From 7b1710a3bdcbb21213f7b505b94806b1d55bfdfb Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Sat, 13 Apr 2024 23:18:15 +0200
Subject: [PATCH] Only show mark as paid button if allowed

---
 aleksis/apps/tezor/templates/tezor/invoice/full.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/aleksis/apps/tezor/templates/tezor/invoice/full.html b/aleksis/apps/tezor/templates/tezor/invoice/full.html
index 16cc9ad..31be9f5 100644
--- a/aleksis/apps/tezor/templates/tezor/invoice/full.html
+++ b/aleksis/apps/tezor/templates/tezor/invoice/full.html
@@ -14,6 +14,7 @@
     {% has_perm 'tezor.print_invoice_rule' user object as can_print_invoice %}
     {% has_perm 'tezor.send_invoice_email_rule' user object as can_send_invoice_email %}
     {% has_perm 'tezor.change_payment_variant' user object as can_change_variant %}
+    {% has_perm 'tezor.mark_paid_rule' user object as can_mark_as_paid %}
 
     <h1>{% trans "Invoice" %} {{ object.number }} — {{ object.created.date }}</h1>
 
@@ -106,7 +107,7 @@
               </button>
             </div>
             {% endif %}
-            {% if object.status == "preauth" %}
+            {% if object.status == "preauth" and can_mark_as_paid %}
             <div class="card-action">
               <a class="btn waves-effect waves-light green" href="{% url 'mark_invoice_paid_by_token' object.token %}">
                 <i class="material-icons left iconify" data-icon="mdi:check-all"></i>
-- 
GitLab