CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Allow superusers to view any event (#377)

Browse Source
This commit is contained in:
Tobias Kunze
2017-01-17 16:54:13 +01:00
committed by Raphael Michel
parent 6bcfa4980f
commit 3e26a4d9cc
1 changed files with 38 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/pretix/control/middleware.py
View File

@@ -61,33 +61,53 @@ class PermissionMiddleware(MiddlewareMixin):
return redirect_to_login( return redirect_to_login(
path, resolved_login_url, REDIRECT_FIELD_NAME) path, resolved_login_url, REDIRECT_FIELD_NAME)
request.user.events_cache = request.user.events.order_by( events = Event.objects.all() if request.user.is_superuser else request.user.events
request.user.events_cache = events.order_by(
"organizer", "date_from").prefetch_related("organizer") "organizer", "date_from").prefetch_related("organizer")
if 'event' in url.kwargs and 'organizer' in url.kwargs: if 'event' in url.kwargs and 'organizer' in url.kwargs:
try: try:
request.event = Event.objects.filter( if request.user.is_superuser:
slug=url.kwargs['event'], request.event = Event.objects.filter(
permitted__id__exact=request.user.id, slug=url.kwargs['event'],
organizer__slug=url.kwargs['organizer'], organizer__slug=url.kwargs['organizer'],
).select_related('organizer')[0] ).select_related('organizer')[0]
request.eventperm = EventPermission.objects.get( request.eventperm = EventPermission(
event=request.event, event=request.event,
user=request.user user=request.user
) )
else:
request.event = Event.objects.filter(
slug=url.kwargs['event'],
permitted__id__exact=request.user.id,
organizer__slug=url.kwargs['organizer'],
).select_related('organizer')[0]
request.eventperm = EventPermission.objects.get(
event=request.event,
user=request.user
)
request.organizer = request.event.organizer request.organizer = request.event.organizer
except IndexError: except IndexError:
raise Http404(_("The selected event was not found or you " raise Http404(_("The selected event was not found or you "
"have no permission to administrate it.")) "have no permission to administrate it."))
elif 'organizer' in url.kwargs: elif 'organizer' in url.kwargs:
try: try:
request.organizer = Organizer.objects.filter( if request.user.is_superuser:
slug=url.kwargs['organizer'], request.organizer = Organizer.objects.filter(
permitted__id__exact=request.user.id, slug=url.kwargs['organizer'],
)[0] )[0]
request.orgaperm = OrganizerPermission.objects.get( request.orgaperm = OrganizerPermission(
organizer=request.organizer, organizer=request.organizer,
user=request.user user=request.user
) )
else:
request.organizer = Organizer.objects.filter(
slug=url.kwargs['organizer'],
permitted__id__exact=request.user.id,
)[0]
request.orgaperm = OrganizerPermission.objects.get(
organizer=request.organizer,
user=request.user
)
except IndexError: except IndexError:
raise Http404(_("The selected organizer was not found or you " raise Http404(_("The selected organizer was not found or you "
"have no permission to administrate it.")) "have no permission to administrate it."))