Fixes a bunch of variable errors, and adds user_passes_test

This commit is contained in:
Christopher Neugebauer 2016-04-25 17:33:16 +10:00
parent e540d6a815
commit a2fa1d6548

View file

@ -16,6 +16,7 @@ from collections import namedtuple
from django.conf import settings from django.conf import settings
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import user_passes_test
from django.contrib import messages from django.contrib import messages
from django.core.exceptions import ObjectDoesNotExist from django.core.exceptions import ObjectDoesNotExist
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
@ -630,7 +631,11 @@ def invoice(request, invoice_id, access_code=None):
return render(request, "registrasion/invoice.html", data) return render(request, "registrasion/invoice.html", data)
@login_required def _staff_only(user):
''' Returns true if the user is staff. '''
return user.is_staff
@user_passes_test(_staff_only)
def manual_payment(request, invoice_id): def manual_payment(request, invoice_id):
''' Allows staff to make manual payments or refunds on an invoice. ''' Allows staff to make manual payments or refunds on an invoice.
@ -650,16 +655,10 @@ def manual_payment(request, invoice_id):
# object. # object.
} }
Raises:
Http404: if the logged in user is not staff.
''' '''
FORM_PREFIX = "manual_payment" FORM_PREFIX = "manual_payment"
if not request.user.is_staff:
raise Http404()
current_invoice = InvoiceController.for_id_or_404(invoice_id) current_invoice = InvoiceController.for_id_or_404(invoice_id)
form = forms.ManualPaymentForm( form = forms.ManualPaymentForm(
@ -668,21 +667,21 @@ def manual_payment(request, invoice_id):
) )
if request.POST and form.is_valid(): if request.POST and form.is_valid():
form.instance.invoice = inv form.instance.invoice = current_invoice.invoice
form.instance.entered_by = request.user form.instance.entered_by = request.user
form.save() form.save()
current_invoice.update_status() current_invoice.update_status()
form = forms.ManualPaymentForm(prefix=FORM_PREFIX) form = forms.ManualPaymentForm(prefix=FORM_PREFIX)
data = { data = {
"invoice": inv, "invoice": current_invoice.invoice,
"form": form, "form": form,
} }
return render(request, "registrasion/manual_payment.html", data) return render(request, "registrasion/manual_payment.html", data)
@login_required @user_passes_test(_staff_only)
def refund(request, invoice_id): def refund(request, invoice_id):
''' Marks an invoice as refunded and requests a credit note for the ''' Marks an invoice as refunded and requests a credit note for the
full amount paid against the invoice. full amount paid against the invoice.
@ -696,14 +695,8 @@ def refund(request, invoice_id):
redirect: redirect:
Redirects to ``invoice``. Redirects to ``invoice``.
Raises:
Http404: if the logged in user is not staff.
''' '''
if not request.user.is_staff:
raise Http404()
current_invoice = InvoiceController.for_id_or_404(invoice_id) current_invoice = InvoiceController.for_id_or_404(invoice_id)
try: try:
@ -715,7 +708,7 @@ def refund(request, invoice_id):
return redirect("invoice", invoice_id) return redirect("invoice", invoice_id)
@login_required @user_passes_test(_staff_only)
def credit_note(request, note_id, access_code=None): def credit_note(request, note_id, access_code=None):
''' Displays a credit note. ''' Displays a credit note.
@ -741,19 +734,12 @@ def credit_note(request, note_id, access_code=None):
# refund of the credit note. # refund of the credit note.
} }
Raises:
Http404: If the logged in user is not staff.
''' '''
if not request.user.is_staff:
raise Http404()
current_note = CreditNoteController.for_id_or_404(note_id) current_note = CreditNoteController.for_id_or_404(note_id)
apply_form = forms.ApplyCreditNoteForm( apply_form = forms.ApplyCreditNoteForm(
note.invoice.user, current_note.credit_note.invoice.user,
request.POST or None, request.POST or None,
prefix="apply_note" prefix="apply_note"
) )
@ -775,7 +761,7 @@ def credit_note(request, note_id, access_code=None):
elif request.POST and refund_form.is_valid(): elif request.POST and refund_form.is_valid():
refund_form.instance.entered_by = request.user refund_form.instance.entered_by = request.user
refund_form.instance.parent = note refund_form.instance.parent = current_note.credit_note
refund_form.save() refund_form.save()
messages.success( messages.success(
request, request,