From 8acc23a27a50d31e209c56b3b5f93ca09697e8fb Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Mon, 15 Jun 2015 21:51:51 +0200 Subject: [PATCH] Added a basic permission matrix editor for events --- ..._eventpermission_can_change_permissions.py | 19 +++++++ src/pretix/base/models.py | 4 ++ .../templates/pretixcontrol/event/base.html | 6 +++ .../pretixcontrol/event/payment.html | 5 -- .../pretixcontrol/event/permissions.html | 43 ++++++++++++++++ src/pretix/control/urls.py | 1 + src/pretix/control/views/event.py | 49 ++++++++++++++++++- 7 files changed, 121 insertions(+), 6 deletions(-) create mode 100644 src/pretix/base/migrations/0004_eventpermission_can_change_permissions.py create mode 100644 src/pretix/control/templates/pretixcontrol/event/permissions.html diff --git a/src/pretix/base/migrations/0004_eventpermission_can_change_permissions.py b/src/pretix/base/migrations/0004_eventpermission_can_change_permissions.py new file mode 100644 index 0000000000..fbfec7b010 --- /dev/null +++ b/src/pretix/base/migrations/0004_eventpermission_can_change_permissions.py @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('pretixbase', '0003_auto_20150602_2232'), + ] + + operations = [ + migrations.AddField( + model_name='eventpermission', + name='can_change_permissions', + field=models.BooleanField(default=True, verbose_name='Can change permissions'), + ), + ] diff --git a/src/pretix/base/models.py b/src/pretix/base/models.py index 9f95267c07..f9d818b1f6 100644 --- a/src/pretix/base/models.py +++ b/src/pretix/base/models.py @@ -538,6 +538,10 @@ class EventPermission(Versionable): default=True, verbose_name=_("Can view orders") ) + can_change_permissions = models.BooleanField( + default=True, + verbose_name=_("Can change permissions") + ) can_change_orders = models.BooleanField( default=True, verbose_name=_("Can change orders") diff --git a/src/pretix/control/templates/pretixcontrol/event/base.html b/src/pretix/control/templates/pretixcontrol/event/base.html index 93021e2a49..83b7e5ec23 100644 --- a/src/pretix/control/templates/pretixcontrol/event/base.html +++ b/src/pretix/control/templates/pretixcontrol/event/base.html @@ -22,6 +22,12 @@ {% trans "General" %} +
  • + + {% trans "Permissions" %} + +
  • diff --git a/src/pretix/control/templates/pretixcontrol/event/payment.html b/src/pretix/control/templates/pretixcontrol/event/payment.html index aafdfa9326..638b06a10f 100644 --- a/src/pretix/control/templates/pretixcontrol/event/payment.html +++ b/src/pretix/control/templates/pretixcontrol/event/payment.html @@ -6,11 +6,6 @@ {% csrf_token %}
    {% trans "Payment settings" %} - {% if "success" in request.GET %} -
    - {% trans "Your changes have been saved." %} -
    - {% endif %} {% for provider in providers %}
    diff --git a/src/pretix/control/templates/pretixcontrol/event/permissions.html b/src/pretix/control/templates/pretixcontrol/event/permissions.html new file mode 100644 index 0000000000..e4222cb361 --- /dev/null +++ b/src/pretix/control/templates/pretixcontrol/event/permissions.html @@ -0,0 +1,43 @@ +{% extends "pretixcontrol/event/settings_base.html" %} +{% load i18n %} +{% load bootstrap3 %} +{% block inside %} +
    + {% csrf_token %} +
    + {% trans "Permissions" %} + {{ formset.management_form }} + + + + + + + + + + + + + + {% for form in formset %} + + + + + + + + + + {% endfor %} + +
    {% trans "User" %}{% trans "Change settings" %}{% trans "Change products" %}{% trans "View orders" %}{% trans "Change orders" %}{% trans "Change permissions" %}{% trans "Delete" %}
    {{ form.id }}{{ form.instance.user }}{{ form.can_change_settings }}{{ form.can_change_items }}{{ form.can_view_orders }}{{ form.can_change_orders }}{{ form.can_change_permissions }}{{ form.DELETE }}
    +
    +
    + +
    +
    +{% endblock %} diff --git a/src/pretix/control/urls.py b/src/pretix/control/urls.py index 633ef415dd..fb32c615a7 100644 --- a/src/pretix/control/urls.py +++ b/src/pretix/control/urls.py @@ -18,6 +18,7 @@ urlpatterns = [ url(r'^$', event.index, name='event.index'), url(r'^settings/$', event.EventUpdate.as_view(), name='event.settings'), url(r'^settings/plugins$', event.EventPlugins.as_view(), name='event.settings.plugins'), + url(r'^settings/permissions$', event.EventPermissions.as_view(), name='event.settings.permissions'), url(r'^settings/payment$', event.PaymentSettings.as_view(), name='event.settings.payment'), url(r'^settings/tickets$', event.TicketSettings.as_view(), name='event.settings.tickets'), url(r'^items/$', item.ItemList.as_view(), name='event.items'), diff --git a/src/pretix/control/views/event.py b/src/pretix/control/views/event.py index b64923b046..4731ec5f76 100644 --- a/src/pretix/control/views/event.py +++ b/src/pretix/control/views/event.py @@ -2,6 +2,7 @@ from collections import OrderedDict from django.contrib import messages from django.db.models import Sum +from django.forms import inlineformset_factory, formset_factory, modelformset_factory, BaseInlineFormSet from django.shortcuts import render, redirect from django.utils.functional import cached_property from django.views.generic import FormView @@ -9,8 +10,9 @@ from django.views.generic.base import TemplateView from django.views.generic.detail import SingleObjectMixin from django.utils.translation import ugettext_lazy as _ from django.core.urlresolvers import reverse +from pretix.base.forms import VersionedModelForm from pretix.control.forms.event import ProviderForm, TicketSettingsForm, EventSettingsForm, EventUpdateForm -from pretix.base.models import Event, OrderPosition, Order, Item +from pretix.base.models import Event, OrderPosition, Order, Item, EventPermission from pretix.base.signals import register_payment_providers, register_ticket_outputs from pretix.control.permissions import EventPermissionRequiredMixin from . import UpdateView @@ -253,3 +255,48 @@ def index(request, organizer, event): ).count() } return render(request, 'pretixcontrol/event/index.html', ctx) + + +class EventPermissions(EventPermissionRequiredMixin, TemplateView): + model = Event + form_class = TicketSettingsForm + template_name = 'pretixcontrol/event/permissions.html' + permission = 'can_change_permissions' + + @cached_property + def formset(self): + fs = modelformset_factory( + EventPermission, + form=VersionedModelForm, + fields=('can_change_settings', 'can_change_items', 'can_change_permissions', 'can_view_orders', + 'can_change_orders'), + can_delete=True, can_order=False, extra=0 + ) + return fs(data=self.request.POST if self.request.method == "POST" else None, + queryset=EventPermission.objects.current.filter(event=self.request.event)) + + def get_context_data(self, **kwargs): + ctx = super().get_context_data(**kwargs) + ctx['formset'] = self.formset + return ctx + + def post(self, *args, **kwargs): + if self.formset.is_valid(): + for form in self.formset.forms: + if form.instance.user_id == self.request.user.pk: + if not form.cleaned_data['can_change_permissions'] or form in self.formset.deleted_forms: + messages.error(self.request, _('You cannot remove your own permission to view this page.')) + return self.get(*args, **kwargs) + + self.formset.save() + messages.success(self.request, _('Your changes have been saved.')) + return redirect(self.get_success_url()) + else: + messages.error(self.request, _('Your changes could not be saved.')) + return self.get(*args, **kwargs) + + def get_success_url(self) -> str: + return reverse('control:event.settings.permissions', kwargs={ + 'organizer': self.request.event.organizer.slug, + 'event': self.request.event.slug + })