Skip to content

Fix destructive sale read and item deletion paths#67

Draft
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/critical-bug-investigation-41c9
Draft

Fix destructive sale read and item deletion paths#67
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/critical-bug-investigation-41c9

Conversation

@cursor

@cursor cursor Bot commented Jun 19, 2026

Copy link
Copy Markdown

Bug and impact

  • Viewing a sale detail page could rewrite persisted sale totals from line-item subtotals. For completed historical sales this can corrupt reported revenue and leave member balances/transactions inconsistent with the sale amount.
  • The draft sale item delete endpoint accepted GET requests and performed inventory restoration/deletion without row locks. A browser prefetch, copied link, or CSRF-style GET could delete a draft line and inflate stock.

Root cause

  • sale_detail performed repair writes during a read-only GET.
  • sale_delete_item did not require POST/CSRF and updated inventory/item/sale rows outside a transaction with row locks.

Fix

  • Made sale detail read-only.
  • Restricted sale item deletion to POST and changed the template delete control to a CSRF-protected form.
  • Wrapped deletion/restock/recalculation in a transaction with row locks.
  • Added regression tests for GET no-op deletion and sale detail amount preservation.

Validation

  • mkdir -p logs && .venv/bin/python manage.py test inventory.tests.test_sale_status inventory.tests.test_sales_balance_payment inventory.tests.test_views.BackupViewSecurityTest inventory.tests.test_services.MemberServiceTest (15 tests OK; only existing staticfiles.W004 warning).
Open in Web View Automation 

Co-authored-by: Xianist Lab <zhtyyx@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant