Check permissions in UI

2261b025 · Tom Teichler · 0ce93d95 · 2261b025
Commit 2261b025 authored 3 years ago by Tom Teichler
--- a/aleksis/apps/tezor/templates/tezor/invoice/full.html
+++ b/aleksis/apps/tezor/templates/tezor/invoice/full.html
 {% extends "core/base.html" %}
-{% load material_form i18n %}
+{% load material_form i18n rules %}

 {% load render_table from django_tables2 %}

@@ -7,10 +7,23 @@

 {% block content %}

+    {% has_perm 'tezor.do_payment' user object as can_do_payment %}
+    {% has_perm 'tezor.view_invoice_group_rule' user object.group as can_view_invoice_group %}
+    {% has_perm 'tezor.display_purchased_items_rule' user object as can_view_purchased_items %}
+    {% has_perm 'tezor.display_billing_rule' user object as can_view_billing_information %}
+    {% has_perm 'tezor.print_invoice_rule' user object as can_print_invoice %}
+
    <h1>{% trans "Invoice" %} {{ object.transaction_id }} — {{ object.created.date }}</h1>
-    <a class="btn colour-primary waves-effect waves-light" href="{% url 'invoice_group_by_pk' object.group.pk %}">{% trans "Back" %}</a>
+
+    {% if can_view_invoice_group %}
+      <a class="btn colour-primary waves-effect waves-light" href="{% url 'invoice_group_by_pk' object.group.pk %}">{% trans "Back" %}</a>
+    {% endif %}
+    {% if can_print_invoice %}
+      <a class="btn colour-primary waves-effect waves-light" href="{% url 'print_invoice' object.token %}">{% trans "Print" %}</a>
+    {% endif %}

    <div class="row">
+    {% if can_view_billing_information %}
      <div class="col s12 m6">
        <div class="card">
          <div class="card-content">
@@ -43,6 +56,7 @@
          </div>
        </div>
      </div>
+    {% endif %}
      <div class="col s12 m6">
        <div class="card">
          <div class="card-content">
@@ -80,7 +94,7 @@
              </tr>
            </table>
          </div>
-          {% if object.status == "waiting" or object.status == "rejected" or object.status == "input" %}
+          {% if object.status == "waiting" or object.status == "rejected" or object.status == "input" and can_do_payment %}
          <div class="card-action">
            <a class="btn waves-effect waves-light green" href="{% url 'do_payment' object.token %}">
              <i class="material-icons left iconify" data-icon="mdi:cash-fast"></i>
@@ -92,7 +106,9 @@
      </div>
    </div>

-    {% render_table object.purchased_items_table %}
-    {% render_table object.totals_table %}
+    {% if can_view_purchased_items %}
+      {% render_table object.purchased_items_table %}
+      {% render_table object.totals_table %}
+    {% endif %}

 {% endblock %}