slapos_panel: create temp subscription request with shadow user

It prevents Unauthorized, as only owner can access the temp object

slapos_panel: create temp subscription request with shadow user
It prevents Unauthorized, as only owner can access the temp object
fe3a92ec · Romain Courteaud · 8ec04006 · fe3a92ec
Commit fe3a92ec authored Jan 29, 2025 by Romain Courteaud 🐙
Showing with 35 additions and 33 deletions

master/bt5/slapos_panel/SkinTemplateItem/portal_skins/slapos_panel/InstanceTree_redirectToManualDepositPayment.py ...apos_panel/InstanceTree_redirectToManualDepositPayment.py +35 -33

No files found.
--- a/master/bt5/slapos_panel/SkinTemplateItem/portal_skins/slapos_panel/InstanceTree_redirectToManualDepositPayment.py
+++ b/master/bt5/slapos_panel/SkinTemplateItem/portal_skins/slapos_panel/InstanceTree_redirectToManualDepositPayment.py
@@ -6,47 +6,49 @@ assert web_site is not None
 # compatible with external providers
 person = portal.portal_membership.getAuthenticatedMember().getUserValue()
-# Fetch to know if the subscription request is already created
+# Use proper acquisiton to generate the payment transaction
-subscription_request = portal.portal_catalog.getResultValue(
+person = web_site.restrictedTraverse(person.getRelativeUrl())
+def wrapWithShadowToNotGetUnauthorized(person):
+  # Fetch to know if the subscription request is already created
+  subscription_request = portal.portal_catalog.getResultValue(
    portal_type='Subscription Request',
    aggregate__uid=context.getUid())
-if subscription_request is not None:
+  if subscription_request is not None:
    if subscription_request.getSimulationState() != 'submitted':
      # No need to continue if the subscription is already processed.
      raise ValueError('No deposit is required, Subscription Request is not on submitted state')
-else:
+  else:
    subscription_request = context.Item_createSubscriptionRequest(temp_object=True)
-if subscription_request is None:
+  if subscription_request is None:
    raise ValueError("Subscription Request was not found or generated")
-outstanding_amount_list = person.Entity_getOutstandingDepositAmountList(
+  outstanding_amount_list = person.Entity_getOutstandingDepositAmountList(
    ledger_uid=subscription_request.getLedgerUid(),
-  source_section_uid=subscription_request.getSourceSectionUid(),
+    section_uid=subscription_request.getSourceSectionUid(),
    resource_uid=subscription_request.getPriceCurrencyUid())
-if subscription_request.isTempObject():
+  if subscription_request.isTempObject():
    outstanding_amount_list.append(
+      #subscription_request
      subscription_request.asContext(
        total_price=subscription_request.getPrice(None))
    )
-payment_mode = subscription_request.Base_getPaymentModeForCurrency(
+  payment_mode = subscription_request.Base_getPaymentModeForCurrency(
    subscription_request.getPriceCurrencyUid())
-def wrapWithShadow(person, outstanding_amount_list, payment_mode):
  return person.Entity_createDepositPaymentTransaction(
    subscription_list=outstanding_amount_list,
    payment_mode=payment_mode
  )
-# Use proper acquisiton to generate the payment transaction
-person = web_site.restrictedTraverse(person.getRelativeUrl())
 payment_transaction = person.Person_restrictMethodAsShadowUser(
  shadow_document=person,
-  callable_object=wrapWithShadow,
+  callable_object=wrapWithShadowToNotGetUnauthorized,
-  argument_list=[person, outstanding_amount_list, payment_mode])
+  argument_list=[person])
 return payment_transaction.PaymentTransaction_redirectToManualPayment()