRequiredMixin):
def get_queryset(self, **kwargs): def get_queryset(self, **kwargs):
return super().get_queryset().filter(user=self.request.user) return super().get_queryset().filter(user=self.request.user)
def get_form_kwargs(self):
return super().get_form_kwargs() | {"user": self.request.user}
class UserCreateView(LoginRequiredMixin, CreateView):
class UserCreateView(UserMixin, CreateView):
def form_valid(self, form): def form_valid(self, form):
form.instance.user = self.request.user form.instance.user = self.request.user
return super().form_valid(form) return super().form_valid(form)