Use a protocol

2026-04-02 15:31:41 +02:00
parent f637e1fcdd
commit 0614a9ebc3
5 changed files with 19 additions and 15 deletions
--- a/src/pretix/base/models/auth.py
+++ b/src/pretix/base/models/auth.py
@@ -38,6 +38,7 @@ import operator
 import secrets
 from datetime import timedelta
 from functools import reduce
+from typing import Protocol

 from django.conf import settings
 from django.contrib.auth.models import (
@@ -67,6 +68,14 @@ class EmailAddressTakenError(IntegrityError):
    pass


+class PermissionHolder(Protocol):
+    def has_event_permission(self, organizer, event, perm_name=None, request=None, session_key=None) -> bool:
+        ...
+
+    def has_organizer_permission(self, organizer, perm_name=None, request=None):
+        ...
+
+
 class UserManager(BaseUserManager):
    """
    This is the user manager for our custom user model. See the User
--- a/src/pretix/base/models/devices.py
+++ b/src/pretix/base/models/devices.py
@@ -229,7 +229,7 @@ class Device(LoggedModel):
        """
        return self._organizer_permission_set() if self.organizer == organizer else set()

-    def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
+    def has_event_permission(self, organizer, event, perm_name=None, request=None, session_key=None) -> bool:
        """
        Checks if this token is part of a team that grants access of type ``perm_name``
        to the event ``event``.
@@ -238,6 +238,7 @@ class Device(LoggedModel):
        :param event: The event to check
        :param perm_name: The permission, e.g. ``event.orders:read``
        :param request: This parameter is ignored and only defined for compatibility reasons.
+        :param session_key: This parameter is ignored and only defined for compatibility reasons.
        :return: bool
        """
        has_event_access = (self.all_events and organizer == self.organizer) or (
--- a/src/pretix/base/models/organizer.py
+++ b/src/pretix/base/models/organizer.py
@@ -556,7 +556,7 @@ class TeamAPIToken(models.Model):
        """
        return self.team.organizer_permission_set() if self.team.organizer == organizer else set()

-    def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
+    def has_event_permission(self, organizer, event, perm_name=None, request=None, session_key=None) -> bool:
        """
        Checks if this token is part of a team that grants access of type ``perm_name``
        to the event ``event``.
@@ -565,6 +565,7 @@ class TeamAPIToken(models.Model):
        :param event: The event to check
        :param perm_name: The permission, e.g. ``event.orders:read``
        :param request: This parameter is ignored and only defined for compatibility reasons.
+        :param session_key: This parameter is ignored and only defined for compatibility reasons.
        :return: bool
        """
        has_event_access = (self.team.all_events and organizer == self.team.organizer) or (