Adds payment access codes.

This commit is contained in:
Christopher Neugebauer 2016-04-08 13:15:24 +10:00
parent 3dab78ab25
commit ea1d6f52e6
3 changed files with 49 additions and 6 deletions

View file

@ -126,6 +126,23 @@ class InvoiceController(object):
return invoice
def can_view(self, user=None, access_code=None):
''' Returns true if the accessing user is allowed to view this invoice,
or if the given access code matches this invoice's user's access code.
'''
if user == self.invoice.user:
return True
if user.is_staff:
return True
if self.invoice.user.attendee.access_code == access_code:
return True
return False
def _refresh(self):
''' Refreshes the underlying invoice and cart objects. '''
self.invoice.refresh_from_db()

View file

@ -7,8 +7,11 @@ urlpatterns = patterns(
url(r"^category/([0-9]+)$", "product_category", name="product_category"),
url(r"^checkout$", "checkout", name="checkout"),
url(r"^invoice/([0-9]+)$", "invoice", name="invoice"),
url(r"^invoice/([0-9]+)/([A-Z0-9]+)$", views.invoice, name="invoice"),
url(r"^invoice/([0-9]+)/manual_payment$",
views.manual_payment, name="manual_payment"),
url(r"^invoice_access/([A-Z0-9]+)$", views.invoice_access,
name="invoice_access"),
url(r"^profile$", "edit_profile", name="attendee_edit"),
url(r"^register$", "guided_registration", name="guided_registration"),
url(r"^register/([0-9]+)$", "guided_registration",

View file

@ -424,18 +424,41 @@ def checkout_errors(request, errors):
return render(request, "registrasion/checkout_errors.html", data)
@login_required
def invoice(request, invoice_id):
''' Displays an invoice for a given invoice id. '''
def invoice_access(request, access_code):
''' Redirects to the first unpaid invoice for the attendee that matches
the given access code, if any. '''
invoices = rego.Invoice.objects.filter(
user__attendee__access_code=access_code,
status=rego.Invoice.STATUS_UNPAID,
).order_by("issue_time")
if not invoices:
raise Http404()
invoice = invoices[0]
return redirect("invoice", invoice.id, access_code)
def invoice(request, invoice_id, access_code=None):
''' Displays an invoice for a given invoice id.
This view is not authenticated, but it will only allow access to either:
the user the invoice belongs to; staff; or a request made with the correct
access code.
'''
invoice_id = int(invoice_id)
inv = rego.Invoice.objects.get(pk=invoice_id)
if request.user != inv.cart.user and not request.user.is_staff:
raise Http404()
current_invoice = InvoiceController(inv)
if not current_invoice.can_view(
user=request.user,
access_code=access_code,
):
raise Http404()
data = {
"invoice": current_invoice.invoice,
}