Skip to content

feat: restricts unverified user for buying free tickets #6140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Jul 12, 2019
Merged

feat: restricts unverified user for buying free tickets #6140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
63bf2bb
Restrict unverified user from making free orders.
prateekj117 Jul 6, 2019
84cc9f8
Check ticket-type rather than payment-mode
prateekj117 Jul 6, 2019
5319edb
No need to revert the old PR
prateekj117 Jul 6, 2019
32f1da4
Merge branch 'development' into free-orders
prateekj117 Jul 6, 2019
291e4cf
Merge branch 'development' into free-orders
prateekj117 Jul 7, 2019
0ea878e
Merge branch 'development' into free-orders
prateekj117 Jul 8, 2019
fbe3f8a
Merge branch 'development' into free-orders
prateekj117 Jul 8, 2019
52ad5b1
Merge branch 'development' into free-orders
prateekj117 Jul 9, 2019
f7ccd67
Merge branch 'development' into free-orders
prateekj117 Jul 10, 2019
fccecc6
Check if order contains all free tickets.
prateekj117 Jul 11, 2019
477d2b1
Merge branch 'development' into free-orders
prateekj117 Jul 11, 2019
408dc7a
Merge branch 'development' into free-orders
prateekj117 Jul 12, 2019
a809c04
Required changes
prateekj117 Jul 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions app/api/attendees.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
from datetime import datetime

from flask import Blueprint, request, jsonify, abort, make_response
from flask_jwt import current_identity, jwt_required
from flask_jwt import current_identity
from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
from flask_rest_jsonapi.exceptions import ObjectNotFound
from sqlalchemy.orm.exc import NoResultFound
Expand Down Expand Up @@ -174,7 +174,7 @@ def before_update_object(self, obj, data, kwargs):
user = safe_query(self, User, 'id', current_identity.id, 'user_id')
ticket = db.session.query(Ticket).filter_by(
id=int(data['ticket']), deleted_at=None
).first()
).first()
if ticket is None:
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'}, "Invalid Ticket"
Expand Down
23 changes: 17 additions & 6 deletions app/api/orders.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
from datetime import datetime
from flask import request, jsonify, Blueprint, url_for, redirect
import omise
import logging
from datetime import datetime

import omise
from flask import request, jsonify, Blueprint, url_for, redirect
from flask_jwt import current_identity as current_user
from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
from marshmallow_jsonapi import fields
Expand All @@ -12,7 +12,6 @@
from app.api.bootstrap import api
from app.api.data_layers.ChargesLayer import ChargesLayer
from app.api.helpers.db import save_to_db, safe_query, safe_query_without_soft_deleted_entries
from app.api.helpers.storage import generate_hash, UPLOAD_PATHS
from app.api.helpers.errors import BadRequestError
from app.api.helpers.exceptions import ForbiddenException, UnprocessableEntity, ConflictException
from app.api.helpers.files import make_frontend_url
Expand All @@ -22,10 +21,12 @@
send_notif_ticket_cancel
from app.api.helpers.order import delete_related_attendees_for_order, set_expiry_for_order, \
create_pdf_tickets_for_holder, create_onsite_attendees_for_order
from app.api.helpers.payment import AliPayPaymentsManager, OmisePaymentsManager
from app.api.helpers.payment import PayPalPaymentsManager
from app.api.helpers.permission_manager import has_access
from app.api.helpers.permissions import jwt_required
from app.api.helpers.query import event_query
from app.api.helpers.storage import generate_hash, UPLOAD_PATHS
from app.api.helpers.ticketing import TicketingManager
from app.api.helpers.utilities import dasherize, require_relationship
from app.api.schema.orders import OrderSchema
Expand All @@ -34,8 +35,6 @@
from app.models.order import Order, OrderTicket, get_updatable_fields
from app.models.ticket_holder import TicketHolder
from app.models.user import User
from app.api.helpers.payment import AliPayPaymentsManager, OmisePaymentsManager


order_misc_routes = Blueprint('order_misc', __name__, url_prefix='/v1')
alipay_blueprint = Blueprint('alipay_blueprint', __name__, url_prefix='/v1/alipay')
Expand Down Expand Up @@ -74,6 +73,9 @@ def before_create_object(self, data, view_kwargs):
:param view_kwargs:
:return:
"""

free_ticket_quantity = 0
Copy link
Member

@iamareebjamal iamareebjamal Jul 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this variable declared so far from its use?


for ticket_holder in data['ticket_holders']:
# Ensuring that the attendee exists and doesn't have an associated order.
try:
Expand All @@ -86,6 +88,15 @@ def before_create_object(self, data, view_kwargs):
raise ConflictException({'pointer': '/data/relationships/attendees'},
"Attendee with id {} does not exists".format(str(ticket_holder)))

if ticket_holder_object.ticket.type == 'free':
free_ticket_quantity += 1

if not current_user.is_verified and free_ticket_quantity == len(data['ticket_holders']):
raise UnprocessableEntity(
{'pointer': '/data/relationships/order'},
"Unverified user cannot place free orders"
)

if data.get('cancel_note'):
del data['cancel_note']

Expand Down