From 62f81689dc4be13610fbb6942a302da8aeaeca78 Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Fri, 11 Mar 2022 23:12:29 +0100
Subject: [PATCH] Add token instead of pk
---
aleksis/apps/tezor/models/invoice.py | 4 ++--
aleksis/apps/tezor/rules.py | 5 ++++-
aleksis/apps/tezor/tables.py | 6 +++---
aleksis/apps/tezor/urls.py | 6 +++---
aleksis/apps/tezor/views.py | 3 ++-
5 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/aleksis/apps/tezor/models/invoice.py b/aleksis/apps/tezor/models/invoice.py
index b7c1eb5..84b4413 100644
--- a/aleksis/apps/tezor/models/invoice.py
+++ b/aleksis/apps/tezor/models/invoice.py
@@ -88,7 +88,7 @@ class Invoice(BasePayment, PureDjangoModel):
return TotalsTable(values)
def get_success_url(self):
- return reverse("invoice_by_pk", kwargs={"pk": self.pk})
+ return reverse("invoice_by_token", kwargs={"token": self.token})
def get_failure_url(self):
- return reverse("invoice_by_pk", kwargs={"pk": self.pk})
+ return reverse("invoice_by_token", kwargs={"token": self.token})
diff --git a/aleksis/apps/tezor/rules.py b/aleksis/apps/tezor/rules.py
index b82cc5b..12a27e3 100644
--- a/aleksis/apps/tezor/rules.py
+++ b/aleksis/apps/tezor/rules.py
@@ -84,5 +84,8 @@ do_payment_predicate = has_person & (is_in_payment_status(PaymentStatus.WAITING)
rules.add_perm("tezor.do_payment", do_payment_predicate)
# View invoice
-view_invoice_predicate = is_own_invoice | is_site_preference_set("payments", "public_payments") | has_global_perm("tezor.view_invoice") | has_object_perm("tezor.view_invoice")
+view_invoice_predicate = has_person & is_own_invoice | is_site_preference_set("payments", "public_payments") | has_global_perm("tezor.view_invoice") | has_object_perm("tezor.view_invoice")
rules.add_perm("tezor.view_invoice_rule", view_invoice_predicate)
+
+print_invoice_predicate = (view_invoice_predicate & display_billing_predicate & display_purchased_items_predicate)
+rules.add_perm("tezor.print_invoice_rule", print_invoice_predicate)
diff --git a/aleksis/apps/tezor/tables.py b/aleksis/apps/tezor/tables.py
index 1139c5e..32e2e3f 100644
--- a/aleksis/apps/tezor/tables.py
+++ b/aleksis/apps/tezor/tables.py
@@ -92,14 +92,14 @@ class InvoicesTable(tables.Table):
billing_last_name = tables.Column()
total = tables.Column()
view = tables.LinkColumn(
- "invoice_by_pk",
- args=[A("id")],
+ "invoice_by_token",
+ args=[A("token")],
verbose_name=_("View"),
text=_("View"),
)
print = tables.LinkColumn(
"print_invoice",
- args=[A("id")],
+ args=[A("token")],
verbose_name=_("Print"),
text=_("Print"),
)
diff --git a/aleksis/apps/tezor/urls.py b/aleksis/apps/tezor/urls.py
index 5485688..73273fc 100644
--- a/aleksis/apps/tezor/urls.py
+++ b/aleksis/apps/tezor/urls.py
@@ -4,7 +4,7 @@ from . import views
urlpatterns = [
path("payments/", include("payments.urls")),
- path("invoice/<int:pk>/print/", views.GetInvoicePDF.as_view(), name="print_invoice"),
+ path("invoice/<str:token>/print/", views.GetInvoicePDF.as_view(), name="print_invoice"),
path("invoice/<str:token>/pay", views.do_payment, name="do_payment"),
path(
"clients/",
@@ -52,8 +52,8 @@ urlpatterns = [
name="delete_invoice_group_by_pk",
),
path(
- "invoice/<int:pk>/",
+ "invoice/<str:slug>/",
views.InvoiceDetailView.as_view(),
- name="invoice_by_pk",
+ name="invoice_by_token",
),
]
diff --git a/aleksis/apps/tezor/views.py b/aleksis/apps/tezor/views.py
index 27df0e2..9517888 100644
--- a/aleksis/apps/tezor/views.py
+++ b/aleksis/apps/tezor/views.py
@@ -25,7 +25,7 @@ class GetInvoicePDF(PermissionRequiredMixin, RenderPDFView):
def get_context_data(self, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
- invoice = Invoice.objects.get(id=self.kwargs["pk"])
+ invoice = Invoice.objects.get(token=self.kwargs["token"])
self.template_name = invoice.group.template_name
context["invoice"] = invoice
@@ -171,5 +171,6 @@ class InvoiceGroupDeleteView(PermissionRequiredMixin, AdvancedDeleteView):
class InvoiceDetailView(PermissionRequiredMixin, DetailView):
model = Invoice
+ slug_field = "token"
permission_required = "tezor.view_invoice_rule"
template_name = "tezor/invoice/full.html"
--
GitLab