forked from CGM_Public/pretix_original
Added a basic permission matrix editor for events
This commit is contained in:
Raphael Michel
@@ -0,0 +1,19 @@
|
|||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.db import models, migrations
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('pretixbase', '0003_auto_20150602_2232'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='eventpermission',
|
||||||
|
name='can_change_permissions',
|
||||||
|
field=models.BooleanField(default=True, verbose_name='Can change permissions'),
|
||||||
|
),
|
||||||
|
]
|
||||||
@@ -538,6 +538,10 @@ class EventPermission(Versionable):
|
|||||||
default=True,
|
default=True,
|
||||||
verbose_name=_("Can view orders")
|
verbose_name=_("Can view orders")
|
||||||
)
|
)
|
||||||
|
can_change_permissions = models.BooleanField(
|
||||||
|
default=True,
|
||||||
|
verbose_name=_("Can change permissions")
|
||||||
|
)
|
||||||
can_change_orders = models.BooleanField(
|
can_change_orders = models.BooleanField(
|
||||||
default=True,
|
default=True,
|
||||||
verbose_name=_("Can change orders")
|
verbose_name=_("Can change orders")
|
||||||
|
|||||||
@@ -22,6 +22,12 @@
|
|||||||
{% trans "General" %}
|
{% trans "General" %}
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="{% url 'control:event.settings.permissions' organizer=request.event.organizer.slug event=request.event.slug %}"
|
||||||
|
{% if "event.settings.permissions" == url_name %}class="active"{% endif %}>
|
||||||
|
{% trans "Permissions" %}
|
||||||
|
</a>
|
||||||
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<a href="{% url 'control:event.settings.payment' organizer=request.event.organizer.slug event=request.event.slug %}"
|
<a href="{% url 'control:event.settings.payment' organizer=request.event.organizer.slug event=request.event.slug %}"
|
||||||
{% if "event.settings.payment" == url_name %}class="active"{% endif %}>
|
{% if "event.settings.payment" == url_name %}class="active"{% endif %}>
|
||||||
|
|||||||
@@ -6,11 +6,6 @@
|
|||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>{% trans "Payment settings" %}</legend>
|
<legend>{% trans "Payment settings" %}</legend>
|
||||||
{% if "success" in request.GET %}
|
|
||||||
<div class="alert alert-success">
|
|
||||||
{% trans "Your changes have been saved." %}
|
|
||||||
</div>
|
|
||||||
{% endif %}
|
|
||||||
{% for provider in providers %}
|
{% for provider in providers %}
|
||||||
<div class="panel panel-default">
|
<div class="panel panel-default">
|
||||||
<div class="panel-heading">
|
<div class="panel-heading">
|
||||||
|
|||||||
@@ -0,0 +1,43 @@
|
|||||||
|
{% extends "pretixcontrol/event/settings_base.html" %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% load bootstrap3 %}
|
||||||
|
{% block inside %}
|
||||||
|
<form action="" method="post" class="form-horizontal form-permissions">
|
||||||
|
{% csrf_token %}
|
||||||
|
<fieldset>
|
||||||
|
<legend>{% trans "Permissions" %}</legend>
|
||||||
|
{{ formset.management_form }}
|
||||||
|
<table class="table table-striped table-condensed">
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>{% trans "User" %}</th>
|
||||||
|
<th>{% trans "Change settings" %}</th>
|
||||||
|
<th>{% trans "Change products" %}</th>
|
||||||
|
<th>{% trans "View orders" %}</th>
|
||||||
|
<th>{% trans "Change orders" %}</th>
|
||||||
|
<th>{% trans "Change permissions" %}</th>
|
||||||
|
<th>{% trans "Delete" %}</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
{% for form in formset %}
|
||||||
|
<tr>
|
||||||
|
<td>{{ form.id }}{{ form.instance.user }}</td>
|
||||||
|
<td>{{ form.can_change_settings }}</td>
|
||||||
|
<td>{{ form.can_change_items }}</td>
|
||||||
|
<td>{{ form.can_view_orders }}</td>
|
||||||
|
<td>{{ form.can_change_orders }}</td>
|
||||||
|
<td>{{ form.can_change_permissions }}</td>
|
||||||
|
<td>{{ form.DELETE }}</td>
|
||||||
|
</tr>
|
||||||
|
{% endfor %}
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</fieldset>
|
||||||
|
<div class="form-group submit-group">
|
||||||
|
<button type="submit" class="btn btn-primary btn-save">
|
||||||
|
{% trans "Save" %}
|
||||||
|
</button>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
{% endblock %}
|
||||||
@@ -18,6 +18,7 @@ urlpatterns = [
|
|||||||
url(r'^$', event.index, name='event.index'),
|
url(r'^$', event.index, name='event.index'),
|
||||||
url(r'^settings/$', event.EventUpdate.as_view(), name='event.settings'),
|
url(r'^settings/$', event.EventUpdate.as_view(), name='event.settings'),
|
||||||
url(r'^settings/plugins$', event.EventPlugins.as_view(), name='event.settings.plugins'),
|
url(r'^settings/plugins$', event.EventPlugins.as_view(), name='event.settings.plugins'),
|
||||||
|
url(r'^settings/permissions$', event.EventPermissions.as_view(), name='event.settings.permissions'),
|
||||||
url(r'^settings/payment$', event.PaymentSettings.as_view(), name='event.settings.payment'),
|
url(r'^settings/payment$', event.PaymentSettings.as_view(), name='event.settings.payment'),
|
||||||
url(r'^settings/tickets$', event.TicketSettings.as_view(), name='event.settings.tickets'),
|
url(r'^settings/tickets$', event.TicketSettings.as_view(), name='event.settings.tickets'),
|
||||||
url(r'^items/$', item.ItemList.as_view(), name='event.items'),
|
url(r'^items/$', item.ItemList.as_view(), name='event.items'),
|
||||||
|
|||||||
@@ -2,6 +2,7 @@ from collections import OrderedDict
|
|||||||
|
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.db.models import Sum
|
from django.db.models import Sum
|
||||||
|
from django.forms import inlineformset_factory, formset_factory, modelformset_factory, BaseInlineFormSet
|
||||||
from django.shortcuts import render, redirect
|
from django.shortcuts import render, redirect
|
||||||
from django.utils.functional import cached_property
|
from django.utils.functional import cached_property
|
||||||
from django.views.generic import FormView
|
from django.views.generic import FormView
|
||||||
@@ -9,8 +10,9 @@ from django.views.generic.base import TemplateView
|
|||||||
from django.views.generic.detail import SingleObjectMixin
|
from django.views.generic.detail import SingleObjectMixin
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
|
from pretix.base.forms import VersionedModelForm
|
||||||
from pretix.control.forms.event import ProviderForm, TicketSettingsForm, EventSettingsForm, EventUpdateForm
|
from pretix.control.forms.event import ProviderForm, TicketSettingsForm, EventSettingsForm, EventUpdateForm
|
||||||
from pretix.base.models import Event, OrderPosition, Order, Item
|
from pretix.base.models import Event, OrderPosition, Order, Item, EventPermission
|
||||||
from pretix.base.signals import register_payment_providers, register_ticket_outputs
|
from pretix.base.signals import register_payment_providers, register_ticket_outputs
|
||||||
from pretix.control.permissions import EventPermissionRequiredMixin
|
from pretix.control.permissions import EventPermissionRequiredMixin
|
||||||
from . import UpdateView
|
from . import UpdateView
|
||||||
@@ -253,3 +255,48 @@ def index(request, organizer, event):
|
|||||||
).count()
|
).count()
|
||||||
}
|
}
|
||||||
return render(request, 'pretixcontrol/event/index.html', ctx)
|
return render(request, 'pretixcontrol/event/index.html', ctx)
|
||||||
|
|
||||||
|
|
||||||
|
class EventPermissions(EventPermissionRequiredMixin, TemplateView):
|
||||||
|
model = Event
|
||||||
|
form_class = TicketSettingsForm
|
||||||
|
template_name = 'pretixcontrol/event/permissions.html'
|
||||||
|
permission = 'can_change_permissions'
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def formset(self):
|
||||||
|
fs = modelformset_factory(
|
||||||
|
EventPermission,
|
||||||
|
form=VersionedModelForm,
|
||||||
|
fields=('can_change_settings', 'can_change_items', 'can_change_permissions', 'can_view_orders',
|
||||||
|
'can_change_orders'),
|
||||||
|
can_delete=True, can_order=False, extra=0
|
||||||
|
)
|
||||||
|
return fs(data=self.request.POST if self.request.method == "POST" else None,
|
||||||
|
queryset=EventPermission.objects.current.filter(event=self.request.event))
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
ctx = super().get_context_data(**kwargs)
|
||||||
|
ctx['formset'] = self.formset
|
||||||
|
return ctx
|
||||||
|
|
||||||
|
def post(self, *args, **kwargs):
|
||||||
|
if self.formset.is_valid():
|
||||||
|
for form in self.formset.forms:
|
||||||
|
if form.instance.user_id == self.request.user.pk:
|
||||||
|
if not form.cleaned_data['can_change_permissions'] or form in self.formset.deleted_forms:
|
||||||
|
messages.error(self.request, _('You cannot remove your own permission to view this page.'))
|
||||||
|
return self.get(*args, **kwargs)
|
||||||
|
|
||||||
|
self.formset.save()
|
||||||
|
messages.success(self.request, _('Your changes have been saved.'))
|
||||||
|
return redirect(self.get_success_url())
|
||||||
|
else:
|
||||||
|
messages.error(self.request, _('Your changes could not be saved.'))
|
||||||
|
return self.get(*args, **kwargs)
|
||||||
|
|
||||||
|
def get_success_url(self) -> str:
|
||||||
|
return reverse('control:event.settings.permissions', kwargs={
|
||||||
|
'organizer': self.request.event.organizer.slug,
|
||||||
|
'event': self.request.event.slug
|
||||||
|
})
|
||||||
|
|||||||
Reference in New Issue
Block a user