CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Shredder: Only force download for tax-relevant data (#1801)

Browse Source
This commit is contained in:
Maico Timmerman
2021-01-01 20:20:42 +01:00
committed by GitHub
parent c0dd631774
commit b1cffe9f72
4 changed files with 58 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/pretix/base/services/shredder.py
View File

@@ -75,16 +75,19 @@ def shred(event: Event, fileid: str, confirm_code: str) -> None:
indexdata = json.loads(zipfile.read('index.json').decode())
if indexdata['organizer'] != event.organizer.slug or indexdata['event'] != event.slug:
raise ShredError(_("This file is from a different event."))
if indexdata['confirm_code'] != confirm_code:
raise ShredError(_("The confirm code you entered was incorrect."))
if event.logentry_set.filter(datetime__gte=parse(indexdata['time'])):
raise ShredError(_("Something happened in your event after the export, please try again."))
shredders = []
for s in indexdata['shredders']:
shredder = known_shredders.get(s)
if not shredder:
continue
shredders.append(shredder)
if any(shredder.require_download_confirmation for shredder in shredders):
if indexdata['confirm_code'] != confirm_code:
raise ShredError(_("The confirm code you entered was incorrect."))
if event.logentry_set.filter(datetime__gte=parse(indexdata['time'])):
raise ShredError(_("Something happened in your event after the export, please try again."))
for shredder in shredders:
shredder.shred_data()
cf.file.delete(save=False)

8
src/pretix/base/shredder.py
View File

@@ -82,6 +82,14 @@ class BaseDataShredder:
"""
return False
@property
def require_download_confirmation(self):
"""
Indicates whether the data of this shredder needs to be downloaded, before it is actually shredded. By default
this value is equal to the tax relevant flag.
"""
return self.tax_relevant
@property
def verbose_name(self) -> str:
"""

35
src/pretix/control/templates/pretixcontrol/shredder/download.html
View File

@@ -11,12 +11,16 @@
method="post" class="form-horizontal" data-asynctask>
{% csrf_token %}
<fieldset>
<legend>{% trans "Step 1: Download data" %}</legend>
{% if download_on_shred %}
<legend>{% trans "Step 1: Download data" %}</legend>
{% else %}
<legend>{% trans "(Optional) Step 1: Download data" %}</legend>
{% endif %}
<p>
{% blocktrans trimmed %}
You are about to permanently delete data from the server, even though you might be required to
keep
some of this data on file. You should therefore download the following file and store it in a safe
some of this data on file. You can therefore download the following file and store it in a safe
place:
{% endblocktrans %}
</p>
@@ -27,18 +31,7 @@
</p>
</fieldset>
<fieldset>
<legend>{% trans "Step 2: Confirm download" %}</legend>
<p>
{% blocktrans trimmed %}
In the downloaded file, there is a text file named "CONFIRM_CODE.txt" with a six-character code.
Please enter this code here to confirm that you successfully downloaded the file.
{% endblocktrans %}
</p>
<input type="text" class="form-control" name="confirm_code" required placeholder="{% trans "Confirmation code" %}">
<br>
</fieldset>
<fieldset>
<legend>{% trans "Step 3: Confirm deletion" %}</legend>
<legend>{% trans "Step 2: Confirm deletion" %}</legend>
<p>
{% blocktrans trimmed with event=request.event.name slug=request.event.slug %}
Please re-check that you are fully certain that you want to delete the selected categories of data from the event <strong>{{ event }}</strong>.
@@ -46,7 +39,21 @@
{% endblocktrans %}
</p>
<input type="text" class="form-control" name="slug" required placeholder="{% trans "Event short name" %}">
<br>
</fieldset>
{% if download_on_shred %}
<fieldset>
<legend>{% trans "Step 3: Confirm download" %}</legend>
<p>
{% blocktrans trimmed %}
In the downloaded file, there is a text file named "CONFIRM_CODE.txt" with a six-character code.
Please enter this code here to confirm that you successfully downloaded the file.
{% endblocktrans %}
</p>
<input type="text" class="form-control" name="confirm_code" required placeholder="{% trans "Confirmation code" %}">
<br>
</fieldset>
{% endif %}
<input type="hidden" name="file" value="{{ file.pk }}">
<div class="form-group submit-group">
<button type="submit" class="btn btn-primary btn-save">

21
src/pretix/control/views/shredder.py
View File

@@ -1,5 +1,7 @@
import json
import logging
from collections import OrderedDict
from zipfile import ZipFile
from django.shortcuts import get_object_or_404
from django.urls import reverse
@@ -43,8 +45,27 @@ class ShredDownloadView(RecentAuthenticationRequiredMixin, EventPermissionRequir
template_name = 'pretixcontrol/shredder/download.html'
def get_context_data(self, **kwargs):
try:
cf = CachedFile.objects.get(pk=kwargs['file'])
except CachedFile.DoesNotExist:
raise ShredError(_("The download file could no longer be found on the server, please try to start again."))
with ZipFile(cf.file.file, 'r') as zipfile:
indexdata = json.loads(zipfile.read('index.json').decode())
if indexdata['organizer'] != kwargs['organizer'] or indexdata['event'] != kwargs['event']:
raise ShredError(_("This file is from a different event."))
shredders = []
for s in indexdata['shredders']:
shredder = self.shredders.get(s)
if not shredder:
continue
shredders.append(shredder)
ctx = super().get_context_data(**kwargs)
ctx['shredders'] = self.shredders
ctx['download_on_shred'] = any(shredder.require_download_confirmation for shredder in shredders)
ctx['file'] = get_object_or_404(CachedFile, pk=kwargs.get("file"))
return ctx