From f2a1c7bc2eeecc147cb7cbb539bf7a9eca3c370c Mon Sep 17 00:00:00 2001
From: xgc1564 <cmurillog06@gmail.com>
Date: Tue, 18 Nov 2025 23:02:26 +0100
Subject: [PATCH 1/3] Funcionalidad CRUD carrito de compra implementada

---
 essenza/essenza/urls.py                    |   1 +
 essenza/order/models.py                    |   4 +-
 essenza/order/urls.py                      |  13 ++
 essenza/order/views.py                     | 224 ++++++++++++++++++-
 essenza/templates/base.html                |  29 ++-
 essenza/templates/order/cart_detail.html   | 248 +++++++++++++++++++++
 essenza/templates/product/detail_user.html |  56 +++--
 7 files changed, 551 insertions(+), 24 deletions(-)
 create mode 100644 essenza/order/urls.py
 create mode 100644 essenza/templates/order/cart_detail.html

diff --git a/essenza/essenza/urls.py b/essenza/essenza/urls.py
index 2390f456..b5ae40c6 100644
--- a/essenza/essenza/urls.py
+++ b/essenza/essenza/urls.py
@@ -14,6 +14,7 @@
     path("", DashboardView.as_view(), name="dashboard"),
     path("catalogo/", CatalogView.as_view(), name="catalog"),
     path("catalogo/<int:pk>/", CatalogDetailView.as_view(), name="catalog_detail"),
+    path("order/", include("order.urls")),
 ]
 
 if settings.DEBUG:
diff --git a/essenza/order/models.py b/essenza/order/models.py
index 28579759..75eb6193 100644
--- a/essenza/order/models.py
+++ b/essenza/order/models.py
@@ -1,19 +1,17 @@
 from django.db import models
 from django.utils import timezone
 
-
 # Create your models here.
 class Status(models.TextChoices):
     PENDING = "pending", "Pending"
     PAID = "paid", "Paid"
     SHIPPED = "shipped", "Shipped"
 
-
 class Order(models.Model):
     user = models.ForeignKey(
         "user.Usuario", on_delete=models.CASCADE, related_name="orders"
     )
-    address = models.CharField(max_length=255)
+    address = models.CharField(max_length=255, null=True, blank=True)
     placed_at = models.DateTimeField(default=timezone.now)
     status = models.CharField(
         max_length=10, choices=Status.choices, default=Status.PENDING
diff --git a/essenza/order/urls.py b/essenza/order/urls.py
new file mode 100644
index 00000000..12fb04c2
--- /dev/null
+++ b/essenza/order/urls.py
@@ -0,0 +1,13 @@
+# order/urls.py
+from django.urls import include, path
+from . import views
+
+urlpatterns = [
+    #path('order/', include('order.urls')),
+    path('', views.CartDetailView.as_view(), name='order_home'),
+    path('cart/', views.CartDetailView.as_view(), name='cart_detail'), 
+    path('add/<int:product_pk>/', views.AddToCartView.as_view(), name='add_to_cart'),
+    path('update/<int:item_pk>/', views.UpdateCartItemView.as_view(), name='update_cart_item'),
+    path('update/session/<int:product_pk>/', views.UpdateCartSessionView.as_view(), name='update_cart_session'),
+
+]
\ No newline at end of file
diff --git a/essenza/order/views.py b/essenza/order/views.py
index 91ea44a2..9908ed4f 100644
--- a/essenza/order/views.py
+++ b/essenza/order/views.py
@@ -1,3 +1,223 @@
-from django.shortcuts import render
+from django.shortcuts import get_object_or_404, redirect, render 
+from django.views import View
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.contrib import messages
+from django.db.models import F # Importado para operaciones atómicas
+from django.core.exceptions import ObjectDoesNotExist
 
-# Create your views here.
+# Importaciones de tus modelos
+from .models import Order, OrderProduct, Status
+from product.models import Product 
+
+# --------------------------------------------------------------------
+# 1. FUNCIÓN AUXILIAR NECESARIA 
+# --------------------------------------------------------------------
+def get_or_create_cart(request): 
+    """
+    Obtiene la Order más reciente con status='PENDING' (asumida como carrito)
+    o crea una nueva Order en estado 'PENDING'. Solo para usuarios logueados.
+    """
+    if request.user.is_authenticated:
+        # Lógica para usuarios logueados
+        try:
+            cart = Order.objects.filter(
+                user=request.user, 
+                status=Status.PENDING 
+            ).order_by('-placed_at').first()
+            
+            if cart is None:
+                raise ObjectDoesNotExist
+
+        except ObjectDoesNotExist:
+            cart = Order.objects.create(
+                user=request.user, 
+                status=Status.PENDING,
+                address=None
+            )
+            
+        return cart
+    else:
+        # Los anónimos usan la sesión (o se les niega el acceso POST)
+        return None
+
+# --------------------------------------------------------------------
+# 2. VISTAS
+# --------------------------------------------------------------------
+
+# order/views.py (Fragmento de CartDetailView)
+
+class CartDetailView(View):
+    """Muestra el contenido del carrito activo del usuario (DB) o de la sesión (Anónimo)."""
+    template_name = 'order/cart_detail.html'
+    
+    def get(self, request):
+        cart = None
+        
+        if request.user.is_authenticated:
+            # LÓGICA 1: Usuario logueado (lee de la DB)
+            cart = get_or_create_cart(request) 
+            cart_items = cart.order_products.all()
+            
+        else:
+            # LÓGICA 2: Usuario anónimo (lee de la Sesión)
+            cart_session = request.session.get('cart_session', {})
+            cart_items = []
+            
+            # Si hay ítems en la sesión, construimos una lista para la plantilla
+            if cart_session:
+                product_pks = [int(pk) for pk in cart_session.keys()]
+                
+                # Buscamos todos los objetos Product de la DB de una vez
+                products = Product.objects.filter(pk__in=product_pks)
+                
+                # Iteramos sobre los productos para crear la lista de ítems del carrito
+                for product in products:
+                    pk_str = str(product.pk)
+                    quantity = cart_session[pk_str]['quantity']
+                    
+                    # Creamos un objeto temporal para pasarlo al template
+                    cart_items.append({
+                        'product': product,
+                        'quantity': quantity,
+                        'subtotal': quantity * product.price, 
+                        'pk': product.pk,
+                    })
+
+        context = {
+            'cart': cart, # Será None para anónimos
+            'cart_items': cart_items, # Lista de DB objects o dicts/temp objects
+        }
+        return render(request, self.template_name, context)
+# =======================================================
+# AÑADIR AL CARRITO (Añadido/Corregido)
+# =======================================================
+class AddToCartView(View): # LoginRequiredMixin eliminado
+    """
+    Añade un producto al carrito, usando DB (Logueado) o Session (Anónimo).
+    """
+    def post(self, request, product_pk):
+        product = get_object_or_404(Product, pk=product_pk)
+        
+        try:
+            quantity = int(request.POST.get('quantity', 1))
+            if quantity < 1:
+                quantity = 1
+        except ValueError:
+            quantity = 1
+            
+        cart = get_or_create_cart(request) # Devuelve Order (logueado) o None (anónimo)
+        
+        # --- LÓGICA DE MANEJO DEL CARRITO ---
+        if cart:
+            # 1. USUARIO LOGUEADO (cart es un objeto Order)
+            
+            # Línea 88: Ya no falla porque 'cart' es un objeto Order.
+            cart_item = cart.order_products.filter(product=product).first() 
+
+            if cart_item:
+                # UPDATE (DB)
+                cart_item.quantity = F('quantity') + quantity 
+                cart_item.save(update_fields=['quantity'])
+                cart_item.refresh_from_db() 
+                messages.success(request, f"Se ha añadido {quantity} unidad(es) de '{product.name}'. Cantidad total: {cart_item.quantity}")
+            else:
+                # CREATE (DB)
+                OrderProduct.objects.create(
+                    order=cart,
+                    product=product,
+                    quantity=quantity
+                )
+                messages.success(request, f"'{product.name}' se ha añadido al carrito.")
+                
+        else:
+            # 2. USUARIO ANÓNIMO (cart es None, usamos la sesión)
+            
+            cart_session = request.session.get('cart_session', {})
+            product_pk_str = str(product_pk) 
+
+            if product_pk_str in cart_session:
+                # UPDATE (SESSION)
+                cart_session[product_pk_str]['quantity'] += quantity
+                messages.success(request, f"Se ha añadido {quantity} unidad(es) de '{product.name}'. Cantidad total en carrito: {cart_session[product_pk_str]['quantity']}")
+            else:
+                # CREATE (SESSION)
+                cart_session[product_pk_str] = {
+                    'quantity': quantity,
+                    'price': str(product.price) 
+                }
+                messages.success(request, f"'{product.name}' se ha añadido al carrito.")
+            
+            # Guardar y marcar la sesión
+            request.session['cart_session'] = cart_session
+            request.session.modified = True 
+            
+        return redirect('cart_detail')
+# =======================================================
+# ACTUALIZAR CANTIDAD EN EL CARRITO
+# =======================================================
+class UpdateCartSessionView(View):
+    """Actualiza la cantidad de un ítem existente en el carrito de la sesión (Anónimo)."""
+    def post(self, request, product_pk):
+        if request.user.is_authenticated:
+            # Protección: si un usuario logueado intenta usar esta URL, redirigir a la vista DB
+            return redirect('cart_detail')
+
+        cart_session = request.session.get('cart_session', {})
+        product_pk_str = str(product_pk)
+
+        # 1. Obtener la nueva cantidad
+        try:
+            new_quantity = int(request.POST.get('quantity', 0))
+        except ValueError:
+            new_quantity = -1
+        
+        # Necesitamos el objeto Product para el nombre y el stock
+        product = get_object_or_404(Product, pk=product_pk)
+
+        # 2. Lógica de Actualización/Eliminación
+        if product_pk_str in cart_session:
+            if new_quantity <= 0:
+                # ELIMINAR
+                del cart_session[product_pk_str]
+                messages.info(request, f"'{product.name}' ha sido eliminado del carrito.")
+            else:
+                # ACTUALIZAR
+                # Opcional: limitar al stock disponible
+                if new_quantity > product.stock:
+                    new_quantity = product.stock
+                    messages.warning(request, f"Solo quedan {product.stock} unidades de '{product.name}'. Cantidad limitada.")
+
+                cart_session[product_pk_str]['quantity'] = new_quantity
+                messages.success(request, f"Cantidad de '{product.name}' actualizada a {new_quantity}.")
+        
+            # 3. Guardar sesión
+            request.session['cart_session'] = cart_session
+            request.session.modified = True
+            
+        return redirect('cart_detail')
+    
+class UpdateCartItemView(View):
+    """Actualiza la cantidad de un ítem existente en el carrito."""
+    def post(self, request, item_pk):
+        cart_item = get_object_or_404(OrderProduct, pk=item_pk)
+        cart = get_or_create_cart(request) 
+        
+        if cart_item.order.pk != cart.pk:
+            messages.error(request, "El ítem no pertenece a tu carrito activo.")
+            return redirect('cart_detail')
+            
+        try:
+            new_quantity = int(request.POST.get('quantity', 0))
+        except ValueError:
+            new_quantity = -1
+
+        if new_quantity <= 0:
+            item_name = cart_item.product.name
+            cart_item.delete()
+            messages.info(request, f"'{item_name}' ha sido eliminado del carrito.")
+        else:
+            cart_item.quantity = new_quantity
+            cart_item.save(update_fields=['quantity'])
+            messages.success(request, f"Cantidad de '{cart_item.product.name}' actualizada a {new_quantity}.")
+
+        return redirect('cart_detail')
\ No newline at end of file
diff --git a/essenza/templates/base.html b/essenza/templates/base.html
index 5e04e967..036b9908 100644
--- a/essenza/templates/base.html
+++ b/essenza/templates/base.html
@@ -241,6 +241,25 @@
         box-shadow: 0 3px 8px rgba(192, 107, 62, 0.35),
           inset 0 1px 2px rgba(255, 255, 255, 0.25);
       }
+      /* ESTILOS AÑADIDOS PARA EL CARRITO */
+      .cart-icon {
+          color: #c06b3e; 
+          margin-right: 20px; 
+          
+          display: inline-flex; 
+          align-items: center; 
+          text-decoration: none; 
+          transition: color 0.2s ease;
+      }
+      .cart-icon:hover {
+          color: #bf6230; 
+      }
+      .cart-icon svg {
+          /* Tamaño deseado del icono */
+          width: 32px; 
+          height: 32px;
+      }
+/* FIN ESTILOS AÑADIDOS */
 
       /* Responsive */
       @media (max-width: 768px) {
@@ -286,7 +305,15 @@
           />
         </div>
       </div>
-
+      {% if not user.role == "admin" %}
+      <a href="{% url 'cart_detail' %}" class="cart-icon" title="Mi Carrito de Compra">
+          <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+              <circle cx="9" cy="21" r="1"></circle>
+              <circle cx="20" cy="21" r="1"></circle>
+              <path d="M1 1h4l2.68 13.39a2 2 0 0 0 2 1.61h9.72a2 2 0 0 0 2-1.61L23 6H6"></path>
+          </svg>
+      </a>
+      {% endif %}
       <div class="nav-right">
         <div class="profile-dropdown">
           <button
diff --git a/essenza/templates/order/cart_detail.html b/essenza/templates/order/cart_detail.html
new file mode 100644
index 00000000..27a06715
--- /dev/null
+++ b/essenza/templates/order/cart_detail.html
@@ -0,0 +1,248 @@
+{% extends "base.html" %} 
+{% load static %}
+{% load humanize %} 
+
+{% block title %}Mi Carrito - Essenza{% endblock %}
+
+{% block extra_head %}
+<style>
+    .cart-page-body {
+        background-color: #faf7f2; /* Fondo del cuerpo */
+        padding: 40px 20px;
+    }
+    .cart-container {
+        max-width: 900px;
+        margin: 0 auto;
+    }
+
+    /* --- ESTILO DEL TÍTULO (Inspirado en "Top Bestsellers") --- */
+    .cart-header {
+        text-align: center;
+        margin-bottom: 40px;
+    }
+    .cart-header h1 {
+        font-size: 36px;
+        color: #c06b3e; /* Marrón/Naranja cálido de la marca */
+        font-weight: 700;
+        letter-spacing: 1px;
+        margin-bottom: 8px;
+    }
+    .cart-header p {
+        font-size: 16px;
+        color: #666;
+        margin: 0;
+    }
+
+    /* --- ESTILO DE LAS TARJETAS DE PRODUCTO --- */
+    .cart-items-list {
+        display: flex;
+        flex-direction: column;
+        gap: 15px;
+    }
+    .cart-item-card {
+        background: white;
+        border-radius: 12px;
+        box-shadow: 0 2px 10px rgba(0, 0, 0, 0.05);
+        padding: 15px 25px;
+        display: flex;
+        align-items: center;
+        justify-content: space-between;
+        transition: box-shadow 0.2s;
+    }
+    .cart-item-card:hover {
+        box-shadow: 0 4px 15px rgba(0, 0, 0, 0.1);
+    }
+    
+    /* Sección de Imagen y Nombre */
+    .item-info {
+        display: flex;
+        align-items: center;
+        gap: 20px;
+        flex: 3;
+    }
+    .item-image {
+        width: 80px;
+        height: 80px;
+        overflow: hidden;
+        border-radius: 8px;
+        border: 1px solid #f0e8e0;
+    }
+    .item-image img {
+        width: 100%;
+        height: 100%;
+        object-fit: contain;
+    }
+    .item-details h2 {
+        font-size: 16px;
+        color: #333;
+        margin: 0 0 4px 0;
+        font-weight: 600;
+    }
+    .item-details p {
+        font-size: 14px;
+        color: #666;
+        margin: 0;
+    }
+
+    /* Sección de Cantidad y Subtotal */
+    .item-controls {
+        display: flex;
+        align-items: center;
+        gap: 30px;
+        flex: 1;
+        justify-content: flex-end;
+    }
+    .item-price {
+        font-size: 16px;
+        font-weight: bold;
+        color: #c06b3e;
+        width: 80px; /* Ancho fijo para alineación */
+        text-align: right;
+    }
+
+    /* Estilo del formulario de cantidad/eliminación */
+    .quantity-form {
+        display: flex;
+        align-items: center;
+        gap: 10px;
+    }
+    .quantity-form input[type="number"] {
+        width: 50px;
+        padding: 6px;
+        border: 1px solid #ddd;
+        border-radius: 4px;
+        text-align: center;
+        font-size: 14px;
+    }
+    .btn-remove {
+        background: none;
+        border: none;
+        color: #a35a34;
+        cursor: pointer;
+        font-size: 14px;
+        transition: color 0.2s;
+    }
+    .btn-remove:hover {
+        color: #c00;
+    }
+
+    /* --- TOTALES Y BOTONES DE ACCIÓN --- */
+    .cart-summary {
+        margin-top: 30px;
+        padding-top: 20px;
+        border-top: 1px solid #eee;
+        display: flex;
+        justify-content: flex-end;
+        align-items: center;
+        gap: 30px;
+    }
+    .total-price-display {
+        font-size: 20px;
+        font-weight: 700;
+        color: #333;
+    }
+    .total-price-display span {
+        color: #c06b3e;
+        margin-left: 10px;
+    }
+    .btn-checkout {
+        padding: 12px 25px;
+        background: #c06b3e;
+        color: white;
+        border: none;
+        border-radius: 8px;
+        font-weight: bold;
+        text-decoration: none;
+        transition: opacity 0.2s;
+    }
+    .btn-checkout:hover {
+        opacity: 0.85;
+    }
+
+    /* --- CARRITO VACÍO --- */
+    .empty-cart {
+        text-align: center;
+        padding: 60px 0;
+        background: white;
+        border-radius: 12px;
+        box-shadow: 0 2px 8px rgba(0, 0, 0, 0.05);
+        color: #666;
+    }
+    .empty-cart h2 {
+        font-size: 24px;
+        margin-bottom: 15px;
+        color: #c06b3e;
+    }
+</style>
+{% endblock %}
+
+{% block content %}
+<div class="cart-page-body">
+    <div class="cart-container">
+        <div class="cart-header">
+            <h1>Tu Carrito de Compra</h1>
+            <p>Productos seleccionados por ti.</p>
+        </div>
+
+        {% if cart_items %}
+            <div class="cart-items-list">
+                {% for item in cart_items %}
+                    <div class="cart-item-card">
+                        
+                        <div class="item-info">
+                            <div class="item-image">
+                                {% if item.product.photo %}
+                                    <img src="{{ item.product.photo.url }}" alt="{{ item.product.name }}" />
+                                {% else %}
+                                    <img src="{% static 'images/default_product.png' %}" alt="{{ item.product.name }}" />
+                                {% endif %}
+                            </div>
+                            <div class="item-details">
+                                <h2>{{ item.product.name }}</h2>
+                                <p>{{ item.product.brand }}</p>
+                            </div>
+                        </div>
+
+                        <div class="item-controls">
+                            {% if request.user.is_authenticated %}
+                                <form method="POST" action="{% url 'update_cart_item' item_pk=item.pk %}" class="quantity-form">
+                            {% else %}
+                                <form method="POST" action="{% url 'update_cart_session' product_pk=item.pk %}" class="quantity-form">
+                            {% endif %}
+                                {% csrf_token %}
+                                
+                                <input 
+                                    type="number" 
+                                    name="quantity" 
+                                    value="{{ item.quantity }}" 
+                                    min="0" 
+                                    max="{{ item.product.stock }}"
+                                    data-item-pk="{{ item.pk }}"
+                                    onchange="this.form.submit()" 
+                                    aria-label="Cantidad"
+                                >
+                                <button type="submit" name="quantity" value="0" class="btn-remove" title="Eliminar ítem">
+                                    <svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M3 6h18"></path><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"></path><line x1="10" y1="11" x2="10" y2="17"></line><line x1="14" y1="11" x2="14" y2="17"></line></svg>
+                                </button>
+                            </form>
+                            <div class="item-price">{{ item.total_price|floatformat:2|intcomma }} €</div>
+                        </div>
+                    </div>
+                {% endfor %}
+            </div>
+
+            <div class="cart-summary">
+                <div class="total-price-display">
+                    TOTAL: <span>{{ cart.total_price|floatformat:2|intcomma }} €</span>
+                </div>
+            </div>
+
+        {% else %}
+            <div class="empty-cart">
+                <h2>Tu carrito está vacío</h2>
+                <p>¡Añade productos de nuestro <a href="{% url 'catalog' %}" style="color: #c06b3e; text-decoration: none;">Catálogo</a> para empezar!</p>
+            </div>
+        {% endif %}
+    </div>
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/essenza/templates/product/detail_user.html b/essenza/templates/product/detail_user.html
index c038e202..6e2d0736 100644
--- a/essenza/templates/product/detail_user.html
+++ b/essenza/templates/product/detail_user.html
@@ -2,6 +2,23 @@
 - Essenza{% endblock %} {% block extra_head %}
 <style>
   /* Scoped styles for detail_user page; avoid modifying the global body */
+  .quantity-container {
+        display: flex; 
+        align-items: center; 
+        margin-right: 12px; 
+        gap: 5px;
+    }
+    .quantity_input {
+        width: 60px; 
+        padding: 8px; 
+        border: 1px solid #ddd; 
+        border-radius: 4px;
+        text-align: center;
+    }
+    .actions > form {
+        flex: 1; 
+        display: flex;
+    }
   .detail-body {
     background-color: #faf7f2;
     font-family: "Segoe UI", Arial, sans-serif;
@@ -236,24 +253,27 @@ <h1>{{ product.name }}</h1>
 
       <!-- -------- BOTONES -------- -->
       <div class="actions">
-        <button class="btn btn-add" id="addToCartBtn">
-          <span class="add-text" id="normalText">
-            <svg
-              xmlns="http://www.w3.org/2000/svg"
-              width="21"
-              height="21"
-              fill="none"
-              stroke="white"
-              stroke-width="2"
-              stroke-linecap="round"
-              stroke-linejoin="round"
-            >
-              <circle cx="9" cy="19" r="2"></circle>
-              <circle cx="17" cy="19" r="2"></circle>
-              <path d="M5 6h16l-1.5 9h-13z"></path>
-              <path d="M5 6L4 3H1"></path>
-            </svg>
-            Añadir al carrito
+        <form method="POST" action="{% url 'add_to_cart' product_pk=product.pk %}">
+            {% csrf_token %}
+            
+            <button class="btn btn-add" id="addToCartBtn" type="submit">
+                <span class="add-text" id="normalText">
+                    <svg
+                    xmlns="http://www.w3.org/2000/svg"
+                    width="21"
+                    height="21"
+                    fill="none"
+                    stroke="white"
+                    stroke-width="2"
+                    stroke-linecap="round"
+                    stroke-linejoin="round"
+                    >
+                        <circle cx="9" cy="19" r="2"></circle>
+                        <circle cx="17" cy="19" r="2"></circle>
+                        <path d="M5 6h16l-1.5 9h-13z"></path>
+                        <path d="M5 6L4 3H1"></path>
+                    </svg>
+                    Añadir al carrito
           </span>
           <span class="added-message" id="addedMessage"> ✓ Añadido </span>
         </button>

From 94b6a721ca50ed1c20964c624d9d845e2454f920 Mon Sep 17 00:00:00 2001
From: Alejandro Mantecon Rodriguez <alemanrod@alum.us.es>
Date: Wed, 19 Nov 2025 18:41:32 +0100
Subject: [PATCH 2/3] feat: CRUD carrito compras

---
 essenza/order/models.py                  |  6 +++++-
 essenza/order/views.py                   | 25 ++++++++++++++++--------
 essenza/templates/order/cart_detail.html |  4 ++--
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/essenza/order/models.py b/essenza/order/models.py
index 75eb6193..cb43b2a9 100644
--- a/essenza/order/models.py
+++ b/essenza/order/models.py
@@ -21,7 +21,7 @@ class Order(models.Model):
     def total_price(self):
         total = 0
         for product in self.order_products.all():
-            total += product.quantity * product.product.price
+            total += product.quantity * product.price
         return total
 
     def __str__(self):
@@ -37,5 +37,9 @@ class OrderProduct(models.Model):
     )
     quantity = models.IntegerField()
 
+    @property
+    def subtotal(self):
+        return self.quantity * self.product.price
+
     def __str__(self):
         return f"{self.quantity} of {self.product.name} in order {self.order.id}"
diff --git a/essenza/order/views.py b/essenza/order/views.py
index 9908ed4f..e2a4b99f 100644
--- a/essenza/order/views.py
+++ b/essenza/order/views.py
@@ -17,7 +17,10 @@ def get_or_create_cart(request):
     Obtiene la Order más reciente con status='PENDING' (asumida como carrito)
     o crea una nueva Order en estado 'PENDING'. Solo para usuarios logueados.
     """
-    if request.user.is_authenticated:
+    if request.user.role == 'admin':
+        return redirect("dashboard")
+    
+    if request.user.is_authenticated and request.user.role != "admin":
         # Lógica para usuarios logueados
         try:
             cart = Order.objects.filter(
@@ -52,16 +55,20 @@ class CartDetailView(View):
     
     def get(self, request):
         cart = None
+        if request.user.is_authenticated and request.user.role == "admin":
+            return redirect("dashboard")
         
         if request.user.is_authenticated:
             # LÓGICA 1: Usuario logueado (lee de la DB)
             cart = get_or_create_cart(request) 
             cart_items = cart.order_products.all()
-            
+            print(cart_items)
+            cart_total = sum(item.quantity * item.product.price for item in cart_items)
         else:
             # LÓGICA 2: Usuario anónimo (lee de la Sesión)
             cart_session = request.session.get('cart_session', {})
             cart_items = []
+            cart_total = 0
             
             # Si hay ítems en la sesión, construimos una lista para la plantilla
             if cart_session:
@@ -82,10 +89,12 @@ def get(self, request):
                         'subtotal': quantity * product.price, 
                         'pk': product.pk,
                     })
+                    cart_total = sum(item.product.price * item.quantity for item in cart_items)
 
         context = {
             'cart': cart, # Será None para anónimos
             'cart_items': cart_items, # Lista de DB objects o dicts/temp objects
+            'cart_total': cart_total, # Total calculado
         }
         return render(request, self.template_name, context)
 # =======================================================
@@ -175,7 +184,7 @@ def post(self, request, product_pk):
         product = get_object_or_404(Product, pk=product_pk)
 
         # 2. Lógica de Actualización/Eliminación
-        if product_pk_str in cart_session:
+        if product_pk_str in cart_session:  
             if new_quantity <= 0:
                 # ELIMINAR
                 del cart_session[product_pk_str]
@@ -183,16 +192,16 @@ def post(self, request, product_pk):
             else:
                 # ACTUALIZAR
                 # Opcional: limitar al stock disponible
-                if new_quantity > product.stock:
+                if new_quantity >   product.stock:
                     new_quantity = product.stock
                     messages.warning(request, f"Solo quedan {product.stock} unidades de '{product.name}'. Cantidad limitada.")
-
-                cart_session[product_pk_str]['quantity'] = new_quantity
-                messages.success(request, f"Cantidad de '{product.name}' actualizada a {new_quantity}.")
+                else:
+                    cart_session[product_pk_str]['quantity'] = new_quantity
+                    messages.success(request, f"Cantidad de '{product.name}' actualizada a {new_quantity}.")
         
             # 3. Guardar sesión
             request.session['cart_session'] = cart_session
-            request.session.modified = True
+            request.session.modified = True 
             
         return redirect('cart_detail')
     
diff --git a/essenza/templates/order/cart_detail.html b/essenza/templates/order/cart_detail.html
index 27a06715..71563539 100644
--- a/essenza/templates/order/cart_detail.html
+++ b/essenza/templates/order/cart_detail.html
@@ -225,7 +225,7 @@ <h2>{{ item.product.name }}</h2>
                                     <svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M3 6h18"></path><path d="M19 6v14a2 2 0 0 1-2 2H7a2 2 0 0 1-2-2V6m3 0V4a2 2 0 0 1 2-2h4a2 2 0 0 1 2 2v2"></path><line x1="10" y1="11" x2="10" y2="17"></line><line x1="14" y1="11" x2="14" y2="17"></line></svg>
                                 </button>
                             </form>
-                            <div class="item-price">{{ item.total_price|floatformat:2|intcomma }} €</div>
+                            <div class="item-price">{{ item.subtotal|floatformat:2|intcomma }} €</div>
                         </div>
                     </div>
                 {% endfor %}
@@ -233,7 +233,7 @@ <h2>{{ item.product.name }}</h2>
 
             <div class="cart-summary">
                 <div class="total-price-display">
-                    TOTAL: <span>{{ cart.total_price|floatformat:2|intcomma }} €</span>
+                    TOTAL: <span>{{ cart_total|floatformat:2|intcomma }} €</span>
                 </div>
             </div>
 

From 70c802a82f5911388118c2fe64eab4c9dce15823 Mon Sep 17 00:00:00 2001
From: Alejandro Mantecon Rodriguez <alemanrod@alum.us.es>
Date: Wed, 19 Nov 2025 21:00:15 +0100
Subject: [PATCH 3/3] test: test cart order

---
 essenza/order/tests.py | 92 +++++++++++++++++++++++++++++++++++++++++-
 essenza/order/views.py | 25 +++++-------
 2 files changed, 102 insertions(+), 15 deletions(-)

diff --git a/essenza/order/tests.py b/essenza/order/tests.py
index a39b155a..e305ff8a 100644
--- a/essenza/order/tests.py
+++ b/essenza/order/tests.py
@@ -1 +1,91 @@
-# Create your tests here.
+from django.test import TestCase, Client
+from django.urls import reverse
+from django.contrib.auth import get_user_model
+
+from product.models import Product
+from order.models import Order, OrderProduct, Status
+
+
+User = get_user_model()
+
+
+class CartTests(TestCase):
+	def setUp(self):
+		self.client = Client()
+		# Create a sample product
+		self.product = Product.objects.create(
+			name="Test Product",
+			description="Desc",
+			category="maquillaje",
+			brand="Marca",
+			price="9.99",
+			stock=10,
+			is_active=True,
+		)
+
+		# Regular user
+		self.user = User.objects.create_user(
+			email="user@example.com", username="user1", password="pass1234", role="user"
+		)
+
+		# Admin user
+		self.admin = User.objects.create_user(
+			email="admin@example.com", username="admin1", password="adminpass", role="admin", is_staff=True
+		)
+
+	def test_anonymous_add_to_cart_creates_session(self):
+		url = reverse('add_to_cart', kwargs={'product_pk': self.product.pk})
+		response = self.client.post(url, {'quantity': 2}, follow=True)
+
+		# Should redirect to cart_detail
+		self.assertEqual(response.status_code, 200)
+		session = self.client.session
+		self.assertIn('cart_session', session)
+		cart = session['cart_session']
+		self.assertIn(str(self.product.pk), cart)
+		self.assertEqual(cart[str(self.product.pk)]['quantity'], 2)
+
+	def test_authenticated_user_adds_to_db_cart(self):
+		self.client.login(email='user@example.com', password='pass1234')
+		url = reverse('add_to_cart', kwargs={'product_pk': self.product.pk})
+		response = self.client.post(url, {'quantity': 3}, follow=True)
+
+		# After adding, there should be a pending Order for the user
+		self.assertEqual(response.status_code, 200)
+		orders = Order.objects.filter(user=self.user, status=Status.PENDING)
+		self.assertTrue(orders.exists())
+		order = orders.first()
+		# Check OrderProduct exists
+		op = OrderProduct.objects.filter(order=order, product=self.product).first()
+		self.assertIsNotNone(op)
+		self.assertEqual(op.quantity, 3)
+
+	def test_admin_get_cart_forbidden(self):
+		# Admin should get 403 on cart detail
+		self.client.login(email='admin@example.com', password='adminpass')
+		url = reverse('cart_detail')
+		response = self.client.get(url)
+		self.assertEqual(response.status_code, 403)
+
+	def test_admin_cannot_add_to_cart(self):
+		self.client.login(email='admin@example.com', password='adminpass')
+		url = reverse('add_to_cart', kwargs={'product_pk': self.product.pk})
+		response = self.client.post(url)
+		self.assertEqual(response.status_code, 403)
+
+	def test_cart_shows_empty_after_order_deleted(self):
+		# Create a pending order for the user with one OrderProduct
+		order = Order.objects.create(user=self.user, status=Status.PENDING, address='')
+		OrderProduct.objects.create(order=order, product=self.product, quantity=2)
+
+		# Delete the order
+		order.delete()
+
+		# Login as user and request cart detail
+		self.client.login(email='user@example.com', password='pass1234')
+		url = reverse('cart_detail')
+		response = self.client.get(url)
+		self.assertEqual(response.status_code, 200)
+		self.assertIn('cart_items', response.context)
+		self.assertEqual(len(response.context['cart_items']), 0)
+
diff --git a/essenza/order/views.py b/essenza/order/views.py
index e2a4b99f..36788645 100644
--- a/essenza/order/views.py
+++ b/essenza/order/views.py
@@ -3,7 +3,7 @@
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib import messages
 from django.db.models import F # Importado para operaciones atómicas
-from django.core.exceptions import ObjectDoesNotExist
+from django.core.exceptions import ObjectDoesNotExist, PermissionDenied
 
 # Importaciones de tus modelos
 from .models import Order, OrderProduct, Status
@@ -17,10 +17,11 @@ def get_or_create_cart(request):
     Obtiene la Order más reciente con status='PENDING' (asumida como carrito)
     o crea una nueva Order en estado 'PENDING'. Solo para usuarios logueados.
     """
-    if request.user.role == 'admin':
-        return redirect("dashboard")
-    
-    if request.user.is_authenticated and request.user.role != "admin":
+    # Deny access to admin/staff users explicitly
+    if request.user.is_authenticated and (getattr(request.user, 'role', None) == 'admin' or getattr(request.user, 'is_staff', False)):
+        raise PermissionDenied("Acceso denegado: administradores no pueden usar el carrito.")
+
+    if request.user.is_authenticated:
         # Lógica para usuarios logueados
         try:
             cart = Order.objects.filter(
@@ -35,12 +36,12 @@ def get_or_create_cart(request):
             cart = Order.objects.create(
                 user=request.user, 
                 status=Status.PENDING,
-                address=None
+                address="",  # Provide an empty string to avoid IntegrityError
             )
             
         return cart
     else:
-        # Los anónimos usan la sesión (o se les niega el acceso POST)
+        # Los anónimos usan la sesión
         return None
 
 # --------------------------------------------------------------------
@@ -55,15 +56,11 @@ class CartDetailView(View):
     
     def get(self, request):
         cart = None
-        if request.user.is_authenticated and request.user.role == "admin":
-            return redirect("dashboard")
-        
         if request.user.is_authenticated:
             # LÓGICA 1: Usuario logueado (lee de la DB)
-            cart = get_or_create_cart(request) 
+            cart = get_or_create_cart(request)
             cart_items = cart.order_products.all()
-            print(cart_items)
-            cart_total = sum(item.quantity * item.product.price for item in cart_items)
+            cart_total = sum(item.product.price * item.quantity for item in cart_items) if cart_items else 0
         else:
             # LÓGICA 2: Usuario anónimo (lee de la Sesión)
             cart_session = request.session.get('cart_session', {})
@@ -89,7 +86,7 @@ def get(self, request):
                         'subtotal': quantity * product.price, 
                         'pk': product.pk,
                     })
-                    cart_total = sum(item.product.price * item.quantity for item in cart_items)
+                    cart_total = sum(item['product'].price * item['quantity'] for item in cart_items)
 
         context = {
             'cart': cart, # Será None para anónimos