From 02a4ed4be2b7a01a2d753470d778caa2265ae1bb Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Wed, 28 Aug 2024 09:27:53 +0200 Subject: [PATCH] Teams: Improve handling of revoked keys and team deletion (Z#23163674) (#4414) --- .../organizers/team_members.html | 20 ++++++++++----- src/pretix/control/views/organizer.py | 25 +++++++++++++------ 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/src/pretix/control/templates/pretixcontrol/organizers/team_members.html b/src/pretix/control/templates/pretixcontrol/organizers/team_members.html index 57c159aa59..4d88699305 100644 --- a/src/pretix/control/templates/pretixcontrol/organizers/team_members.html +++ b/src/pretix/control/templates/pretixcontrol/organizers/team_members.html @@ -102,16 +102,24 @@ - {% for t in team.active_tokens %} + {% for t in tokens %} - + + {% if not t.active %} + + {% endif %} {{ t.name }} + {% if not t.active %} + + {% endif %} - + {% if t.active %} + + {% endif %} {% endfor %} diff --git a/src/pretix/control/views/organizer.py b/src/pretix/control/views/organizer.py index 83aff3dbfb..90463db6ba 100644 --- a/src/pretix/control/views/organizer.py +++ b/src/pretix/control/views/organizer.py @@ -686,14 +686,24 @@ class TeamDeleteView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin, try: self.object.log_action('pretix.team.deleted', user=self.request.user) self.object.delete() - except ProtectedError: - messages.error( - self.request, - _( - 'The team could not be deleted as some constraints (e.g. data created by ' - 'plug-ins) do not allow it.' + except ProtectedError as e: + is_logs = any(isinstance(e, LogEntry) for e in e.protected_objects) + if is_logs: + messages.error( + self.request, + _( + "The team could not be deleted because the team or one of its API tokens is part of " + "historical audit logs." + ) + ) + else: + messages.error( + self.request, + _( + 'The team could not be deleted as some constraints (e.g. data created by ' + 'plug-ins) do not allow it.' + ) ) - ) return redirect(success_url) messages.success(request, _('The selected team has been deleted.')) @@ -723,6 +733,7 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin, ctx = super().get_context_data(**kwargs) ctx['add_form'] = self.add_form ctx['add_token_form'] = self.add_token_form + ctx['tokens'] = self.object.tokens.order_by("-active", "name", "pk") return ctx def _send_invite(self, instance):