From 864ff2dbd3116beb40e9d928a295c2f3776fefdd Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Tue, 13 Jan 2026 12:02:56 +0100 Subject: [PATCH] Add permission for seating plans --- doc/api/resources/teams.rst | 1 + src/pretix/api/views/organizer.py | 4 ++-- src/pretix/base/permissions.py | 2 ++ src/pretix/helpers/permission_migration.py | 2 +- src/tests/api/test_permissions.py | 3 +++ 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/api/resources/teams.rst b/doc/api/resources/teams.rst index e41796d3bc..e023459598 100644 --- a/doc/api/resources/teams.rst +++ b/doc/api/resources/teams.rst @@ -50,6 +50,7 @@ Possible values for ``limit_organizer_permissions`` defined in the core pretix s organizer.events:create organizer.settings.general:write organizer.teams:write + organizer.seatingplans:write organizer.giftcards:read organizer.giftcards:write organizer.customers:read diff --git a/src/pretix/api/views/organizer.py b/src/pretix/api/views/organizer.py index d1553224da..cd27fd693c 100644 --- a/src/pretix/api/views/organizer.py +++ b/src/pretix/api/views/organizer.py @@ -154,8 +154,8 @@ class OrganizerViewSet(mixins.UpdateModelMixin, viewsets.ReadOnlyModelViewSet): class SeatingPlanViewSet(viewsets.ModelViewSet): serializer_class = SeatingPlanSerializer queryset = SeatingPlan.objects.none() - permission = 'organizer.settings.general:write' - write_permission = 'organizer.settings.general:write' + permission = None + write_permission = 'organizer.seatingplans:write' def get_queryset(self): return self.request.organizer.seating_plans.order_by('name') diff --git a/src/pretix/base/permissions.py b/src/pretix/base/permissions.py index 4a63597f24..d5ab008f25 100644 --- a/src/pretix/base/permissions.py +++ b/src/pretix/base/permissions.py @@ -112,4 +112,6 @@ def register_default_organizer_permissions(sender, **kwargs): Permission("organizer.devices:read", _("View devices and gates"), None, None), Permission("organizer.devices:write", _("Change devices and gates"), None, _("This includes the ability to give access to events and data oneself does not have access to.")), + Permission("organizer.seatingplans:write", _("Change seating plans"), None, + _("Read access is implicitly given to all teams.")), ] diff --git a/src/pretix/helpers/permission_migration.py b/src/pretix/helpers/permission_migration.py index f6d88710db..435f801777 100644 --- a/src/pretix/helpers/permission_migration.py +++ b/src/pretix/helpers/permission_migration.py @@ -42,7 +42,7 @@ OLD_TO_NEW_EVENT_MIGRATION = { OLD_TO_NEW_ORGANIZER_MIGRATION = { "can_create_events": ["organizer.events:create"], "can_change_organizer_settings": ["organizer.settings.general:write", "organizer.devices:read", - "organizer.devices:write"], + "organizer.devices:write", "organizer.seatingplans:write"], "can_change_teams": ["organizer.teams:write"], "can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"], "can_manage_customers": ["organizer.customers:read", "organizer.customers:write"], diff --git a/src/tests/api/test_permissions.py b/src/tests/api/test_permissions.py index b11e97251b..0b3f7627d4 100644 --- a/src/tests/api/test_permissions.py +++ b/src/tests/api/test_permissions.py @@ -274,6 +274,9 @@ org_permission_sub_urls = [ ('post', 'organizer.reusablemedia:write', 'reusablemedia/', 400), ('patch', 'organizer.reusablemedia:write', 'reusablemedia/1/', 404), ('put', 'organizer.reusablemedia:write', 'reusablemedia/1/', 404), + ('post', 'organizer.seatingplans:write', 'seatingplans/', 400), + ('patch', 'organizer.seatingplans:write', 'seatingplans/1/', 404), + ('put', 'organizer.seatingplans:write', 'seatingplans/1/', 404), ]