CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

handle auth

Browse Source
This commit is contained in:
Lukas Bockstaller
2026-02-20 16:47:06 +01:00
parent 5611f027f4
commit 19757cebbc
1 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/pretix/api/views/order.py
View File

@@ -1175,10 +1175,18 @@ class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnly
perm = self.permission if self.request.method in SAFE_METHODS else self.write_permission
if isinstance(self.request.auth, (TeamAPIToken, Device)) or self.request.user.is_authenticated:
qs = qs.filter(
order__event__in=self.request.auth.get_events_with_permission(perm, request=self.request)
if isinstance(self.request.auth, (TeamAPIToken, Device)):
auth_obj = self.request.auth
elif self.request.user.is_authenticated:
auth_obj = self.request.user
else:
raise PermissionDenied()
qs = qs.filter(
order__event__in=auth_obj.get_events_with_permission(perm, request=self.request).filter(
organizer=self.request.organizer
)
)
return qs