Fix #678 -- Data shredders for personally identifiable information (#817)

* Add data shredders for PII * First working shredder * Add more shredders * Add new shredders and download confirmation * tmp * PayPal, Stripe, banktransfer * Add icon to logs * Untested payment log shredders * Add waiting list shredder * First tests * Add tests for shredders * Improve templats, link to shredder * Test payment info shredders * More tests * Documentation * Fix enabled flag in payment provider overview * Fix minor issues
2018-05-02 15:59:59 +02:00
parent 335838f2b2
commit 7bccd62a4f
41 changed files with 1728 additions and 21 deletions
--- a/src/pretix/control/views/shredder.py
+++ b/src/pretix/control/views/shredder.py
@@ -0,0 +1,109 @@
+import logging
+from collections import OrderedDict
+
+from django.shortcuts import get_object_or_404
+from django.urls import reverse
+from django.utils.functional import cached_property
+from django.utils.translation import ugettext_lazy as _
+from django.views import View
+from django.views.generic import TemplateView
+
+from pretix.base.models import CachedFile
+from pretix.base.services.shredder import export, shred
+from pretix.base.shredder import ShredError, shred_constraints
+from pretix.base.views.async import AsyncAction
+from pretix.control.permissions import EventPermissionRequiredMixin
+
+logger = logging.getLogger(__name__)
+
+
+class ShredderMixin:
+
+    @cached_property
+    def shredders(self):
+        return OrderedDict(
+            sorted(self.request.event.get_data_shredders().items(), key=lambda s: s[1].verbose_name)
+        )
+
+
+class StartShredView(EventPermissionRequiredMixin, ShredderMixin, TemplateView):
+    permission = 'can_change_orders'
+    template_name = 'pretixcontrol/shredder/index.html'
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        ctx['shredders'] = self.shredders
+        ctx['constraints'] = shred_constraints(self.request.event)
+        return ctx
+
+
+class ShredDownloadView(EventPermissionRequiredMixin, ShredderMixin, TemplateView):
+    permission = 'can_change_orders'
+    template_name = 'pretixcontrol/shredder/download.html'
+
+    def get_context_data(self, **kwargs):
+        ctx = super().get_context_data(**kwargs)
+        ctx['shredders'] = self.shredders
+        ctx['file'] = get_object_or_404(CachedFile, pk=kwargs.get("file"))
+        return ctx
+
+
+class ShredExportView(EventPermissionRequiredMixin, ShredderMixin, AsyncAction, View):
+    permission = 'can_change_orders'
+    task = export
+    known_errortypes = ['ShredError']
+
+    def get_success_message(self, value):
+        return None
+
+    def get_success_url(self, value):
+        return reverse('control:event.shredder.download', kwargs={
+            'event': self.request.event.slug,
+            'organizer': self.request.event.organizer.slug,
+            'file': str(value)
+        })
+
+    def get_error_url(self):
+        return reverse('control:event.shredder.start', kwargs={
+            'event': self.request.event.slug,
+            'organizer': self.request.event.organizer.slug
+        })
+
+    def post(self, request, *args, **kwargs):
+        constr = shred_constraints(self.request.event)
+        if constr:
+            return self.error(ShredError(self.get_error_url()))
+
+        return self.do(self.request.event.id, request.POST.getlist("shredder"))
+
+
+class ShredDoView(EventPermissionRequiredMixin, ShredderMixin, AsyncAction, View):
+    permission = 'can_change_orders'
+    task = shred
+    known_errortypes = ['ShredError']
+
+    def get_success_url(self, value):
+        return reverse('control:event.shredder.start', kwargs={
+            'event': self.request.event.slug,
+            'organizer': self.request.event.organizer.slug,
+        })
+
+    def get_success_message(self, value):
+        return _('The selected data was deleted successfully.')
+
+    def get_error_url(self):
+        return reverse('control:event.shredder.download', kwargs={
+            'event': self.request.event.slug,
+            'organizer': self.request.event.organizer.slug,
+            'file': self.request.POST.get("file")
+        })
+
+    def post(self, request, *args, **kwargs):
+        constr = shred_constraints(self.request.event)
+        if constr:
+            return self.error(ShredError(self.get_error_url()))
+
+        if not self.request.user.check_password(request.POST.get("password")):
+            return self.error(ShredError(_("The current password you entered was not correct.")))
+
+        return self.do(self.request.event.id, request.POST.get("file"), request.POST.get("confirm_code"))