mirror of
https://github.com/pretix/pretix.git
synced 2026-05-08 15:44:02 +00:00
Refactor query and assignment usages of old permissions
This commit is contained in:
Raphael Michel
committed by
Raphael Michel
Raphael Michel
parent
f194c7df65
commit
96ac8ef103
@@ -381,7 +381,7 @@ class Team(LoggedModel):
|
||||
can_change_orders = LegacyPermissionProperty()
|
||||
can_checkin_orders = LegacyPermissionProperty()
|
||||
can_view_vouchers = LegacyPermissionProperty()
|
||||
can_change_vuchers = LegacyPermissionProperty()
|
||||
can_change_vouchers = LegacyPermissionProperty()
|
||||
can_create_events = LegacyPermissionProperty()
|
||||
can_change_organizer_settings = LegacyPermissionProperty()
|
||||
can_change_teams = LegacyPermissionProperty()
|
||||
|
||||
@@ -62,6 +62,7 @@ from pretix.base.forms import (
|
||||
)
|
||||
from pretix.base.models import Event, Organizer, TaxRule, Team
|
||||
from pretix.base.models.event import EventFooterLink, EventMetaValue, SubEvent
|
||||
from pretix.base.models.organizer import TeamQuerySet
|
||||
from pretix.base.models.tax import TAX_CODE_LISTS
|
||||
from pretix.base.reldate import RelativeDateField, RelativeDateTimeField
|
||||
from pretix.base.services.placeholders import FormPlaceholderMixin
|
||||
@@ -104,7 +105,7 @@ class EventWizardFoundationForm(forms.Form):
|
||||
qs = Organizer.objects.all()
|
||||
if not self.user.has_active_staff_session(self.session.session_key):
|
||||
qs = qs.filter(
|
||||
id__in=self.user.teams.filter(can_create_events=True).values_list('organizer', flat=True)
|
||||
id__in=self.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).values_list('organizer', flat=True)
|
||||
)
|
||||
self.fields['organizer'] = forms.ModelChoiceField(
|
||||
label=_("Organizer"),
|
||||
@@ -262,8 +263,12 @@ class EventWizardBasicsForm(I18nModelForm):
|
||||
@staticmethod
|
||||
def has_control_rights(user, organizer, session):
|
||||
return user.teams.filter(
|
||||
organizer=organizer, all_events=True, can_change_event_settings=True, can_change_items=True,
|
||||
can_change_orders=True, can_change_vouchers=True
|
||||
TeamQuerySet.event_permission_q("event.items:write"),
|
||||
TeamQuerySet.event_permission_q("event.orders:write"),
|
||||
TeamQuerySet.event_permission_q("event.vouchers:write"),
|
||||
TeamQuerySet.event_permission_q("event.settings.general:write"),
|
||||
organizer=organizer,
|
||||
all_events=True,
|
||||
).exists() or user.has_active_staff_session(session.session_key)
|
||||
|
||||
|
||||
@@ -294,9 +299,14 @@ class EventWizardCopyForm(forms.Form):
|
||||
return Event.objects.all()
|
||||
return Event.objects.filter(
|
||||
Q(organizer_id__in=user.teams.filter(
|
||||
all_events=True, can_change_event_settings=True, can_change_items=True
|
||||
# TODO: review these!
|
||||
# Restrict cross-organizer copying further than same-organizer copying?
|
||||
TeamQuerySet.event_permission_q("event.settings.general:write"),
|
||||
TeamQuerySet.event_permission_q("event.items:write"),
|
||||
all_events=True,
|
||||
).values_list('organizer', flat=True)) | Q(id__in=user.teams.filter(
|
||||
can_change_event_settings=True, can_change_items=True
|
||||
TeamQuerySet.event_permission_q("event.settings.general:write"),
|
||||
TeamQuerySet.event_permission_q("event.items:write"),
|
||||
).values_list('limit_events__id', flat=True))
|
||||
)
|
||||
|
||||
|
||||
@@ -75,7 +75,7 @@ from pretix.base.models import (
|
||||
ReusableMedium, SalesChannel, Team,
|
||||
)
|
||||
from pretix.base.models.customers import CustomerSSOClient, CustomerSSOProvider
|
||||
from pretix.base.models.organizer import OrganizerFooterLink
|
||||
from pretix.base.models.organizer import OrganizerFooterLink, TeamQuerySet
|
||||
from pretix.base.settings import (
|
||||
PERSON_NAME_SCHEMES, PERSON_NAME_TITLE_GROUPS, validate_organizer_settings,
|
||||
)
|
||||
@@ -325,7 +325,8 @@ class TeamForm(forms.ModelForm):
|
||||
data = super().clean()
|
||||
if self.instance.pk and not data['can_change_teams']:
|
||||
if not self.instance.organizer.teams.exclude(pk=self.instance.pk).filter(
|
||||
can_change_teams=True, members__isnull=False
|
||||
TeamQuerySet.organizer_permission_q("organizer.teams:write"),
|
||||
members__isnull=False
|
||||
).exists():
|
||||
raise ValidationError(_('The changes could not be saved because there would be no remaining team with '
|
||||
'the permission to change teams and permissions.'))
|
||||
|
||||
@@ -66,6 +66,7 @@ from pretix.control.signals import (
|
||||
from pretix.helpers.daterange import daterange
|
||||
|
||||
from ...base.models.orders import CancellationRequest
|
||||
from ...base.models.organizer import TeamQuerySet
|
||||
from ...base.templatetags.money import money_filter
|
||||
from ..logdisplay import OVERVIEW_BANLIST
|
||||
|
||||
@@ -491,8 +492,13 @@ def widgets_for_event_qs(request, qs, user, nmax, lazy=False):
|
||||
# Get set of events where we have the permission to show the # of orders
|
||||
if not lazy:
|
||||
events_with_orders = set(qs.filter(
|
||||
Q(organizer_id__in=user.teams.filter(all_events=True, can_view_orders=True).values_list('organizer', flat=True))
|
||||
| Q(id__in=user.teams.filter(can_view_orders=True).values_list('limit_events__id', flat=True))
|
||||
Q(organizer_id__in=user.teams.filter(
|
||||
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||
all_events=True,
|
||||
).values_list('organizer', flat=True))
|
||||
| Q(id__in=user.teams.filter(
|
||||
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||
).values_list('limit_events__id', flat=True))
|
||||
).values_list('id', flat=True))
|
||||
|
||||
tpl = """
|
||||
|
||||
@@ -51,6 +51,7 @@ from i18nfield.strings import LazyI18nString
|
||||
from pretix.base.forms import SafeSessionWizardView
|
||||
from pretix.base.i18n import language
|
||||
from pretix.base.models import Event, EventMetaValue, Organizer, Quota, Team
|
||||
from pretix.base.models.organizer import TeamQuerySet
|
||||
from pretix.base.services.quotas import QuotaAvailability
|
||||
from pretix.control.forms.event import (
|
||||
EventWizardBasicsForm, EventWizardCopyForm, EventWizardFoundationForm,
|
||||
@@ -190,7 +191,9 @@ class EventWizard(SafeSessionWizardView):
|
||||
qs = Organizer.objects.all()
|
||||
if not self.request.user.has_active_staff_session(self.request.session.session_key):
|
||||
qs = qs.filter(
|
||||
id__in=self.request.user.teams.filter(can_create_events=True).values_list('organizer', flat=True)
|
||||
id__in=self.request.user.teams.filter(
|
||||
TeamQuerySet.organizer_permission_q("organizer.events:create"),
|
||||
).values_list('organizer', flat=True)
|
||||
)
|
||||
organizer = qs.get(slug=self.request.GET.get('organizer'))
|
||||
initial['organizer'] = organizer
|
||||
@@ -222,7 +225,7 @@ class EventWizard(SafeSessionWizardView):
|
||||
|
||||
def get_context_data(self, form, **kwargs):
|
||||
ctx = super().get_context_data(form, **kwargs)
|
||||
ctx['has_organizer'] = self.request.user.teams.filter(can_create_events=True).exists()
|
||||
ctx['has_organizer'] = self.request.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).exists()
|
||||
if self.steps.current == 'basics':
|
||||
ctx['organizer'] = self.get_cleaned_data_for_step('foundation').get('organizer')
|
||||
return ctx
|
||||
@@ -284,21 +287,16 @@ class EventWizard(SafeSessionWizardView):
|
||||
name=_('Team {event}').format(
|
||||
event=str(event.name)[:100] + "…" if len(str(event.name)) > 100 else str(event.name)
|
||||
),
|
||||
can_change_event_settings=True, can_change_items=True,
|
||||
can_view_orders=True, can_change_orders=True, can_view_vouchers=True,
|
||||
can_change_vouchers=True
|
||||
all_organizer_permissions=False,
|
||||
all_event_permissions=True,
|
||||
)
|
||||
t.members.add(self.request.user)
|
||||
t.limit_events.add(event)
|
||||
t.log_action('pretix.team.created', user=self.request.user, data={
|
||||
'_created_by_event_wizard': True,
|
||||
'name': t.name,
|
||||
'can_change_event_settings': True,
|
||||
'can_change_items': True,
|
||||
'can_view_orders': True,
|
||||
'can_change_orders': True,
|
||||
'can_view_vouchers': True,
|
||||
'can_change_vouchers': True,
|
||||
'all_organizer_permissions': False,
|
||||
'all_event_permissions': True,
|
||||
'limit_events': [event.pk],
|
||||
})
|
||||
|
||||
|
||||
@@ -96,7 +96,9 @@ from pretix.base.models.giftcards import (
|
||||
GiftCardAcceptance, GiftCardTransaction, gen_giftcard_secret,
|
||||
)
|
||||
from pretix.base.models.orders import CancellationRequest
|
||||
from pretix.base.models.organizer import SalesChannel, TeamAPIToken
|
||||
from pretix.base.models.organizer import (
|
||||
SalesChannel, TeamAPIToken, TeamQuerySet,
|
||||
)
|
||||
from pretix.base.payment import PaymentException
|
||||
from pretix.base.plugins import (
|
||||
PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID,
|
||||
@@ -581,10 +583,7 @@ class OrganizerCreate(CreateView):
|
||||
ret = super().form_valid(form)
|
||||
t = Team.objects.create(
|
||||
organizer=form.instance, name=_('Administrators'),
|
||||
all_events=True, can_create_events=True, can_change_teams=True, can_manage_gift_cards=True,
|
||||
can_change_organizer_settings=True, can_change_event_settings=True, can_change_items=True,
|
||||
can_manage_customers=True, can_manage_reusable_media=True,
|
||||
can_view_orders=True, can_change_orders=True, can_view_vouchers=True, can_change_vouchers=True
|
||||
all_events=True, all_event_permissions=True, all_organizer_permissions=True,
|
||||
)
|
||||
t.members.add(self.request.user)
|
||||
return ret
|
||||
@@ -972,7 +971,8 @@ class TeamDeleteView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
|
||||
|
||||
def is_allowed(self) -> bool:
|
||||
return self.request.organizer.teams.exclude(pk=self.kwargs.get('team')).filter(
|
||||
can_change_teams=True, members__isnull=False
|
||||
TeamQuerySet.organizer_permission_q("organizer.teams:write"),
|
||||
members__isnull=False
|
||||
).exists() or self.request.user.has_active_staff_session(self.request.session.session_key)
|
||||
|
||||
@transaction.atomic
|
||||
@@ -1065,9 +1065,10 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
|
||||
pass
|
||||
else:
|
||||
other_admin_teams = self.request.organizer.teams.exclude(pk=self.object.pk).filter(
|
||||
can_change_teams=True, members__isnull=False
|
||||
TeamQuerySet.organizer_permission_q("organizer.teams:write"),
|
||||
members__isnull=False
|
||||
).exists() or self.request.user.has_active_staff_session(self.request.session.session_key)
|
||||
if not other_admin_teams and self.object.can_change_teams and self.object.members.count() == 1:
|
||||
if not other_admin_teams and self.object.has_permission() and self.object.members.count() == 1:
|
||||
messages.error(self.request, _('You cannot remove the last member from this team as no one would '
|
||||
'be left with the permission to change teams.'))
|
||||
return redirect(self.get_success_url())
|
||||
|
||||
@@ -51,6 +51,7 @@ from pretix.base.models import (
|
||||
ItemVariation, ItemVariationMetaValue, Order, OrderPosition, Organizer,
|
||||
SubEventMetaValue, User, Voucher,
|
||||
)
|
||||
from pretix.base.models.organizer import TeamQuerySet
|
||||
from pretix.control.forms.event import EventWizardCopyForm
|
||||
from pretix.control.permissions import (
|
||||
event_permission_required, organizer_permission_required,
|
||||
@@ -240,8 +241,13 @@ def ticket_select2(request, **kwargs):
|
||||
qs_orders = qs_orders.filter(
|
||||
exact_match | (
|
||||
soft_match & (
|
||||
Q(order__event__organizer_id__in=request.user.teams.filter(all_events=True, can_view_orders=True).values_list('organizer', flat=True))
|
||||
| Q(order__event_id__in=request.user.teams.filter(can_view_orders=True).values_list('limit_events__id', flat=True))
|
||||
Q(order__event__organizer_id__in=request.user.teams.filter(
|
||||
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||
all_events=True,
|
||||
).values_list('organizer', flat=True))
|
||||
| Q(order__event_id__in=request.user.teams.filter(
|
||||
TeamQuerySet.event_permission_q("event.orders:read")
|
||||
).values_list('limit_events__id', flat=True))
|
||||
)
|
||||
)
|
||||
)
|
||||
@@ -337,9 +343,9 @@ def nav_context_list(request):
|
||||
if not request.user.has_active_staff_session(request.session.session_key):
|
||||
qs_orders = qs_orders.filter(
|
||||
Q(event__organizer_id__in=request.user.teams.filter(
|
||||
all_events=True, can_view_orders=True).values_list('organizer', flat=True))
|
||||
TeamQuerySet.event_permission_q("event.orders:read"), all_events=True).values_list('organizer', flat=True))
|
||||
| Q(event_id__in=request.user.teams.filter(
|
||||
can_view_orders=True).values_list('limit_events__id', flat=True))
|
||||
TeamQuerySet.event_permission_q("event.orders:read")).values_list('limit_events__id', flat=True))
|
||||
)
|
||||
|
||||
qs_vouchers = Voucher.objects.filter(
|
||||
@@ -348,9 +354,9 @@ def nav_context_list(request):
|
||||
if not request.user.has_active_staff_session(request.session.session_key):
|
||||
qs_vouchers = qs_vouchers.filter(
|
||||
Q(event__organizer_id__in=request.user.teams.filter(
|
||||
all_events=True, can_view_vouchers=True).values_list('organizer', flat=True))
|
||||
TeamQuerySet.event_permission_q("event.vouchers:read"), all_events=True).values_list('organizer', flat=True))
|
||||
| Q(event_id__in=request.user.teams.filter(
|
||||
can_view_vouchers=True).values_list('limit_events__id', flat=True))
|
||||
TeamQuerySet.event_permission_q("event.vouchers:read")).values_list('limit_events__id', flat=True))
|
||||
)
|
||||
else:
|
||||
qs_vouchers = Voucher.objects.none()
|
||||
@@ -813,7 +819,7 @@ def organizer_select2(request):
|
||||
qs = qs.filter(Q(name__icontains=term) | Q(slug__icontains=term))
|
||||
if not request.user.has_active_staff_session(request.session.session_key):
|
||||
if 'can_create' in request.GET:
|
||||
qs = qs.filter(pk__in=request.user.teams.filter(can_create_events=True).values_list('organizer', flat=True))
|
||||
qs = qs.filter(pk__in=request.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).values_list('organizer', flat=True))
|
||||
else:
|
||||
qs = qs.filter(pk__in=request.user.teams.values_list('organizer', flat=True))
|
||||
|
||||
@@ -976,21 +982,21 @@ def item_meta_values(request, organizer, event):
|
||||
var_matches = var_matches.filter(variation__item__event__organizer_id=organizer.pk)
|
||||
all_access = (
|
||||
request.user.has_active_staff_session(request.session.session_key)
|
||||
or request.user.teams.filter(all_events=True, organizer=organizer, can_change_items=True).exists()
|
||||
or request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write"), all_events=True, organizer=organizer).exists()
|
||||
)
|
||||
if not all_access:
|
||||
defaults = defaults.filter(
|
||||
event__id__in=request.user.teams.filter(can_change_items=True).values_list(
|
||||
event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list(
|
||||
'limit_events__id', flat=True
|
||||
)
|
||||
)
|
||||
matches = matches.filter(
|
||||
item__event__id__in=request.user.teams.filter(can_change_items=True).values_list(
|
||||
item__event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list(
|
||||
'limit_events__id', flat=True
|
||||
)
|
||||
)
|
||||
var_matches = var_matches.filter(
|
||||
variation__item__event__id__in=request.user.teams.filter(can_change_items=True).values_list(
|
||||
variation__item__event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list(
|
||||
'limit_events__id', flat=True
|
||||
)
|
||||
)
|
||||
|
||||
@@ -42,7 +42,7 @@ OLD_TO_NEW_ORGANIZER_MIGRATION = {
|
||||
"can_create_events": ["organizer.events:create"],
|
||||
"can_change_organizer_settings": ["organizer.settings.general:write", "organizer.devices:read",
|
||||
"organizer.devices:write"],
|
||||
"can_change_teams": ["organizer.teams:write"],
|
||||
"can_change_teams": ["organizer.teams:write", "organizer.teams:read"],
|
||||
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
||||
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
||||
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
||||
@@ -59,7 +59,7 @@ OLD_TO_NEW_EVENT_COMPAT = {
|
||||
OLD_TO_NEW_ORGANIZER_COMPAT = {
|
||||
"can_create_events": ["organizer.events:create"],
|
||||
"can_change_organizer_settings": ["organizer.settings.general:write"],
|
||||
"can_change_teams": ["organizer.teams:write"],
|
||||
"can_change_teams": ["organizer.teams:write", "organizer.teams:read"],
|
||||
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
||||
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
||||
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
||||
|
||||
@@ -58,6 +58,7 @@ from localflavor.generic.forms import BICFormField, IBANFormField
|
||||
|
||||
from pretix.base.forms.widgets import DatePickerWidget
|
||||
from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota
|
||||
from pretix.base.models.organizer import TeamQuerySet
|
||||
from pretix.base.settings import SettingsSandbox
|
||||
from pretix.base.templatetags.money import money_filter
|
||||
from pretix.control.permissions import (
|
||||
@@ -655,14 +656,20 @@ class OrganizerActionView(OrganizerBanktransferView, OrganizerPermissionRequired
|
||||
permission = 'can_change_orders'
|
||||
|
||||
def order_qs(self):
|
||||
all = self.request.user.teams.filter(organizer=self.request.organizer, can_change_orders=True,
|
||||
can_view_orders=True, all_events=True).exists()
|
||||
all = self.request.user.teams.filter(
|
||||
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||
TeamQuerySet.event_permission_q("event.orders:write"),
|
||||
all_events=True,
|
||||
organizer=self.request.organizer,
|
||||
).exists()
|
||||
if self.request.user.has_active_staff_session(self.request.session.session_key) or all:
|
||||
return Order.objects.filter(event__organizer=self.request.organizer)
|
||||
else:
|
||||
return Order.objects.filter(
|
||||
event_id__in=self.request.user.teams.filter(
|
||||
organizer=self.request.organizer, can_change_orders=True, can_view_orders=True
|
||||
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||
TeamQuerySet.event_permission_q("event.orders:write"),
|
||||
organizer=self.request.organizer,
|
||||
).values_list('limit_events__id', flat=True)
|
||||
)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user