forked from CGM_Public/pretix_original
Scheduled exports: Check permissions on creation
This commit is contained in:
Raphael Michel
@@ -2832,11 +2832,23 @@ class ExportView(EventPermissionRequiredMixin, ExportMixin, ListView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
return self.get_scheduled_queryset()
|
return self.get_scheduled_queryset()
|
||||||
|
|
||||||
|
def has_permission(self):
|
||||||
|
return self.request.user.has_event_permission(self.request.organizer, self.request.event, "can_view_orders")
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
ctx = super().get_context_data(**kwargs)
|
ctx = super().get_context_data(**kwargs)
|
||||||
if "schedule" in self.request.POST or self.scheduled:
|
if "schedule" in self.request.POST or self.scheduled:
|
||||||
ctx['schedule_form'] = self.schedule_form
|
if "schedule" in self.request.POST and not self.has_permission():
|
||||||
ctx['rrule_form'] = self.rrule_form
|
messages.error(
|
||||||
|
self.request,
|
||||||
|
_(
|
||||||
|
"Your user account does not have sufficient permission to run this report, therefore "
|
||||||
|
"you cannot schedule it."
|
||||||
|
)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
ctx['schedule_form'] = self.schedule_form
|
||||||
|
ctx['rrule_form'] = self.rrule_form
|
||||||
elif not self.exporter:
|
elif not self.exporter:
|
||||||
for s in ctx['scheduled']:
|
for s in ctx['scheduled']:
|
||||||
try:
|
try:
|
||||||
|
|||||||
@@ -2189,11 +2189,28 @@ class ExportView(OrganizerPermissionRequiredMixin, ExportMixin, ListView):
|
|||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
return self.get_scheduled_queryset()
|
return self.get_scheduled_queryset()
|
||||||
|
|
||||||
|
def has_permission(self):
|
||||||
|
if isinstance(self.exporter, OrganizerLevelExportMixin):
|
||||||
|
if not self.request.user.has_organizer_permission(self.request.organizer, self.exporter.organizer_required_permission):
|
||||||
|
return False
|
||||||
|
if self.exporter and not self.exporter.available_for_user(self.request.user):
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
ctx = super().get_context_data(**kwargs)
|
ctx = super().get_context_data(**kwargs)
|
||||||
if "schedule" in self.request.POST or self.scheduled:
|
if "schedule" in self.request.POST or self.scheduled:
|
||||||
ctx['schedule_form'] = self.schedule_form
|
if "schedule" in self.request.POST and not self.has_permission():
|
||||||
ctx['rrule_form'] = self.rrule_form
|
messages.error(
|
||||||
|
self.request,
|
||||||
|
_(
|
||||||
|
"Your user account does not have sufficient permission to run this report, therefore "
|
||||||
|
"you cannot schedule it."
|
||||||
|
)
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
ctx['schedule_form'] = self.schedule_form
|
||||||
|
ctx['rrule_form'] = self.rrule_form
|
||||||
elif not self.exporter:
|
elif not self.exporter:
|
||||||
for s in ctx['scheduled']:
|
for s in ctx['scheduled']:
|
||||||
try:
|
try:
|
||||||
|
|||||||
Reference in New Issue
Block a user