Add auditable superuser mode (#824)

* Remove is_superuser everywhere * Session handling * List of sessions, relative timeout * Absolute timeout * Optionally pseudo-force audit comments * Fix failing tests * Add tests * Add docs * Rebsae migration * Typos * Fix tests
2018-03-28 14:16:58 +02:00
parent 558c920181
commit a284e0c2f7
56 changed files with 965 additions and 130 deletions
--- a/src/pretix/control/views/waitinglist.py
+++ b/src/pretix/control/views/waitinglist.py
@@ -48,7 +48,8 @@ class WaitingListView(EventPermissionRequiredMixin, PaginationMixin, ListView):

    def post(self, request, *args, **kwargs):
        if 'assign' in request.POST:
-            if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders'):
+            if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders',
+                                                     request=request):
                messages.error(request, _('You do not have permission to do this'))
                return redirect(reverse('control:event.orders.waitinglist', kwargs={
                    'event': request.event.slug,