remove B2B IPC

pennlabs · Apr 24, 2024 · 4bde09e · 4bde09e
1 parent 7cdb450
commit 4bde09e
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 62 deletions.
diff --git a/backend/clubs/models.py b/backend/clubs/models.py
@@ -1876,7 +1876,11 @@ def get_qr(self):
 
         signer = Signer()
         token = signer.sign_object({"owner": self.owner.id, "ticket_id": str(self.id)})
-        qr_image = qrcode.make(token, box_size=20, border=0)
+        qr_image = qrcode.make(
+            f"https://{settings.DOMAINS[0]}/api/tickets/validate/{token}/",
+            box_size=20,
+            border=0,
+        )
         return qr_image
 
     def send_confirmation_email(self):

diff --git a/backend/clubs/views.py b/backend/clubs/views.py
@@ -67,7 +67,6 @@
 from ics import Calendar as ICSCal
 from ics import Event as ICSEvent
 from ics.grammar import parse as ICSParse
-from identity.permissions import B2BPermission
 from jinja2 import Template
 from options.models import Option
 from rest_framework import filters, generics, parsers, serializers, status, viewsets
@@ -5163,41 +5162,22 @@ def qr(self, request, *args, **kwargs):
         qr_image.save(response, "PNG")
         return response
 
-    @action(detail=False, methods=["post"])
+    @action(detail=False, methods=["get"], url_path="validate/(?P<token>[^/.]+)")
     def validate(self, request, *args, **kwargs):
         """
-        Validate a ticket's QR code and mark attendance. Only accessible via B2B IPC.
+        Validate a ticket's QR code and mark attendance.
         ---
-        requestBody:
-            content:
-                application/json:
-                    schema:
-                        type: object
-                        properties:
-                            username:
-                                type: string
-                            token:
-                                type: string
-                        required:
-                            - username
-                            - token
         responses:
             "200":
                 content:
                     application/json:
                         schema:
-                           type: object
-                           properties:
-                                detail:
-                                    type: string
-            "204":
-                content:
-                    application/json:
-                        schema:
-                           type: object
-                           properties:
-                                detail:
-                                    type: string
+                            type: object
+                            properties:
+                                ticket:
+                                    $ref: '#/components/schemas/Ticket'
+                                previously_scanned:
+                                    type: boolean
             "400":
                 content:
                     application/json:
@@ -5216,19 +5196,7 @@ def validate(self, request, *args, **kwargs):
                                     type: string
         ---
         """
-        user = (
-            get_user_model()
-            .objects.filter(username=request.data.get("username"))
-            .first()
-        )
-        token = request.data.get("token")
-
-        if not user or not token:
-            return Response(
-                {"detail": "Must provide username and token to validate QR code"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
+        token = kwargs.get("token")
         signer = Signer()
         try:
             obj = signer.unsign_object(token)
@@ -5248,14 +5216,15 @@ def validate(self, request, *args, **kwargs):
                 {"detail": "Ticket not found"}, status=status.HTTP_400_BAD_REQUEST
             )
 
+        is_owner = request.user == ticket.owner
         is_officer = Membership.objects.filter(
-            person=user,
+            person=request.user,
             club=ticket.event.club,
             role__lte=Membership.ROLE_OFFICER,
             active=True,
         ).exists()
 
-        if not is_officer:
+        if not (is_owner or is_officer):
             return Response(
                 {"detail": "You do not have permission to scan this ticket!"},
                 status=status.HTTP_403_FORBIDDEN,
@@ -5266,28 +5235,22 @@ def validate(self, request, *args, **kwargs):
                 {"detail": "Stale token"}, status=status.HTTP_400_BAD_REQUEST
             )
 
-        if ticket.attended:
-            return Response(
-                {"detail": "Ticket has already been scanned"},
-                status=status.HTTP_204_NO_CONTENT,
-            )
-
-        ticket.attended = True
-        ticket.transferable = False
-        ticket.save()
+        previously_scanned = ticket.attended
+        if not previously_scanned and is_officer:
+            ticket.attended = True
+            ticket.transferable = False
+            ticket.save()
 
-        return Response({"detail": "Successfully validated QR code"})
+        return Response(
+            {
+                "ticket": TicketSerializer(ticket).data,
+                "previously_scanned": previously_scanned,
+            }
+        )
 
     def get_queryset(self):
         return Ticket.objects.filter(owner=self.request.user.id)
 
-    def get_permissions(self):
-        if self.action == "validate":
-            self.permission_classes = [
-                B2BPermission("urn:pennlabs:*")
-            ]  # TODO: change this to mobile slug
-        return super().get_permissions()
-
 
 class MemberInviteViewSet(viewsets.ModelViewSet):
     """

diff --git a/backend/pennclubs/settings/base.py b/backend/pennclubs/settings/base.py
@@ -48,7 +48,6 @@
     "rest_framework",
     "simple_history",
     "accounts.apps.AccountsConfig",
-    "identity.apps.IdentityConfig",
     "clubs.apps.ClubsConfig",
     "options.apps.OptionsConfig",
     "social_django",