From 23de795b3f3da614a5b20d7542cbd28f71ff4ce8 Mon Sep 17 00:00:00 2001 From: Lukas Bockstaller Date: Wed, 15 Apr 2026 12:16:18 +0200 Subject: [PATCH] only overwrite final representation not the serializer --- src/pretix/api/serializers/media.py | 17 ++++------------- src/pretix/api/serializers/organizer.py | 11 +++-------- 2 files changed, 7 insertions(+), 21 deletions(-) diff --git a/src/pretix/api/serializers/media.py b/src/pretix/api/serializers/media.py index ea1cee8cdb..62d6406dd6 100644 --- a/src/pretix/api/serializers/media.py +++ b/src/pretix/api/serializers/media.py @@ -117,8 +117,8 @@ class ReusableMediaSerializer(I18nAwareModelSerializer): return data def to_representation(self, instance): + r = super().to_representation(instance) request = self.context.get('request') - # late permission evaluations for checks that depend on the actual linked events if 'linked_orderposition' in self.context['request'].query_params.getlist('expand'): if instance.linked_orderposition is not None: @@ -126,11 +126,7 @@ class ReusableMediaSerializer(I18nAwareModelSerializer): if not ( request.user if request.user and request.user.is_authenticated else request.auth ).has_event_permission(organizer=event.organizer, event=event, perm_name='event.orders:read', request=request): - pos_serializer = self.fields['linked_orderposition'] - allowed = {'id'} - for field_name in list(pos_serializer.fields.keys()): - if field_name not in allowed: - pos_serializer.fields.pop(field_name) + r['linked_orderposition'] = {'id': instance.linked_orderposition.id} if 'linked_giftcard.owner_ticket' in self.context['request'].query_params.getlist('expand'): gc = instance.linked_giftcard @@ -139,14 +135,9 @@ class ReusableMediaSerializer(I18nAwareModelSerializer): if not ( request.user if request.user and request.user.is_authenticated else request.auth ).has_event_permission(organizer=event.organizer, event=event, perm_name='event.orders:read', request=request): - ticket_serializer = self.fields['linked_giftcard'].fields['owner_ticket'] - allowed = {'id'} - for field_name in list(ticket_serializer.fields.keys()): - if field_name not in allowed: - ticket_serializer.fields.pop(field_name) + r['linked_giftcard']['owner_ticket'] = {'id': instance.linked_giftcard.owner_ticket.id} - - return super().to_representation(instance) + return r diff --git a/src/pretix/api/serializers/organizer.py b/src/pretix/api/serializers/organizer.py index bc1686045e..068cfa9ea1 100644 --- a/src/pretix/api/serializers/organizer.py +++ b/src/pretix/api/serializers/organizer.py @@ -287,8 +287,8 @@ class GiftCardSerializer(I18nAwareModelSerializer): return data def to_representation(self, instance): + r = super().to_representation(instance) request = self.context.get('request') - # late permission evaluations for checks that depend on the actual linked events if 'owner_ticket' in self.context['request'].query_params.getlist('expand'): owner_ticket = instance.owner_ticket @@ -297,13 +297,8 @@ class GiftCardSerializer(I18nAwareModelSerializer): if not ( request.user if request.user and request.user.is_authenticated else request.auth ).has_event_permission(organizer=event.organizer, event=event, perm_name='event.orders:read', request=request): - ticket_serializer = self.fields['owner_ticket'].read - allowed = {'id'} - for field_name in list(ticket_serializer.fields.keys()): - if field_name not in allowed: - ticket_serializer.fields.pop(field_name) - - return super().to_representation(instance) + r['owner_ticket'] = {'id': instance.owner_ticket.id} + return r class Meta: model = GiftCard