def void(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_attendee(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.invoice = Invoice.find_by_id(id, True) if c.invoice.is_void(): h.flash("Invoice was already voided.") return redirect_to(action='view', id=c.invoice.id) if h.auth.authorized(h.auth.has_organiser_role): c.invoice.void = "Administration Change" meta.Session.commit() h.flash("Invoice was voided.") return redirect_to(action='view', id=c.invoice.id) else: if c.invoice.paid(): h.flash("Cannot void a paid invoice.") return redirect_to(action='view', id=c.invoice.id) c.invoice.void = "User cancellation" c.person = c.invoice.person meta.Session.commit() email(lca_info['contact_email'], render('/invoice/user_voided.mako')) h.flash("Previous invoice was voided.") return redirect_to(controller='registration', action='pay', id=c.person.registration.id)
def _new(self): person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name( 'Pending Review') c.proposal = Proposal(**proposal_results) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: c.attachment = Attachment(**attachment_results) c.proposal.attachments.append(c.attachment) meta.Session.add(c.attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_mini_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def void(self, id): if not h.auth.authorized( h.auth.Or(h.auth.is_same_zkpylons_attendee(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.invoice = Invoice.find_by_id(id, True) if c.invoice.is_void: h.flash("Invoice was already voided.") return redirect_to(action='view', id=c.invoice.id) elif len(c.invoice.payment_received) and h.auth.authorized( h.auth.has_organiser_role): h.flash("Invoice has a payment applied to it, do you want to " + h.link_to('Refund', h.url_for(action='refund')) + " instead?") return redirect_to(action='view', id=c.invoice.id) elif len(c.invoice.payment_received): h.flash("Cannot void a paid invoice.") return redirect_to(action='view', id=c.invoice.id) elif h.auth.authorized(h.auth.has_organiser_role): c.invoice.void = "Administration Change" meta.Session.commit() h.flash("Invoice was voided.") return redirect_to(action='view', id=c.invoice.id) else: c.invoice.void = "User cancellation" c.person = c.invoice.person meta.Session.commit() email(lca_info['contact_email'], render('/invoice/user_voided.mako')) h.flash("Previous invoice was voided.") return redirect_to(controller='registration', action='pay', id=c.person.registration.id)
def _edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() if not h.auth.authorized(h.auth.has_organiser_role): if c.paper_editing == 'closed' and not h.auth.authorized(h.auth.has_late_submitter_role): return render("proposal/editing_closed.mako") elif c.paper_editing == 'not_open': return render("proposal/editing_not_open.mako") c.proposal = Proposal.find_by_id(id) for key in self.form_result['proposal']: setattr(c.proposal, key, self.form_result['proposal'][key]) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) c.person = self.form_result['person_to_edit'] if (c.person.id == h.signed_in_person().id or h.auth.authorized(h.auth.has_organiser_role)): for key in self.form_result['person']: setattr(c.person, key, self.form_result['person'][key]) p_edit = "and author" else: p_edit = "(but not author)" meta.Session.commit() if lca_info['proposal_update_email'] != '': body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % (h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view")) email(lca_info['proposal_update_email'], body) h.flash("Proposal %s edited!"%p_edit) return redirect_to('/proposal')
def void(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_attendee(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.invoice = Invoice.find_by_id(id, True) if c.invoice.is_void: h.flash("Invoice was already voided.") return redirect_to(action='view', id=c.invoice.id) elif len(c.invoice.payment_received) and h.auth.authorized(h.auth.has_organiser_role): h.flash("Invoice has a payment applied to it, do you want to " + h.link_to('Refund', h.url_for(action='refund')) + " instead?") return redirect_to(action='view', id=c.invoice.id) elif len(c.invoice.payment_received): h.flash("Cannot void a paid invoice.") return redirect_to(action='view', id=c.invoice.id) elif h.auth.authorized(h.auth.has_organiser_role): c.invoice.void = "Administration Change" meta.Session.commit() h.flash("Invoice was voided.") return redirect_to(action='view', id=c.invoice.id) else: c.invoice.void = "User cancellation" c.person = c.invoice.person meta.Session.commit() email(Config.get('contact_email'), render('/invoice/user_voided.mako')) h.flash("Previous invoice was voided.") return redirect_to(controller='registration', action='pay', id=c.person.registration.id)
def _forgotten_password(self): """Action to let the user request a password change. GET returns a form for emailing them the password change confirmation. POST checks the form and then creates a confirmation record: date, email_address, and a url_hash that is a hash of a combination of date, email_address, and a random nonce. The email address must exist in the person database. The second half of the password change operation happens in the ``confirm`` action. """ c.email = self.form_result['email_address'] c.person = Person.find_by_email(c.email) if c.person is not None: # Check if there is already a password recovery in progress reset = PasswordResetConfirmation.find_by_email(c.email) if reset is not None: return render('person/in_progress.mako') # Ok kick one off c.conf_rec = PasswordResetConfirmation(email_address=c.email) meta.Session.add(c.conf_rec) meta.Session.commit() email(c.email, render('person/confirmation_email.mako')) return render('person/password_confirmation_sent.mako')
def _new(self): person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name('Pending') c.proposal = Proposal(**proposal_results) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: c.attachment = Attachment(**attachment_results) c.proposal.attachments.append(c.attachment) meta.Session.add(c.attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_mini_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def _new(self): # Do we allow account creation? if Config.get('account_creation'): """Create a new person submit. """ # Remove fields not in class results = self.form_result['person'] del results['password_confirm'] c.person = Person(**results) c.person.email_address = c.person.email_address.lower() meta.Session.add(c.person) #for sn in self.form_result['social_network']: # network = SocialNetwork.find_by_name(sn['name']) # if sn['account_name']: # c.person.social_networks[network] = sn['account_name'] meta.Session.commit() if Config.get('confirm_email_address', category='rego') == 'no': redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash) else: email(c.person.email_address, render('/person/new_person_email.mako')) # return render('/person/thankyou.mako') return self.finish_login(c.person.email_address) else: return render('/not_allowed.mako')
def _new(self): if c.funding_status == 'closed': return render("funding/closed.mako") elif c.funding_status == 'not_open': return render("funding/not_open.mako") funding_results = self.form_result['funding'] attachment_results1 = self.form_result['attachment'] c.person = h.signed_in_person() c.funding = Funding(**funding_results) c.funding.status = FundingStatus.find_by_name('Pending') c.funding.person = c.person if not c.funding.type.available(): return render("funding/type_unavailable.mako") meta.Session.add(c.funding) if attachment_results1 is not None: attachment = FundingAttachment(**attachment_results1) c.funding.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.funding.person.email_address, render('funding/thankyou_email.mako')) h.flash("Funding submitted!") return redirect_to(controller='funding', action="index", id=None)
def _remind(self): results = self.form_result for i in results['invoices']: c.invoice = i c.recipient = i.person email(c.recipient.email_address, render('invoice/remind_email.mako')) h.flash('Email sent to ' + c.recipient.firstname + ' ' + c.recipient.lastname + ' <' + c.recipient.email_address + '>') redirect_to(action='remind')
def _remind(self): results = self.form_result for i in results['invoices']: c.invoice = i c.recipient = i.person email(c.recipient.email_address, render('invoice/remind_email.mako')) h.flash('Email sent to ' + c.recipient.fullname + ' <' + c.recipient.email_address + '>') redirect_to(action='remind')
def reject(self, id): volunteer = Volunteer.find_by_id(id) volunteer.accepted = False volunteer.ticket_type = None meta.Session.commit() c.volunteer = volunteer c.person = volunteer.person email(c.person.email_address, render('volunteer/response.mako')) h.flash('Status Updated and Rejection Email Sent') redirect_to(action='index', id=None)
def _accept(self, id): results = self.form_result volunteer = Volunteer.find_by_id(id) volunteer.ticket_type = results['ticket_type'] volunteer.accepted = True meta.Session.commit() c.volunteer = volunteer c.person = volunteer.person email(c.person.email_address, render('volunteer/response.mako')) h.flash('Status Updated and Acceptance Email Sent') redirect_to(action='index', id=None)
def _new(self): results = self.form_result['volunteer'] c.volunteer = Volunteer(**results) c.volunteer.person = h.signed_in_person() c.person = c.volunteer.person meta.Session.add(c.volunteer) meta.Session.commit() h.flash("Thank you for volunteering. We will contact you shortly regarding your application") email(c.person.email_address, render('volunteer/response.mako')) redirect_to(action='view', id=c.volunteer.id)
def _offer(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zkpylons_user(id), h.auth.has_reviewer_role, h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.person = Person.find_by_id(id) c.offers = c.person.proposal_offers c.travel_assistance = reduce( lambda a, b: a or ('Travel' in b.status.name), c.offers, False) or False c.accommodation_assistance = reduce( lambda a, b: a or ('Accommodation' in b.status.name), c.offers, False) or False # What status are we moving all proposals to? if self.form_result['status'] == 'accept': c.status = ProposalStatus.find_by_name('Accepted') elif self.form_result['status'] == 'withdraw': c.status = ProposalStatus.find_by_name('Withdrawn') elif self.form_result['status'] == 'contact': c.status = ProposalStatus.find_by_name('Contact') else: c.status = None emails = [c.person.email_address] for offer in c.offers: offer.status = c.status if offer.type.notify_email and offer.type.notify_email not in emails: emails.append(offer.type.notify_email) if c.travel_assistance: if not c.person.travel: self.form_result['travel']['flight_details'] = '' travel = Travel(**self.form_result['travel']) meta.Session.add(travel) c.person.travel = travel else: for key in self.form_result['travel']: setattr(c.person.travel, key, self.form_result['travel'][key]) if c.status.name == 'Accepted': email(c.person.email_address, render('/person/offer_email.mako')) else: email(emails, render('/person/offer_email.mako')) # update the objects with the validated form data meta.Session.commit() return render('person/offer.mako')
def _remind(self): results = self.form_result for i in results["invoices"]: c.invoice = i c.recipient = i.person email(c.recipient.email_address, render("invoice/remind_email.mako")) h.flash( "Email sent to " + c.recipient.firstname + " " + c.recipient.lastname + " <" + c.recipient.email_address + ">" ) redirect_to(action="remind")
def _withdraw(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.proposal = Proposal.find_by_id(id) status = ProposalStatus.find_by_name('Withdrawn') c.proposal.status = status meta.Session.commit() c.person = h.signed_in_person() # Make sure the organisers are notified of this c.email_address = h.lca_info['emails'][c.proposal.type.name.lower()] email(c.email_address, render('/proposal/withdraw_email.mako')) h.flash("Proposal withdrawn. The organisers have been notified.") return redirect_to(controller='proposal', action="index", id=None)
def _withdraw(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_funding_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.funding = Funding.find_by_id(id) status = FundingStatus.find_by_name('Withdrawn') c.funding.status = status meta.Session.commit() c.person = h.signed_in_person() # Make sure the organisers are notified of this c.email_address = c.funding.type.notify_email email(c.email_address, render('/funding/withdraw_email.mako')) h.flash("Funding withdrawn. The organisers have been notified.") return redirect_to(controller='funding', action="index", id=None)
def _offer(self,id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized(h.auth.Or(h.auth.is_same_zkpylons_user(id), h.auth.has_reviewer_role, h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.person = Person.find_by_id(id) c.offers = c.person.proposal_offers c.travel_assistance = reduce(lambda a, b: a or ('Travel' in b.status.name), c.offers, False) or False c.accommodation_assistance = reduce(lambda a, b: a or ('Accommodation' in b.status.name), c.offers, False) or False # What status are we moving all proposals to? if self.form_result['status'] == 'accept': c.status = ProposalStatus.find_by_name('Accepted') elif self.form_result['status'] == 'withdraw': c.status = ProposalStatus.find_by_name('Withdrawn') elif self.form_result['status'] == 'contact': c.status = ProposalStatus.find_by_name('Contact') else: c.status = None emails = [c.person.email_address] for offer in c.offers: offer.status = c.status if offer.type.notify_email and offer.type.notify_email not in emails: emails.append(offer.type.notify_email) if c.travel_assistance: if not c.person.travel: self.form_result['travel']['flight_details'] = '' travel = Travel(**self.form_result['travel']) meta.Session.add(travel) c.person.travel = travel else: for key in self.form_result['travel']: setattr(c.person.travel, key, self.form_result['travel'][key]) if c.status.name == 'Accepted': email(c.person.email_address, render('/person/offer_email.mako')) else: email(emails, render('/person/offer_email.mako')) # update the objects with the validated form data meta.Session.commit() return render('person/offer.mako')
def _new(self): if c.cfp_status == 'closed': if not h.auth.authorized( h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)): return render("proposal/closed.mako") elif c.cfp_status == 'not_open': return render("proposal/not_open.mako") person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name( 'Pending Review') c.proposal = Proposal(**proposal_results) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def _new(self): if c.cfp_status == 'closed': if not h.auth.authorized(h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)): return render("proposal/closed.mako") elif c.cfp_status == 'not_open': return render("proposal/not_open.mako") person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name('Pending Review') c.proposal = Proposal(**proposal_results) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) meta.Session.add(c.proposal) if not h.signed_in_person(): # We don't want proposals to be submitted by folks who # aren't actually signed in. So, redirect them to the # sign-in page. h.flash("You need to be signed in to submit a proposal!") return redirect_to(controller="person", action="signin", id=None) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
def _edit(self, id): # We need to recheck auth in here so we can pass in the id if not h.auth.authorized( h.auth.Or(h.auth.is_same_zkpylons_submitter(id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() if not h.auth.authorized(h.auth.has_organiser_role): if c.proposal_editing == 'closed' and not h.auth.authorized( h.auth.has_late_submitter_role): return render("proposal/editing_closed.mako") elif c.proposal_editing == 'not_open': return render("proposal/editing_not_open.mako") c.proposal = Proposal.find_by_id(id) for key in self.form_result['proposal']: setattr(c.proposal, key, self.form_result['proposal'][key]) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) c.person = self.form_result['person_to_edit'] if (c.person.id == h.signed_in_person().id or h.auth.authorized(h.auth.has_organiser_role)): for key in self.form_result['person']: setattr(c.person, key, self.form_result['person'][key]) p_edit = "and author" else: p_edit = "(but not author)" meta.Session.commit() if lca_info['proposal_update_email'] != '': body = "Subject: %s Proposal Updated\n\nID: %d\nTitle: %s\nType: %s\nURL: %s" % ( h.lca_info['event_name'], c.proposal.id, c.proposal.title, c.proposal.type.name.lower(), "http://" + h.host_name() + h.url_for(action="view")) email(lca_info['proposal_update_email'], body) h.flash("Proposal %s edited!" % p_edit) return redirect_to('/proposal')
def _new(self): if c.cfp_status == 'closed': if not h.auth.authorized(h.auth.Or(h.auth.has_organiser_role, h.auth.has_late_submitter_role)): return render("proposal/closed.mako") elif c.cfp_status == 'not_open': return render("proposal/not_open.mako") person_results = self.form_result['person'] proposal_results = self.form_result['proposal'] attachment_results = self.form_result['attachment'] proposal_results['status'] = ProposalStatus.find_by_name('Pending') c.proposal = Proposal(**proposal_results) c.proposal.abstract = self.clean_abstract(c.proposal.abstract) meta.Session.add(c.proposal) if not h.signed_in_person(): c.person = model.Person(**person_results) meta.Session.add(c.person) email(c.person.email_address, render('/person/new_person_email.mako')) else: c.person = h.signed_in_person() for key in person_results: setattr(c.person, key, self.form_result['person'][key]) c.person.proposals.append(c.proposal) if attachment_results is not None: attachment = Attachment(**attachment_results) c.proposal.attachments.append(attachment) meta.Session.add(attachment) meta.Session.commit() email(c.person.email_address, render('proposal/thankyou_email.mako')) h.flash("Proposal submitted!") return redirect_to(controller='proposal', action="index", id=None)
class PaymentController(BaseController): """This controller receives payment advice from the payment gateway. the url /payment/new receives the advice """ @authorize(h.auth.has_organiser_role) def index(self): c.payment_collection = Payment.find_all() return render('/payment/list.mako') @authorize(h.auth.is_valid_user) def view(self, id): payment = Payment.find_by_id(id, abort_404=True) c.person = payment.invoice.person if not h.auth.authorized( h.auth.Or(h.auth.is_same_zkpylons_user(c.person.id), h.auth.has_organiser_role)): # Raise a no_auth error h.auth.no_role() c.is_organiser = False if h.auth.authorized(h.auth.has_organiser_role): c.is_organiser = True c.payment = PaymentReceived.find_by_payment(payment.id) c.validation_errors = [] if c.payment is not None and c.payment.validation_errors is not None and len( c.payment.validation_errors) > 0: c.validation_errors = c.payment.validation_errors.split(';') same_invoice = PaymentReceived.find_by_invoice(payment.invoice.id) same_email = PaymentReceived.find_by_email(c.person.email_address) if c.payment is not None: same_invoice = same_invoice.filter("payment_id <> " + str(payment.id)) same_email = same_email.filter("payment_id <> " + str(payment.id)) c.related_payments = same_invoice.union(same_email) return render('/payment/view.mako') # No authentication because it's called directly by the payment gateway def new(self): schema = SecurePayPingSchema() try: form_result = schema.to_python(request.params) except validators.Invalid, error: return 'Invalid: %s' % error payment = None c.person = None fields = form_result c.response = { 'payment_id': fields['payment_id'], 'invoice_id': fields['invoice_id'], 'success_code': fields['summary_code'], 'amount_paid': fields['response_amount'], 'currency_used': fields['currency'], 'card_name': fields['card_name'], 'card_type': fields['card_type'], 'card_number': fields['card_number'], 'card_expiry': fields['card_number'], 'card_mac': fields['card_mac'], 'auth_code': fields['response_code'], 'gateway_ref': fields['bank_reference'], 'response_text': fields['response_text'], 'client_ip_gateway': fields['remote_ip'], 'client_ip_zookeepr': request.environ.get('REMOTE_ADDR'), 'email_address': fields['receipt_address'] } if 'Approved' in c.response[ 'response_text'] or 'success' in c.response['response_text']: c.response['approved'] = True else: c.response['approved'] = False validation_errors = [] if c.response is None: abort(500, ''.join(validation_errors)) else: # Make sure the same browser created the zkpylons payment object and paid by credit card #if c.response['client_ip_gateway'] != c.response['client_ip_zookeepr']: #validation_errors.append('Mismatch in IP addresses: zkpylons=' + c.response['client_ip_zookeepr'] + ' gateway=' + c.response['client_ip_gateway']) # Get the payment object associated with this transaction payment = Payment.find_by_id(c.response['payment_id']) if payment is None: validation_errors.append( 'Invalid payment ID from the payment gateway') else: c.person = payment.invoice.person # Check whether a payment has already been received for this payment object received = PaymentReceived.find_by_payment(payment.id) if received is not None: # Ignore repeat payment return redirect_to(action='view', id=payment.id) # Extra validation if c.response['amount_paid'] != payment.amount: validation_errors.append( 'Mismatch between amounts paid and invoiced') if c.response['invoice_id'] != payment.invoice.id: validation_errors.append( 'Mismatch between returned invoice ID and payment object') #if c.response['email_address'] != pxpay.munge_email(payment.invoice.person.email_address): # validation_errors.append('Mismatch between returned email address and invoice object') if not c.person.is_from_common_country(): if c.person.country: validation_errors.append('Uncommon country: ' + c.person.country) else: validation_errors.append('Unknown country') c.pr = PaymentReceived(**c.response) c.pr.validation_errors = ';'.join(validation_errors) meta.Session.add(c.pr) meta.Session.commit() if len(validation_errors) > 0 and c.response['approved']: # Suspiciously approved transaction which needs to be checked manually email(lca_info['contact_email'], render('/payment/suspicious_payment.mako')) if c.person is not None: email(c.person.email_address, render('/payment/response.mako')) # OK we now have a valid transaction, we redirect the user to the view page # so they can see if their transaction was accepted or declined return redirect_to(action='view', id=payment.id)