Approvals

src/pretix/presale/checkoutflow.py

@@ -503,6 +503,10 @@ class PaymentStep(QuestionsViewMixin, CartMixin, TemplateFlowStep):
     def is_applicable(self, request):
         self.request = request
 
+        for cartpos in get_cart(self.request):
+            if cartpos.item.require_approval:
+                return False
+
         for p in self.request.event.get_payment_providers().values():
             if p.is_implicit:
                 if self._is_allowed(p, request):
@@ -530,8 +534,10 @@ class ConfirmStep(CartMixin, AsyncAction, TemplateFlowStep):
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
         ctx['cart'] = self.get_cart(answers=True)
-        ctx['payment'] = self.payment_provider.checkout_confirm_render(self.request)
-        ctx['payment_provider'] = self.payment_provider
+        if self.payment_provider:
+            ctx['payment'] = self.payment_provider.checkout_confirm_render(self.request)
+            ctx['payment_provider'] = self.payment_provider
+        ctx['require_approval'] = any(cp.item.require_approval for cp in ctx['cart']['positions'])
         ctx['addr'] = self.invoice_address
         ctx['confirm_messages'] = self.confirm_messages
         ctx['cart_session'] = self.cart_session
@@ -566,6 +572,8 @@ class ConfirmStep(CartMixin, AsyncAction, TemplateFlowStep):
 
     @cached_property
     def payment_provider(self):
+        if 'payment' not in self.cart_session:
+            return None
         return self.request.event.get_payment_providers().get(self.cart_session['payment'])
 
     def get(self, request):
@@ -599,7 +607,7 @@ class ConfirmStep(CartMixin, AsyncAction, TemplateFlowStep):
         for receiver, response in order_meta_from_request.send(sender=request.event, request=request):
             meta_info.update(response)
 
-        return self.do(self.request.event.id, self.payment_provider.identifier,
+        return self.do(self.request.event.id, self.payment_provider.identifier if self.payment_provider else None,
                        [p.id for p in self.positions], self.cart_session.get('email'),
                        translation.get_language(), self.invoice_address.pk, meta_info)
 
@@ -620,10 +628,16 @@ class ConfirmStep(CartMixin, AsyncAction, TemplateFlowStep):
         return self.get_step_url(self.request)
 
     def get_order_url(self, order):
+        payment = order.payments.first()
+        if not payment:
+            return eventreverse(self.request.event, 'presale:event.order', kwargs={
+                'order': order.code,
+                'secret': order.secret,
+            })
         return eventreverse(self.request.event, 'presale:event.order.pay.complete', kwargs={
             'order': order.code,
             'secret': order.secret,
-            'payment': order.payments.first().pk
+            'payment': payment.pk
         })
 
 

src/pretix/presale/templates/pretixpresale/event/checkout_confirm.html

@@ -49,24 +49,26 @@
                 </div>
             </div>
         </div>
-        <div class="panel panel-primary">
-            <div class="panel-heading">
-                {% if payment_provider.identifier != "free" %}
-                    <div class="pull-right">
-                        <a href="{% eventurl request.event "presale:event.checkout" step="payment" cart_namespace=cart_namespace|default_if_none:"" %}">
-                            <span class="fa fa-edit"></span>
-                            {% trans "Modify" %}
-                        </a>
-                    </div>
-                {% endif %}
-                <h3 class="panel-title">
-                    {% trans "Payment" %}
-                </h3>
+        {% if payment_provider %}
+            <div class="panel panel-primary">
+                <div class="panel-heading">
+                    {% if payment_provider.identifier != "free" %}
+                        <div class="pull-right">
+                            <a href="{% eventurl request.event "presale:event.checkout" step="payment" cart_namespace=cart_namespace|default_if_none:"" %}">
+                                <span class="fa fa-edit"></span>
+                                {% trans "Modify" %}
+                            </a>
+                        </div>
+                    {% endif %}
+                    <h3 class="panel-title">
+                        {% trans "Payment" %}
+                    </h3>
+                </div>
+                <div class="panel-body">
+                    {{ payment }}
+                </div>
             </div>
-            <div class="panel-body">
-                {{ payment }}
-            </div>
-        </div>
+        {% endif %}
         {% eventsignal event "pretix.presale.signals.checkout_confirm_page_content" request=request %}
         <div class="row">
             {% if request.event.settings.invoice_address_asked %}
@@ -155,6 +157,17 @@
                 </div>
             </div>
         {% endif %}
+        {% if require_approval %}
+            <div class="alert alert-warning alert-primary">
+                <strong>
+                    {% trans "Your order requires approval by the event organizer before it can be confirmed and forms a valid contract." %}
+                </strong>
+                {% blocktrans trimmed %}
+                    We will sent you an email as soon as the event organizer approved or rejected your order. If your
+                    order was approved, we will send you a link that you can use to pay.
+                {% endblocktrans %}
+            </div>
+        {% endif %}
         <div class="row checkout-button-row clearfix">
             <div class="col-md-4">
                 <a class="btn btn-block btn-default btn-lg"

src/pretix/presale/templates/pretixpresale/event/fragment_order_status.html

@@ -1,7 +1,11 @@
 {% load i18n %}
 {% load bootstrap3 %}
 {% if order.status == "n" %}
-    <span class="label label-warning {{ class }}">{% trans "Payment pending" %}</span>
+    {% if order.require_approval %}
+        <span class="label label-warning {{ class }}">{% trans "Approval pending" %}</span>
+    {% else %}
+        <span class="label label-warning {{ class }}">{% trans "Payment pending" %}</span>
+    {% endif %}
 {% elif order.status == "p" %}
     <span class="label label-success {{ class }}">{% trans "Paid" %}</span>
 {% elif order.status == "e" %}

src/pretix/presale/templates/pretixpresale/event/order.html

@@ -41,7 +41,7 @@
         {% include "pretixpresale/event/fragment_order_status.html" with order=order class="pull-right" %}
         <div class="clearfix"></div>
     </h2>
-    {% if order.status == "n" %}
+    {% if order.status == "n" and not order.require_approval %}
         <div class="panel panel-danger">
             <div class="panel-heading">
                 <h3 class="panel-title">

src/pretix/presale/views/order.py

@@ -147,7 +147,7 @@ class OrderDetails(EventViewMixin, OrderDetailMixin, CartMixin, TemplateView):
                 if lp.state == OrderPayment.PAYMENT_STATE_PENDING and not pp.abort_pending_allowed:
                     ctx['can_pay'] = False
 
-            ctx['can_pay'] = ctx['can_pay'] and self.order._can_be_paid()
+            ctx['can_pay'] = ctx['can_pay'] and self.order._can_be_paid() is True
 
         elif self.order.status == Order.STATUS_PAID:
             ctx['can_pay'] = False
@@ -168,7 +168,8 @@ class OrderPaymentStart(EventViewMixin, OrderDetailMixin, TemplateView):
             raise Http404(_('Unknown order code or not authorized to access this order.'))
         if (self.order.status not in (Order.STATUS_PENDING, Order.STATUS_EXPIRED)
                 or self.payment.state != OrderPayment.PAYMENT_STATE_CREATED
-                or not self.payment.payment_provider.is_enabled):
+                or not self.payment.payment_provider.is_enabled
+                or self.order._can_be_paid() is not True):
             messages.error(request, _('The payment for this order cannot be continued.'))
             return redirect(self.get_order_url())
 
@@ -229,7 +230,7 @@ class OrderPaymentConfirm(EventViewMixin, OrderDetailMixin, TemplateView):
         self.request = request
         if not self.order:
             raise Http404(_('Unknown order code or not authorized to access this order.'))
-        if self.payment.state != OrderPayment.PAYMENT_STATE_CREATED:
+        if self.payment.state != OrderPayment.PAYMENT_STATE_CREATED or not self.order._can_be_paid():
             messages.error(request, _('The payment for this order cannot be continued.'))
             return redirect(self.get_order_url())
         if (not self.payment.payment_provider.payment_is_valid_session(request) or
@@ -286,7 +287,7 @@ class OrderPaymentComplete(EventViewMixin, OrderDetailMixin, View):
         self.request = request
         if not self.order:
             raise Http404(_('Unknown order code or not authorized to access this order.'))
-        if self.payment.state != OrderPayment.PAYMENT_STATE_CREATED:
+        if self.payment.state != OrderPayment.PAYMENT_STATE_CREATED or not self.order._can_be_paid():
             messages.error(request, _('The payment for this order cannot be continued.'))
             return redirect(self.get_order_url())
         if (not self.payment.payment_provider.payment_is_valid_session(request) or
@@ -329,7 +330,7 @@ class OrderPayChangeMethod(EventViewMixin, OrderDetailMixin, TemplateView):
         self.request = request
         if not self.order:
             raise Http404(_('Unknown order code or not authorized to access this order.'))
-        if self.order.status not in (Order.STATUS_PENDING, Order.STATUS_EXPIRED):
+        if self.order.status not in (Order.STATUS_PENDING, Order.STATUS_EXPIRED) or not self.order._can_be_paid():
             messages.error(request, _('The payment method for this order cannot be changed.'))
             return redirect(self.get_order_url())