From 57ec73d5cd4107347f50fd5bd22a99aed268b3d9 Mon Sep 17 00:00:00 2001 From: Julian Weng Date: Sat, 23 Nov 2024 00:30:47 -0500 Subject: [PATCH] Add retroactive checks to validate that ticket_drop_time has not changed following a ticket being added to a user's cart --- backend/clubs/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backend/clubs/views.py b/backend/clubs/views.py index 3c03842cb..653618cb3 100644 --- a/backend/clubs/views.py +++ b/backend/clubs/views.py @@ -3192,7 +3192,8 @@ def destroy(self, request, *args, **kwargs): def partial_update(self, request, *args, **kwargs): """ - Do not let users modify the ticket drop time if tickets have already been sold. + Do not let club admins modify the ticket drop time + if tickets have already been sold. """ event = self.get_object() if ( @@ -5237,6 +5238,7 @@ def cart(self, request, *args, **kwargs): Q(owner__isnull=False) | Q(holder__isnull=False) | Q(event__end_time__lt=now) + | Q(event__ticket_drop_time__gt=timezone.now()) ).exclude(holder=self.request.user) # In most cases, we won't need to replace, so exit early @@ -5278,6 +5280,7 @@ def cart(self, request, *args, **kwargs): buyable=True, # should not be triggered as buyable is by ticket class owner__isnull=True, holder__isnull=True, + event__ticket_drop_time__lt=timezone.now(), ).exclude(id__in=tickets_in_cart)[: ticket_class["count"]] num_short = ticket_class["count"] - available_tickets.count() @@ -5368,6 +5371,7 @@ def initiate_checkout(self, request, *args, **kwargs): tickets = cart.tickets.select_for_update(skip_locked=True).filter( Q(holder__isnull=True) | Q(holder=self.request.user), owner__isnull=True, + event__ticket_drop_time__lt=timezone.now(), buyable=True, )