CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

API: Clear permission errors from idempotency storage when chaning permissions

Browse Source
This commit is contained in:
Raphael Michel
2023-02-08 13:33:31 +01:00
parent 50f001221c
commit df41caacf7
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/pretix/control/views/organizer.py
View File

@@ -36,6 +36,7 @@ import json
import re
from datetime import time, timedelta
from decimal import Decimal
from hashlib import sha1
import bleach
from django import forms
@@ -63,7 +64,7 @@ from django.views.generic import (
UpdateView,
)
from pretix.api.models import WebHook
from pretix.api.models import WebHook, ApiCall
from pretix.api.webhooks import manually_retry_all_calls
from pretix.base.auth import get_auth_backends
from pretix.base.channels import get_all_sales_channels
@@ -1003,6 +1004,15 @@ class DeviceUpdateView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixi
k: getattr(self.object, k) if k != 'limit_events' else [e.id for e in getattr(self.object, k).all()]
for k in form.changed_data
})
# If the permission of the device have changed, let's clear "permission denied" errors from the idempotency store
auth_hash_parts = f'Device {self.object.api_token}:'
auth_hash = sha1(auth_hash_parts.encode()).hexdigest()
ApiCall.objects.filter(
auth_hash=auth_hash,
response_code=403,
).delete()
messages.success(self.request, _('Your changes have been saved.'))
return super().form_valid(form)