how to allow url only to be accessed from a specific page

Question

I want users to get access to the payment page only if items_buy() function is complete.

views.py

  def items_buy(request):
    if not request.user.is_authenticated:
        messages.info(request, 'You have to logged in first.')
        return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
    sess = request.session.get("data", {"items": []})
    if request.method == "POST":
        form = BuyerDeliveryForm(request.POST)
        if form.is_valid():
            buyer = form.save(commit=False)
            buyer.save()
            buyer.product.set(Product.objects.filter(active=True, slug__in=sess["items"]))
            return redirect('shop:payment')
    else:
        form = BuyerDeliveryForm()
    return render(request, 'shop/delivery_form.html', {'form': form})


def payment(request):
    return render(request,'shop/payment.html')

Answer 1

You could use the session that you already used to collect your products here:

sess = request.session.get("data", {"items": []})

So, before redirecting the user, just set a flag in their session store that allows them to access the "payments" route.

buyer.product.set(Product.objects.filter(active=True, slug__in=sess["items"]))
request.session['allow_payments'] = True
return redirect('shop:payment')

Then in "payments" check for the flag

def payment(request):
    if not request.session.get('allow_payments'):
        return redirect(...somewhere...)

    return render(request,'shop/payment.html')