diff --git a/app/admin.py b/app/admin.py
index 24b7d99..0d0c172 100644
--- a/app/admin.py
+++ b/app/admin.py
@@ -44,6 +44,7 @@ class OrderItemAdminModel(ModelBaseView):
column_default_sort = ("order_id", True)
column_list = [
"order_id",
+ "slug",
"order.location_name",
"user_name",
"user",
diff --git a/app/database/muhscheme.txt b/app/database/muhscheme.txt
index 173ff3c..9ac0206 100644
--- a/app/database/muhscheme.txt
+++ b/app/database/muhscheme.txt
@@ -9,6 +9,7 @@ user
order
id
+ slug secret used in URL
courier_id
location_id HLDS identifier
location_name this allows historical orders to keep the same location name
diff --git a/app/templates/order.html b/app/templates/order.html
index 45a222f..0ad5611 100644
--- a/app/templates/order.html
+++ b/app/templates/order.html
@@ -348,7 +348,7 @@
{% if order.can_modify_prices(current_user.id) %}
-
+
Edit prices
{% endif %}
diff --git a/app/templates/order_prices.html b/app/templates/order_prices.html
index d5eec77..49ac068 100644
--- a/app/templates/order_prices.html
+++ b/app/templates/order_prices.html
@@ -11,10 +11,10 @@
{% block container %}
-
diff --git a/app/views/order.py b/app/views/order.py
index 8023ecf..ddce63d 100644
--- a/app/views/order.py
+++ b/app/views/order.py
@@ -233,9 +233,9 @@ def modify_items(order_slug: str) -> typing.Optional[Response]:
return delete_item(order_slug, int(request.form["delete_item"]))
user_names = request.form.getlist("user_names")
if request.form.get("action") == "mark_paid":
- return set_items_paid(order_id, user_names, True)
+ return set_items_paid(order_slug, user_names, True)
elif request.form.get("action") == "mark_unpaid":
- return set_items_paid(order_id, user_names, False)
+ return set_items_paid(order_slug, user_names, False)
else:
abort(404)
return None
@@ -328,15 +328,15 @@ def close_order(order_slug: str) -> typing.Optional[Response]:
return None
-@order_bp.route("//prices", methods=["GET", "POST"])
+@order_bp.route("//prices", methods=["GET", "POST"])
@login_required
-def prices(order_id: int) -> typing.Optional[Response]:
- order = Order.query.filter(Order.id == order_id).first()
+def prices(order_slug: str) -> typing.Optional[Response]:
+ order = Order.query.filter(Order.slug == order_slug).first()
if order is None:
abort(404)
if not order.can_modify_prices(current_user.id):
flash("You cannot modify the prices at this time.", "error")
- return redirect(url_for("order_bp.order_from_id", order_id=order_id))
+ return redirect(url_for("order_bp.order_from_slug", order_slug=order.slug))
if request.method == "GET":
return render_template(
@@ -366,7 +366,7 @@ def prices(order_id: int) -> typing.Optional[Response]:
item.price_modified = datetime.now()
db.session.commit()
- return redirect(url_for("order_bp.order_from_id", order_id=order_id))
+ return redirect(url_for("order_bp.order_from_slug", order_slug=order.slug))