From d78504332f08802a1ff272d7ff8b0f292990c898 Mon Sep 17 00:00:00 2001 From: CosmicCoder96 Date: Sat, 22 Jun 2019 15:04:07 +0530 Subject: [PATCH 1/3] Introduce can_download_tickets property in user model --- app/models/user.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/models/user.py b/app/models/user.py index 57c9701e3d..e605438c75 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -360,6 +360,12 @@ def first_access_panel(self): return False return perm.panel_name + def can_download_tickets(self, order): + permissible_users = [holder.id for holder in order.ticket_holders] + [order.user.id] + if self.is_staff or self.is_organizer(order.event.id) or self.id in permissible_users: + return True + return False + def can_access_panel(self, panel_name): """ Check if user can access an Admin Panel From 99d7f279aa270cc15727191699281eb281809a72 Mon Sep 17 00:00:00 2001 From: CosmicCoder96 Date: Sat, 22 Jun 2019 15:04:56 +0530 Subject: [PATCH 2/3] Specify separate storage path for all ticket pdf --- app/api/helpers/storage.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/api/helpers/storage.py b/app/api/helpers/storage.py index c935bd963d..efb4eb65f8 100644 --- a/app/api/helpers/storage.py +++ b/app/api/helpers/storage.py @@ -80,7 +80,8 @@ }, 'pdf': { 'ticket_attendee': 'attendees/tickets/pdf/{identifier}', - 'order': 'orders/invoices/pdf/{identifier}' + 'order': 'orders/invoices/pdf/{identifier}', + 'tickets_all': 'orders/tickets/pdf/{identifier}' } } From f6287968da50d28bc7bc6d4cb579caefe3c9f1a8 Mon Sep 17 00:00:00 2001 From: CosmicCoder96 Date: Sat, 22 Jun 2019 15:05:54 +0530 Subject: [PATCH 3/3] fix: make it possible to download all attendee tickets --- app/api/auth.py | 6 ++---- app/api/helpers/order.py | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/app/api/auth.py b/app/api/auth.py index 1f0dbce601..ac400d98c4 100644 --- a/app/api/auth.py +++ b/app/api/auth.py @@ -304,12 +304,10 @@ def ticket_attendee_authorized(order_identifier): if current_user: try: order = Order.query.filter_by(identifier=order_identifier).first() - user_id = order.user.id - event_id = order.event.id except NoResultFound: return NotFoundError({'source': ''}, 'This ticket is not associated with any order').respond() - if current_user.id == user_id or current_user.is_organizer(event_id): - key = UPLOAD_PATHS['pdf']['ticket_attendee'].format(identifier=order_identifier) + if current_user.can_download_tickets(order): + key = UPLOAD_PATHS['pdf']['tickets_all'].format(identifier=order_identifier) file_path = '../generated/tickets/{}/{}/'.format(key, generate_hash(key)) + order_identifier + '.pdf' try: return return_tickets(file_path, order_identifier) diff --git a/app/api/helpers/order.py b/app/api/helpers/order.py index d3c854013c..1f73da3035 100644 --- a/app/api/helpers/order.py +++ b/app/api/helpers/order.py @@ -53,7 +53,7 @@ def create_pdf_tickets_for_holder(order): """ if order.status == 'completed' or order.status == 'placed': pdf = create_save_pdf(render_template('pdf/ticket_purchaser.html', order=order), - UPLOAD_PATHS['pdf']['ticket_attendee'], + UPLOAD_PATHS['pdf']['tickets_all'], dir_path='/static/uploads/pdf/tickets/', identifier=order.identifier, upload_dir='generated/tickets/') order.tickets_pdf_url = pdf