smaa/octopus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fix(pos): исправлена проблема с CSRF токеном при API запросах

Browse Source 
- Заменен getCookie('csrftoken') на getCsrfToken() во всех fetch запросах
  (checkAutoDiscounts, applyPromoCode, handleCheckoutSubmit и др.)
- Это исправляет ошибку 403 Forbidden, возникающую из-за CSRF_USE_SESSIONS=True

fix(discounts): исправлен фильтр товаров в CRUD скидок

- Изменен фильтр с is_active=True на status='active' для корректной
  работы с моделью Product

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Andrey Smakotin
2026-01-11 01:41:17 +03:00
parent b48e6c810d
commit 6313b8f6e7
2 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
myproject/discounts/views.py
View File

@@ -128,7 +128,7 @@ class DiscountCreateView(LoginRequiredMixin, RoleRequiredMixin, CreateView):
context['is_edit'] = False context['is_edit'] = False
# Передаем товары и категории для формы # Передаем товары и категории для формы
from products.models import Product, ProductCategory from products.models import Product, ProductCategory
context['all_products'] = Product.objects.filter(is_active=True).order_by('name') context['all_products'] = Product.objects.filter(status='active').order_by('name')
context['all_categories'] = ProductCategory.objects.filter(is_active=True).order_by('name') context['all_categories'] = ProductCategory.objects.filter(is_active=True).order_by('name')
context['selected_products'] = [] context['selected_products'] = []
context['selected_categories'] = [] context['selected_categories'] = []
@@ -159,7 +159,7 @@ class DiscountUpdateView(LoginRequiredMixin, RoleRequiredMixin, UpdateView):
context['is_edit'] = True context['is_edit'] = True
# Передаем товары и категории для формы # Передаем товары и категории для формы
from products.models import Product, ProductCategory from products.models import Product, ProductCategory
context['all_products'] = Product.objects.filter(is_active=True).order_by('name') context['all_products'] = Product.objects.filter(status='active').order_by('name')
context['all_categories'] = ProductCategory.objects.filter(is_active=True).order_by('name') context['all_categories'] = ProductCategory.objects.filter(is_active=True).order_by('name')
context['selected_products'] = list(self.object.products.values_list('id', flat=True)) context['selected_products'] = list(self.object.products.values_list('id', flat=True))
context['selected_categories'] = list(self.object.categories.values_list('id', flat=True)) context['selected_categories'] = list(self.object.categories.values_list('id', flat=True))

22
myproject/pos/static/pos/js/terminal.js
View File

@@ -1039,7 +1039,7 @@ async function addToCart(item) {
const response = await fetch(`/pos/api/showcase-kits/${item.id}/add-to-cart/`, { const response = await fetch(`/pos/api/showcase-kits/${item.id}/add-to-cart/`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': getCookie('csrftoken'), 'X-CSRFToken': getCsrfToken(),
'Content-Type': 'application/json' 'Content-Type': 'application/json'
}, },
body: JSON.stringify({ quantity: 1 }) body: JSON.stringify({ quantity: 1 })
@@ -1328,7 +1328,7 @@ async function removeFromCart(cartKey) {
const response = await fetch(`/pos/api/showcase-kits/${item.id}/remove-from-cart/`, { const response = await fetch(`/pos/api/showcase-kits/${item.id}/remove-from-cart/`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': getCookie('csrftoken'), 'X-CSRFToken': getCsrfToken(),
'Content-Type': 'application/json' 'Content-Type': 'application/json'
}, },
body: JSON.stringify(body) body: JSON.stringify(body)
@@ -1375,7 +1375,7 @@ async function increaseShowcaseKitQty(cartKey) {
const response = await fetch(`/pos/api/showcase-kits/${item.id}/add-to-cart/`, { const response = await fetch(`/pos/api/showcase-kits/${item.id}/add-to-cart/`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': getCookie('csrftoken'), 'X-CSRFToken': getCsrfToken(),
'Content-Type': 'application/json' 'Content-Type': 'application/json'
}, },
body: JSON.stringify({ quantity: 1 }) body: JSON.stringify({ quantity: 1 })
@@ -1436,7 +1436,7 @@ async function decreaseShowcaseKitQty(cartKey) {
const response = await fetch(`/pos/api/showcase-kits/${item.id}/remove-from-cart/`, { const response = await fetch(`/pos/api/showcase-kits/${item.id}/remove-from-cart/`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': getCookie('csrftoken'), 'X-CSRFToken': getCsrfToken(),
'Content-Type': 'application/json' 'Content-Type': 'application/json'
}, },
body: JSON.stringify({ showcase_item_ids: [itemIdToRelease] }) body: JSON.stringify({ showcase_item_ids: [itemIdToRelease] })
@@ -1470,7 +1470,7 @@ async function clearCart() {
try { try {
await fetch('/pos/api/showcase-kits/release-all-my-locks/', { await fetch('/pos/api/showcase-kits/release-all-my-locks/', {
method: 'POST', method: 'POST',
headers: { 'X-CSRFToken': getCookie('csrftoken') } headers: { 'X-CSRFToken': getCsrfToken() }
}); });
} catch (e) { } catch (e) {
console.error('Ошибка сброса блокировок:', e); console.error('Ошибка сброса блокировок:', e);
@@ -2055,7 +2055,7 @@ document.getElementById('confirmCreateTempKit').onclick = async () => {
const response = await fetch(url, { const response = await fetch(url, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': getCookie('csrftoken') 'X-CSRFToken': getCsrfToken()
// Не указываем Content-Type - браузер сам установит multipart/form-data // Не указываем Content-Type - браузер сам установит multipart/form-data
}, },
body: formData body: formData
@@ -2164,7 +2164,7 @@ document.getElementById('disassembleKitBtn').addEventListener('click', async ()
const response = await fetch(`/pos/api/product-kits/${editingKitId}/disassemble/`, { const response = await fetch(`/pos/api/product-kits/${editingKitId}/disassemble/`, {
method: 'POST', method: 'POST',
headers: { headers: {
'X-CSRFToken': getCookie('csrftoken') 'X-CSRFToken': getCsrfToken()
} }
}); });
@@ -2399,7 +2399,7 @@ async function checkAutoDiscounts() {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': getCookie('csrftoken') 'X-CSRFToken': getCsrfToken()
}, },
body: JSON.stringify({ body: JSON.stringify({
items: items, items: items,
@@ -2442,7 +2442,7 @@ async function applyPromoCode() {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': getCookie('csrftoken') 'X-CSRFToken': getCsrfToken()
}, },
body: JSON.stringify({ body: JSON.stringify({
promo_code: code, promo_code: code,
@@ -2496,7 +2496,7 @@ async function recalculateDiscountsWithPromo(promoCode) {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': getCookie('csrftoken') 'X-CSRFToken': getCsrfToken()
}, },
body: JSON.stringify({ body: JSON.stringify({
items: items, items: items,
@@ -2637,7 +2637,7 @@ async function handleCheckoutSubmit(paymentsData) {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/json', 'Content-Type': 'application/json',
'X-CSRFToken': getCookie('csrftoken') 'X-CSRFToken': getCsrfToken()
}, },
body: JSON.stringify(orderData) body: JSON.stringify(orderData)
}); });