diff --git a/src/pretix/base/models/auth.py b/src/pretix/base/models/auth.py index 5fc274147..3dab670f1 100644 --- a/src/pretix/base/models/auth.py +++ b/src/pretix/base/models/auth.py @@ -199,7 +199,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin): teams = self._get_teams_for_organizer(organizer) return set.union(*[t.permission_set() for t in teams]) - def has_event_permisson(self, organizer, event, perm_name=None) -> bool: + def has_event_permission(self, organizer, event, perm_name=None) -> bool: """ Checks if this user is part of any team that grants access of type ``perm_name`` to the event ``event``. @@ -218,7 +218,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin): return True return False - def has_organizer_permisson(self, organizer, perm_name=None): + def has_organizer_permission(self, organizer, perm_name=None): """ Checks if this user is part of any team that grants access of type ``perm_name`` to the organizer ``organizer``. diff --git a/src/pretix/control/middleware.py b/src/pretix/control/middleware.py index fab7dae3b..2e8bcf15c 100644 --- a/src/pretix/control/middleware.py +++ b/src/pretix/control/middleware.py @@ -66,7 +66,7 @@ class PermissionMiddleware(MiddlewareMixin): slug=url.kwargs['event'], organizer__slug=url.kwargs['organizer'], ).select_related('organizer').first() - if not request.event or not request.user.has_event_permisson(request.event.organizer, request.event): + if not request.event or not request.user.has_event_permission(request.event.organizer, request.event): raise Http404(_("The selected event was not found or you " "have no permission to administrate it.")) request.organizer = request.event.organizer @@ -75,7 +75,7 @@ class PermissionMiddleware(MiddlewareMixin): request.organizer = Organizer.objects.filter( slug=url.kwargs['organizer'], ).first() - if not request.organizer or not request.user.has_organizer_permisson(request.organizer): + if not request.organizer or not request.user.has_organizer_permission(request.organizer): raise Http404(_("The selected organizer was not found or you " "have no permission to administrate it.")) request.orgapermset = request.user.get_organizer_permission_set(request.organizer) diff --git a/src/pretix/control/permissions.py b/src/pretix/control/permissions.py index feb908068..80b5339dc 100644 --- a/src/pretix/control/permissions.py +++ b/src/pretix/control/permissions.py @@ -19,7 +19,7 @@ def event_permission_required(permission): allowed = ( request.user.is_superuser - or request.user.has_event_permisson(request.organizer, request.event, permission) + or request.user.has_event_permission(request.organizer, request.event, permission) ) if allowed: return function(request, *args, **kw) @@ -59,7 +59,7 @@ def organizer_permission_required(permission): allowed = ( request.user.is_superuser - or request.user.has_organizer_permisson(request.organizer, permission) + or request.user.has_organizer_permission(request.organizer, permission) ) if allowed: return function(request, *args, **kw) diff --git a/src/pretix/control/views/dashboards.py b/src/pretix/control/views/dashboards.py index 80f304d38..e0e489e2a 100644 --- a/src/pretix/control/views/dashboards.py +++ b/src/pretix/control/views/dashboards.py @@ -207,12 +207,12 @@ def event_index(request, organizer, event): for r, result in event_dashboard_widgets.send(sender=request.event): widgets.extend(result) - can_change_orders = request.user.has_event_permisson(request.organizer, request.event, 'can_change_orders') + can_change_orders = request.user.has_event_permission(request.organizer, request.event, 'can_change_orders') qs = request.event.logentry_set.all().select_related('user', 'content_type').order_by('-datetime') qs = qs.exclude(action_type__in=OVERVIEW_BLACKLIST) - if not request.user.has_event_permisson(request.organizer, request.event, 'can_view_orders'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_view_orders'): qs = qs.exclude(content_type=ContentType.objects.get_for_model(Order)) - if not request.user.has_event_permisson(request.organizer, request.event, 'can_view_vouchers'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_view_vouchers'): qs = qs.exclude(content_type=ContentType.objects.get_for_model(Voucher)) a_qs = request.event.requiredaction_set.filter(done=False) diff --git a/src/pretix/control/views/event.py b/src/pretix/control/views/event.py index 21eebd13d..acd59be1d 100644 --- a/src/pretix/control/views/event.py +++ b/src/pretix/control/views/event.py @@ -708,9 +708,9 @@ class EventLog(EventPermissionRequiredMixin, ListView): def get_queryset(self): qs = self.request.event.logentry_set.all().select_related('user', 'content_type').order_by('-datetime') qs = qs.exclude(action_type__in=OVERVIEW_BLACKLIST) - if not self.request.user.has_event_permisson(self.request.organizer, self.request.event, 'can_view_orders'): + if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_orders'): qs = qs.exclude(content_type=ContentType.objects.get_for_model(Order)) - if not self.request.user.has_event_permisson(self.request.organizer, self.request.event, 'can_view_vouchers'): + if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_vouchers'): qs = qs.exclude(content_type=ContentType.objects.get_for_model(Voucher)) if self.request.GET.get('user') == 'yes': diff --git a/src/pretix/control/views/waitinglist.py b/src/pretix/control/views/waitinglist.py index 6ed2ab0bf..8af6a56cd 100644 --- a/src/pretix/control/views/waitinglist.py +++ b/src/pretix/control/views/waitinglist.py @@ -44,7 +44,7 @@ class WaitingListView(EventPermissionRequiredMixin, ListView): def post(self, request, *args, **kwargs): if 'assign' in request.POST: - if not request.user.has_event_permisson(request.organizer, request.event, 'can_change_orders'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders'): messages.error(request, _('You do not have permission to do this')) return redirect(reverse('control:event.orders.waitinglist', kwargs={ 'event': request.event.slug, diff --git a/src/pretix/plugins/banktransfer/signals.py b/src/pretix/plugins/banktransfer/signals.py index e9826e797..f5c5c1e5a 100644 --- a/src/pretix/plugins/banktransfer/signals.py +++ b/src/pretix/plugins/banktransfer/signals.py @@ -17,7 +17,7 @@ def register_payment_provider(sender, **kwargs): @receiver(nav_event, dispatch_uid="payment_banktransfer_nav") def control_nav_import(sender, request=None, **kwargs): url = resolve(request.path_info) - if not request.user.has_event_permisson(request.organizer, request.event, 'can_change_orders'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders'): return [] return [ { diff --git a/src/pretix/plugins/pretixdroid/signals.py b/src/pretix/plugins/pretixdroid/signals.py index 08c699189..a651af408 100644 --- a/src/pretix/plugins/pretixdroid/signals.py +++ b/src/pretix/plugins/pretixdroid/signals.py @@ -11,7 +11,7 @@ from pretix.control.signals import nav_event @receiver(nav_event, dispatch_uid="pretixdroid_nav") def control_nav_import(sender, request=None, **kwargs): url = resolve(request.path_info) - if not request.user.has_event_permisson(request.organizer, request.event, 'can_change_orders'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders'): return [] return [ { diff --git a/src/pretix/plugins/sendmail/signals.py b/src/pretix/plugins/sendmail/signals.py index 76f332d5f..7fe852f35 100644 --- a/src/pretix/plugins/sendmail/signals.py +++ b/src/pretix/plugins/sendmail/signals.py @@ -9,7 +9,7 @@ from pretix.control.signals import nav_event @receiver(nav_event, dispatch_uid="sendmail_nav") def control_nav_import(sender, request=None, **kwargs): url = resolve(request.path_info) - if not request.user.has_event_permisson(request.organizer, request.event, 'can_change_orders'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders'): return [] return [ { diff --git a/src/pretix/plugins/statistics/signals.py b/src/pretix/plugins/statistics/signals.py index 390a35075..a452b7806 100644 --- a/src/pretix/plugins/statistics/signals.py +++ b/src/pretix/plugins/statistics/signals.py @@ -9,7 +9,7 @@ from pretix.control.signals import nav_event @receiver(nav_event, dispatch_uid="statistics_nav") def control_nav_import(sender, request=None, **kwargs): url = resolve(request.path_info) - if not request.user.has_event_permisson(request.organizer, request.event, 'can_view_orders'): + if not request.user.has_event_permission(request.organizer, request.event, 'can_view_orders'): return [] return [ { diff --git a/src/pretix/presale/utils.py b/src/pretix/presale/utils.py index 3b939df25..e4b2934b1 100644 --- a/src/pretix/presale/utils.py +++ b/src/pretix/presale/utils.py @@ -67,7 +67,7 @@ def _detect_event(request, require_live=True): url.url_name == 'event.auth' or ( request.user.is_authenticated - and request.user.has_event_permisson(request.organizer, request.event) + and request.user.has_event_permission(request.organizer, request.event) ) ) diff --git a/src/tests/base/test_permissions.py b/src/tests/base/test_permissions.py index 77566a479..330bf0c44 100644 --- a/src/tests/base/test_permissions.py +++ b/src/tests/base/test_permissions.py @@ -33,90 +33,90 @@ def test_invalid_permission(event, user): @pytest.mark.django_db def test_any_event_permission_limited(event, user): user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event) + assert not user.has_event_permission(event.organizer, event) team = Team.objects.create(organizer=event.organizer) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event) + assert not user.has_event_permission(event.organizer, event) team.members.add(user) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event) + assert not user.has_event_permission(event.organizer, event) assert not team.permission_for_event(event) team.limit_events.add(event) user._teamcache = {} assert team.permission_for_event(event) - assert user.has_event_permisson(event.organizer, event) + assert user.has_event_permission(event.organizer, event) @pytest.mark.django_db def test_any_event_permission_all(event, user): user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event) + assert not user.has_event_permission(event.organizer, event) team = Team.objects.create(organizer=event.organizer) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event) + assert not user.has_event_permission(event.organizer, event) team.members.add(user) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event) + assert not user.has_event_permission(event.organizer, event) assert not team.permission_for_event(event) team.all_events = True team.save() user._teamcache = {} assert team.permission_for_event(event) - assert user.has_event_permisson(event.organizer, event) + assert user.has_event_permission(event.organizer, event) @pytest.mark.django_db def test_specific_event_permission_limited(event, user): user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') team = Team.objects.create(organizer=event.organizer, can_change_orders=True) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') team.members.add(user) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') team.limit_events.add(event) user._teamcache = {} - assert user.has_event_permisson(event.organizer, event, 'can_change_orders') - assert not user.has_event_permisson(event.organizer, event, 'can_change_event_settings') + assert user.has_event_permission(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_event_settings') team.can_change_orders = False team.save() user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') @pytest.mark.django_db def test_specific_event_permission_all(event, user): user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') team = Team.objects.create(organizer=event.organizer, can_change_orders=True) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') team.members.add(user) user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') team.all_events = True team.save() user._teamcache = {} - assert user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert user.has_event_permission(event.organizer, event, 'can_change_orders') team.can_change_orders = False team.save() user._teamcache = {} - assert not user.has_event_permisson(event.organizer, event, 'can_change_orders') + assert not user.has_event_permission(event.organizer, event, 'can_change_orders') @pytest.mark.django_db @@ -134,9 +134,9 @@ def test_event_permissions_multiple_teams(event, user): team2.limit_events.add(event) team3.limit_events.add(event2) - assert user.has_event_permisson(event.organizer, event, 'can_change_orders') - assert user.has_event_permisson(event.organizer, event, 'can_change_vouchers') - assert not user.has_event_permisson(event.organizer, event, 'can_change_event_settings') + assert user.has_event_permission(event.organizer, event, 'can_change_orders') + assert user.has_event_permission(event.organizer, event, 'can_change_vouchers') + assert not user.has_event_permission(event.organizer, event, 'can_change_event_settings') assert user.get_event_permission_set(event.organizer, event) == {'can_change_orders', 'can_change_vouchers'} assert user.get_event_permission_set(event.organizer, event2) == {'can_change_orders', 'can_change_event_settings', 'can_change_settings'} @@ -145,29 +145,29 @@ def test_event_permissions_multiple_teams(event, user): @pytest.mark.django_db def test_any_organizer_permission(event, user): user._teamcache = {} - assert not user.has_organizer_permisson(event.organizer) + assert not user.has_organizer_permission(event.organizer) team = Team.objects.create(organizer=event.organizer) user._teamcache = {} - assert not user.has_organizer_permisson(event.organizer) + assert not user.has_organizer_permission(event.organizer) team.members.add(user) user._teamcache = {} - assert user.has_organizer_permisson(event.organizer) + assert user.has_organizer_permission(event.organizer) @pytest.mark.django_db def test_specific_organizer_permission(event, user): user._teamcache = {} - assert not user.has_organizer_permisson(event.organizer, 'can_create_events') + assert not user.has_organizer_permission(event.organizer, 'can_create_events') team = Team.objects.create(organizer=event.organizer, can_create_events=True) user._teamcache = {} - assert not user.has_organizer_permisson(event.organizer, 'can_create_events') + assert not user.has_organizer_permission(event.organizer, 'can_create_events') team.members.add(user) user._teamcache = {} - assert user.has_organizer_permisson(event.organizer, 'can_create_events') + assert user.has_organizer_permission(event.organizer, 'can_create_events') @pytest.mark.django_db @@ -180,9 +180,9 @@ def test_organizer_permissions_multiple_teams(event, user): team3 = Team.objects.create(organizer=orga2, can_change_teams=True) team3.members.add(user) - assert user.has_organizer_permisson(event.organizer, 'can_create_events') - assert user.has_organizer_permisson(event.organizer, 'can_change_organizer_settings') - assert not user.has_organizer_permisson(event.organizer, 'can_change_teams') + assert user.has_organizer_permission(event.organizer, 'can_create_events') + assert user.has_organizer_permission(event.organizer, 'can_change_organizer_settings') + assert not user.has_organizer_permission(event.organizer, 'can_change_teams') assert user.get_organizer_permission_set(event.organizer) == {'can_create_events', 'can_change_organizer_settings'} assert user.get_organizer_permission_set(orga2) == {'can_change_teams'} @@ -192,10 +192,10 @@ def test_superuser(event, user): user.is_superuser = True user.save() - assert user.has_organizer_permisson(event.organizer) - assert user.has_organizer_permisson(event.organizer, 'can_create_events') - assert user.has_event_permisson(event.organizer, event) - assert user.has_event_permisson(event.organizer, event, 'can_change_event_settings') + assert user.has_organizer_permission(event.organizer) + assert user.has_organizer_permission(event.organizer, 'can_create_events') + assert user.has_event_permission(event.organizer, event) + assert user.has_event_permission(event.organizer, event, 'can_change_event_settings') assert 'arbitrary' in user.get_event_permission_set(event.organizer, event) assert 'arbitrary' in user.get_organizer_permission_set(event.organizer)