explain qr code better and allow revoking it

2017-12-10 14:20:11 +01:00 · 2017-12-10 14:20:11 +01:00 · 52afd63a56
commit 52afd63a56
parent 101a4c6bf2
2 changed files with 13 additions and 3 deletions
--- a/src/c3nav/control/templates/control/access_qr.html
+++ b/src/c3nav/control/templates/control/access_qr.html
@ -14,11 +14,17 @@
        <img src="{{ url_qr }}">
    </p>
    <p>
-        {{ url_absolute }}
+        <a href="{{ url }}">{{ url_absolute }}</a>
    </p>
    <p>
-        <a href="{% url 'control.access' %}">« {% trans 'back' %}</a>
+        <em>{% trans 'Please wait. You will be redirected back when the token is redeemed.' %}</em>
    </p>
+    <form method="post">
+        {% csrf_token %}
+        <p>
+            <button type="submit" name="revoke" value="1">{% trans 'Revoke Token' %}</button>
+        </p>
+    </form>
    <script type="text/javascript">
        window.setTimeout(function() { window.location.reload(); }, 3000);
    </script>
--- a/src/c3nav/control/views.py
+++ b/src/c3nav/control/views.py
@ -141,8 +141,12 @@ def grant_access_qr(request, token):
    with transaction.atomic():
        token = AccessPermissionToken.objects.select_for_update().get(id=token, author=request.user)
        if token.redeemed:
-            messages.success(request, _('Access successfully granted!'))
+            messages.success(request, _('Access successfully granted.'))
            token = None
+        elif request.method == 'POST' and request.POST.get('revoke'):
+            token.delete()
+            messages.success(request, _('Token successfully revoked.'))
+            return redirect('control.access')
        elif not token.unlimited:
            try:
                latest = AccessPermissionToken.objects.filter(author=request.user).latest('valid_until')