From ea9ad6824c26cb0fd8c26b51a8259957eca96b28 Mon Sep 17 00:00:00 2001
From: Lodewiges <jamestreeg@gmail.com>
Date: Tue, 9 Dec 2025 00:10:13 +0100
Subject: [PATCH 1/4] add the option to download a invoice

---
 app/views/invoices/index.html.erb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/views/invoices/index.html.erb b/app/views/invoices/index.html.erb
index 24d47db7a..a8c417ada 100644
--- a/app/views/invoices/index.html.erb
+++ b/app/views/invoices/index.html.erb
@@ -34,6 +34,7 @@
             <th scope="col">Status</th>
             <% if policy(Invoice).send_invoice? %>
               <th scope="col">Verstuur</th>
+              <th scope="col">Download</th>
             <% end %>
           </tr>
           </thead>
@@ -76,6 +77,9 @@
                     <% end %>
                   <% end %>
                 </td>
+                <td>
+                  <%= link_to 'Downloaden', invoice_path(invoice, format: :pdf), class: 'btn btn-primary', download: "Factuur-#{invoice.human_id}.pdf" %>
+                </td>
               <% end %>
             </tr>
           <% end %>

From bd4e0c2defdb9780a9ed082852bf0244ae84d4c5 Mon Sep 17 00:00:00 2001
From: Lodewiges <jamestreeg@gmail.com>
Date: Tue, 16 Dec 2025 23:13:18 +0100
Subject: [PATCH 2/4] fix the button not working

---
 app/controllers/invoices_controller.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/controllers/invoices_controller.rb b/app/controllers/invoices_controller.rb
index b74ec4d28..afdcd951d 100644
--- a/app/controllers/invoices_controller.rb
+++ b/app/controllers/invoices_controller.rb
@@ -20,7 +20,9 @@ def show
       format.html
       format.pdf do
         render pdf: "Factuur #{@invoice.human_id}",
-               template: 'invoices/show.html.erb',
+               template: 'invoices/show',
+               formats: [:html],
+               layout: 'pdf',
                lowquality: true
       end
     end

From 1bf837d2d34c42bc1222138791f0aad2933615c9 Mon Sep 17 00:00:00 2001
From: Lodewiges <jamestreeg@gmail.com>
Date: Tue, 16 Dec 2025 23:47:32 +0100
Subject: [PATCH 3/4] add better authorization

---
 app/controllers/invoices_controller.rb | 11 +++++++++++
 app/policies/invoice_policy.rb         |  4 ++++
 app/views/invoices/index.html.erb      |  4 ++++
 3 files changed, 19 insertions(+)

diff --git a/app/controllers/invoices_controller.rb b/app/controllers/invoices_controller.rb
index afdcd951d..bcf69475f 100644
--- a/app/controllers/invoices_controller.rb
+++ b/app/controllers/invoices_controller.rb
@@ -15,10 +15,14 @@ def index
 
   def show
     @invoice = invoice
+    token_based_access = !integer_id?(params[:id])
 
     respond_to do |format|
       format.html
       format.pdf do
+        # Require treasurer authorization for PDF downloads unless accessed via token
+        authorize @invoice, :download? unless token_based_access
+
         render pdf: "Factuur #{@invoice.human_id}",
                template: 'invoices/show',
                formats: [:html],
@@ -75,6 +79,13 @@ def send_invoice
 
   private
 
+  def integer_id?(id)
+    Integer(id)
+    true
+  rescue ArgumentError
+    false
+  end
+
   def invoice
     @invoice = Invoice.find(Integer(params[:id]))
     authorize @invoice
diff --git a/app/policies/invoice_policy.rb b/app/policies/invoice_policy.rb
index bbc1f1f13..f10316385 100644
--- a/app/policies/invoice_policy.rb
+++ b/app/policies/invoice_policy.rb
@@ -7,6 +7,10 @@ def send_invoice?
     user&.treasurer?
   end
 
+  def download?
+    user&.treasurer?
+  end
+
   def pay?
     show?
   end
diff --git a/app/views/invoices/index.html.erb b/app/views/invoices/index.html.erb
index a8c417ada..ffa778d96 100644
--- a/app/views/invoices/index.html.erb
+++ b/app/views/invoices/index.html.erb
@@ -34,6 +34,8 @@
             <th scope="col">Status</th>
             <% if policy(Invoice).send_invoice? %>
               <th scope="col">Verstuur</th>
+            <% end %>
+            <% if policy(Invoice).download? %>
               <th scope="col">Download</th>
             <% end %>
           </tr>
@@ -77,6 +79,8 @@
                     <% end %>
                   <% end %>
                 </td>
+              <% end %>
+              <% if policy(Invoice).download? %>
                 <td>
                   <%= link_to 'Downloaden', invoice_path(invoice, format: :pdf), class: 'btn btn-primary', download: "Factuur-#{invoice.human_id}.pdf" %>
                 </td>

From 1af980c734d19884eaf6f2b485611f8e5c9bf6a1 Mon Sep 17 00:00:00 2001
From: Lodewiges <jamestreeg@gmail.com>
Date: Fri, 19 Dec 2025 15:06:03 +0100
Subject: [PATCH 4/4] fix lint

---
 app/controllers/invoices_controller.rb | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/app/controllers/invoices_controller.rb b/app/controllers/invoices_controller.rb
index bcf69475f..298489a3d 100644
--- a/app/controllers/invoices_controller.rb
+++ b/app/controllers/invoices_controller.rb
@@ -19,16 +19,7 @@ def show
 
     respond_to do |format|
       format.html
-      format.pdf do
-        # Require treasurer authorization for PDF downloads unless accessed via token
-        authorize @invoice, :download? unless token_based_access
-
-        render pdf: "Factuur #{@invoice.human_id}",
-               template: 'invoices/show',
-               formats: [:html],
-               layout: 'pdf',
-               lowquality: true
-      end
+      format.pdf { render_invoice_pdf(token_based_access) }
     end
   end
 
@@ -96,4 +87,14 @@ def invoice
   def permitted_attributes
     params.require(:invoice).permit(%i[user_id activity_id name_override email_override rows], rows_attributes: %i[name amount price])
   end
+
+  def render_invoice_pdf(token_based_access)
+    authorize @invoice, :download? unless token_based_access
+
+    render pdf: "Factuur #{@invoice.human_id}",
+           template: 'invoices/show',
+           formats: [:html],
+           layout: 'pdf',
+           lowquality: true
+  end
 end