CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement OAuth2 provider (#927)

Browse Source 
- [x] Application management
  - [x] Link
  - [ ] Tests
- [x] Authorize flow
  - [x] Tests
- [x] Refresh token handling
  - [x] Tests
- [x] Revocation endpoint
  - [x] Tests
  - [x] Mitigate: https://github.com/jazzband/django-oauth-toolkit/issues/585
- [x] API authenticator / permission driver
  - [x] Test
- [x] Enforce organizer restriction
  - [x] Tests
- [x] Enforce scope restriction
  - [x] Tests
- [x] Show current applications to user
  - [x] Revoke
  - [x] Tests
- [x] Log new authorizations
  - [x] notify user
- [x] Ensure other grant types are not available
- [x] Documentation
- [x] check if revoking access toking, then refreshing gets rid of organizer constraint
- [x] Show logentry foo
This commit is contained in:
Raphael Michel
2018-06-05 12:58:04 +02:00
committed by GitHub
parent df031b2222
commit 69d10489b8
53 changed files with 1786 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/pretix/api/views/event.py
View File

@@ -12,7 +12,6 @@ from pretix.api.serializers.event import (
from pretix.api.views import ConditionalListView
from pretix.base.models import Event, ItemCategory, TaxRule
from pretix.base.models.event import SubEvent
from pretix.base.models.organizer import TeamAPIToken
from pretix.helpers.dicts import merge_dicts
@@ -39,7 +38,7 @@ class EventViewSet(viewsets.ModelViewSet):
serializer.instance.log_action(
log_action,
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data=self.request.data
)
@@ -52,7 +51,7 @@ class EventViewSet(viewsets.ModelViewSet):
serializer.instance.log_action(
'pretix.event.plugins.' + action,
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data={'plugin': module}
)
@@ -61,7 +60,7 @@ class EventViewSet(viewsets.ModelViewSet):
serializer.instance.log_action(
'pretix.event.changed',
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data=self.request.data
)
@@ -70,7 +69,7 @@ class EventViewSet(viewsets.ModelViewSet):
serializer.instance.log_action(
'pretix.event.added',
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data=self.request.data
)
@@ -115,7 +114,7 @@ class CloneEventViewSet(viewsets.ModelViewSet):
serializer.instance.log_action(
'pretix.event.added',
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data=self.request.data
)
@@ -151,7 +150,7 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
serializer.instance.log_action(
'pretix.event.taxrule.changed',
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data=self.request.data
)
@@ -160,7 +159,7 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
serializer.instance.log_action(
'pretix.event.taxrule.added',
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
data=self.request.data
)
@@ -171,6 +170,6 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
instance.log_action(
'pretix.event.taxrule.deleted',
user=self.request.user,
api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
auth=self.request.auth,
)
super().perform_destroy(instance)