From 45f120b0c398dfcb04e5c72dcbe00d5eda9452fc Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Wed, 10 Jun 2020 17:45:11 +0200 Subject: [PATCH] API: Modified settings endpoint for devices --- doc/api/resources/events.rst | 2 +- src/pretix/api/serializers/event.py | 37 +++++++++++++++++++++++++++++ src/pretix/api/views/event.py | 14 +++++++---- 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/doc/api/resources/events.rst b/doc/api/resources/events.rst index d88d9a3632..6fb694824a 100644 --- a/doc/api/resources/events.rst +++ b/doc/api/resources/events.rst @@ -526,7 +526,7 @@ information about the properties. Get current values of event settings. - Permission required: "Can change event settings" + Permission required: "Can change event settings" (Exception: with device auth, *some* settings can always be *read*.) **Example request**: diff --git a/src/pretix/api/serializers/event.py b/src/pretix/api/serializers/event.py index 0825a8deed..4236c06a69 100644 --- a/src/pretix/api/serializers/event.py +++ b/src/pretix/api/serializers/event.py @@ -660,3 +660,40 @@ class EventSettingsSerializer(serializers.Serializer): settings_dict.update(data) validate_settings(self.event, settings_dict) return data + + +class DeviceEventSettingsSerializer(EventSettingsSerializer): + default_fields = [ + 'locales', + 'locale', + 'last_order_modification_date', + 'show_quota_left', + 'max_items_per_order', + 'attendee_names_asked', + 'attendee_names_required', + 'attendee_emails_asked', + 'attendee_emails_required', + 'attendee_addresses_asked', + 'attendee_addresses_required', + 'attendee_company_asked', + 'attendee_company_required', + 'ticket_download', + 'ticket_download_addons', + 'ticket_download_nonadm', + 'ticket_download_pending', + 'invoice_address_asked', + 'invoice_address_required', + 'invoice_address_vatid', + 'invoice_address_company_required', + 'invoice_address_beneficiary', + 'invoice_address_custom_field', + 'invoice_name_required', + 'invoice_address_not_asked_free', + 'invoice_address_from_name', + 'invoice_address_from', + 'invoice_address_from_zipcode', + 'invoice_address_from_city', + 'invoice_address_from_country', + 'invoice_address_from_tax_id', + 'invoice_address_from_vat_id', + ] diff --git a/src/pretix/api/views/event.py b/src/pretix/api/views/event.py index f267fd828f..63cc853309 100644 --- a/src/pretix/api/views/event.py +++ b/src/pretix/api/views/event.py @@ -10,8 +10,8 @@ from rest_framework.response import Response from pretix.api.auth.permission import EventCRUDPermission from pretix.api.serializers.event import ( - CloneEventSerializer, EventSerializer, EventSettingsSerializer, - SubEventSerializer, TaxRuleSerializer, + CloneEventSerializer, DeviceEventSettingsSerializer, EventSerializer, + EventSettingsSerializer, SubEventSerializer, TaxRuleSerializer, ) from pretix.api.views import ConditionalListView from pretix.base.models import ( @@ -337,10 +337,16 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet): class EventSettingsView(views.APIView): - permission = 'can_change_event_settings' + permission = None + write_permission = 'can_change_event_settings' def get(self, request, *args, **kwargs): - s = EventSettingsSerializer(instance=request.event.settings, event=request.event) + if isinstance(request.auth, Device): + s = DeviceEventSettingsSerializer(instance=request.event.settings, event=request.event) + elif 'can_change_event_settings' in request.eventpermset: + s = EventSettingsSerializer(instance=request.event.settings, event=request.event) + else: + raise PermissionDenied() if 'explain' in request.GET: return Response({ fname: {