Refs #654 -- API: Writable event endpoints (#756)

* MKBDIGI-185: Added update/create to events * MKBDIGI-185: Added validation for 'slug, 'live' on event endpoint * MKBDIGI-185: Code formatting * MKBDIGI-185: Added 'plugins' to 'event' endpoint * MKBDIGI-185: Merge migrations * MKBDIGI-185: Cleaned up static methods * EBILL-5: Added delete endpoint for event * EBILL-5: Merge migrations * EBILL-5: Fixed imports * EBILL-5: Changed plugins to only list plugins enabled for the event * EBILL-5: Added clone event endpoint * EBILL-5: Removed permissions check API test for events * EBILL-5: Merged master, updated migrations * EBILL-5: Updated api permissions check for CRUD on events * EBILL-5: Removed 'unique_together' constraint on event model * EBILL-5: Removed call to changed static methods in test * EBILL-5: Changed Event 'has_paid_things' to a property for consistency * EBILL-5: Fixed created response code in documentation * EBILL-6: Documentation fixes * EBILL-6: Fixed typo * EBILL-6: Fixed permissions * EBILL-6: Added note on copying settings to documentation * EBILL-6: Created model method for deleting sub objects on event before delete * EBILL-6: Fixed typo * EBILL-6: Re-added meta_data as read-only * EBILL-6: Fixed permissions test * EBILL-6: Added plugins issues check before live. Moved issues property from form to Event model. * EBILL-6: Upped version number in documentation * Add write support for MetaDataField * EBILL-6: Expanded documentation for the clone endpoint, made behaviour of 'is_public' similar to 'plugins' for consistency * EBILL-6: Re-added EventCRUDPermission * EBILL-16: Updated documentation with permission model for the API * EBILL-16: Added 'has_subevents' validation to ensure it cannot be changed once event is created. * EBILL-16: Fixed event clone not differentiating between "not set" and "deliberately set to False" * EBILL-16: Fixed event live validation * EBILL-16: Added logging of live activated/deactivated * EBILL-16: Fixed create event bug when no 'meta_data' supplied * EBILL-16: Typo fixed * EBILL-16: Added log display for "event created" * EBILL-16: Enabling a plugin now calls 'installed' if applicable and log entries are added * EBILL-16: Updated tests for events * Do not allow enabling restricted plugins via the API * Remove unused code
2026-05-05 15:14:04 +00:00 · 2018-04-25 17:13:09 +02:00
parent 1a0e2031d2
commit 7bb18f6fad
12 changed files with 1264 additions and 60 deletions
--- a/src/pretix/api/views/event.py
+++ b/src/pretix/api/views/event.py
@@ -1,24 +1,123 @@
+from django.db import transaction
+from django.db.models import ProtectedError
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import filters, viewsets
 from rest_framework.exceptions import PermissionDenied

+from pretix.api.auth.permission import EventCRUDPermission
 from pretix.api.serializers.event import (
-    EventSerializer, SubEventSerializer, TaxRuleSerializer,
+    CloneEventSerializer, EventSerializer, SubEventSerializer,
+    TaxRuleSerializer,
 )
 from pretix.base.models import Event, ItemCategory, TaxRule
 from pretix.base.models.event import SubEvent
 from pretix.base.models.organizer import TeamAPIToken
+from pretix.helpers.dicts import merge_dicts


-class EventViewSet(viewsets.ReadOnlyModelViewSet):
+class EventViewSet(viewsets.ModelViewSet):
    serializer_class = EventSerializer
    queryset = Event.objects.none()
    lookup_field = 'slug'
    lookup_url_kwarg = 'event'
+    permission_classes = (EventCRUDPermission,)

    def get_queryset(self):
        return self.request.organizer.events.prefetch_related('meta_values', 'meta_values__property')

+    def perform_update(self, serializer):
+        current_live_value = serializer.instance.live
+        updated_live_value = serializer.validated_data.get('live', None)
+        current_plugins_value = serializer.instance.get_plugins()
+        updated_plugins_value = serializer.validated_data.get('plugins', None)
+
+        super().perform_update(serializer)
+
+        if updated_live_value is not None and updated_live_value != current_live_value:
+            log_action = 'pretix.event.live.activated' if updated_live_value else 'pretix.event.live.deactivated'
+            serializer.instance.log_action(
+                log_action,
+                user=self.request.user,
+                api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+                data=self.request.data
+            )
+
+        if updated_plugins_value is not None and set(updated_plugins_value) != set(current_plugins_value):
+            enabled = {m: 'enabled' for m in updated_plugins_value if m not in current_plugins_value}
+            disabled = {m: 'disabled' for m in current_plugins_value if m not in updated_plugins_value}
+            changed = merge_dicts(enabled, disabled)
+
+            for module, action in changed.items():
+                serializer.instance.log_action(
+                    'pretix.event.plugins.' + action,
+                    user=self.request.user,
+                    api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+                    data={'plugin': module}
+                )
+
+        other_keys = {k: v for k, v in serializer.validated_data.items() if k not in ['plugins', 'live']}
+        if other_keys:
+            serializer.instance.log_action(
+                'pretix.event.changed',
+                user=self.request.user,
+                api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+                data=self.request.data
+            )
+
+    def perform_create(self, serializer):
+        serializer.save(organizer=self.request.organizer)
+        serializer.instance.log_action(
+            'pretix.event.added',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            data=self.request.data
+        )
+
+    def perform_destroy(self, instance):
+        if not instance.allow_delete():
+            raise PermissionDenied('The event can not be deleted as it already contains orders. Please set \'live\''
+                                   ' to false to hide the event and take the shop offline instead.')
+        try:
+            with transaction.atomic():
+                instance.organizer.log_action(
+                    'pretix.event.deleted', user=self.request.user,
+                    data={
+                        'event_id': instance.pk,
+                        'name': str(instance.name),
+                        'logentries': list(instance.logentry_set.values_list('pk', flat=True))
+                    }
+                )
+                instance.delete_sub_objects()
+                super().perform_destroy(instance)
+        except ProtectedError:
+            raise PermissionDenied('The event could not be deleted as some constraints (e.g. data created by plug-ins) '
+                                   'do not allow it.')
+
+
+class CloneEventViewSet(viewsets.ModelViewSet):
+    serializer_class = CloneEventSerializer
+    queryset = Event.objects.none()
+    lookup_field = 'slug'
+    lookup_url_kwarg = 'event'
+    http_method_names = ['post']
+    write_permission = 'can_create_events'
+
+    def get_serializer_context(self):
+        ctx = super().get_serializer_context()
+        ctx['event'] = self.kwargs['event']
+        ctx['organizer'] = self.request.organizer
+        return ctx
+
+    def perform_create(self, serializer):
+        serializer.save(organizer=self.request.organizer)
+
+        serializer.instance.log_action(
+            'pretix.event.added',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            data=self.request.data
+        )
+

 class SubEventFilter(FilterSet):
    class Meta: