CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Correctly pass query string when redirecting to sudo page

Browse Source
This commit is contained in:
Raphael Michel
2021-01-28 21:34:30 +01:00
parent f156299cb3
commit a1bfe05879
4 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/base/templates/403.html
View File

@@ -13,7 +13,7 @@
&middot; <a id='reload' href='#'>{% trans "Try again" %}</a> &middot; <a id='reload' href='#'>{% trans "Try again" %}</a>
</p> </p>
{% if request.user.is_staff and not staff_session %} {% if request.user.is_staff and not staff_session %}
<form action="{% url 'control:user.sudo' %}?next={{ request.path|urlencode }}" method="post"> <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
<p> <p>
{% csrf_token %} {% csrf_token %}
<button type="submit" class="btn btn-default" id="button-sudo"> <button type="submit" class="btn btn-default" id="button-sudo">

2
src/pretix/base/templates/404.html
View File

@@ -12,7 +12,7 @@
<a id='goback' href='#'>{% trans "Take a step back" %}</a> <a id='goback' href='#'>{% trans "Take a step back" %}</a>
</p> </p>
{% if request.user.is_staff and not staff_session %} {% if request.user.is_staff and not staff_session %}
<form action="{% url 'control:user.sudo' %}?next={{ request.path|urlencode }}" method="post"> <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
<p> <p>
{% csrf_token %} {% csrf_token %}
<button type="submit" class="btn btn-default" id="button-sudo"> <button type="submit" class="btn btn-default" id="button-sudo">

9
src/pretix/control/permissions.py
View File

@@ -6,6 +6,13 @@ from django.urls import reverse
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
def current_url(request):
if len(request.GET):
return request.path + '?' + request.GET.urlencode()
else:
return request.path
def event_permission_required(permission): def event_permission_required(permission):
""" """
This view decorator rejects all requests with a 403 response which are not from This view decorator rejects all requests with a 403 response which are not from
@@ -94,7 +101,7 @@ def administrator_permission_required():
raise PermissionDenied() raise PermissionDenied()
if not request.user.has_active_staff_session(request.session.session_key): if not request.user.has_active_staff_session(request.session.session_key):
if request.user.is_staff: if request.user.is_staff:
return redirect(reverse('control:user.sudo') + '?next=' + quote(request.path)) return redirect(reverse('control:user.sudo') + '?next=' + quote(current_url(request)))
raise PermissionDenied(_('You do not have permission to view this content.')) raise PermissionDenied(_('You do not have permission to view this content.'))
return function(request, *args, **kw) return function(request, *args, **kw)
return wrapper return wrapper

2
src/pretix/control/templates/pretixcontrol/base.html
View File

@@ -186,7 +186,7 @@
{% if request.user.is_staff and not staff_session %} {% if request.user.is_staff and not staff_session %}
<li> <li>
<form action="{% url 'control:user.sudo' %}?next={{ request.path|urlencode }}" method="post"> <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
{% csrf_token %} {% csrf_token %}
<button type="submit" class="btn btn-link" id="button-sudo"> <button type="submit" class="btn btn-link" id="button-sudo">
<i class="fa fa-id-card"></i> {% trans "Admin mode" %} <i class="fa fa-id-card"></i> {% trans "Admin mode" %}