Skip to content

Fix destructive sales and backup restore regressions#77

Draft
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/critical-bug-investigation-0eae
Draft

Fix destructive sales and backup restore regressions#77
cursor[bot] wants to merge 1 commit into
mainfrom
cursor/critical-bug-investigation-0eae

Conversation

@cursor

@cursor cursor Bot commented Jun 27, 2026

Copy link
Copy Markdown

Bug and impact

  • Viewing a sale detail page could rewrite persisted sale totals on GET when line subtotals differed from the recorded paid amount. This corrupts historical receipts/member accounting without an explicit edit.
  • Draft sale item deletion was reachable via GET and restored inventory without row locks, allowing accidental/CSRF-like inventory inflation and races with other sale state changes.
  • The checkout UI exposed an unsupported credit payment method, and the backend accepted arbitrary payment values, so a sale could be marked completed without implemented receivables/payment handling.
  • Backup restore could not be completed from the active template (confirm_restore/backup mismatch), and media restore failures after database load could leave the system partially restored.

Root cause

  • Read-only sale detail code performed corrective SQL updates.
  • Sale item deletion did not enforce POST or transactional row locking.
  • Payment methods were copied from POST without normalizing/validating against backend-supported choices.
  • Backup restore view/template contracts drifted, and media replacement occurred after the DB transaction without staging/rollback.

Fix

  • Keep sale detail read-only.
  • Require POST+CSRF for sale item deletion and lock sale/item/inventory rows while restoring stock and recalculating totals.
  • Normalize legacy account to balance, reject unsupported payment methods, and replace the checkout credit button with supported other.
  • Align backup restore context/confirmation fields, add a missing delete confirmation template/POST modal flow, and stage media before replacing it inside the DB restore transaction with rollback of old media on failure.
  • Added regression tests for each critical trigger.

Validation

  • mkdir -p logs && .venv/bin/python manage.py test inventory.tests.test_sale_status inventory.tests.test_sales_balance_payment inventory.tests.test_views.BackupViewSecurityTest inventory.tests.test_services.MemberServiceTest (19 tests OK; expected 405 and simulated media failure logs; existing staticfiles warning)
  • mkdir -p logs && .venv/bin/python manage.py check (OK; existing staticfiles warning)
Open in Web View Automation 

Co-authored-by: Xianist Lab <zhtyyx@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant