From 66eb9461495cbf154a231af4cbe6018841490482 Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Tue, 15 Mar 2022 15:18:33 +0100
Subject: [PATCH] Finish implementation of changing payment method

---
 aleksis/apps/tezor/rules.py                         |  7 ++++++-
 .../apps/tezor/templates/tezor/invoice/full.html    |  2 +-
 aleksis/apps/tezor/views.py                         | 13 +++++++------
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/aleksis/apps/tezor/rules.py b/aleksis/apps/tezor/rules.py
index edc7ede..dd255e1 100644
--- a/aleksis/apps/tezor/rules.py
+++ b/aleksis/apps/tezor/rules.py
@@ -11,7 +11,12 @@ from aleksis.core.util.predicates import (
 
 from .models.base import Client
 from .models.invoice import InvoiceGroup
-from .predicates import has_no_payment_variant, has_payment_variant, is_in_payment_status, is_own_invoice
+from .predicates import (
+    has_no_payment_variant,
+    has_payment_variant,
+    is_in_payment_status,
+    is_own_invoice,
+)
 
 # View clients
 view_clients_predicate = has_person & (
diff --git a/aleksis/apps/tezor/templates/tezor/invoice/full.html b/aleksis/apps/tezor/templates/tezor/invoice/full.html
index 1c506f4..db740eb 100644
--- a/aleksis/apps/tezor/templates/tezor/invoice/full.html
+++ b/aleksis/apps/tezor/templates/tezor/invoice/full.html
@@ -75,7 +75,7 @@
                   <td>
                     <select name="variant" {% if not can_change_variant %}disabled{% endif %}>
                       {% for choice in object.get_variant_choices %}
-                        <option value="{{ choice.0 }}" {% if object.get_variant_name == choice.0 %}selected{% endif %}>{{ choice.1 }}</option>
+                        <option value="{{ choice.0 }}" {% if object.variant == choice.0 %}selected{% endif %}>{{ choice.1 }}</option>
                       {% endfor %}
                     </select>
                   </td>
diff --git a/aleksis/apps/tezor/views.py b/aleksis/apps/tezor/views.py
index 1870c2b..fc5cbb1 100644
--- a/aleksis/apps/tezor/views.py
+++ b/aleksis/apps/tezor/views.py
@@ -1,4 +1,5 @@
 from django.conf import settings
+from django.core.exceptions import PermissionDenied, SuspiciousOperation
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse_lazy
 from django.utils.decorators import method_decorator
@@ -45,14 +46,14 @@ class DoPaymentView(PermissionRequiredMixin, View):
 
         new_variant = request.GET.get("variant", None)
         if new_variant:
-            if xxx_has_perm("tezor.change_payment_variant", self.object):  # FIXME
-                if variant in settings.PAYMENT_VARIANTS:
-                    object.variant = variant
-                    object.save()
+            if request.user.has_perm("tezor.change_payment_variant", self.object):
+                if new_variant in settings.PAYMENT_VARIANTS:
+                    self.object.variant = new_variant
+                    self.object.save()
                 else:
-                    raise xxxbadrequest  # FIXME
+                    raise SuspiciousOperation()
             else:
-                raise permissiondenied  # FIXME
+                raise PermissionDenied()
 
         if self.object.status not in [
             PaymentStatus.WAITING,
-- 
GitLab