CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

PPv2: Fix permission-check for ISU (event.settings.general:write to event.settings.payment:write)

Browse Source
This commit is contained in:
Martin Gross
2026-04-14 17:02:47 +02:00
parent efd887b439
commit 0f2ebb8687
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/pretix/plugins/paypal2/views.py
View File

@@ -216,7 +216,7 @@ class PayView(PaypalOrderView, TemplateView):
@scopes_disabled() @scopes_disabled()
@event_permission_required('event.settings.general:write') @event_permission_required('event.settings.payment:write')
def isu_return(request, *args, **kwargs): def isu_return(request, *args, **kwargs):
getparams = ['merchantId', 'merchantIdInPayPal', 'permissionsGranted', 'accountStatus', 'consentStatus', 'productIntentID', 'isEmailConfirmed'] getparams = ['merchantId', 'merchantIdInPayPal', 'permissionsGranted', 'accountStatus', 'consentStatus', 'productIntentID', 'isEmailConfirmed']
sessionparams = ['payment_paypal_isu_event', 'payment_paypal_isu_tracking_id'] sessionparams = ['payment_paypal_isu_event', 'payment_paypal_isu_tracking_id']
@@ -526,7 +526,7 @@ def webhook(request, *args, **kwargs):
return HttpResponse(status=200) return HttpResponse(status=200)
@event_permission_required('event.settings.general:write') @event_permission_required('event.settings.payment:write')
@require_POST @require_POST
def isu_disconnect(request, **kwargs): def isu_disconnect(request, **kwargs):
del request.event.settings.payment_paypal_connect_refresh_token del request.event.settings.payment_paypal_connect_refresh_token