mirror of
https://github.com/pretix/pretix.git
synced 2026-05-08 15:44:02 +00:00
Basic creating, editing and updating of organizers
This commit is contained in:
Raphael Michel
@@ -7,7 +7,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.http import HttpResponseNotFound
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from pretix.base.models import Event
|
||||
from pretix.base.models import Event, Organizer
|
||||
|
||||
|
||||
class PermissionMiddleware:
|
||||
@@ -53,6 +53,16 @@ class PermissionMiddleware:
|
||||
permitted__id__exact=request.user.id,
|
||||
organizer__slug=url.kwargs['organizer'],
|
||||
).select_related('organizer')[0]
|
||||
request.organizer = request.event.organizer
|
||||
except IndexError:
|
||||
return HttpResponseNotFound(_("The selected event was not found or you "
|
||||
"have no permission to administrate it."))
|
||||
elif 'organizer' in url.kwargs:
|
||||
try:
|
||||
request.organizer = Organizer.objects.current.filter(
|
||||
slug=url.kwargs['organizer'],
|
||||
permitted__id__exact=request.user.id,
|
||||
)[0]
|
||||
except IndexError:
|
||||
return HttpResponseNotFound(_("The selected organizer was not found or you "
|
||||
"have no permission to administrate it."))
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
from django.http import HttpResponseForbidden
|
||||
from django.utils.translation import ugettext as _
|
||||
|
||||
from pretix.base.models import EventPermission
|
||||
from pretix.base.models import EventPermission, OrganizerPermission
|
||||
|
||||
|
||||
def event_permission_required(permission):
|
||||
@@ -14,17 +14,22 @@ def event_permission_required(permission):
|
||||
if not request.user.is_authenticated(): # NOQA
|
||||
# just a double check, should not ever happen
|
||||
return HttpResponseForbidden()
|
||||
perm = EventPermission.objects.get(
|
||||
event=request.event,
|
||||
user=request.user
|
||||
)
|
||||
allowed = False
|
||||
try:
|
||||
allowed = getattr(perm, permission)
|
||||
except AttributeError:
|
||||
perm = EventPermission.objects.get(
|
||||
event=request.event,
|
||||
user=request.user
|
||||
)
|
||||
except:
|
||||
pass
|
||||
if allowed:
|
||||
return function(request, *args, **kw)
|
||||
else:
|
||||
allowed = not permission
|
||||
try:
|
||||
if permission:
|
||||
allowed = getattr(perm, permission)
|
||||
except AttributeError:
|
||||
pass
|
||||
if allowed:
|
||||
return function(request, *args, **kw)
|
||||
return HttpResponseForbidden(_('You do not have permission to view this content.'))
|
||||
return wrapper
|
||||
return decorator
|
||||
@@ -41,3 +46,47 @@ class EventPermissionRequiredMixin:
|
||||
def as_view(cls, **initkwargs):
|
||||
view = super(EventPermissionRequiredMixin, cls).as_view(**initkwargs)
|
||||
return event_permission_required(cls.permission)(view)
|
||||
|
||||
|
||||
def organizer_permission_required(permission):
|
||||
"""
|
||||
This view decorator rejects all requests with a 403 response which are not from
|
||||
users having the given permission for the event the request is associated with.
|
||||
"""
|
||||
def decorator(function):
|
||||
def wrapper(request, *args, **kw):
|
||||
if not request.user.is_authenticated(): # NOQA
|
||||
# just a double check, should not ever happen
|
||||
return HttpResponseForbidden()
|
||||
try:
|
||||
perm = OrganizerPermission.objects.get(
|
||||
organizer=request.organizer,
|
||||
user=request.user
|
||||
)
|
||||
except:
|
||||
pass
|
||||
else:
|
||||
allowed = not permission
|
||||
try:
|
||||
if permission:
|
||||
allowed = getattr(perm, permission)
|
||||
except AttributeError:
|
||||
pass
|
||||
if allowed or request.user.is_superuser:
|
||||
return function(request, *args, **kw)
|
||||
return HttpResponseForbidden(_('You do not have permission to view this content.'))
|
||||
return wrapper
|
||||
return decorator
|
||||
|
||||
|
||||
class OrganizerPermissionRequiredMixin:
|
||||
"""
|
||||
This mixin is equivalent to the event_permission_required view decorator but
|
||||
is in a form suitable for class-based views.
|
||||
"""
|
||||
permission = ''
|
||||
|
||||
@classmethod
|
||||
def as_view(cls, **initkwargs):
|
||||
view = super(OrganizerPermissionRequiredMixin, cls).as_view(**initkwargs)
|
||||
return organizer_permission_required(cls.permission)(view)
|
||||
|
||||
@@ -76,6 +76,12 @@
|
||||
{% trans "Events" %}
|
||||
</a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="{% url 'control:organizers' %}" {% if "organizer" in url_name %}class="active"{% endif %}>
|
||||
<i class="fa fa-users fa-fw"></i>
|
||||
{% trans "Organizers" %}
|
||||
</a>
|
||||
</li>
|
||||
{% endblock %}
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
@@ -6,11 +6,6 @@
|
||||
<h1>{% trans "Product category" %}</h1>
|
||||
<form action="" method="post" class="form-horizontal">
|
||||
{% csrf_token %}
|
||||
{% if "success" in request.GET %}
|
||||
<div class="alert alert-success">
|
||||
{% trans "Your changes have been saved." %}
|
||||
</div>
|
||||
{% endif %}
|
||||
<fieldset>
|
||||
<legend>{% trans "General information" %}</legend>
|
||||
{% bootstrap_field form.name layout="horizontal" %}
|
||||
|
||||
@@ -0,0 +1,20 @@
|
||||
{% extends "pretixcontrol/base.html" %}
|
||||
{% load i18n %}
|
||||
{% load bootstrap3 %}
|
||||
{% block title %}{% trans "Create Organizer" %}{% endblock %}
|
||||
{% block content %}
|
||||
<h1>{% trans "Create Organizer" %}</h1>
|
||||
<form action="" method="post" class="form-horizontal">
|
||||
{% csrf_token %}
|
||||
<fieldset>
|
||||
<legend>{% trans "General information" %}</legend>
|
||||
{% bootstrap_field form.name layout="horizontal" %}
|
||||
{% bootstrap_field form.slug layout="horizontal" %}
|
||||
</fieldset>
|
||||
<div class="form-group submit-group">
|
||||
<button type="submit" class="btn btn-primary btn-save">
|
||||
{% trans "Save" %}
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
{% endblock %}
|
||||
@@ -0,0 +1,20 @@
|
||||
{% extends "pretixcontrol/base.html" %}
|
||||
{% load i18n %}
|
||||
{% load bootstrap3 %}
|
||||
{% block title %}{% trans "Organizer" %}{% endblock %}
|
||||
{% block content %}
|
||||
<h1>{% trans "Organizer" %}</h1>
|
||||
<form action="" method="post" class="form-horizontal">
|
||||
{% csrf_token %}
|
||||
<fieldset>
|
||||
<legend>{% trans "General information" %}</legend>
|
||||
{% bootstrap_field form.name layout="horizontal" %}
|
||||
{% bootstrap_field form.slug layout="horizontal" %}
|
||||
</fieldset>
|
||||
<div class="form-group submit-group">
|
||||
<button type="submit" class="btn btn-primary btn-save">
|
||||
{% trans "Save" %}
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
{% endblock %}
|
||||
@@ -0,0 +1,29 @@
|
||||
{% extends "pretixcontrol/base.html" %}
|
||||
{% load i18n %}
|
||||
{% block title %}{% trans "Organizers" %}{% endblock %}
|
||||
{% block content %}
|
||||
<h1>{% trans "Organizers" %}</h1>
|
||||
<p>{% trans "The list below shows all organizer accounts you have administrative access to." %}</p>
|
||||
{% if request.user.is_superuser %}
|
||||
<a href="{% url "control:organizers.add" %}" class="btn btn-primary">
|
||||
<span class="fa fa-plus"></span>
|
||||
{% trans "Create a new organizer" %}
|
||||
</a>
|
||||
{% endif %}
|
||||
<table class="table table-condensed table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{% trans "Organizer name" %}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for o in organizers %}
|
||||
<tr>
|
||||
<td><strong>
|
||||
<a href="{% url "control:organizer.edit" organizer=o.slug %}">{{ o.name }}</a>
|
||||
</strong></td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% endblock %}
|
||||
@@ -1,13 +1,16 @@
|
||||
from django.conf.urls import url, include
|
||||
|
||||
|
||||
from pretix.control.views import main, event, item, auth, orders, user
|
||||
from pretix.control.views import main, event, item, auth, orders, user, organizer
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^logout$', auth.logout, name='auth.logout'),
|
||||
url(r'^login$', auth.login, name='auth.login'),
|
||||
url(r'^$', main.index, name='index'),
|
||||
url(r'^settings$', user.UserSettings.as_view(), name='user.settings'),
|
||||
url(r'^organizers/$', organizer.OrganizerList.as_view(), name='organizers'),
|
||||
url(r'^organizers/add$', organizer.OrganizerCreate.as_view(), name='organizers.add'),
|
||||
url(r'^organizer/(?P<organizer>[^/]+)/edit$', organizer.OrganizerUpdate.as_view(), name='organizer.edit'),
|
||||
url(r'^events/$', main.EventList.as_view(), name='events'),
|
||||
url(r'^event/(?P<organizer>[^/]+)/(?P<event>[^/]+)/', include([
|
||||
url(r'^$', event.index, name='event.index'),
|
||||
|
||||
86
src/pretix/control/views/organizer.py
Normal file
86
src/pretix/control/views/organizer.py
Normal file
@@ -0,0 +1,86 @@
|
||||
from django.contrib import messages
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.http import HttpResponseForbidden
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
from django.views.generic import ListView, UpdateView, CreateView
|
||||
from pretix.base.forms import VersionedModelForm
|
||||
|
||||
from pretix.base.models import Organizer, OrganizerPermission
|
||||
from pretix.control.permissions import OrganizerPermissionRequiredMixin
|
||||
|
||||
|
||||
class OrganizerList(ListView):
|
||||
model = Organizer
|
||||
context_object_name = 'organizers'
|
||||
template_name = 'pretixcontrol/organizers/index.html'
|
||||
|
||||
def get_queryset(self):
|
||||
if self.request.user.is_superuser:
|
||||
return Organizer.objects.current.all()
|
||||
else:
|
||||
return Organizer.objects.current.filter(
|
||||
permitted__id__exact=self.request.user.pk
|
||||
)
|
||||
|
||||
|
||||
class OrganizerForm(VersionedModelForm):
|
||||
class Meta:
|
||||
model = Organizer
|
||||
fields = ['name', 'slug']
|
||||
|
||||
|
||||
class OrganizerUpdateForm(OrganizerForm):
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
super().__init__(*args, **kwargs)
|
||||
self.fields['slug'].widget.attrs['disabled'] = 'disabled'
|
||||
|
||||
def clean_slug(self):
|
||||
return self.instance.slug
|
||||
|
||||
|
||||
class OrganizerUpdate(OrganizerPermissionRequiredMixin, UpdateView):
|
||||
model = Organizer
|
||||
form_class = OrganizerUpdateForm
|
||||
template_name = 'pretixcontrol/organizers/detail.html'
|
||||
permission = None
|
||||
context_object_name = 'organizer'
|
||||
|
||||
def get_object(self, queryset=None) -> Organizer:
|
||||
return self.request.organizer
|
||||
|
||||
def form_valid(self, form):
|
||||
messages.success(self.request, _('Your changes have been saved.'))
|
||||
return super().form_valid(form)
|
||||
|
||||
def get_success_url(self) -> str:
|
||||
return reverse('control:organizer.edit', kwargs={
|
||||
'organizer': self.request.organizer.slug,
|
||||
})
|
||||
|
||||
|
||||
class OrganizerCreate(CreateView):
|
||||
model = Organizer
|
||||
form_class = OrganizerForm
|
||||
template_name = 'pretixcontrol/organizers/create.html'
|
||||
context_object_name = 'organizer'
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
if not request.user.is_superuser:
|
||||
return HttpResponseForbidden() # TODO
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_object(self, queryset=None) -> Organizer:
|
||||
return self.request.organizer
|
||||
|
||||
def form_valid(self, form):
|
||||
messages.success(self.request, _('The new organizer has been created.'))
|
||||
ret = super().form_valid(form)
|
||||
OrganizerPermission.objects.create(
|
||||
organizer=form.instance, user=self.request.user,
|
||||
can_create_events=True
|
||||
)
|
||||
return ret
|
||||
|
||||
def get_success_url(self) -> str:
|
||||
return reverse('control:organizers')
|
||||
Reference in New Issue
Block a user