Fix permissionk

aleksis/apps/tezor/predicates.py

@@ -10,7 +10,6 @@ User = get_user_model()
 @predicate
 def is_own_invoice(user: User, obj: Invoice):
     """Predicate which checks if the invoice is linked to the current user."""
-
     return obj.get_person() == user.person
 
 

aleksis/apps/tezor/rules.py

@@ -150,3 +150,6 @@ send_invoice_email_predicate = (
     | has_object_perm("tezor.send_invoice_email")
 )
 rules.add_perm("tezor.send_invoice_email_rule", send_invoice_email_predicate)
+
+view_own_invoices_predicate = has_person
+rules.add_perm("tezor.view_own_invoices_list_rule", view_own_invoices_predicate)

aleksis/apps/tezor/views.py

@@ -34,6 +34,13 @@ class GetInvoicePDF(PermissionRequiredMixin, RenderPDFView):
 
         return context
 
+    def has_permission(self):
+
+        invoice = Invoice.objects.get(token=self.kwargs["token"])
+
+        perms = self.get_permission_required()
+        return self.request.user.has_perms(perms, invoice)
+
 
 class DoPaymentView(PermissionRequiredMixin, View):
 
@@ -238,15 +245,16 @@ class SendInvoiceEmail(PermissionRequiredMixin, View):
 
         return redirect(url)
 
+
 class MyInvoicesListView(PermissionRequiredMixin, SingleTableView):
     """Table of all invoices belonging to a user."""
 
     model = Invoice
     table_class = InvoicesTable
-    permission_required = "tezor.display_billing_rule"
+    permission_required = "tezor.view_own_invoices_list_rule"
     template_name = "tezor/invoice/list.html"
 
     def get_queryset(self, *args, **kwargs):
-        invoices = self.model.objects.filter(billing_email=self.request.user.person.email)
+        invoices = self.model.objects.filter(person=self.request.user.person)
 
         return invoices