fix: Ticket downloads for multi-attendee orders (#6095)

abhinavk96 · iamareebjamal · commit 5822b1a928e4 · 2019-06-22T19:18:54.000+05:30
* Introduce can_download_tickets property in user model

* Specify separate storage path for all ticket pdf

* fix: make it possible to download all attendee tickets
diff --git a/app/api/auth.py b/app/api/auth.py
@@ -304,12 +304,10 @@ def ticket_attendee_authorized(order_identifier):
     if current_user:
         try:
             order = Order.query.filter_by(identifier=order_identifier).first()
-            user_id = order.user.id
-            event_id = order.event.id
         except NoResultFound:
             return NotFoundError({'source': ''}, 'This ticket is not associated with any order').respond()
-        if current_user.id == user_id or current_user.is_organizer(event_id):
-            key = UPLOAD_PATHS['pdf']['ticket_attendee'].format(identifier=order_identifier)
+        if current_user.can_download_tickets(order):
+            key = UPLOAD_PATHS['pdf']['tickets_all'].format(identifier=order_identifier)
             file_path = '../generated/tickets/{}/{}/'.format(key, generate_hash(key)) + order_identifier + '.pdf'
             try:
                 return return_tickets(file_path, order_identifier)
diff --git a/app/api/helpers/order.py b/app/api/helpers/order.py
@@ -53,7 +53,7 @@ def create_pdf_tickets_for_holder(order):
     """
     if order.status == 'completed' or order.status == 'placed':
         pdf = create_save_pdf(render_template('pdf/ticket_purchaser.html', order=order),
-                              UPLOAD_PATHS['pdf']['ticket_attendee'],
+                              UPLOAD_PATHS['pdf']['tickets_all'],
                               dir_path='/static/uploads/pdf/tickets/', identifier=order.identifier, upload_dir='generated/tickets/')
 
         order.tickets_pdf_url = pdf
diff --git a/app/api/helpers/storage.py b/app/api/helpers/storage.py
@@ -80,7 +80,8 @@
     },
     'pdf': {
         'ticket_attendee': 'attendees/tickets/pdf/{identifier}',
-        'order': 'orders/invoices/pdf/{identifier}'
+        'order': 'orders/invoices/pdf/{identifier}',
+        'tickets_all': 'orders/tickets/pdf/{identifier}'
     }
 }
 
diff --git a/app/models/user.py b/app/models/user.py
@@ -360,6 +360,12 @@ def first_access_panel(self):
             return False
         return perm.panel_name
 
+    def can_download_tickets(self, order):
+        permissible_users = [holder.id for holder in order.ticket_holders] + [order.user.id]
+        if self.is_staff or self.is_organizer(order.event.id) or self.id in permissible_users:
+            return True
+        return False
+
     def can_access_panel(self, panel_name):
         """
         Check if user can access an Admin Panel

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,8 @@`
`80`	`80`	`},`
`81`	`81`	`'pdf': {`
`82`	`82`	`'ticket_attendee': 'attendees/tickets/pdf/{identifier}',`
`83`		`- 'order': 'orders/invoices/pdf/{identifier}'`
	`83`	`+ 'order': 'orders/invoices/pdf/{identifier}',`
	`84`	`+ 'tickets_all': 'orders/tickets/pdf/{identifier}'`
`84`	`85`	`}`
`85`	`86`	`}`
`86`	`87`