From a69eee9b2a34b47b31a269b4563094ad2641800a Mon Sep 17 00:00:00 2001 From: mrsaicharan1 Date: Fri, 5 Jul 2019 16:31:04 +0530 Subject: [PATCH] Serving event invoice over route --- app/api/auth.py | 47 ++++++++++++++++++++++++++++++++++++-- app/api/helpers/storage.py | 3 ++- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/app/api/auth.py b/app/api/auth.py index 4a6a577d90..8b44e25207 100644 --- a/app/api/auth.py +++ b/app/api/auth.py @@ -30,6 +30,7 @@ USER_REGISTER_WITH_PASSWORD, PASSWORD_RESET_AND_VERIFY from app.models.notification import PASSWORD_CHANGE as PASSWORD_CHANGE_NOTIF from app.models.user import User +from app.models.event_invoice import EventInvoice from app.api.helpers.storage import UPLOAD_PATHS from app.api.helpers.auth import AuthManager @@ -295,9 +296,9 @@ def change_password(): }) -def return_file(file_name_prefix, file_path, order_identifier): +def return_file(file_name_prefix, file_path, identifier): response = make_response(send_file(file_path)) - response.headers['Content-Disposition'] = 'attachment; filename=%s-%s.pdf' % (file_name_prefix, order_identifier) + response.headers['Content-Disposition'] = 'attachment; filename=%s-%s.pdf' % (file_name_prefix, identifier) return response @@ -345,6 +346,48 @@ def order_invoices(order_identifier): return ForbiddenError({'source': ''}, 'Authentication Required to access Invoice').respond() +@ticket_blueprint.route('/orders/invoices/') +@jwt_required() +def event_invoices(order_identifier): + if current_user: + try: + order = Order.query.filter_by(identifier=order_identifier).first() + except NoResultFound: + return NotFoundError({'source': ''}, 'Order Invoice not found').respond() + if current_user.can_download_tickets(order): + key = UPLOAD_PATHS['pdf']['order'].format(identifier=order_identifier) + file_path = '../generated/invoices/{}/{}/'.format(key, generate_hash(key)) + order_identifier + '.pdf' + try: + return return_file('invoice', file_path, order_identifier) + except FileNotFoundError: + create_pdf_tickets_for_holder(order) + return return_file('invoice', file_path, order_identifier) + else: + return ForbiddenError({'source': ''}, 'Unauthorized Access').respond() + else: + return ForbiddenError({'source': ''}, 'Authentication Required to access Invoice').respond() + + +@ticket_blueprint.route('/events/invoices/') +@jwt_required() +def event_invoices(invoice_identifier): + if current_user: + try: + event_invoice = EventInvoice.query.filter_by(identifier=invoice_identifier).first() + event_id = event_invoice.event_id + except NoResultFound: + return NotFoundError({'source': ''}, 'Event Invoice not found').respond() + if current_user.is_organizer(event_id) or current_user.is_staff: + key = UPLOAD_PATHS['pdf']['event_invoices'].format(identifier=invoice_identifier) + file_path = '../generated/invoices/{}/{}/'.format(key, generate_hash(key)) + invoice_identifier + '.pdf' + return return_file('invoice', file_path, invoice_identifier) + else: + return ForbiddenError({'source': ''}, 'Unauthorized Access').respond() + else: + return ForbiddenError({'source': ''}, 'Authentication Required to access Invoice').respond() + + + # Access for Environment details & Basic Auth Support def requires_basic_auth(f): @wraps(f) diff --git a/app/api/helpers/storage.py b/app/api/helpers/storage.py index efb4eb65f8..3f0e9e02b5 100644 --- a/app/api/helpers/storage.py +++ b/app/api/helpers/storage.py @@ -81,7 +81,8 @@ 'pdf': { 'ticket_attendee': 'attendees/tickets/pdf/{identifier}', 'order': 'orders/invoices/pdf/{identifier}', - 'tickets_all': 'orders/tickets/pdf/{identifier}' + 'tickets_all': 'orders/tickets/pdf/{identifier}', + 'event_invoice': 'events/organizer/invoices/pdf/{identifier}' } }