Add auditable superuser mode (#824)

* Remove is_superuser everywhere * Session handling * List of sessions, relative timeout * Absolute timeout * Optionally pseudo-force audit comments * Fix failing tests * Add tests * Add docs * Rebsae migration * Typos * Fix tests
2018-03-28 14:16:58 +02:00
parent 558c920181
commit a284e0c2f7
56 changed files with 965 additions and 130 deletions
--- a/src/pretix/base/services/auth.py
+++ b/src/pretix/base/services/auth.py
@@ -0,0 +1,19 @@
+from datetime import timedelta
+
+from django.conf import settings
+from django.db.models import Max, Q
+from django.dispatch import receiver
+from django.utils.timezone import now
+
+from pretix.base.models.auth import StaffSession
+
+from ..signals import periodic_task
+
+
+@receiver(signal=periodic_task)
+def close_inactive_staff_sessions(sender, **kwargs):
+    StaffSession.objects.annotate(last_used=Max('logs__datetime')).filter(
+        Q(last_used__lte=now() - timedelta(seconds=settings.PRETIX_SESSION_TIMEOUT_RELATIVE)) & Q(date_end__isnull=True)
+    ).update(
+        date_end=now()
+    )