Implement EnsureUserOwnsOrderMixin to keep things DRY

shop/views.py

@@ -11,6 +11,8 @@ from django.views.generic import (
     DetailView,
     FormView,
 )
+from django.views.generic.detail import SingleObjectMixin
+
 from camps.models import Camp
 from shop.models import (
     Order,
@@ -21,6 +23,19 @@ from shop.models import (
 from .forms import AddToOrderForm
 import hashlib
 
+
+class EnsureUserOwnsOrderMixin(SingleObjectMixin):
+    model = Order
+
+    def dispatch(self, request, *args, **kwargs):
+        if self.get_object().user != request.user:
+            raise Http404("Order not found")
+
+        return super(EnsureUserOwnsOrderMixin, self).dispatch(
+            request, *args, **kwargs
+        )
+
+
 class ShopIndexView(ListView):
     model = Product
     template_name = "shop_index.html"
@@ -53,7 +68,7 @@ class OrderListView(LoginRequiredMixin, ListView):
         return context
 
 
-class OrderDetailView(LoginRequiredMixin, DetailView):
+class OrderDetailView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, DetailView):
     model = Order
     template_name = 'order_detail.html'
     context_object_name = 'order'
@@ -61,9 +76,6 @@ class OrderDetailView(LoginRequiredMixin, DetailView):
     def get(self, request, *args, **kwargs):
         order = self.get_object()
 
-        if order.user != request.user:
-            raise Http404("Order not found")
-
         if not order.products.count() > 0:
             return HttpResponseRedirect(reverse_lazy('shop:index'))
 
@@ -166,31 +178,30 @@ class ProductDetailView(LoginRequiredMixin, FormView, DetailView):
         return Order.objects.get(user=self.request.user, open__isnull=False).get_absolute_url()
 
 
-class CoinifyRedirectView(TemplateView):
+class CoinifyRedirectView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, DetailView):
+    model = Order
     template_name = 'coinify_redirect.html'
 
     def get(self, request, *args, **kwargs):
         # validate a few things
-        self.order = Order.objects.get(pk=kwargs.get('order_id'))
+        order = self.get_object()
-        if self.order.user != request.user:
-            raise Http404("Order not found")
 
-        if self.order.open is None:
+        if order.open is not None:
             messages.error(request, 'This order is still open!')
             return HttpResponseRedirect('shop:order_detail')
 
-        if self.order.paid:
+        if order.paid:
             messages.error(request, 'This order is already paid for!')
             return HttpResponseRedirect('shop:order_detail')
 
-        if not self.get_object().products:
+        if not order.products.count() > 0:
             messages.error(request, 'This order contains no products!')
             return HttpResponseRedirect('shop:order_detail')
 
-        return self.render_to_response(self.get_context_data())
+        return super(CoinifyRedirectView, self).get(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
-        order = Order.objects.get(pk=kwargs.get('order_id'))
+        order = self.get_object()
         context = super(CoinifyRedirectView, self).get_context_data(**kwargs)
         context['order'] = order
 
@@ -228,11 +239,12 @@ class CoinifyRedirectView(TemplateView):
         return context
 
 
-class EpayFormView(TemplateView):
+class EpayFormView(LoginRequiredMixin, EnsureUserOwnsOrderMixin, DetailView):
+    model = Order
     template_name = 'epay_form.html'
 
     def get_context_data(self, **kwargs):
-        order = Order.objects.get(pk=kwargs.get('pk'))
+        order = self.get_object()
         accept_url = 'https://' + self.request.get_host() + str(order.get_absolute_url())
         amount = order.total * 100
         order_id = str(order.pk)