From bc32fe91a69909a6079874814f67110693140d07 Mon Sep 17 00:00:00 2001
From: Mira <weller@rami.io>
Date: Tue, 14 Jan 2025 18:37:38 +0100
Subject: [PATCH] Make "Show in backend" button on ticket pages available on
 custom domains (#4743)

---
 src/pretix/base/auth.py           | 12 ++++++++++++
 src/pretix/base/timemachine.py    | 18 +++---------------
 src/pretix/presale/views/event.py |  7 +++----
 src/pretix/presale/views/order.py |  7 +++----
 4 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/src/pretix/base/auth.py b/src/pretix/base/auth.py
index 977815f14..6750ea825 100644
--- a/src/pretix/base/auth.py
+++ b/src/pretix/base/auth.py
@@ -222,3 +222,15 @@ class HistoryPasswordValidator:
         user.historic_passwords.filter(
             pk__in=user.historic_passwords.order_by("-created")[self.history_length:].values_list("pk", flat=True),
         ).delete()
+
+
+def has_event_access_permission(request, permission='can_change_event_settings'):
+    return (
+        request.user.is_authenticated and
+        request.user.has_event_permission(request.organizer, request.event, permission, request=request)
+    ) or (
+        getattr(request, 'event_access_user', None) and
+        request.event_access_user.is_authenticated and
+        request.event_access_user.has_event_permission(request.organizer, request.event, permission,
+                                                       session_key=request.event_access_parent_session_key)
+    )
diff --git a/src/pretix/base/timemachine.py b/src/pretix/base/timemachine.py
index df0772144..9bb647321 100644
--- a/src/pretix/base/timemachine.py
+++ b/src/pretix/base/timemachine.py
@@ -25,13 +25,15 @@ from contextlib import contextmanager
 from dateutil.parser import parse
 from django.utils.timezone import now
 
+from pretix.base.auth import has_event_access_permission
+
 timemachine_now_var = contextvars.ContextVar('timemachine_now', default=None)
 
 
 @contextmanager
 def time_machine_now_assigned_from_request(request):
     if hasattr(request, 'event') and f'timemachine_now_dt:{request.event.pk}' in request.session and \
-            request.event.testmode and has_time_machine_permission(request, request.event):
+            request.event.testmode and has_event_access_permission(request):
         request.now_dt = parse(request.session[f'timemachine_now_dt:{request.event.pk}'])
         request.now_dt_is_fake = True
     else:
@@ -70,17 +72,3 @@ def time_machine_now_assigned(now_dt):
         yield
     finally:
         timemachine_now_var.set(None)
-
-
-def has_time_machine_permission(request, event):
-    permission = 'can_change_event_settings'
-
-    return (
-        request.user.is_authenticated and
-        request.user.has_event_permission(request.organizer, request.event, permission, request=request)
-    ) or (
-        getattr(request, 'event_access_user', None) and
-        request.event_access_user.is_authenticated and
-        request.event_access_user.has_event_permission(request.organizer, request.event, permission,
-                                                       session_key=request.event_access_parent_session_key)
-    )
diff --git a/src/pretix/presale/views/event.py b/src/pretix/presale/views/event.py
index d84e8ca96..06b9128b2 100644
--- a/src/pretix/presale/views/event.py
+++ b/src/pretix/presale/views/event.py
@@ -63,6 +63,7 @@ from django.views import View
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView
 
+from pretix.base.auth import has_event_access_permission
 from pretix.base.forms.widgets import SplitDateTimePickerWidget
 from pretix.base.models import (
     ItemVariation, Quota, SalesChannel, SeatCategoryMapping, Voucher,
@@ -73,9 +74,7 @@ from pretix.base.models.items import (
 )
 from pretix.base.services.placeholders import PlaceholderContext
 from pretix.base.services.quotas import QuotaAvailability
-from pretix.base.timemachine import (
-    has_time_machine_permission, time_machine_now,
-)
+from pretix.base.timemachine import time_machine_now
 from pretix.helpers.compat import date_fromisocalendar
 from pretix.helpers.formats.en.formats import (
     SHORT_MONTH_DAY_FORMAT, WEEK_FORMAT,
@@ -963,7 +962,7 @@ class EventTimeMachine(EventViewMixin, TemplateView):
 
     def setup(self, request, *args, **kwargs):
         super().setup(request, *args, **kwargs)
-        if not has_time_machine_permission(request, request.event):
+        if not has_event_access_permission(request):
             raise PermissionDenied(_('You are not allowed to access time machine mode.'))
         if not request.event.testmode:
             raise PermissionDenied(_('This feature is only available in test mode.'))
diff --git a/src/pretix/presale/views/order.py b/src/pretix/presale/views/order.py
index c2a463890..1843ec398 100644
--- a/src/pretix/presale/views/order.py
+++ b/src/pretix/presale/views/order.py
@@ -60,6 +60,7 @@ from django.utils.translation import gettext, gettext_lazy as _
 from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.generic import ListView, TemplateView, View
 
+from pretix.base.auth import has_event_access_permission
 from pretix.base.models import (
     CachedTicket, Checkin, GiftCard, Invoice, Order, OrderPosition, Quota,
     TaxRule,
@@ -205,10 +206,8 @@ class TicketPageMixin:
 
         ctx['download_buttons'] = self.download_buttons
 
-        ctx['backend_user'] = (
-            self.request.user.is_authenticated
-            and self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_orders', request=self.request)
-        )
+        ctx['backend_user'] = has_event_access_permission(self.request, 'can_view_orders')
+
         return ctx
 
     @cached_property