From 2261b02565759ddde5372ea7f811c94c7f28776d Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Fri, 11 Mar 2022 23:06:04 +0100
Subject: [PATCH] Check permissions in UI
---
.../tezor/templates/tezor/invoice/full.html | 26 +++++++++++++++----
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/aleksis/apps/tezor/templates/tezor/invoice/full.html b/aleksis/apps/tezor/templates/tezor/invoice/full.html
index ab305d2..955d195 100644
--- a/aleksis/apps/tezor/templates/tezor/invoice/full.html
+++ b/aleksis/apps/tezor/templates/tezor/invoice/full.html
@@ -1,5 +1,5 @@
{% extends "core/base.html" %}
-{% load material_form i18n %}
+{% load material_form i18n rules %}
{% load render_table from django_tables2 %}
@@ -7,10 +7,23 @@
{% block content %}
+ {% has_perm 'tezor.do_payment' user object as can_do_payment %}
+ {% has_perm 'tezor.view_invoice_group_rule' user object.group as can_view_invoice_group %}
+ {% has_perm 'tezor.display_purchased_items_rule' user object as can_view_purchased_items %}
+ {% has_perm 'tezor.display_billing_rule' user object as can_view_billing_information %}
+ {% has_perm 'tezor.print_invoice_rule' user object as can_print_invoice %}
+
<h1>{% trans "Invoice" %} {{ object.transaction_id }} — {{ object.created.date }}</h1>
- <a class="btn colour-primary waves-effect waves-light" href="{% url 'invoice_group_by_pk' object.group.pk %}">{% trans "Back" %}</a>
+
+ {% if can_view_invoice_group %}
+ <a class="btn colour-primary waves-effect waves-light" href="{% url 'invoice_group_by_pk' object.group.pk %}">{% trans "Back" %}</a>
+ {% endif %}
+ {% if can_print_invoice %}
+ <a class="btn colour-primary waves-effect waves-light" href="{% url 'print_invoice' object.token %}">{% trans "Print" %}</a>
+ {% endif %}
<div class="row">
+ {% if can_view_billing_information %}
<div class="col s12 m6">
<div class="card">
<div class="card-content">
@@ -43,6 +56,7 @@
</div>
</div>
</div>
+ {% endif %}
<div class="col s12 m6">
<div class="card">
<div class="card-content">
@@ -80,7 +94,7 @@
</tr>
</table>
</div>
- {% if object.status == "waiting" or object.status == "rejected" or object.status == "input" %}
+ {% if object.status == "waiting" or object.status == "rejected" or object.status == "input" and can_do_payment %}
<div class="card-action">
<a class="btn waves-effect waves-light green" href="{% url 'do_payment' object.token %}">
<i class="material-icons left iconify" data-icon="mdi:cash-fast"></i>
@@ -92,7 +106,9 @@
</div>
</div>
- {% render_table object.purchased_items_table %}
- {% render_table object.totals_table %}
+ {% if can_view_purchased_items %}
+ {% render_table object.purchased_items_table %}
+ {% render_table object.totals_table %}
+ {% endif %}
{% endblock %}
--
GitLab