remove stray word

doc/api/resources/orders.rst

@@ -1719,56 +1719,6 @@ List of all order positions
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
 
-.. http:get:: /api/v1/organizers/(organizer)/orderpositions/
-
-   Returns a list of all order positions within all events of a given organizer (with sufficient access permissions).
-
-   The supported query parameters and output format of this endpoint are almost identical to those of the list endpoint
-   within an event.
-   The only changes are that responses also contain the ``event`` attribute in each result and that the 'pdf_data'
-   parameter is not supported.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/orderpositions/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-      X-Page-Generated: 2017-12-01T10:00:00Z
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id:": 23442
-            "event": "sampleconf",
-            "order": "ABC12",
-            "positionid": 1,
-            "canceled": false,
-            "item": 1345,
-            ...
-          }
-        ]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-
-
 Fetching individual positions
 -----------------------------
 

src/pretix/api/serializers/order.py

@@ -62,8 +62,6 @@ from pretix.base.models.orders import (
     BlockedTicketSecret, CartPosition, OrderFee, OrderPayment, OrderRefund,
     PrintLog, RevokedTicketSecret, Transaction,
 )
-from pretix.base.payment import GiftCardPayment
-from pretix.base.payment import PaymentException
 from pretix.base.pdf import get_images, get_variables
 from pretix.base.services.cart import error_messages
 from pretix.base.services.locking import LOCK_TRUST_WINDOW, lock_objects
@@ -639,14 +637,6 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
         return entry
 
 
-class OrganizerOrderPositionSerializer(OrderPositionSerializer):
-    event = SlugRelatedField(slug_field='slug', read_only=True)
-
-    class Meta(OrderPositionSerializer.Meta):
-        fields = OrderPositionSerializer.Meta.fields + ('event',)
-        read_only_fields = OrderPositionSerializer.Meta.read_only_fields + ('event',)
-
-
 class RequireAttentionField(serializers.Field):
     def to_representation(self, instance: OrderPosition):
         return instance.require_checkin_attention
@@ -1202,7 +1192,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
     )
     tax_rounding_mode = serializers.ChoiceField(choices=ROUNDING_MODES, allow_null=True, required=False,)
     locale = serializers.ChoiceField(choices=[], required=False, allow_null=True)
-    use_gift_cards = serializers.ListField(child=serializers.CharField(required=False), required=False)
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -1218,7 +1207,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         fields = ('code', 'status', 'testmode', 'email', 'phone', 'locale', 'payment_provider', 'fees', 'comment', 'sales_channel',
                   'invoice_address', 'positions', 'checkin_attention', 'checkin_text', 'payment_info', 'payment_date',
                   'consume_carts', 'force', 'send_email', 'simulate', 'customer', 'custom_followup_at',
-                  'require_approval', 'valid_if_pending', 'expires', 'api_meta', 'tax_rounding_mode', 'use_gift_cards')
+                  'require_approval', 'valid_if_pending', 'expires', 'api_meta', 'tax_rounding_mode')
 
     def validate_payment_provider(self, pp):
         if pp is None:
@@ -1313,10 +1302,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         payment_date = validated_data.pop('payment_date', now())
         force = validated_data.pop('force', False)
         simulate = validated_data.pop('simulate', False)
-        gift_card_secrets = validated_data.pop('use_gift_cards') if 'use_gift_cards' in validated_data else []
-
-        if validated_data.get('status') != Order.STATUS_PENDING and len(gift_card_secrets) > 0:
-            raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is only supported for orders that are created as pending']})
 
         if not validated_data.get("sales_channel"):
             validated_data["sales_channel"] = self.context['event'].organizer.sales_channels.get(identifier="web")
@@ -1801,33 +1786,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         if order.total != Decimal('0.00') and order.event.currency == "XXX":
             raise ValidationError('Paid products not supported without a valid currency.')
 
-        for gift_card_secret in gift_card_secrets:
-            try:
-                if order.status != Order.STATUS_PAID:
-                    gift_card_payment_provider = GiftCardPayment(event=order.event)
-
-                    gc=order.event.organizer.accepted_gift_cards.get(
-                        secret=gift_card_secret
-                    )
-
-                    payment=order.payments.create(
-                        amount=min(order.pending_sum, gc.value),
-                        provider=gift_card_payment_provider.identifier,
-                        info_data={
-                            'gift_card': gc.pk,
-                            'gift_card_secret': gc.secret,
-                            'retry': True
-                        },
-                        state=OrderPayment.PAYMENT_STATE_CREATED
-                    )
-                    gift_card_payment_provider.execute_payment(request=None, payment=payment, is_early_special_case=not self._send_mail)
-
-                    if order.pending_sum <= Decimal('0.00'):
-                        order.status = Order.STATUS_PAID
-
-            except PaymentException:
-                pass
-
         if order.total == Decimal('0.00') and validated_data.get('status') != Order.STATUS_PAID and not validated_data.get('require_approval'):
             order.status = Order.STATUS_PAID
             order.save()
@@ -1851,7 +1809,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             )
         elif payment_provider:
             order.payments.create(
-                amount=order.pending_sum,
+                amount=order.total,
                 provider=payment_provider,
                 info=payment_info,
                 state=OrderPayment.PAYMENT_STATE_CREATED

src/pretix/api/urls.py

@@ -67,7 +67,6 @@ orga_router.register(r'invoices', order.InvoiceViewSet)
 orga_router.register(r'scheduled_exports', exporters.ScheduledOrganizerExportViewSet)
 orga_router.register(r'exporters', exporters.OrganizerExportersViewSet, basename='exporters')
 orga_router.register(r'transactions', order.OrganizerTransactionViewSet)
-orga_router.register(r'orderpositions', order.OrganizerOrderPositionViewSet, basename='orderpositions')
 
 team_router = routers.DefaultRouter()
 team_router.register(r'members', organizer.TeamMemberViewSet)
@@ -84,7 +83,7 @@ event_router.register(r'discounts', discount.DiscountViewSet)
 event_router.register(r'quotas', item.QuotaViewSet)
 event_router.register(r'vouchers', voucher.VoucherViewSet)
 event_router.register(r'orders', order.EventOrderViewSet)
-event_router.register(r'orderpositions', order.EventOrderPositionViewSet)
+event_router.register(r'orderpositions', order.OrderPositionViewSet)
 event_router.register(r'transactions', order.TransactionViewSet)
 event_router.register(r'invoices', order.InvoiceViewSet)
 event_router.register(r'revokedsecrets', order.RevokedSecretViewSet, basename='revokedsecrets')

src/pretix/api/views/order.py

@@ -57,10 +57,9 @@ from pretix.api.serializers.order import (
     BlockedTicketSecretSerializer, InvoiceSerializer, OrderCreateSerializer,
     OrderPaymentCreateSerializer, OrderPaymentSerializer,
     OrderPositionSerializer, OrderRefundCreateSerializer,
-    OrderRefundSerializer, OrderSerializer, OrganizerOrderPositionSerializer,
-    OrganizerTransactionSerializer, PriceCalcSerializer, PrintLogSerializer,
-    RevokedTicketSecretSerializer, SimulatedOrderSerializer,
-    TransactionSerializer,
+    OrderRefundSerializer, OrderSerializer, OrganizerTransactionSerializer,
+    PriceCalcSerializer, PrintLogSerializer, RevokedTicketSecretSerializer,
+    SimulatedOrderSerializer, TransactionSerializer,
 )
 from pretix.api.serializers.orderchange import (
     BlockNameSerializer, OrderChangeOperationSerializer,
@@ -1066,7 +1065,8 @@ with scopes_disabled():
             }
 
 
-class OrderPositionViewSetMixin:
+class OrderPositionViewSet(viewsets.ModelViewSet):
+    serializer_class = OrderPositionSerializer
     queryset = OrderPosition.all.none()
     filter_backends = (DjangoFilterBackend, RichOrderingFilter)
     ordering = ('order__datetime', 'positionid')
@@ -1087,7 +1087,8 @@ class OrderPositionViewSetMixin:
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        ctx['pdf_data'] = False
+        ctx['event'] = self.request.event
+        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
         ctx['check_quotas'] = self.request.query_params.get('check_quotas', 'true').lower() == 'true'
         return ctx
 
@@ -1096,8 +1097,9 @@ class OrderPositionViewSetMixin:
             qs = OrderPosition.all
         else:
             qs = OrderPosition.objects
-        qs = qs.filter(order__event__organizer=self.request.organizer)
-        if self.request.query_params.get('pdf_data', 'false').lower() == 'true' and getattr(self.request, 'event', None):
+
+        qs = qs.filter(order__event=self.request.event)
+        if self.request.query_params.get('pdf_data', 'false').lower() == 'true':
             prefetch_related_objects([self.request.organizer], 'meta_properties')
             prefetch_related_objects(
                 [self.request.event],
@@ -1152,9 +1154,9 @@ class OrderPositionViewSetMixin:
             qs = qs.prefetch_related(
                 Prefetch('checkins', queryset=Checkin.objects.select_related("device")),
                 Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
-                'answers', 'answers__options', 'answers__question', 'order__event', 'order__event__organizer'
+                'answers', 'answers__options', 'answers__question',
             ).select_related(
-                'item', 'order', 'seat'
+                'item', 'order', 'order__event', 'order__event__organizer', 'seat'
             )
         return qs
 
@@ -1166,45 +1168,6 @@ class OrderPositionViewSetMixin:
                 return prov
         raise NotFound('Unknown output provider.')
 
-
-class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
-    serializer_class = OrganizerOrderPositionSerializer
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-
-        perm = self.permission if self.request.method in SAFE_METHODS else self.write_permission
-
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            auth_obj = self.request.auth
-        elif self.request.user.is_authenticated:
-            auth_obj = self.request.user
-        else:
-            raise PermissionDenied("Unknown authentication scheme")
-
-        qs = qs.filter(
-            order__event__in=auth_obj.get_events_with_permission(perm, request=self.request).filter(
-                organizer=self.request.organizer
-            )
-        )
-
-        return qs
-
-
-class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet):
-    serializer_class = OrderPositionSerializer
-
-    def get_serializer_context(self):
-        ctx = super().get_serializer_context()
-        ctx['event'] = self.request.event
-        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
-        return ctx
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-        qs = qs.filter(order__event=self.request.event)
-        return qs
-
     @action(detail=True, methods=['POST'], url_name='price_calc')
     def price_calc(self, request, *args, **kwargs):
         """

src/pretix/base/payment.py

@@ -1626,8 +1626,6 @@ class GiftCardPayment(BasePaymentProvider):
                     raise PaymentException(_("This gift card does not support this currency."))
                 if not gc.accepted_by(self.event.organizer):
                     raise PaymentException(_("This gift card is not accepted by this event organizer."))
-                if gc.value <= Decimal("0.00"):
-                    raise PaymentException(_("All credit on this gift card has been used."))
                 if payment.amount > gc.value:
                     raise PaymentException(_("This gift card was used in the meantime. Please try again."))
                 if gc.testmode and not payment.order.testmode:

src/pretix/base/services/cart.py

@@ -334,7 +334,8 @@ def _check_position_constraints(
         raise CartPositionError(error_messages['voucher_invalid_subevent'])
 
     # Voucher expired
-    if voucher and voucher.valid_until and voucher.valid_until < time_machine_now_dt:
+    # (checked using real_now_dt as vouchers influence quota calculations)
+    if voucher and voucher.valid_until and voucher.valid_until < real_now_dt:
         raise CartPositionError(error_messages['voucher_expired'])
 
     # Subevent has been disabled

src/pretix/presale/templates/pretixpresale/event/timemachine.html

@@ -20,6 +20,7 @@
                 {% bootstrap_form_errors timemachine_form "all" %}
 
                 <p>{% trans "Test your shop as if it were a different date and time." %}</p>
+                <p>{% trans "Please note that the changed time is not taken into account for aspects of the shop that affect quotas, such as the validity period of carts and vouchers." %}</p>
 
                 <div class="row">
                     <div class="col-md-6">
@@ -44,4 +45,4 @@
             <div class="clear"></div>
         </div>
     </div>
-{% endblock %}
+{% endblock %}

src/tests/api/test_order_create.py

@@ -32,13 +32,11 @@ from django.core.files.base import ContentFile
 from django.utils.timezone import now
 from django_countries.fields import Country
 from django_scopes import scopes_disabled
-
-from pretix.base.models import OrderPayment
 from tests.const import SAMPLE_PNG
 
 from pretix.base.models import (
     InvoiceAddress, Item, Order, OrderPosition, Organizer, Question,
-    SeatingPlan, GiftCard
+    SeatingPlan,
 )
 from pretix.base.models.orders import CartPosition, OrderFee, QuestionAnswer
 
@@ -3373,176 +3371,3 @@ def test_order_create_rounding_default_pretixpos_fallback(device, device_client,
     assert resp.data["total"] == "500.00"
     assert resp.data["positions"][0]["price"] == "100.00"
     assert resp.data["positions"][-1]["price"] == "100.00"
-
-
-@pytest.mark.parametrize(
-    "order_status,status_code",
-    [
-        (
-            Order.STATUS_PENDING, 201
-        ),
-        (
-            Order.STATUS_PAID, 400
-        ),
-    ],
-)
-@pytest.mark.django_db
-def test_order_create_use_gift_cards_only_pending(token_client, organizer, event, item, quota, question, order_status, status_code):
-    res = copy.deepcopy(ORDER_CREATE_PAYLOAD)
-    res['positions'][0]['item'] = item.pk
-    res['positions'][0]['answers'][0]['question'] = question.pk
-    with scopes_disabled():
-        customer = organizer.customers.create()
-    res['customer'] = customer.identifier
-    res['api_meta'] = {
-        'test': 1
-    }
-
-    gc = GiftCard.objects.create(issuer=organizer, currency='EUR')
-    gc.transactions.create(value=Decimal("100.00"), acceptor=organizer).save()
-
-    res['status']=order_status
-    res['use_gift_cards']=[gc.secret]
-
-    resp = token_client.post(
-        '/api/v1/organizers/{}/events/{}/orders/'.format(
-            organizer.slug, event.slug
-        ), format='json', data=res
-    )
-    assert resp.status_code == status_code
-    if status_code != 201:
-        assert resp.data == {'use_gift_cards': ['The attribute use_gift_cards is only supported for orders that are created as pending']}
-
-
-@pytest.mark.django_db
-@pytest.mark.parametrize(
-    "send_mail,mail_amount",
-    [
-        (
-            False, 0
-        ),
-        (
-            True, 2 # TODO check why we get 3 mails, one order receivend and two payments
-        ),
-    ],
-)
-def test_order_create_use_gift_card(token_client, organizer, event, item, quota, question, send_mail, mail_amount):
-    res = copy.deepcopy(ORDER_CREATE_PAYLOAD)
-    res['positions'][0]['item'] = item.pk
-    res['positions'][0]['answers'][0]['question'] = question.pk
-    with scopes_disabled():
-        customer = organizer.customers.create()
-    del res['payment_provider']
-
-    res['customer'] = customer.identifier
-    res['api_meta'] = {
-        'test': 1
-    }
-
-    if send_mail:
-        res['send_email'] = True
-
-    gc = GiftCard.objects.create(issuer=organizer, currency='EUR')
-    gc.transactions.create(value=Decimal("100.00"), acceptor=organizer).save()
-
-    res['use_gift_cards']=[gc.secret]
-
-    djmail.outbox = []
-
-    resp = token_client.post(
-        '/api/v1/organizers/{}/events/{}/orders/'.format(
-            organizer.slug, event.slug
-        ), format='json', data=res
-    )
-    assert resp.status_code == 201
-
-    with scopes_disabled():
-        o = Order.objects.get(code=resp.data['code'])
-    assert o.status == Order.STATUS_PAID
-
-    assert gc.transactions.count() == 2
-    assert -gc.transactions.last().value == o.total
-
-    assert len(djmail.outbox) == mail_amount
-
-@pytest.mark.django_db
-def test_order_create_use_multiple_gift_cards(token_client, organizer, event, item, quota, question):
-    res = copy.deepcopy(ORDER_CREATE_PAYLOAD)
-    res['positions'][0]['item'] = item.pk
-    res['positions'][0]['answers'][0]['question'] = question.pk
-    with scopes_disabled():
-        customer = organizer.customers.create()
-    res['customer'] = customer.identifier
-    res['api_meta'] = {
-        'test': 1
-    }
-    del res['payment_provider']
-
-    gc_one_eur = GiftCard.objects.create(issuer=organizer, currency='EUR')
-    gc_one_eur.transactions.create(value=Decimal("1.00"), acceptor=organizer).save()
-
-    gc_empty=GiftCard.objects.create(issuer=organizer, currency='EUR')
-
-    gc_wrong_currency=GiftCard.objects.create(issuer=organizer, currency='USD')
-    gc_wrong_currency.transactions.create(value=Decimal("100.00"), acceptor=organizer).save()
-
-    gc_enough_eur=GiftCard.objects.create(issuer=organizer, currency='EUR')
-    gc_enough_eur.transactions.create(value=Decimal("100.00"), acceptor=organizer).save()
-
-    res['use_gift_cards']=[gc_one_eur.secret, gc_empty.secret, gc_wrong_currency.secret, gc_enough_eur.secret]
-
-    resp = token_client.post(
-        '/api/v1/organizers/{}/events/{}/orders/'.format(
-            organizer.slug, event.slug
-        ), format='json', data=res
-    )
-    assert resp.status_code == 201
-
-    with scopes_disabled():
-        o = Order.objects.get(code=resp.data['code'])
-        assert o.status == Order.STATUS_PAID
-        assert o.payments.count() == 4
-
-        assert gc_one_eur.transactions.count() == 2
-        assert o.payments.all()[0].state == OrderPayment.PAYMENT_STATE_CONFIRMED
-        assert gc_empty.transactions.count() == 0
-        assert o.payments.all()[1].state == OrderPayment.PAYMENT_STATE_FAILED
-        assert gc_wrong_currency.transactions.count() == 1
-        assert o.payments.all()[2].state == OrderPayment.PAYMENT_STATE_FAILED
-        assert gc_enough_eur.transactions.count() == 2
-        assert o.payments.all()[3].state == OrderPayment.PAYMENT_STATE_CONFIRMED
-
-
-@pytest.mark.django_db
-def test_order_create_use_gift_card_and_payment_provider(token_client, organizer, event, item, quota, question):
-    res = copy.deepcopy(ORDER_CREATE_PAYLOAD)
-    res['positions'][0]['item'] = item.pk
-    res['positions'][0]['answers'][0]['question'] = question.pk
-    with scopes_disabled():
-        customer = organizer.customers.create()
-
-    res['customer'] = customer.identifier
-    res['api_meta'] = {
-        'test': 1
-    }
-    gc_value = Decimal("1.00")
-    gc = GiftCard.objects.create(issuer=organizer, currency='EUR')
-    gc.transactions.create(value=gc_value, acceptor=organizer).save()
-
-    res['use_gift_cards']=[gc.secret]
-
-    resp = token_client.post(
-        '/api/v1/organizers/{}/events/{}/orders/'.format(
-            organizer.slug, event.slug
-        ), format='json', data=res
-    )
-    assert resp.status_code == 201
-
-    with scopes_disabled():
-        o = Order.objects.get(code=resp.data['code'])
-        assert o.status == Order.STATUS_PENDING
-
-        open_payment = o.payments.last()
-        assert open_payment.state == OrderPayment.PAYMENT_STATE_CREATED
-        assert open_payment.amount == o.total-gc_value
-        assert open_payment.payment_provider.identifier == res['payment_provider']

src/tests/api/test_orders.py

@@ -34,7 +34,7 @@ from stripe import error
 from tests.plugins.stripe.test_checkout import apple_domain_create
 from tests.plugins.stripe.test_provider import MockedCharge
 
-from pretix.base.models import InvoiceAddress, Order, OrderPosition, Team
+from pretix.base.models import InvoiceAddress, Order, OrderPosition
 from pretix.base.models.orders import OrderFee, OrderPayment, OrderRefund
 
 
@@ -180,41 +180,6 @@ def order2(event2, item2):
         return o
 
 
-@pytest.fixture
-@scopes_disabled()
-def team2(organizer, event2):
-    team2 = Team.objects.create(
-        organizer=organizer,
-        name="Test-Team 2",
-        can_change_teams=True,
-        can_manage_gift_cards=True,
-        can_change_items=True,
-        can_create_events=True,
-        can_change_event_settings=True,
-        can_change_vouchers=True,
-        can_view_vouchers=True,
-        can_change_orders=True,
-        can_manage_customers=True,
-        can_manage_reusable_media=True,
-        can_change_organizer_settings=True,
-
-    )
-    team2.limit_events.add(event2)
-    team2.save()
-    return team2
-
-
-@pytest.fixture
-@scopes_disabled()
-def limited_token_client(client, team2):
-    team2.can_view_orders = True
-    team2.can_view_vouchers = True
-    team2.save()
-    t = team2.tokens.create(name='Foo')
-    client.credentials(HTTP_AUTHORIZATION='Token ' + t.token)
-    return client
-
-
 TEST_ORDERPOSITION_RES = {
     "id": 1,
     "order": "FOO",
@@ -1022,64 +987,8 @@ def test_refund_cancel(token_client, organizer, event, order):
     assert resp.status_code == 400
 
 
-@pytest.mark.parametrize(
-    "endpoint_template, response_code",
-    [('/api/v1/organizers/{}/events/{}/orderpositions/', 403), ('/api/v1/organizers/{}/orderpositions/', 200)]
-)
 @pytest.mark.django_db
-def test_orderposition_list_limited_read(
-        endpoint_template, response_code, limited_token_client, organizer, device, event, order, item, subevent, subevent2, question
-):
-    endpoint = endpoint_template.format(organizer.slug, event.slug)
-
-    i2 = copy.copy(item)
-    i2.pk = None
-    i2.save()
-    with scopes_disabled():
-        var = item.variations.create(value="Children")
-        res = copy.copy(TEST_ORDERPOSITION_RES)
-        op = order.positions.first()
-        op.variation = var
-        op.save()
-        res["id"] = op.pk
-        res["item"] = item.pk
-        res["variation"] = var.pk
-        res["answers"][0]["question"] = question.pk
-        res["print_logs"][0]["id"] = op.print_logs.first().pk
-        res["print_logs"][0]["device_id"] = device.device_id
-
-    resp = limited_token_client.get(endpoint)
-    assert resp.status_code == response_code
-    if response_code == 200:
-        assert resp.json() == {'count': 0, 'next': None, 'previous': None, 'results': []}
-    else:
-        assert resp.json() == {'detail': 'You do not have permission to perform this action.'}
-
-
-@pytest.mark.parametrize(
-    ("endpoint_template", "endpoint_type"),
-    [
-        ('/api/v1/organizers/{}/events/{}/orderpositions/', "event"),
-        ('/api/v1/organizers/{}/orderpositions/', "organizer")
-    ],
-)
-@pytest.mark.django_db
-def test_orderposition_list(
-        endpoint_template,
-        endpoint_type,
-        token_client,
-        organizer,
-        device,
-        event,
-        order,
-        item,
-        subevent,
-        subevent2,
-        question,
-        django_assert_num_queries
-):
-    endpoint = endpoint_template.format(organizer.slug, event.slug)
-
+def test_orderposition_list(token_client, organizer, device, event, order, item, subevent, subevent2, question, django_assert_num_queries):
     i2 = copy.copy(item)
     i2.pk = None
     i2.save()
@@ -1096,64 +1005,88 @@ def test_orderposition_list(
         res["answers"][0]["question"] = question.pk
         res["print_logs"][0]["id"] = op.print_logs.first().pk
         res["print_logs"][0]["device_id"] = device.device_id
-        if endpoint_type == "organizer":
-            res["event"] = event.slug
 
-    resp = token_client.get(endpoint)
+    resp = token_client.get('/api/v1/organizers/{}/events/{}/orderpositions/'.format(organizer.slug, event.slug))
     assert resp.status_code == 200
     assert [res] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?order__status=n')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?order__status=n'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?order__status=p')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?order__status=p'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?item={}'.format(item.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?item={}'.format(organizer.slug, event.slug, item.pk))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?item__in={},{}'.format(item.pk, i2.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?item__in={},{}'.format(
+            organizer.slug, event.slug, item.pk, i2.pk
+        ))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?item={}'.format(i2.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?item={}'.format(organizer.slug, event.slug, i2.pk))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?variation={}'.format(var.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?variation={}'.format(organizer.slug, event.slug, var.pk))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?variation={}'.format(var2.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?variation={}'.format(organizer.slug, event.slug, var2.pk))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?attendee_name=Peter')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?attendee_name=Peter'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?attendee_name=peter')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?attendee_name=peter'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?attendee_name=Mark')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?attendee_name=Mark'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?secret=z3fsn8jyufm5kpk768q69gkbyr5f4h6w')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?secret=z3fsn8jyufm5kpk768q69gkbyr5f4h6w'.format(
+            organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?secret=abc123')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?secret=abc123'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?pseudonymization_id=ABCDEFGHKL')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?pseudonymization_id=ABCDEFGHKL'.format(
+            organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?pseudonymization_id=FOO')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?pseudonymization_id=FOO'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?search=FO')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?search=FO'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?search=z3fsn8j')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?search=z3fsn8j'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?search=Peter')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?search=Peter'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?search=5f4h6w')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?search=5f4h6w'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?order=FOO')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?order=FOO'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?order=BAR')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?order=BAR'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?has_checkin=false')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?has_checkin=false'.format(organizer.slug, event.slug))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?has_checkin=true')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?has_checkin=true'.format(organizer.slug, event.slug))
     assert [] == resp.data['results']
 
     with scopes_disabled():
@@ -1170,28 +1103,33 @@ def test_orderposition_list(
         'gate': None,
         'type': 'entry'
     }]
-    if '/events/' in endpoint:
-        with django_assert_num_queries(18):
-            resp = token_client.get(endpoint + '?has_checkin=true')
-    else:
-        with django_assert_num_queries(17):
-            resp = token_client.get(endpoint + '?has_checkin=true')
+    with django_assert_num_queries(16):
+        resp = token_client.get(
+            '/api/v1/organizers/{}/events/{}/orderpositions/?has_checkin=true'.format(organizer.slug, event.slug)
+        )
     assert [res] == resp.data['results']
 
     op.subevent = subevent
     op.save()
     res['subevent'] = subevent.pk
 
-    resp = token_client.get(endpoint + '?subevent={}'.format(subevent.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?subevent={}'.format(organizer.slug, event.slug, subevent.pk))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?subevent__in={},{}'.format(subevent.pk, subevent2.pk))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?subevent__in={},{}'.format(organizer.slug, event.slug,
+                                                                                    subevent.pk, subevent2.pk))
     assert [res] == resp.data['results']
-    resp = token_client.get(endpoint + '?subevent={}'.format(subevent.pk + 1))
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?subevent={}'.format(organizer.slug, event.slug,
+                                                                             subevent.pk + 1))
     assert [] == resp.data['results']
 
-    resp = token_client.get(endpoint + '?include_canceled_positions=false')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?include_canceled_positions=false'.format(organizer.slug, event.slug))
     assert len(resp.data['results']) == 1
-    resp = token_client.get(endpoint + '?include_canceled_positions=true')
+    resp = token_client.get(
+        '/api/v1/organizers/{}/events/{}/orderpositions/?include_canceled_positions=true'.format(organizer.slug, event.slug))
     assert len(resp.data['results']) == 2