Skip to content

Fix critical sale integrity and backup restore failures#62

Draft
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/critical-bug-investigation-3abb
Draft

Fix critical sale integrity and backup restore failures#62
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/critical-bug-investigation-3abb

Conversation

@cursor

@cursor cursor Bot commented Jun 14, 2026

Copy link
Copy Markdown

Bug and impact

  • Unsupported payment_method=credit from the sale UI could complete a sale, decrement inventory, and update member spend without collecting money or recording receivables.
  • Draft sale items could be deleted via GET and without row locks, allowing accidental/CSRF-triggered inventory restoration and unsafe concurrent writes.
  • Viewing a sale detail page could rewrite persisted historical sale totals on GET.
  • Backup restore with media could fail after the database snapshot was loaded and after current media was partially removed, leaving database/media inconsistent; restore failure rendering also crashed due missing template context and the UI confirmation field was not accepted.

Root cause

  • Sale payment methods were assigned directly from POST without validating against Sale.PAYMENT_METHODS, while the template exposed an unimplemented credit option.
  • Sale item deletion used an unsafe GET link and non-atomic inventory mutation.
  • Sale detail contained auto-repair SQL in a read path.
  • Backup media restore copied into MEDIA_ROOT only after committing database restore, and failure renders did not supply the backup context expected by the template.

Fix

  • Added payment method normalization/validation, retained legacy account -> balance, and removed the unimplemented credit button.
  • Made sale item deletion POST-only with CSRF form rendering, transaction boundaries, and row locks.
  • Removed sale-detail GET mutation of persisted amounts.
  • Staged backup media before DB changes, swapped media with rollback support inside the restore failure path, accepted the template confirm_restore field, and supplied restore template context consistently.

Validation

  • python3 manage.py test inventory.tests.test_sales_balance_payment inventory.tests.test_sale_status inventory.tests.test_views.BackupViewSecurityTest inventory.tests.test_services.MemberServiceTest
  • Result: 17 tests OK; only existing staticfiles.W004 warning for missing /workspace/static.
Open in Web View Automation 

cursoragent and others added 2 commits June 14, 2026 11:08
Co-authored-by: Xianist Lab <zhtyyx@users.noreply.github.com>
Co-authored-by: Xianist Lab <zhtyyx@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant