arthexis 0.1.9__py3-none-any.whl → 0.1.11__py3-none-any.whl

core/views.py

@@ -3,19 +3,26 @@ import shutil
 from datetime import timedelta
 
 import requests
+from django.conf import settings
 from django.contrib.admin.views.decorators import staff_member_required
 from django.contrib.auth import authenticate, login
+from django.contrib import messages
+from django.contrib.sites.models import Site
 from django.http import Http404, JsonResponse
-from django.shortcuts import get_object_or_404, render, redirect
-from django.views.decorators.csrf import csrf_exempt
-from django.views.decorators.http import require_POST
-from django.utils.translation import gettext as _
+from django.shortcuts import get_object_or_404, redirect, render, resolve_url
 from django.utils import timezone
+from django.utils.text import slugify
+from django.utils.translation import gettext as _
 from django.urls import NoReverseMatch, reverse
+from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_GET, require_POST
+from django.utils.http import url_has_allowed_host_and_scheme
 from pathlib import Path
+from urllib.parse import urlsplit, urlunsplit
+import errno
 import subprocess
-import json
 
+from utils import revision
 from utils.api import api_login_required
 
 from .models import Product, EnergyAccount, PackageRelease, Todo
@@ -42,6 +49,22 @@ def odoo_products(request):
     return JsonResponse(items, safe=False)
 
 
+@require_GET
+def version_info(request):
+    """Return the running application version and Git revision."""
+
+    version = ""
+    version_path = Path(settings.BASE_DIR) / "VERSION"
+    if version_path.exists():
+        version = version_path.read_text(encoding="utf-8").strip()
+    return JsonResponse(
+        {
+            "version": version,
+            "revision": revision.get_revision(),
+        }
+    )
+
+
 from . import release as release_utils
 
 
@@ -60,6 +83,188 @@ def _clean_repo() -> None:
     subprocess.run(["git", "clean", "-fd"], check=False)
 
 
+def _format_path(path: Path) -> str:
+    try:
+        return str(path.resolve().relative_to(Path.cwd()))
+    except ValueError:
+        return str(path)
+
+
+def _next_patch_version(version: str) -> str:
+    from packaging.version import InvalidVersion, Version
+
+    try:
+        parsed = Version(version)
+    except InvalidVersion:
+        parts = version.split(".")
+        for index in range(len(parts) - 1, -1, -1):
+            segment = parts[index]
+            if segment.isdigit():
+                parts[index] = str(int(segment) + 1)
+                return ".".join(parts)
+        return version
+    return f"{parsed.major}.{parsed.minor}.{parsed.micro + 1}"
+
+
+def _write_todo_fixture(todo: Todo) -> Path:
+    safe_request = todo.request.replace(".", " ")
+    slug = slugify(safe_request).replace("-", "_")
+    if not slug:
+        slug = "todo"
+    path = TODO_FIXTURE_DIR / f"todos__{slug}.json"
+    path.parent.mkdir(parents=True, exist_ok=True)
+    data = [
+        {
+            "model": "core.todo",
+            "fields": {
+                "request": todo.request,
+                "url": todo.url,
+                "request_details": todo.request_details,
+            },
+        }
+    ]
+    path.write_text(json.dumps(data, indent=2) + "\n", encoding="utf-8")
+    return path
+
+
+def _should_use_python_changelog(exc: OSError) -> bool:
+    winerror = getattr(exc, "winerror", None)
+    if winerror in {193}:
+        return True
+    return exc.errno in {errno.ENOEXEC, errno.EACCES, errno.ENOENT}
+
+
+def _generate_changelog_with_python(log_path: Path) -> None:
+    _append_log(log_path, "Falling back to Python changelog generator")
+    describe = subprocess.run(
+        ["git", "describe", "--tags", "--abbrev=0"],
+        capture_output=True,
+        text=True,
+        check=False,
+    )
+    start_tag = describe.stdout.strip() if describe.returncode == 0 else ""
+    range_spec = f"{start_tag}..HEAD" if start_tag else "HEAD"
+    log_proc = subprocess.run(
+        ["git", "log", range_spec, "--no-merges", "--pretty=format:- %h %s"],
+        capture_output=True,
+        text=True,
+        check=True,
+    )
+    entries = [line for line in log_proc.stdout.splitlines() if line]
+    changelog_path = Path("CHANGELOG.rst")
+    previous_lines: list[str] = []
+    if changelog_path.exists():
+        previous_lines = changelog_path.read_text(encoding="utf-8").splitlines()
+        if len(previous_lines) > 6:
+            previous_lines = previous_lines[6:]
+        else:
+            previous_lines = []
+    lines = [
+        "Changelog",
+        "=========",
+        "",
+        "Unreleased",
+        "----------",
+        "",
+    ]
+    if entries:
+        lines.extend(entries)
+    if previous_lines:
+        lines.append("")
+        lines.extend(previous_lines)
+    content = "\n".join(lines)
+    if not content.endswith("\n"):
+        content += "\n"
+    changelog_path.write_text(content, encoding="utf-8")
+    _append_log(log_path, "Regenerated CHANGELOG.rst using Python fallback")
+
+
+def _ensure_release_todo(release) -> tuple[Todo, Path]:
+    target_version = _next_patch_version(release.version)
+    request = f"Create release {release.package.name} {target_version}"
+    try:
+        url = reverse("admin:core_packagerelease_changelist")
+    except NoReverseMatch:
+        url = ""
+    todo, _ = Todo.all_objects.update_or_create(
+        request__iexact=request,
+        defaults={
+            "request": request,
+            "url": url,
+            "request_details": "",
+            "is_seed_data": True,
+            "is_deleted": False,
+            "is_user_data": False,
+            "done_on": None,
+            "on_done_condition": "",
+        },
+    )
+    fixture_path = _write_todo_fixture(todo)
+    return todo, fixture_path
+
+
+def _sync_release_with_revision(release: PackageRelease) -> tuple[bool, str]:
+    """Ensure ``release`` matches the repository revision and version.
+
+    Returns a tuple ``(updated, previous_version)`` where ``updated`` is
+    ``True`` when any field changed and ``previous_version`` is the version
+    before synchronization.
+    """
+
+    from packaging.version import InvalidVersion, Version
+
+    previous_version = release.version
+    updated_fields: set[str] = set()
+
+    repo_version: Version | None = None
+    version_path = Path("VERSION")
+    if version_path.exists():
+        try:
+            repo_version = Version(version_path.read_text(encoding="utf-8").strip())
+        except InvalidVersion:
+            repo_version = None
+
+    try:
+        release_version = Version(release.version)
+    except InvalidVersion:
+        release_version = None
+
+    if repo_version is not None:
+        bumped_repo_version = Version(
+            f"{repo_version.major}.{repo_version.minor}.{repo_version.micro + 1}"
+        )
+        if release_version is None or release_version < bumped_repo_version:
+            release.version = str(bumped_repo_version)
+            release_version = bumped_repo_version
+            updated_fields.add("version")
+
+    current_revision = revision.get_revision()
+    if current_revision and current_revision != release.revision:
+        release.revision = current_revision
+        updated_fields.add("revision")
+
+    if updated_fields:
+        release.save(update_fields=list(updated_fields))
+        PackageRelease.dump_fixture()
+
+    package_updated = False
+    if release.package_id and not release.package.is_active:
+        release.package.is_active = True
+        release.package.save(update_fields=["is_active"])
+        package_updated = True
+
+    version_updated = False
+    if release.version:
+        current = ""
+        if version_path.exists():
+            current = version_path.read_text(encoding="utf-8").strip()
+        if current != release.version:
+            version_path.write_text(f"{release.version}\n", encoding="utf-8")
+            version_updated = True
+
+    return bool(updated_fields or version_updated or package_updated), previous_version
+
+
 def _changelog_notes(version: str) -> str:
     path = Path("CHANGELOG.rst")
     if not path.exists():
@@ -85,6 +290,46 @@ class ApprovalRequired(Exception):
     """Raised when release manager approval is required before continuing."""
 
 
+def _format_condition_failure(todo: Todo, result) -> str:
+    """Return a localized error message for a failed TODO condition."""
+
+    if result.error and result.resolved:
+        detail = _("%(condition)s (error: %(error)s)") % {
+            "condition": result.resolved,
+            "error": result.error,
+        }
+    elif result.error:
+        detail = _("Error: %(error)s") % {"error": result.error}
+    elif result.resolved:
+        detail = result.resolved
+    else:
+        detail = _("Condition evaluated to False")
+    return _("Condition failed for %(todo)s: %(detail)s") % {
+        "todo": todo.request,
+        "detail": detail,
+    }
+
+
+def _get_return_url(request) -> str:
+    """Return a safe URL to redirect back to after completing a TODO."""
+
+    candidates = [request.GET.get("next"), request.POST.get("next")]
+    referer = request.META.get("HTTP_REFERER")
+    if referer:
+        candidates.append(referer)
+
+    for candidate in candidates:
+        if not candidate:
+            continue
+        if url_has_allowed_host_and_scheme(
+            candidate,
+            allowed_hosts={request.get_host()},
+            require_https=request.is_secure(),
+        ):
+            return candidate
+    return resolve_url("admin:index")
+
+
 def _step_check_todos(release, ctx, log_path: Path) -> None:
     pending_qs = Todo.objects.filter(is_deleted=False, done_on__isnull=True)
     if pending_qs.exists():
@@ -107,7 +352,7 @@ def _step_check_todos(release, ctx, log_path: Path) -> None:
             check=False,
         )
     ctx.pop("todos", None)
-    ctx.pop("todos_ack", None)
+    ctx["todos_ack"] = True
 
 
 def _step_check_version(release, ctx, log_path: Path) -> None:
@@ -158,6 +403,7 @@ def _step_check_version(release, ctx, log_path: Path) -> None:
         )
         subprocess.run(["git", "add", *fixture_files], check=True)
         subprocess.run(["git", "commit", "-m", "chore: update fixtures"], check=True)
+        _append_log(log_path, "Fixture changes committed")
 
     version_path = Path("VERSION")
     if version_path.exists():
@@ -178,25 +424,59 @@ def _step_check_version(release, ctx, log_path: Path) -> None:
             if "already on PyPI" in str(exc):
                 raise
             _append_log(log_path, f"PyPI check failed: {exc}")
+        else:
+            _append_log(
+                log_path,
+                f"Version {release.version} not published on PyPI",
+            )
     else:
         _append_log(log_path, "Network unavailable, skipping PyPI check")
 
 
 def _step_handle_migrations(release, ctx, log_path: Path) -> None:
     _append_log(log_path, "Freeze, squash and approve migrations")
+    _append_log(log_path, "Migration review acknowledged (manual step)")
 
 
 def _step_changelog_docs(release, ctx, log_path: Path) -> None:
     _append_log(log_path, "Compose CHANGELOG and documentation")
+    _append_log(log_path, "CHANGELOG and documentation review recorded")
 
 
 def _step_pre_release_actions(release, ctx, log_path: Path) -> None:
     _append_log(log_path, "Execute pre-release actions")
+    try:
+        subprocess.run(["scripts/generate-changelog.sh"], check=True)
+    except OSError as exc:
+        if _should_use_python_changelog(exc):
+            _append_log(
+                log_path,
+                f"scripts/generate-changelog.sh failed: {exc}",
+            )
+            _generate_changelog_with_python(log_path)
+        else:  # pragma: no cover - unexpected OSError
+            raise
+    else:
+        _append_log(
+            log_path, "Regenerated CHANGELOG.rst using scripts/generate-changelog.sh"
+        )
+    subprocess.run(["git", "add", "CHANGELOG.rst"], check=True)
+    _append_log(log_path, "Staged CHANGELOG.rst for commit")
     version_path = Path("VERSION")
     version_path.write_text(f"{release.version}\n", encoding="utf-8")
+    _append_log(log_path, f"Updated VERSION file to {release.version}")
     subprocess.run(["git", "add", "VERSION"], check=True)
+    _append_log(log_path, "Staged VERSION for commit")
     diff = subprocess.run(
-        ["git", "diff", "--cached", "--quiet", "--", "VERSION"],
+        [
+            "git",
+            "diff",
+            "--cached",
+            "--quiet",
+            "--",
+            "CHANGELOG.rst",
+            "VERSION",
+        ],
         check=False,
     )
     if diff.returncode != 0:
@@ -204,13 +484,40 @@ def _step_pre_release_actions(release, ctx, log_path: Path) -> None:
             ["git", "commit", "-m", f"pre-release commit {release.version}"],
             check=True,
         )
+        _append_log(log_path, f"Committed VERSION update for {release.version}")
     else:
-        _append_log(log_path, "No changes detected for VERSION; skipping commit")
+        _append_log(
+            log_path, "No changes detected for VERSION or CHANGELOG; skipping commit"
+        )
+        subprocess.run(["git", "reset", "HEAD", "CHANGELOG.rst"], check=False)
+        _append_log(log_path, "Unstaged CHANGELOG.rst")
         subprocess.run(["git", "reset", "HEAD", "VERSION"], check=False)
+        _append_log(log_path, "Unstaged VERSION file")
+    todo, fixture_path = _ensure_release_todo(release)
+    fixture_display = _format_path(fixture_path)
+    _append_log(log_path, f"Added TODO: {todo.request}")
+    _append_log(log_path, f"Wrote TODO fixture {fixture_display}")
+    subprocess.run(["git", "add", str(fixture_path)], check=True)
+    _append_log(log_path, f"Staged TODO fixture {fixture_display}")
+    fixture_diff = subprocess.run(
+        ["git", "diff", "--cached", "--quiet", "--", str(fixture_path)],
+        check=False,
+    )
+    if fixture_diff.returncode != 0:
+        commit_message = f"chore: add release TODO for {release.package.name}"
+        subprocess.run(["git", "commit", "-m", commit_message], check=True)
+        _append_log(log_path, f"Committed TODO fixture {fixture_display}")
+    else:
+        _append_log(
+            log_path,
+            f"No changes detected for TODO fixture {fixture_display}; skipping commit",
+        )
+    _append_log(log_path, "Pre-release actions complete")
 
 
 def _step_run_tests(release, ctx, log_path: Path) -> None:
     _append_log(log_path, "Complete test suite with --all flag")
+    _append_log(log_path, "Test suite completion acknowledged")
 
 
 def _step_promote_build(release, ctx, log_path: Path) -> None:
@@ -220,15 +527,22 @@ def _step_promote_build(release, ctx, log_path: Path) -> None:
     try:
         try:
             subprocess.run(["git", "fetch", "origin", "main"], check=True)
+            _append_log(log_path, "Fetched latest changes from origin/main")
             subprocess.run(["git", "rebase", "origin/main"], check=True)
+            _append_log(log_path, "Rebased current branch onto origin/main")
         except subprocess.CalledProcessError as exc:
             subprocess.run(["git", "rebase", "--abort"], check=False)
+            _append_log(log_path, "Rebase onto origin/main failed; aborted rebase")
             raise Exception("Rebase onto main failed") from exc
         release_utils.promote(
             package=release.to_package(),
             version=release.version,
             creds=release.to_credentials(),
         )
+        _append_log(
+            log_path,
+            f"Generated release artifacts for v{release.version}",
+        )
         from glob import glob
 
         paths = ["VERSION", *glob("core/fixtures/releases__*.json")]
@@ -239,6 +553,7 @@ def _step_promote_build(release, ctx, log_path: Path) -> None:
         )
         if diff.stdout.strip():
             subprocess.run(["git", "add", *paths], check=True)
+            _append_log(log_path, "Staged release metadata updates")
             subprocess.run(
                 [
                     "git",
@@ -248,8 +563,14 @@ def _step_promote_build(release, ctx, log_path: Path) -> None:
                 ],
                 check=True,
             )
+            _append_log(
+                log_path,
+                f"Committed release metadata for v{release.version}",
+            )
         subprocess.run(["git", "push"], check=True)
+        _append_log(log_path, "Pushed release changes to origin")
         PackageRelease.dump_fixture()
+        _append_log(log_path, "Updated release fixtures")
     except Exception:
         _clean_repo()
         raise
@@ -307,15 +628,20 @@ def _step_publish(release, ctx, log_path: Path) -> None:
     release.pypi_url = (
         f"https://pypi.org/project/{release.package.name}/{release.version}/"
     )
-    release.save(update_fields=["pypi_url"])
+    release.release_on = timezone.now()
+    release.save(update_fields=["pypi_url", "release_on"])
     PackageRelease.dump_fixture()
+    _append_log(log_path, f"Recorded PyPI URL: {release.pypi_url}")
     _append_log(log_path, "Upload complete")
 
 
+FIXTURE_REVIEW_STEP_NAME = "Freeze, squash and approve migrations"
+
+
 PUBLISH_STEPS = [
     ("Check version number availability", _step_check_version),
     ("Confirm release TODO completion", _step_check_todos),
-    ("Freeze, squash and approve migrations", _step_handle_migrations),
+    (FIXTURE_REVIEW_STEP_NAME, _step_handle_migrations),
     ("Compose CHANGELOG and documentation", _step_changelog_docs),
     ("Execute pre-release actions", _step_pre_release_actions),
     ("Build release artifacts", _step_promote_build),
@@ -514,12 +840,28 @@ def release_progress(request, pk: int, action: str):
     release = get_object_or_404(PackageRelease, pk=pk)
     if action != "publish":
         raise Http404("Unknown action")
-    if not release.is_current:
-        raise Http404("Release is not current")
     session_key = f"release_publish_{pk}"
     lock_path = Path("locks") / f"release_publish_{pk}.json"
     restart_path = Path("locks") / f"release_publish_{pk}.restarts"
 
+    if not release.is_current:
+        if release.is_published:
+            raise Http404("Release is not current")
+        updated, previous_version = _sync_release_with_revision(release)
+        if updated:
+            request.session.pop(session_key, None)
+            if lock_path.exists():
+                lock_path.unlink()
+            if restart_path.exists():
+                restart_path.unlink()
+            log_dir = Path("logs")
+            for log_file in log_dir.glob(
+                f"{release.package.name}-{previous_version}*.log"
+            ):
+                log_file.unlink()
+        if not release.is_current:
+            raise Http404("Release is not current")
+
     if request.GET.get("restart"):
         count = 0
         if restart_path.exists():
@@ -531,7 +873,8 @@ def release_progress(request, pk: int, action: str):
         restart_path.write_text(str(count + 1), encoding="utf-8")
         _clean_repo()
         release.pypi_url = ""
-        release.save(update_fields=["pypi_url"])
+        release.release_on = None
+        release.save(update_fields=["pypi_url", "release_on"])
         request.session.pop(session_key, None)
         if lock_path.exists():
             lock_path.unlink()
@@ -555,11 +898,11 @@ def release_progress(request, pk: int, action: str):
     if credentials_ready and ctx.get("approval_credentials_missing"):
         ctx.pop("approval_credentials_missing", None)
 
+    ack_todos_requested = bool(request.GET.get("ack_todos"))
+
     if request.GET.get("start"):
         ctx["started"] = True
         ctx["paused"] = False
-    if request.GET.get("ack_todos"):
-        ctx["todos_ack"] = True
     if (
         ctx.get("awaiting_approval")
         and not ctx.get("approval_credentials_missing")
@@ -580,9 +923,34 @@ def release_progress(request, pk: int, action: str):
     step_count = ctx.get("step", 0)
     step_param = request.GET.get("step")
 
-    pending = Todo.objects.filter(is_deleted=False, done_on__isnull=True)
-    if pending.exists() and not ctx.get("todos_ack"):
-        ctx["todos"] = list(pending.values("id", "request", "url", "request_details"))
+    pending_qs = Todo.objects.filter(is_deleted=False, done_on__isnull=True)
+    pending_items = list(pending_qs)
+    if ack_todos_requested:
+        if pending_items:
+            failures = []
+            for todo in pending_items:
+                result = todo.check_on_done_condition()
+                if not result.passed:
+                    failures.append((todo, result))
+            if failures:
+                ctx.pop("todos_ack", None)
+                for todo, result in failures:
+                    messages.error(request, _format_condition_failure(todo, result))
+            else:
+                ctx["todos_ack"] = True
+        else:
+            ctx["todos_ack"] = True
+
+    if pending_items and not ctx.get("todos_ack"):
+        ctx["todos"] = [
+            {
+                "id": todo.pk,
+                "request": todo.request,
+                "url": todo.url,
+                "request_details": todo.request_details,
+            }
+            for todo in pending_items
+        ]
     else:
         ctx.pop("todos", None)
 
@@ -608,6 +976,14 @@ def release_progress(request, pk: int, action: str):
             log_path.unlink()
 
     steps = PUBLISH_STEPS
+    fixtures_step_index = next(
+        (
+            index
+            for index, (name, _) in enumerate(steps)
+            if name == FIXTURE_REVIEW_STEP_NAME
+        ),
+        None,
+    )
     error = ctx.get("error")
 
     if (
@@ -742,6 +1118,14 @@ def release_progress(request, pk: int, action: str):
             "admin:core_user_change", args=[request.user.pk]
         )
 
+    fixtures_summary = ctx.get("fixtures")
+    if (
+        fixtures_summary
+        and fixtures_step_index is not None
+        and step_count > fixtures_step_index
+    ):
+        fixtures_summary = None
+
     context = {
         "release": release,
         "action": "publish",
@@ -753,7 +1137,7 @@ def release_progress(request, pk: int, action: str):
         "log_content": log_content,
         "log_path": str(log_path),
         "cert_log": ctx.get("cert_log"),
-        "fixtures": ctx.get("fixtures"),
+        "fixtures": fixtures_summary,
         "todos": ctx.get("todos"),
         "restart_count": restart_count,
         "started": ctx.get("started", False),
@@ -780,10 +1164,105 @@ def release_progress(request, pk: int, action: str):
     return render(request, "core/release_progress.html", context)
 
 
+def _todo_iframe_url(request, todo: Todo) -> str:
+    """Return a safe iframe URL for ``todo`` scoped to the current host."""
+
+    fallback = reverse("admin:core_todo_change", args=[todo.pk])
+    raw_url = (todo.url or "").strip()
+    if not raw_url:
+        return fallback
+
+    focus_path = reverse("todo-focus", args=[todo.pk])
+    focus_norm = focus_path.strip("/").lower()
+
+    def _is_focus_target(target: str) -> bool:
+        if not target:
+            return False
+        parsed_target = urlsplit(target)
+        path = parsed_target.path
+        if not path and not parsed_target.scheme and not parsed_target.netloc:
+            path = target.split("?", 1)[0].split("#", 1)[0]
+        normalized = path.strip("/").lower()
+        return normalized == focus_norm if normalized else False
+
+    if _is_focus_target(raw_url):
+        return fallback
+
+    parsed = urlsplit(raw_url)
+    if not parsed.scheme and not parsed.netloc:
+        return fallback if _is_focus_target(parsed.path) else raw_url
+
+    if parsed.scheme and parsed.scheme.lower() not in {"http", "https"}:
+        return fallback
+
+    request_host = request.get_host().strip().lower()
+    host_without_port = request_host.split(":", 1)[0]
+    allowed_hosts = {
+        request_host,
+        host_without_port,
+        "localhost",
+        "127.0.0.1",
+        "0.0.0.0",
+        "::1",
+    }
+
+    site_domain = ""
+    try:
+        site_domain = Site.objects.get_current().domain.strip().lower()
+    except Site.DoesNotExist:
+        site_domain = ""
+    if site_domain:
+        allowed_hosts.add(site_domain)
+        allowed_hosts.add(site_domain.split(":", 1)[0])
+
+    for host in getattr(settings, "ALLOWED_HOSTS", []):
+        if not isinstance(host, str):
+            continue
+        normalized = host.strip().lower()
+        if not normalized or normalized.startswith("*"):
+            continue
+        allowed_hosts.add(normalized)
+        allowed_hosts.add(normalized.split(":", 1)[0])
+
+    hostname = (parsed.hostname or "").strip().lower()
+    netloc = parsed.netloc.strip().lower()
+    if hostname in allowed_hosts or netloc in allowed_hosts:
+        path = parsed.path or "/"
+        if not path.startswith("/"):
+            path = f"/{path}"
+        relative_url = urlunsplit(("", "", path, parsed.query, parsed.fragment))
+        if _is_focus_target(relative_url):
+            return fallback
+        return relative_url or fallback
+
+    return fallback
+
+
+@staff_member_required
+def todo_focus(request, pk: int):
+    todo = get_object_or_404(Todo, pk=pk, is_deleted=False)
+    if todo.done_on:
+        return redirect(_get_return_url(request))
+
+    iframe_url = _todo_iframe_url(request, todo)
+    context = {
+        "todo": todo,
+        "iframe_url": iframe_url,
+        "next_url": _get_return_url(request),
+        "done_url": reverse("todo-done", args=[todo.pk]),
+    }
+    return render(request, "core/todo_focus.html", context)
+
+
 @staff_member_required
 @require_POST
 def todo_done(request, pk: int):
     todo = get_object_or_404(Todo, pk=pk, is_deleted=False, done_on__isnull=True)
+    redirect_to = _get_return_url(request)
+    result = todo.check_on_done_condition()
+    if not result.passed:
+        messages.error(request, _format_condition_failure(todo, result))
+        return redirect(redirect_to)
     todo.done_on = timezone.now()
     todo.save(update_fields=["done_on"])
-    return redirect("admin:index")
+    return redirect(redirect_to)