From d6938117c6b70e58f6c8f1533db3ca63072f4062 Mon Sep 17 00:00:00 2001
From: Martin Quarda <martin@quarda.cz>
Date: Tue, 6 Aug 2024 10:59:35 +0200
Subject: [PATCH] invoice button and security

---
 alkatorapi/admin.py                                 | 10 +++++++++-
 alkatorapi/models.py                                |  1 +
 alkatorapi/templates/invoice_custom_admin_page.html |  8 ++++++++
 alkatorapi/views.py                                 |  2 ++
 4 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 alkatorapi/templates/invoice_custom_admin_page.html

diff --git a/alkatorapi/admin.py b/alkatorapi/admin.py
index 41a4e09..d621ddb 100644
--- a/alkatorapi/admin.py
+++ b/alkatorapi/admin.py
@@ -1,5 +1,13 @@
 from django.contrib import admin
+from django.http import HttpResponseRedirect
 from .models import User
 
 
-admin.site.register(User)
+@admin.register(User)
+class UserAdmin(admin.ModelAdmin):
+    change_form_template = "invoice_custom_admin_page.html"
+
+    def response_change(self, request, obj):
+        if "_invoice" in request.POST:
+            return HttpResponseRedirect(f"/api/invoice?invoice_id={obj.invoice_id}")
+        return super().response_change(request, obj)
\ No newline at end of file
diff --git a/alkatorapi/models.py b/alkatorapi/models.py
index 603a8ca..ad27b25 100644
--- a/alkatorapi/models.py
+++ b/alkatorapi/models.py
@@ -1,4 +1,5 @@
 from django.db import models
+from django.contrib import admin
 
 ALKATOR_CHOICES = (
     (1, "Alkátor"),
diff --git a/alkatorapi/templates/invoice_custom_admin_page.html b/alkatorapi/templates/invoice_custom_admin_page.html
new file mode 100644
index 0000000..dd36454
--- /dev/null
+++ b/alkatorapi/templates/invoice_custom_admin_page.html
@@ -0,0 +1,8 @@
+{% extends 'admin/change_form.html' %}
+
+{% block submit_buttons_bottom %}
+    {{ block.super }}
+    <div class="submit-row">
+            <input type="submit" value="Generate Invoice" name="_invoice">
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/alkatorapi/views.py b/alkatorapi/views.py
index 72fc9ff..905fa52 100644
--- a/alkatorapi/views.py
+++ b/alkatorapi/views.py
@@ -2,6 +2,7 @@ from django.shortcuts import render
 from django.http import HttpResponse
 from django.template.response import TemplateResponse
 from django.views.decorators.csrf import csrf_exempt
+from django.contrib.admin.views.decorators import staff_member_required
 from datetime import date, datetime
 from urllib.parse import parse_qs
 import requests
@@ -153,5 +154,6 @@ def photos(request):
     return HttpResponse(json.dumps(rtn), content_type='application/json')
 
 
+@staff_member_required
 def invoice(request):
     return TemplateResponse(request, 'invoice.html', {'user': User.objects.get(invoice_id=request.GET['invoice_id'])})