From 17ad411c6fe2d08f3bfcbc6fce9a5b6685d8388a Mon Sep 17 00:00:00 2001
From: mrsaicharan1 <saicharan.reddy1@gmail.com>
Date: Mon, 10 Jun 2019 15:08:30 -0500
Subject: [PATCH] Implemented organizer access

created helper function for org check

moved function to models

replaced own function with predefined
---
 app/api/auth.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/api/auth.py b/app/api/auth.py
index e8083e08de..873734e581 100644
--- a/app/api/auth.py
+++ b/app/api/auth.py
@@ -289,6 +289,7 @@ def return_tickets(file_path, order_identifier):
     response.headers['Content-Disposition'] = 'attachment; filename=ticket-%s.pdf' % order_identifier
     return response
 
+
 @ticket_blueprint.route('/tickets/<string:order_identifier>')
 @jwt_required()
 def ticket_attendee_authorized(order_identifier):
@@ -296,9 +297,10 @@ def ticket_attendee_authorized(order_identifier):
         try:
             order = Order.query.filter_by(identifier=order_identifier).first()
             user_id = order.user.id
+            event_id = order.event.id
         except NoResultFound:
             return NotFoundError({'source': ''}, 'This ticket is not associated with any order').respond()
-        if current_user.id == user_id:
+        if current_user.id == user_id or current_user.is_organizer(event_id):
             key = UPLOAD_PATHS['pdf']['ticket_attendee'].format(identifier=order_identifier)
             file_path = '../generated/tickets/{}/{}/'.format(key, generate_hash(key)) + order_identifier + '.pdf'
             try: