Bug fixed when creating receipt and deleting the receipts

backend/api/invoices/delete.py

@@ -1,10 +1,9 @@
 from django.contrib import messages
-from django.http import HttpRequest, JsonResponse, QueryDict, HttpResponse
+from django.http import HttpRequest, JsonResponse, QueryDict, HttpResponse, HttpResponseRedirect
 from django.shortcuts import render
-from django.urls import resolve
+from django.urls import resolve, reverse
 from django.urls.exceptions import Resolver404
 from django.views.decorators.http import require_http_methods
-
 from backend.models import Invoice, QuotaLimit
 
 

backend/api/receipts/delete.py

@@ -1,31 +1,37 @@
 from django.contrib import messages
 from django.contrib.auth.decorators import login_required
-from django.http import HttpRequest, JsonResponse
-from django.shortcuts import render
+from django.http import HttpRequest, JsonResponse, HttpResponse, HttpResponseRedirect, QueryDict
+from django.shortcuts import render, redirect
+from django.urls import resolve, Resolver404, reverse
 from django.views.decorators.http import require_http_methods
-
 from backend.models import Receipt
 
 
 @require_http_methods(["DELETE"])
 @login_required
 def receipt_delete(request: HttpRequest, id: int):
-    receipt = Receipt.objects.filter(id=id).first()
+    try:
+        receipt = Receipt.objects.get(id=id)
+    except Receipt.DoesNotExist:
+        return JsonResponse({"message": "Receipt not found"}, status=404)
+
     if not receipt:
         return JsonResponse(status=404, data={"message": "Receipt not found"})
 
-    if request.user.logged_in_as_team and receipt.organization != request.user.logged_in_as_team:
-        return JsonResponse(status=403, data={"message": "Forbidden"})
-    elif receipt.user != request.user:
-        return JsonResponse(status=403, data={"message": "Forbidden"})
-
-    # QuotaLimit.delete_quota_usage("receipts-count", request.user, receipt.id, receipt.date_uploaded) # Don't want to delete receipts
-    # from records because it does cost us PER receipt. So makes sense not to allow Upload, delete, upload .. etc
+    if not receipt.has_access(request.user):
+        return JsonResponse({"message": "You do not have permission to delete this invoice"}, status=404)
 
     receipt.delete()
-    messages.success(request, "Receipt deleted")
-    return render(
-        request,
-        "pages/receipts/_search_results.html",
-        {"receipts": Receipt.objects.filter(user=request.user).order_by("-date")},
-    )
+    messages.success(request, f"Receipt deleted with the name of {receipt.name}")
+    if request.user.logged_in_as_team:
+        return render(
+            request,
+            "pages/receipts/_search_results.html",
+            {"receipts": Receipt.objects.filter(organization=request.user.logged_in_as_team).order_by("-date")},
+        )
+    else:
+        return render(
+            request,
+            "pages/receipts/_search_results.html",
+            {"receipts": Receipt.objects.filter(user=request.user).order_by("-date")},
+        )

backend/api/receipts/new.py

@@ -34,22 +34,25 @@ def receipt_create(request: HttpRequest):
     if not date:
         date = None
 
-    receipt = Receipt(
-        name=name,
-        image=file,
-        date=date,
-        merchant_store=merchant_store,
-        purchase_category=purchase_category,
-        total_price=total_price,
-    )
+    receipt_data = {
+        "name": name,
+        "image": file,
+        "date": date,
+        "merchant_store": merchant_store,
+        "purchase_category": purchase_category,
+        "total_price": total_price,
+    }
 
     if request.user.logged_in_as_team:
-        receipt.organization = request.user.logged_in_as_team
+        receipt_data["organization"] = request.user.logged_in_as_team
+        receipts = Receipt.objects.filter(organization=request.user.logged_in_as_team).order_by("-date")
     else:
-        receipt.user = request.user
+        receipt_data["user"] = request.user
+        receipts = Receipt.objects.filter(user=request.user).order_by("-date")
 
-    receipt.save()
+    receipt = Receipt(**receipt_data)
     QuotaUsage.create_str(request.user, "receipts-count", receipt.id)
+    receipt.save()
     # r = requests.post(
     #     "https://ocr.asprise.com/api/receipt",
     #     data={
@@ -74,5 +77,5 @@ def receipt_create(request: HttpRequest):
     return render(
         request,
         "pages/receipts/_search_results.html",
-        {"receipts": Receipt.objects.filter(user=request.user).order_by("-date")},
+        {"receipts": receipts},
     )

backend/models.py

@@ -211,6 +211,18 @@ class Receipt(models.Model):
     class Meta:
         constraints = [USER_OR_ORGANIZATION_CONSTRAINT()]
 
+    def __str__(self):
+        return f"{self.name} - {self.date} ({self.total_price})"
+
+    def has_access(self, user: User) -> bool:
+        if not user.is_authenticated:
+            return False
+
+        if user.logged_in_as_team:
+            return self.organization == user.logged_in_as_team
+        else:
+            return self.user == user
+
 
 class ReceiptDownloadToken(models.Model):
     user = models.ForeignKey(User, on_delete=models.CASCADE)