mirror of
https://github.com/pretix/pretix.git
synced 2026-05-10 16:04:02 +00:00
Refactor query and assignment usages of old permissions
This commit is contained in:
Raphael Michel
committed by
Raphael Michel
Raphael Michel
parent
f194c7df65
commit
96ac8ef103
@@ -381,7 +381,7 @@ class Team(LoggedModel):
|
|||||||
can_change_orders = LegacyPermissionProperty()
|
can_change_orders = LegacyPermissionProperty()
|
||||||
can_checkin_orders = LegacyPermissionProperty()
|
can_checkin_orders = LegacyPermissionProperty()
|
||||||
can_view_vouchers = LegacyPermissionProperty()
|
can_view_vouchers = LegacyPermissionProperty()
|
||||||
can_change_vuchers = LegacyPermissionProperty()
|
can_change_vouchers = LegacyPermissionProperty()
|
||||||
can_create_events = LegacyPermissionProperty()
|
can_create_events = LegacyPermissionProperty()
|
||||||
can_change_organizer_settings = LegacyPermissionProperty()
|
can_change_organizer_settings = LegacyPermissionProperty()
|
||||||
can_change_teams = LegacyPermissionProperty()
|
can_change_teams = LegacyPermissionProperty()
|
||||||
|
|||||||
@@ -62,6 +62,7 @@ from pretix.base.forms import (
|
|||||||
)
|
)
|
||||||
from pretix.base.models import Event, Organizer, TaxRule, Team
|
from pretix.base.models import Event, Organizer, TaxRule, Team
|
||||||
from pretix.base.models.event import EventFooterLink, EventMetaValue, SubEvent
|
from pretix.base.models.event import EventFooterLink, EventMetaValue, SubEvent
|
||||||
|
from pretix.base.models.organizer import TeamQuerySet
|
||||||
from pretix.base.models.tax import TAX_CODE_LISTS
|
from pretix.base.models.tax import TAX_CODE_LISTS
|
||||||
from pretix.base.reldate import RelativeDateField, RelativeDateTimeField
|
from pretix.base.reldate import RelativeDateField, RelativeDateTimeField
|
||||||
from pretix.base.services.placeholders import FormPlaceholderMixin
|
from pretix.base.services.placeholders import FormPlaceholderMixin
|
||||||
@@ -104,7 +105,7 @@ class EventWizardFoundationForm(forms.Form):
|
|||||||
qs = Organizer.objects.all()
|
qs = Organizer.objects.all()
|
||||||
if not self.user.has_active_staff_session(self.session.session_key):
|
if not self.user.has_active_staff_session(self.session.session_key):
|
||||||
qs = qs.filter(
|
qs = qs.filter(
|
||||||
id__in=self.user.teams.filter(can_create_events=True).values_list('organizer', flat=True)
|
id__in=self.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).values_list('organizer', flat=True)
|
||||||
)
|
)
|
||||||
self.fields['organizer'] = forms.ModelChoiceField(
|
self.fields['organizer'] = forms.ModelChoiceField(
|
||||||
label=_("Organizer"),
|
label=_("Organizer"),
|
||||||
@@ -262,8 +263,12 @@ class EventWizardBasicsForm(I18nModelForm):
|
|||||||
@staticmethod
|
@staticmethod
|
||||||
def has_control_rights(user, organizer, session):
|
def has_control_rights(user, organizer, session):
|
||||||
return user.teams.filter(
|
return user.teams.filter(
|
||||||
organizer=organizer, all_events=True, can_change_event_settings=True, can_change_items=True,
|
TeamQuerySet.event_permission_q("event.items:write"),
|
||||||
can_change_orders=True, can_change_vouchers=True
|
TeamQuerySet.event_permission_q("event.orders:write"),
|
||||||
|
TeamQuerySet.event_permission_q("event.vouchers:write"),
|
||||||
|
TeamQuerySet.event_permission_q("event.settings.general:write"),
|
||||||
|
organizer=organizer,
|
||||||
|
all_events=True,
|
||||||
).exists() or user.has_active_staff_session(session.session_key)
|
).exists() or user.has_active_staff_session(session.session_key)
|
||||||
|
|
||||||
|
|
||||||
@@ -294,9 +299,14 @@ class EventWizardCopyForm(forms.Form):
|
|||||||
return Event.objects.all()
|
return Event.objects.all()
|
||||||
return Event.objects.filter(
|
return Event.objects.filter(
|
||||||
Q(organizer_id__in=user.teams.filter(
|
Q(organizer_id__in=user.teams.filter(
|
||||||
all_events=True, can_change_event_settings=True, can_change_items=True
|
# TODO: review these!
|
||||||
|
# Restrict cross-organizer copying further than same-organizer copying?
|
||||||
|
TeamQuerySet.event_permission_q("event.settings.general:write"),
|
||||||
|
TeamQuerySet.event_permission_q("event.items:write"),
|
||||||
|
all_events=True,
|
||||||
).values_list('organizer', flat=True)) | Q(id__in=user.teams.filter(
|
).values_list('organizer', flat=True)) | Q(id__in=user.teams.filter(
|
||||||
can_change_event_settings=True, can_change_items=True
|
TeamQuerySet.event_permission_q("event.settings.general:write"),
|
||||||
|
TeamQuerySet.event_permission_q("event.items:write"),
|
||||||
).values_list('limit_events__id', flat=True))
|
).values_list('limit_events__id', flat=True))
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -75,7 +75,7 @@ from pretix.base.models import (
|
|||||||
ReusableMedium, SalesChannel, Team,
|
ReusableMedium, SalesChannel, Team,
|
||||||
)
|
)
|
||||||
from pretix.base.models.customers import CustomerSSOClient, CustomerSSOProvider
|
from pretix.base.models.customers import CustomerSSOClient, CustomerSSOProvider
|
||||||
from pretix.base.models.organizer import OrganizerFooterLink
|
from pretix.base.models.organizer import OrganizerFooterLink, TeamQuerySet
|
||||||
from pretix.base.settings import (
|
from pretix.base.settings import (
|
||||||
PERSON_NAME_SCHEMES, PERSON_NAME_TITLE_GROUPS, validate_organizer_settings,
|
PERSON_NAME_SCHEMES, PERSON_NAME_TITLE_GROUPS, validate_organizer_settings,
|
||||||
)
|
)
|
||||||
@@ -325,7 +325,8 @@ class TeamForm(forms.ModelForm):
|
|||||||
data = super().clean()
|
data = super().clean()
|
||||||
if self.instance.pk and not data['can_change_teams']:
|
if self.instance.pk and not data['can_change_teams']:
|
||||||
if not self.instance.organizer.teams.exclude(pk=self.instance.pk).filter(
|
if not self.instance.organizer.teams.exclude(pk=self.instance.pk).filter(
|
||||||
can_change_teams=True, members__isnull=False
|
TeamQuerySet.organizer_permission_q("organizer.teams:write"),
|
||||||
|
members__isnull=False
|
||||||
).exists():
|
).exists():
|
||||||
raise ValidationError(_('The changes could not be saved because there would be no remaining team with '
|
raise ValidationError(_('The changes could not be saved because there would be no remaining team with '
|
||||||
'the permission to change teams and permissions.'))
|
'the permission to change teams and permissions.'))
|
||||||
|
|||||||
@@ -66,6 +66,7 @@ from pretix.control.signals import (
|
|||||||
from pretix.helpers.daterange import daterange
|
from pretix.helpers.daterange import daterange
|
||||||
|
|
||||||
from ...base.models.orders import CancellationRequest
|
from ...base.models.orders import CancellationRequest
|
||||||
|
from ...base.models.organizer import TeamQuerySet
|
||||||
from ...base.templatetags.money import money_filter
|
from ...base.templatetags.money import money_filter
|
||||||
from ..logdisplay import OVERVIEW_BANLIST
|
from ..logdisplay import OVERVIEW_BANLIST
|
||||||
|
|
||||||
@@ -491,8 +492,13 @@ def widgets_for_event_qs(request, qs, user, nmax, lazy=False):
|
|||||||
# Get set of events where we have the permission to show the # of orders
|
# Get set of events where we have the permission to show the # of orders
|
||||||
if not lazy:
|
if not lazy:
|
||||||
events_with_orders = set(qs.filter(
|
events_with_orders = set(qs.filter(
|
||||||
Q(organizer_id__in=user.teams.filter(all_events=True, can_view_orders=True).values_list('organizer', flat=True))
|
Q(organizer_id__in=user.teams.filter(
|
||||||
| Q(id__in=user.teams.filter(can_view_orders=True).values_list('limit_events__id', flat=True))
|
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||||
|
all_events=True,
|
||||||
|
).values_list('organizer', flat=True))
|
||||||
|
| Q(id__in=user.teams.filter(
|
||||||
|
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||||
|
).values_list('limit_events__id', flat=True))
|
||||||
).values_list('id', flat=True))
|
).values_list('id', flat=True))
|
||||||
|
|
||||||
tpl = """
|
tpl = """
|
||||||
|
|||||||
@@ -51,6 +51,7 @@ from i18nfield.strings import LazyI18nString
|
|||||||
from pretix.base.forms import SafeSessionWizardView
|
from pretix.base.forms import SafeSessionWizardView
|
||||||
from pretix.base.i18n import language
|
from pretix.base.i18n import language
|
||||||
from pretix.base.models import Event, EventMetaValue, Organizer, Quota, Team
|
from pretix.base.models import Event, EventMetaValue, Organizer, Quota, Team
|
||||||
|
from pretix.base.models.organizer import TeamQuerySet
|
||||||
from pretix.base.services.quotas import QuotaAvailability
|
from pretix.base.services.quotas import QuotaAvailability
|
||||||
from pretix.control.forms.event import (
|
from pretix.control.forms.event import (
|
||||||
EventWizardBasicsForm, EventWizardCopyForm, EventWizardFoundationForm,
|
EventWizardBasicsForm, EventWizardCopyForm, EventWizardFoundationForm,
|
||||||
@@ -190,7 +191,9 @@ class EventWizard(SafeSessionWizardView):
|
|||||||
qs = Organizer.objects.all()
|
qs = Organizer.objects.all()
|
||||||
if not self.request.user.has_active_staff_session(self.request.session.session_key):
|
if not self.request.user.has_active_staff_session(self.request.session.session_key):
|
||||||
qs = qs.filter(
|
qs = qs.filter(
|
||||||
id__in=self.request.user.teams.filter(can_create_events=True).values_list('organizer', flat=True)
|
id__in=self.request.user.teams.filter(
|
||||||
|
TeamQuerySet.organizer_permission_q("organizer.events:create"),
|
||||||
|
).values_list('organizer', flat=True)
|
||||||
)
|
)
|
||||||
organizer = qs.get(slug=self.request.GET.get('organizer'))
|
organizer = qs.get(slug=self.request.GET.get('organizer'))
|
||||||
initial['organizer'] = organizer
|
initial['organizer'] = organizer
|
||||||
@@ -222,7 +225,7 @@ class EventWizard(SafeSessionWizardView):
|
|||||||
|
|
||||||
def get_context_data(self, form, **kwargs):
|
def get_context_data(self, form, **kwargs):
|
||||||
ctx = super().get_context_data(form, **kwargs)
|
ctx = super().get_context_data(form, **kwargs)
|
||||||
ctx['has_organizer'] = self.request.user.teams.filter(can_create_events=True).exists()
|
ctx['has_organizer'] = self.request.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).exists()
|
||||||
if self.steps.current == 'basics':
|
if self.steps.current == 'basics':
|
||||||
ctx['organizer'] = self.get_cleaned_data_for_step('foundation').get('organizer')
|
ctx['organizer'] = self.get_cleaned_data_for_step('foundation').get('organizer')
|
||||||
return ctx
|
return ctx
|
||||||
@@ -284,21 +287,16 @@ class EventWizard(SafeSessionWizardView):
|
|||||||
name=_('Team {event}').format(
|
name=_('Team {event}').format(
|
||||||
event=str(event.name)[:100] + "…" if len(str(event.name)) > 100 else str(event.name)
|
event=str(event.name)[:100] + "…" if len(str(event.name)) > 100 else str(event.name)
|
||||||
),
|
),
|
||||||
can_change_event_settings=True, can_change_items=True,
|
all_organizer_permissions=False,
|
||||||
can_view_orders=True, can_change_orders=True, can_view_vouchers=True,
|
all_event_permissions=True,
|
||||||
can_change_vouchers=True
|
|
||||||
)
|
)
|
||||||
t.members.add(self.request.user)
|
t.members.add(self.request.user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
t.log_action('pretix.team.created', user=self.request.user, data={
|
t.log_action('pretix.team.created', user=self.request.user, data={
|
||||||
'_created_by_event_wizard': True,
|
'_created_by_event_wizard': True,
|
||||||
'name': t.name,
|
'name': t.name,
|
||||||
'can_change_event_settings': True,
|
'all_organizer_permissions': False,
|
||||||
'can_change_items': True,
|
'all_event_permissions': True,
|
||||||
'can_view_orders': True,
|
|
||||||
'can_change_orders': True,
|
|
||||||
'can_view_vouchers': True,
|
|
||||||
'can_change_vouchers': True,
|
|
||||||
'limit_events': [event.pk],
|
'limit_events': [event.pk],
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|||||||
@@ -96,7 +96,9 @@ from pretix.base.models.giftcards import (
|
|||||||
GiftCardAcceptance, GiftCardTransaction, gen_giftcard_secret,
|
GiftCardAcceptance, GiftCardTransaction, gen_giftcard_secret,
|
||||||
)
|
)
|
||||||
from pretix.base.models.orders import CancellationRequest
|
from pretix.base.models.orders import CancellationRequest
|
||||||
from pretix.base.models.organizer import SalesChannel, TeamAPIToken
|
from pretix.base.models.organizer import (
|
||||||
|
SalesChannel, TeamAPIToken, TeamQuerySet,
|
||||||
|
)
|
||||||
from pretix.base.payment import PaymentException
|
from pretix.base.payment import PaymentException
|
||||||
from pretix.base.plugins import (
|
from pretix.base.plugins import (
|
||||||
PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID,
|
PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID,
|
||||||
@@ -581,10 +583,7 @@ class OrganizerCreate(CreateView):
|
|||||||
ret = super().form_valid(form)
|
ret = super().form_valid(form)
|
||||||
t = Team.objects.create(
|
t = Team.objects.create(
|
||||||
organizer=form.instance, name=_('Administrators'),
|
organizer=form.instance, name=_('Administrators'),
|
||||||
all_events=True, can_create_events=True, can_change_teams=True, can_manage_gift_cards=True,
|
all_events=True, all_event_permissions=True, all_organizer_permissions=True,
|
||||||
can_change_organizer_settings=True, can_change_event_settings=True, can_change_items=True,
|
|
||||||
can_manage_customers=True, can_manage_reusable_media=True,
|
|
||||||
can_view_orders=True, can_change_orders=True, can_view_vouchers=True, can_change_vouchers=True
|
|
||||||
)
|
)
|
||||||
t.members.add(self.request.user)
|
t.members.add(self.request.user)
|
||||||
return ret
|
return ret
|
||||||
@@ -972,7 +971,8 @@ class TeamDeleteView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
|
|||||||
|
|
||||||
def is_allowed(self) -> bool:
|
def is_allowed(self) -> bool:
|
||||||
return self.request.organizer.teams.exclude(pk=self.kwargs.get('team')).filter(
|
return self.request.organizer.teams.exclude(pk=self.kwargs.get('team')).filter(
|
||||||
can_change_teams=True, members__isnull=False
|
TeamQuerySet.organizer_permission_q("organizer.teams:write"),
|
||||||
|
members__isnull=False
|
||||||
).exists() or self.request.user.has_active_staff_session(self.request.session.session_key)
|
).exists() or self.request.user.has_active_staff_session(self.request.session.session_key)
|
||||||
|
|
||||||
@transaction.atomic
|
@transaction.atomic
|
||||||
@@ -1065,9 +1065,10 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin,
|
|||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
other_admin_teams = self.request.organizer.teams.exclude(pk=self.object.pk).filter(
|
other_admin_teams = self.request.organizer.teams.exclude(pk=self.object.pk).filter(
|
||||||
can_change_teams=True, members__isnull=False
|
TeamQuerySet.organizer_permission_q("organizer.teams:write"),
|
||||||
|
members__isnull=False
|
||||||
).exists() or self.request.user.has_active_staff_session(self.request.session.session_key)
|
).exists() or self.request.user.has_active_staff_session(self.request.session.session_key)
|
||||||
if not other_admin_teams and self.object.can_change_teams and self.object.members.count() == 1:
|
if not other_admin_teams and self.object.has_permission() and self.object.members.count() == 1:
|
||||||
messages.error(self.request, _('You cannot remove the last member from this team as no one would '
|
messages.error(self.request, _('You cannot remove the last member from this team as no one would '
|
||||||
'be left with the permission to change teams.'))
|
'be left with the permission to change teams.'))
|
||||||
return redirect(self.get_success_url())
|
return redirect(self.get_success_url())
|
||||||
|
|||||||
@@ -51,6 +51,7 @@ from pretix.base.models import (
|
|||||||
ItemVariation, ItemVariationMetaValue, Order, OrderPosition, Organizer,
|
ItemVariation, ItemVariationMetaValue, Order, OrderPosition, Organizer,
|
||||||
SubEventMetaValue, User, Voucher,
|
SubEventMetaValue, User, Voucher,
|
||||||
)
|
)
|
||||||
|
from pretix.base.models.organizer import TeamQuerySet
|
||||||
from pretix.control.forms.event import EventWizardCopyForm
|
from pretix.control.forms.event import EventWizardCopyForm
|
||||||
from pretix.control.permissions import (
|
from pretix.control.permissions import (
|
||||||
event_permission_required, organizer_permission_required,
|
event_permission_required, organizer_permission_required,
|
||||||
@@ -240,8 +241,13 @@ def ticket_select2(request, **kwargs):
|
|||||||
qs_orders = qs_orders.filter(
|
qs_orders = qs_orders.filter(
|
||||||
exact_match | (
|
exact_match | (
|
||||||
soft_match & (
|
soft_match & (
|
||||||
Q(order__event__organizer_id__in=request.user.teams.filter(all_events=True, can_view_orders=True).values_list('organizer', flat=True))
|
Q(order__event__organizer_id__in=request.user.teams.filter(
|
||||||
| Q(order__event_id__in=request.user.teams.filter(can_view_orders=True).values_list('limit_events__id', flat=True))
|
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||||
|
all_events=True,
|
||||||
|
).values_list('organizer', flat=True))
|
||||||
|
| Q(order__event_id__in=request.user.teams.filter(
|
||||||
|
TeamQuerySet.event_permission_q("event.orders:read")
|
||||||
|
).values_list('limit_events__id', flat=True))
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
@@ -337,9 +343,9 @@ def nav_context_list(request):
|
|||||||
if not request.user.has_active_staff_session(request.session.session_key):
|
if not request.user.has_active_staff_session(request.session.session_key):
|
||||||
qs_orders = qs_orders.filter(
|
qs_orders = qs_orders.filter(
|
||||||
Q(event__organizer_id__in=request.user.teams.filter(
|
Q(event__organizer_id__in=request.user.teams.filter(
|
||||||
all_events=True, can_view_orders=True).values_list('organizer', flat=True))
|
TeamQuerySet.event_permission_q("event.orders:read"), all_events=True).values_list('organizer', flat=True))
|
||||||
| Q(event_id__in=request.user.teams.filter(
|
| Q(event_id__in=request.user.teams.filter(
|
||||||
can_view_orders=True).values_list('limit_events__id', flat=True))
|
TeamQuerySet.event_permission_q("event.orders:read")).values_list('limit_events__id', flat=True))
|
||||||
)
|
)
|
||||||
|
|
||||||
qs_vouchers = Voucher.objects.filter(
|
qs_vouchers = Voucher.objects.filter(
|
||||||
@@ -348,9 +354,9 @@ def nav_context_list(request):
|
|||||||
if not request.user.has_active_staff_session(request.session.session_key):
|
if not request.user.has_active_staff_session(request.session.session_key):
|
||||||
qs_vouchers = qs_vouchers.filter(
|
qs_vouchers = qs_vouchers.filter(
|
||||||
Q(event__organizer_id__in=request.user.teams.filter(
|
Q(event__organizer_id__in=request.user.teams.filter(
|
||||||
all_events=True, can_view_vouchers=True).values_list('organizer', flat=True))
|
TeamQuerySet.event_permission_q("event.vouchers:read"), all_events=True).values_list('organizer', flat=True))
|
||||||
| Q(event_id__in=request.user.teams.filter(
|
| Q(event_id__in=request.user.teams.filter(
|
||||||
can_view_vouchers=True).values_list('limit_events__id', flat=True))
|
TeamQuerySet.event_permission_q("event.vouchers:read")).values_list('limit_events__id', flat=True))
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
qs_vouchers = Voucher.objects.none()
|
qs_vouchers = Voucher.objects.none()
|
||||||
@@ -813,7 +819,7 @@ def organizer_select2(request):
|
|||||||
qs = qs.filter(Q(name__icontains=term) | Q(slug__icontains=term))
|
qs = qs.filter(Q(name__icontains=term) | Q(slug__icontains=term))
|
||||||
if not request.user.has_active_staff_session(request.session.session_key):
|
if not request.user.has_active_staff_session(request.session.session_key):
|
||||||
if 'can_create' in request.GET:
|
if 'can_create' in request.GET:
|
||||||
qs = qs.filter(pk__in=request.user.teams.filter(can_create_events=True).values_list('organizer', flat=True))
|
qs = qs.filter(pk__in=request.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).values_list('organizer', flat=True))
|
||||||
else:
|
else:
|
||||||
qs = qs.filter(pk__in=request.user.teams.values_list('organizer', flat=True))
|
qs = qs.filter(pk__in=request.user.teams.values_list('organizer', flat=True))
|
||||||
|
|
||||||
@@ -976,21 +982,21 @@ def item_meta_values(request, organizer, event):
|
|||||||
var_matches = var_matches.filter(variation__item__event__organizer_id=organizer.pk)
|
var_matches = var_matches.filter(variation__item__event__organizer_id=organizer.pk)
|
||||||
all_access = (
|
all_access = (
|
||||||
request.user.has_active_staff_session(request.session.session_key)
|
request.user.has_active_staff_session(request.session.session_key)
|
||||||
or request.user.teams.filter(all_events=True, organizer=organizer, can_change_items=True).exists()
|
or request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write"), all_events=True, organizer=organizer).exists()
|
||||||
)
|
)
|
||||||
if not all_access:
|
if not all_access:
|
||||||
defaults = defaults.filter(
|
defaults = defaults.filter(
|
||||||
event__id__in=request.user.teams.filter(can_change_items=True).values_list(
|
event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list(
|
||||||
'limit_events__id', flat=True
|
'limit_events__id', flat=True
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
matches = matches.filter(
|
matches = matches.filter(
|
||||||
item__event__id__in=request.user.teams.filter(can_change_items=True).values_list(
|
item__event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list(
|
||||||
'limit_events__id', flat=True
|
'limit_events__id', flat=True
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
var_matches = var_matches.filter(
|
var_matches = var_matches.filter(
|
||||||
variation__item__event__id__in=request.user.teams.filter(can_change_items=True).values_list(
|
variation__item__event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list(
|
||||||
'limit_events__id', flat=True
|
'limit_events__id', flat=True
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ OLD_TO_NEW_ORGANIZER_MIGRATION = {
|
|||||||
"can_create_events": ["organizer.events:create"],
|
"can_create_events": ["organizer.events:create"],
|
||||||
"can_change_organizer_settings": ["organizer.settings.general:write", "organizer.devices:read",
|
"can_change_organizer_settings": ["organizer.settings.general:write", "organizer.devices:read",
|
||||||
"organizer.devices:write"],
|
"organizer.devices:write"],
|
||||||
"can_change_teams": ["organizer.teams:write"],
|
"can_change_teams": ["organizer.teams:write", "organizer.teams:read"],
|
||||||
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
||||||
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
||||||
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
||||||
@@ -59,7 +59,7 @@ OLD_TO_NEW_EVENT_COMPAT = {
|
|||||||
OLD_TO_NEW_ORGANIZER_COMPAT = {
|
OLD_TO_NEW_ORGANIZER_COMPAT = {
|
||||||
"can_create_events": ["organizer.events:create"],
|
"can_create_events": ["organizer.events:create"],
|
||||||
"can_change_organizer_settings": ["organizer.settings.general:write"],
|
"can_change_organizer_settings": ["organizer.settings.general:write"],
|
||||||
"can_change_teams": ["organizer.teams:write"],
|
"can_change_teams": ["organizer.teams:write", "organizer.teams:read"],
|
||||||
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
||||||
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
||||||
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
||||||
|
|||||||
@@ -58,6 +58,7 @@ from localflavor.generic.forms import BICFormField, IBANFormField
|
|||||||
|
|
||||||
from pretix.base.forms.widgets import DatePickerWidget
|
from pretix.base.forms.widgets import DatePickerWidget
|
||||||
from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota
|
from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota
|
||||||
|
from pretix.base.models.organizer import TeamQuerySet
|
||||||
from pretix.base.settings import SettingsSandbox
|
from pretix.base.settings import SettingsSandbox
|
||||||
from pretix.base.templatetags.money import money_filter
|
from pretix.base.templatetags.money import money_filter
|
||||||
from pretix.control.permissions import (
|
from pretix.control.permissions import (
|
||||||
@@ -655,14 +656,20 @@ class OrganizerActionView(OrganizerBanktransferView, OrganizerPermissionRequired
|
|||||||
permission = 'can_change_orders'
|
permission = 'can_change_orders'
|
||||||
|
|
||||||
def order_qs(self):
|
def order_qs(self):
|
||||||
all = self.request.user.teams.filter(organizer=self.request.organizer, can_change_orders=True,
|
all = self.request.user.teams.filter(
|
||||||
can_view_orders=True, all_events=True).exists()
|
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||||
|
TeamQuerySet.event_permission_q("event.orders:write"),
|
||||||
|
all_events=True,
|
||||||
|
organizer=self.request.organizer,
|
||||||
|
).exists()
|
||||||
if self.request.user.has_active_staff_session(self.request.session.session_key) or all:
|
if self.request.user.has_active_staff_session(self.request.session.session_key) or all:
|
||||||
return Order.objects.filter(event__organizer=self.request.organizer)
|
return Order.objects.filter(event__organizer=self.request.organizer)
|
||||||
else:
|
else:
|
||||||
return Order.objects.filter(
|
return Order.objects.filter(
|
||||||
event_id__in=self.request.user.teams.filter(
|
event_id__in=self.request.user.teams.filter(
|
||||||
organizer=self.request.organizer, can_change_orders=True, can_view_orders=True
|
TeamQuerySet.event_permission_q("event.orders:read"),
|
||||||
|
TeamQuerySet.event_permission_q("event.orders:write"),
|
||||||
|
organizer=self.request.organizer,
|
||||||
).values_list('limit_events__id', flat=True)
|
).values_list('limit_events__id', flat=True)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@@ -106,17 +106,8 @@ def team(organizer):
|
|||||||
return Team.objects.create(
|
return Team.objects.create(
|
||||||
organizer=organizer,
|
organizer=organizer,
|
||||||
name="Test-Team",
|
name="Test-Team",
|
||||||
can_change_teams=True,
|
all_event_permissions=True,
|
||||||
can_manage_gift_cards=True,
|
all_organizer_permissions=True,
|
||||||
can_change_items=True,
|
|
||||||
can_create_events=True,
|
|
||||||
can_change_event_settings=True,
|
|
||||||
can_change_vouchers=True,
|
|
||||||
can_view_vouchers=True,
|
|
||||||
can_change_orders=True,
|
|
||||||
can_manage_customers=True,
|
|
||||||
can_manage_reusable_media=True,
|
|
||||||
can_change_organizer_settings=True
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
@@ -140,8 +131,8 @@ def user():
|
|||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
@scopes_disabled()
|
@scopes_disabled()
|
||||||
def user_client(client, team, user):
|
def user_client(client, team, user):
|
||||||
team.can_view_orders = True
|
team.limit_event_permissions["event.orders:read"] = True
|
||||||
team.can_view_vouchers = True
|
team.limit_event_permissions["event.vouchers:read"] = True
|
||||||
team.all_events = True
|
team.all_events = True
|
||||||
team.save()
|
team.save()
|
||||||
team.members.add(user)
|
team.members.add(user)
|
||||||
@@ -152,8 +143,8 @@ def user_client(client, team, user):
|
|||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
@scopes_disabled()
|
@scopes_disabled()
|
||||||
def token_client(client, team):
|
def token_client(client, team):
|
||||||
team.can_view_orders = True
|
team.limit_event_permissions["event.orders:read"] = True
|
||||||
team.can_view_vouchers = True
|
team.limit_event_permissions["event.vouchers:read"] = True
|
||||||
team.all_events = True
|
team.all_events = True
|
||||||
team.save()
|
team.save()
|
||||||
t = team.tokens.create(name='Foo')
|
t = team.tokens.create(name='Foo')
|
||||||
|
|||||||
@@ -1382,9 +1382,8 @@ def test_checkin_pdf_data_requires_permission(token_client, event, team, organiz
|
|||||||
))
|
))
|
||||||
assert resp.data['results'][0].get('pdf_data')
|
assert resp.data['results'][0].get('pdf_data')
|
||||||
with scopes_disabled():
|
with scopes_disabled():
|
||||||
team.can_view_orders = False
|
team.limit_event_permissions = {"event.orders:checkin": True}
|
||||||
team.can_change_orders = False
|
team.all_event_permissions = False
|
||||||
team.can_checkin_orders = True
|
|
||||||
team.save()
|
team.save()
|
||||||
resp = token_client.get('/api/v1/organizers/{}/events/{}/checkinlists/{}/positions/?search=z3fsn8jyu&pdf_data=true'.format(
|
resp = token_client.get('/api/v1/organizers/{}/events/{}/checkinlists/{}/positions/?search=z3fsn8jyu&pdf_data=true'.format(
|
||||||
organizer.slug, event.slug, clist_all.pk
|
organizer.slug, event.slug, clist_all.pk
|
||||||
|
|||||||
@@ -984,9 +984,8 @@ def test_search_multiple_lists(token_client, organizer, clist_all, clist_event2,
|
|||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_without_permission(token_client, event, team, organizer, clist_all, order):
|
def test_without_permission(token_client, event, team, organizer, clist_all, order):
|
||||||
with scopes_disabled():
|
with scopes_disabled():
|
||||||
team.can_view_orders = False
|
team.limit_event_permissions = {}
|
||||||
team.can_change_orders = False
|
team.all_event_permissions = False
|
||||||
team.can_checkin_orders = False
|
|
||||||
team.save()
|
team.save()
|
||||||
resp = token_client.get(
|
resp = token_client.get(
|
||||||
'/api/v1/organizers/{}/checkinrpc/search/?list={}&search=dummy.test&ordering=attendee_name'.format(organizer.slug, clist_all.pk))
|
'/api/v1/organizers/{}/checkinrpc/search/?list={}&search=dummy.test&ordering=attendee_name'.format(organizer.slug, clist_all.pk))
|
||||||
@@ -1043,9 +1042,8 @@ def test_checkin_only_permission(token_client, event, team, organizer, clist_all
|
|||||||
assert resp.data['position'].get('pdf_data')
|
assert resp.data['position'].get('pdf_data')
|
||||||
|
|
||||||
with scopes_disabled():
|
with scopes_disabled():
|
||||||
team.can_view_orders = False
|
team.limit_event_permissions = {"event.orders:checkin": True}
|
||||||
team.can_change_orders = False
|
team.all_event_permissions = False
|
||||||
team.can_checkin_orders = True
|
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
# With limited permissions, I can not search with a 2-character query
|
# With limited permissions, I can not search with a 2-character query
|
||||||
|
|||||||
@@ -243,7 +243,8 @@ def test_event_create(team, token_client, organizer, event, meta_prop):
|
|||||||
{"key": "Workshop", "label": {"en": "Workshop"}},
|
{"key": "Workshop", "label": {"en": "Workshop"}},
|
||||||
]
|
]
|
||||||
meta_prop.save()
|
meta_prop.save()
|
||||||
team.can_change_organizer_settings = False
|
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
organizer.meta_properties.create(
|
organizer.meta_properties.create(
|
||||||
name="protected", protected=True
|
name="protected", protected=True
|
||||||
@@ -581,16 +582,8 @@ def test_event_create_with_clone_across_organizers(user, user_client, organizer,
|
|||||||
target_org = Organizer.objects.create(name='Dummy', slug='dummy2')
|
target_org = Organizer.objects.create(name='Dummy', slug='dummy2')
|
||||||
team = target_org.teams.create(
|
team = target_org.teams.create(
|
||||||
name="Test-Team",
|
name="Test-Team",
|
||||||
can_change_teams=True,
|
all_event_permissions=True,
|
||||||
can_manage_gift_cards=True,
|
all_organizer_permissions=True,
|
||||||
can_change_items=True,
|
|
||||||
can_create_events=True,
|
|
||||||
can_change_event_settings=True,
|
|
||||||
can_change_vouchers=True,
|
|
||||||
can_view_vouchers=True,
|
|
||||||
can_change_orders=True,
|
|
||||||
can_manage_customers=True,
|
|
||||||
can_change_organizer_settings=True
|
|
||||||
)
|
)
|
||||||
team.members.add(user)
|
team.members.add(user)
|
||||||
|
|
||||||
|
|||||||
@@ -280,7 +280,8 @@ def test_org_level_export(token_client, organizer, team, event):
|
|||||||
}, format='json')
|
}, format='json')
|
||||||
assert resp.status_code == 202
|
assert resp.status_code == 202
|
||||||
|
|
||||||
team.can_manage_gift_cards = False
|
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
resp = token_client.post('/api/v1/organizers/{}/exporters/giftcardlist/run/'.format(organizer.slug), data={
|
resp = token_client.post('/api/v1/organizers/{}/exporters/giftcardlist/run/'.format(organizer.slug), data={
|
||||||
@@ -339,7 +340,8 @@ def test_event_scheduled_export_list_token(token_client, organizer, event, user,
|
|||||||
assert resp.status_code == 200
|
assert resp.status_code == 200
|
||||||
assert [res] == resp.data['results']
|
assert [res] == resp.data['results']
|
||||||
|
|
||||||
team.can_change_event_settings = False
|
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
# Token can no longer sees it an gets error message
|
# Token can no longer sees it an gets error message
|
||||||
@@ -361,7 +363,7 @@ def test_event_scheduled_export_list_user(user_client, organizer, event, user, t
|
|||||||
resp = user_client.get('/api/v1/organizers/{}/events/{}/scheduled_exports/'.format(organizer.slug, event.slug))
|
resp = user_client.get('/api/v1/organizers/{}/events/{}/scheduled_exports/'.format(organizer.slug, event.slug))
|
||||||
assert [res] == resp.data['results']
|
assert [res] == resp.data['results']
|
||||||
|
|
||||||
team.can_change_event_settings = False
|
team.limit_event_permissions["event.settings.general:write"] = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
# Owner still can
|
# Owner still can
|
||||||
@@ -498,7 +500,8 @@ def test_org_scheduled_export_list_token(token_client, organizer, user, team, or
|
|||||||
assert resp.status_code == 200
|
assert resp.status_code == 200
|
||||||
assert [res] == resp.data['results']
|
assert [res] == resp.data['results']
|
||||||
|
|
||||||
team.can_change_organizer_settings = False
|
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
# Token can no longer sees it an gets error message
|
# Token can no longer sees it an gets error message
|
||||||
@@ -521,7 +524,8 @@ def test_org_scheduled_export_list_user(user_client, organizer, user, team, org_
|
|||||||
resp = user_client.get('/api/v1/organizers/{}/scheduled_exports/'.format(organizer.slug))
|
resp = user_client.get('/api/v1/organizers/{}/scheduled_exports/'.format(organizer.slug))
|
||||||
assert [res] == resp.data['results']
|
assert [res] == resp.data['results']
|
||||||
|
|
||||||
team.can_change_organizer_settings = False
|
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
# Owner still can
|
# Owner still can
|
||||||
|
|||||||
@@ -53,8 +53,13 @@ def organizer():
|
|||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def admin_team(organizer):
|
def admin_team(organizer):
|
||||||
return Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team', all_events=True,
|
return Team.objects.create(
|
||||||
can_create_events=True)
|
organizer=organizer,
|
||||||
|
name='Admin team',
|
||||||
|
all_events=True,
|
||||||
|
all_event_permissions=True,
|
||||||
|
all_organizer_permissions=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
@@ -387,7 +392,7 @@ def test_token_from_code(client, admin_user, organizer, application: OAuthApplic
|
|||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_use_token_for_access_one_organizer(client, admin_user, organizer, application: OAuthApplication):
|
def test_use_token_for_access_one_organizer(client, admin_user, organizer, application: OAuthApplication):
|
||||||
o2 = Organizer.objects.create(name='A', slug='a')
|
o2 = Organizer.objects.create(name='A', slug='a')
|
||||||
t2 = Team.objects.create(organizer=o2, can_change_teams=True, name='Admin team', all_events=True)
|
t2 = Team.objects.create(organizer=o2, all_organizer_permissions=True, name='Admin team', all_events=True)
|
||||||
t2.members.add(admin_user)
|
t2.members.add(admin_user)
|
||||||
|
|
||||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
@@ -434,7 +439,13 @@ def test_use_token_for_access_one_organizer(client, admin_user, organizer, appli
|
|||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_use_token_for_access_two_organizers(client, admin_user, organizer, application: OAuthApplication):
|
def test_use_token_for_access_two_organizers(client, admin_user, organizer, application: OAuthApplication):
|
||||||
o2 = Organizer.objects.create(name='A', slug='a')
|
o2 = Organizer.objects.create(name='A', slug='a')
|
||||||
t2 = Team.objects.create(organizer=o2, can_change_teams=True, name='Admin team', all_events=True)
|
t2 = Team.objects.create(
|
||||||
|
organizer=o2,
|
||||||
|
all_event_permissions=True,
|
||||||
|
all_organizer_permissions=True,
|
||||||
|
name='Admin team',
|
||||||
|
all_events=True
|
||||||
|
)
|
||||||
t2.members.add(admin_user)
|
t2.members.add(admin_user)
|
||||||
|
|
||||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -281,9 +281,9 @@ event_permission_root_urls = [
|
|||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def token_client(client, team):
|
def token_client(client, team):
|
||||||
team.can_view_orders = True
|
team.limit_event_permissions["event.orders:read"] = True
|
||||||
team.can_view_vouchers = True
|
team.limit_event_permissions["event.vouchers:read"] = True
|
||||||
team.can_change_items = True
|
team.limit_event_permissions["event.items:write"] = True
|
||||||
team.save()
|
team.save()
|
||||||
t = team.tokens.create(name='Foo')
|
t = team.tokens.create(name='Foo')
|
||||||
client.credentials(HTTP_AUTHORIZATION='Token ' + t.token)
|
client.credentials(HTTP_AUTHORIZATION='Token ' + t.token)
|
||||||
|
|||||||
@@ -260,7 +260,8 @@ def test_all_subevents_list_filter(token_client, organizer, event, subevent):
|
|||||||
def test_subevent_create(team, token_client, organizer, event, subevent, meta_prop, item):
|
def test_subevent_create(team, token_client, organizer, event, subevent, meta_prop, item):
|
||||||
meta_prop.choices = [{"key": "Conference", "label": {"en": "Conference"}}, {"key": "Workshop", "label": {"en": "Workshop"}}]
|
meta_prop.choices = [{"key": "Conference", "label": {"en": "Conference"}}, {"key": "Workshop", "label": {"en": "Workshop"}}]
|
||||||
meta_prop.save()
|
meta_prop.save()
|
||||||
team.can_change_organizer_settings = False
|
team.limit_organizer_permissions = {"organizer.events:create": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
organizer.meta_properties.create(
|
organizer.meta_properties.create(
|
||||||
name="protected", protected=True
|
name="protected", protected=True
|
||||||
|
|||||||
@@ -242,7 +242,8 @@ def test_organizer_list(token_client, team, organizer, event, order, item, taxru
|
|||||||
assert resp.data["count"] == 0
|
assert resp.data["count"] == 0
|
||||||
|
|
||||||
team.all_events = True
|
team.all_events = True
|
||||||
team.can_view_orders = False
|
team.limit_organizer_permissions = {"event.vouchers:read": True}
|
||||||
|
team.all_organizer_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
resp = token_client.get(
|
resp = token_client.get(
|
||||||
|
|||||||
@@ -48,7 +48,7 @@ def event():
|
|||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def team(event):
|
def team(event):
|
||||||
return event.organizer.teams.create(all_events=True, can_view_orders=True)
|
return event.organizer.teams.create(all_events=True, all_event_permissions=True)
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
@@ -143,7 +143,7 @@ def test_event_fail_user_no_permission(event, user, team):
|
|||||||
s.error_counter = 0
|
s.error_counter = 0
|
||||||
s.save()
|
s.save()
|
||||||
|
|
||||||
team.can_view_orders = False
|
team.limit_event_permissions["event.orders:read"] = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
run_scheduled_exports(None)
|
run_scheduled_exports(None)
|
||||||
@@ -273,7 +273,8 @@ def test_organizer_fail_user_does_not_have_specific_permission(event, user, team
|
|||||||
s.error_counter = 0
|
s.error_counter = 0
|
||||||
s.save()
|
s.save()
|
||||||
|
|
||||||
team.can_manage_customers = False
|
team.all_event_permissions = False
|
||||||
|
team.limit_event_permissions = {"organizer.giftcards:write": True}
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
run_scheduled_exports(None)
|
run_scheduled_exports(None)
|
||||||
|
|||||||
@@ -65,7 +65,7 @@ def order(event):
|
|||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def team(event):
|
def team(event):
|
||||||
return event.organizer.teams.create(all_events=True, can_view_orders=True)
|
return event.organizer.teams.create(all_events=True, all_event_permissions=True)
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
@@ -142,7 +142,7 @@ def test_notification_ignore_same_user(event, order, user, monkeypatch_on_commit
|
|||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_notification_ignore_insufficient_permissions(event, order, user, team, monkeypatch_on_commit):
|
def test_notification_ignore_insufficient_permissions(event, order, user, team, monkeypatch_on_commit):
|
||||||
djmail.outbox = []
|
djmail.outbox = []
|
||||||
team.can_view_orders = False
|
team.limit_event_permissions["event.orders:read"] = False
|
||||||
team.save()
|
team.save()
|
||||||
user.notification_settings.create(
|
user.notification_settings.create(
|
||||||
method='mail', event=event, action_type='pretix.event.order.paid', enabled=True
|
method='mail', event=event, action_type='pretix.event.order.paid', enabled=True
|
||||||
|
|||||||
@@ -119,7 +119,7 @@ def test_specific_event_permission_limited(event, user):
|
|||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
|
|
||||||
team = Team.objects.create(organizer=event.organizer, can_change_orders=True)
|
team = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True})
|
||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
|
|
||||||
@@ -135,7 +135,7 @@ def test_specific_event_permission_limited(event, user):
|
|||||||
assert user.has_event_permission(event.organizer, event, ('can_change_orders', 'can_change_event_settings'))
|
assert user.has_event_permission(event.organizer, event, ('can_change_orders', 'can_change_event_settings'))
|
||||||
assert not user.has_event_permission(event.organizer, event, ('can_change_teams', 'can_change_event_settings'))
|
assert not user.has_event_permission(event.organizer, event, ('can_change_teams', 'can_change_event_settings'))
|
||||||
|
|
||||||
team.can_change_orders = False
|
team.limit_event_permissions = {}
|
||||||
team.save()
|
team.save()
|
||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
@@ -146,7 +146,7 @@ def test_specific_event_permission_all(event, user):
|
|||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
|
|
||||||
team = Team.objects.create(organizer=event.organizer, can_change_orders=True)
|
team = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True})
|
||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
|
|
||||||
@@ -159,7 +159,7 @@ def test_specific_event_permission_all(event, user):
|
|||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
|
|
||||||
team.can_change_orders = False
|
team.limit_event_permissions = {}
|
||||||
team.save()
|
team.save()
|
||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
assert not user.has_event_permission(event.organizer, event, 'can_change_orders')
|
||||||
@@ -167,9 +167,9 @@ def test_specific_event_permission_all(event, user):
|
|||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_event_permissions_multiple_teams(event, user):
|
def test_event_permissions_multiple_teams(event, user):
|
||||||
team1 = Team.objects.create(organizer=event.organizer, can_change_orders=True, all_events=True)
|
team1 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True}, all_events=True)
|
||||||
team2 = Team.objects.create(organizer=event.organizer, can_change_vouchers=True)
|
team2 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.vouchers:write": True})
|
||||||
team3 = Team.objects.create(organizer=event.organizer, can_change_event_settings=True)
|
team3 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.settings.general:write": True})
|
||||||
event2 = Event.objects.create(
|
event2 = Event.objects.create(
|
||||||
organizer=event.organizer, name='Dummy', slug='dummy2',
|
organizer=event.organizer, name='Dummy', slug='dummy2',
|
||||||
date_from=now()
|
date_from=now()
|
||||||
@@ -207,7 +207,7 @@ def test_specific_organizer_permission(event, user):
|
|||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_organizer_permission(event.organizer, 'can_create_events')
|
assert not user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||||
|
|
||||||
team = Team.objects.create(organizer=event.organizer, can_create_events=True)
|
team = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.events:create": True})
|
||||||
user._teamcache = {}
|
user._teamcache = {}
|
||||||
assert not user.has_organizer_permission(event.organizer, 'can_create_events')
|
assert not user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||||
|
|
||||||
@@ -219,12 +219,12 @@ def test_specific_organizer_permission(event, user):
|
|||||||
|
|
||||||
@pytest.mark.django_db
|
@pytest.mark.django_db
|
||||||
def test_organizer_permissions_multiple_teams(event, user):
|
def test_organizer_permissions_multiple_teams(event, user):
|
||||||
team1 = Team.objects.create(organizer=event.organizer, can_change_organizer_settings=True)
|
team1 = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.settings.general:write": True})
|
||||||
team2 = Team.objects.create(organizer=event.organizer, can_create_events=True)
|
team2 = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.events:create": True})
|
||||||
team1.members.add(user)
|
team1.members.add(user)
|
||||||
team2.members.add(user)
|
team2.members.add(user)
|
||||||
orga2 = Organizer.objects.create(slug='d2', name='d2')
|
orga2 = Organizer.objects.create(slug='d2', name='d2')
|
||||||
team3 = Team.objects.create(organizer=orga2, can_change_teams=True)
|
team3 = Team.objects.create(organizer=orga2, limit_organizer_permissions={"organizer.teams:write": True})
|
||||||
team3.members.add(user)
|
team3.members.add(user)
|
||||||
|
|
||||||
assert user.has_organizer_permission(event.organizer, 'can_create_events')
|
assert user.has_organizer_permission(event.organizer, 'can_create_events')
|
||||||
@@ -266,9 +266,9 @@ def test_list_of_events(event, user, admin, admin_request):
|
|||||||
|
|
||||||
assert not user.get_events_with_any_permission()
|
assert not user.get_events_with_any_permission()
|
||||||
|
|
||||||
team1 = Team.objects.create(organizer=event.organizer, can_change_orders=True, all_events=True)
|
team1 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True}, all_events=True)
|
||||||
team2 = Team.objects.create(organizer=event.organizer, can_change_vouchers=True)
|
team2 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.vouchers:write": True})
|
||||||
team3 = Team.objects.create(organizer=orga2, can_change_event_settings=True)
|
team3 = Team.objects.create(organizer=orga2, limit_event_permissions={"event.settings.general:write": True})
|
||||||
team1.members.add(user)
|
team1.members.add(user)
|
||||||
team2.members.add(user)
|
team2.members.add(user)
|
||||||
team3.members.add(user)
|
team3.members.add(user)
|
||||||
|
|||||||
@@ -1123,7 +1123,7 @@ class Obligatory2FATest(TestCase):
|
|||||||
session.save()
|
session.save()
|
||||||
|
|
||||||
organizer = Organizer.objects.create(name='Dummy', slug='dummy')
|
organizer = Organizer.objects.create(name='Dummy', slug='dummy')
|
||||||
team = Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team')
|
team = Team.objects.create(organizer=organizer, all_event_permissions=True, name='Admin team')
|
||||||
team.members.add(self.user)
|
team.members.add(self.user)
|
||||||
self.user.require_2fa = False
|
self.user.require_2fa = False
|
||||||
self.user.save()
|
self.user.save()
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ def dashboard_env():
|
|||||||
item_ticket = Item.objects.create(event=event, name="Ticket", default_price=23, admission=True)
|
item_ticket = Item.objects.create(event=event, name="Ticket", default_price=23, admission=True)
|
||||||
item_mascot = Item.objects.create(event=event, name="Mascot", default_price=10, admission=False)
|
item_mascot = Item.objects.create(event=event, name="Mascot", default_price=10, admission=False)
|
||||||
|
|
||||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
|
|
||||||
@@ -139,7 +139,7 @@ def checkin_list_env():
|
|||||||
# permission
|
# permission
|
||||||
orga = Organizer.objects.create(name='Dummy', slug='dummy')
|
orga = Organizer.objects.create(name='Dummy', slug='dummy')
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True)
|
team = Team.objects.create(organizer=orga, all_event_permissions=True)
|
||||||
team.members.add(user)
|
team.members.add(user)
|
||||||
|
|
||||||
# event
|
# event
|
||||||
@@ -321,7 +321,7 @@ def test_manual_checkins_revert_requires_order_change_permission(client, checkin
|
|||||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
with scopes_disabled():
|
with scopes_disabled():
|
||||||
assert not checkin_list_env[5][3].checkins.exists()
|
assert not checkin_list_env[5][3].checkins.exists()
|
||||||
Team.objects.update(can_change_orders=False, can_checkin_orders=True)
|
Team.objects.update(all_event_permissions=False, limit_event_permissions={"event.orders:checkin": True})
|
||||||
client.post('/control/event/dummy/dummy/checkinlists/{}/bulk_action'.format(checkin_list_env[6].pk), {
|
client.post('/control/event/dummy/dummy/checkinlists/{}/bulk_action'.format(checkin_list_env[6].pk), {
|
||||||
'checkin': [checkin_list_env[5][3].pk]
|
'checkin': [checkin_list_env[5][3].pk]
|
||||||
})
|
})
|
||||||
@@ -363,7 +363,7 @@ def checkin_list_with_addon_env():
|
|||||||
# permission
|
# permission
|
||||||
orga = Organizer.objects.create(name='Dummy', slug='dummy')
|
orga = Organizer.objects.create(name='Dummy', slug='dummy')
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True)
|
team = Team.objects.create(organizer=orga, all_event_permissions=True)
|
||||||
team.members.add(user)
|
team.members.add(user)
|
||||||
|
|
||||||
# event
|
# event
|
||||||
@@ -466,7 +466,7 @@ class CheckinListFormTest(SoupTest):
|
|||||||
date_from=datetime(2013, 12, 26, tzinfo=timezone.utc),
|
date_from=datetime(2013, 12, 26, tzinfo=timezone.utc),
|
||||||
)
|
)
|
||||||
self.event1.settings.timezone = 'Europe/Berlin'
|
self.event1.settings.timezone = 'Europe/Berlin'
|
||||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True)
|
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ def order(event, customer):
|
|||||||
def admin_user(organizer):
|
def admin_user(organizer):
|
||||||
u = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
u = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
admin_team = Team.objects.create(
|
admin_team = Team.objects.create(
|
||||||
organizer=organizer, can_manage_customers=True, can_change_organizer_settings=True,
|
organizer=organizer, all_organizer_permissions=True,
|
||||||
name='Admin team'
|
name='Admin team'
|
||||||
)
|
)
|
||||||
admin_team.members.add(u)
|
admin_team.members.add(u)
|
||||||
|
|||||||
@@ -76,13 +76,11 @@ class EventsTest(SoupTest):
|
|||||||
date_from=datetime.datetime(2014, 9, 5, tzinfo=datetime.timezone.utc),
|
date_from=datetime.datetime(2014, 9, 5, tzinfo=datetime.timezone.utc),
|
||||||
)
|
)
|
||||||
|
|
||||||
self.team1 = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
self.team1 = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||||
can_change_items=True)
|
|
||||||
self.team1.members.add(self.user)
|
self.team1.members.add(self.user)
|
||||||
self.team1.limit_events.add(self.event1)
|
self.team1.limit_events.add(self.event1)
|
||||||
|
|
||||||
self.team2 = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True,
|
self.team2 = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||||
can_change_orders=True, can_change_vouchers=True)
|
|
||||||
self.team2.members.add(self.user)
|
self.team2.members.add(self.user)
|
||||||
|
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
@@ -1276,8 +1274,7 @@ class EventDeletionTest(SoupTest):
|
|||||||
has_subevents=False
|
has_subevents=False
|
||||||
)
|
)
|
||||||
|
|
||||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||||
can_change_items=True)
|
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.ticket = self.event1.items.create(name='Early-bird ticket',
|
self.ticket = self.event1.items.create(name='Early-bird ticket',
|
||||||
|
|||||||
@@ -40,8 +40,7 @@ def env():
|
|||||||
)
|
)
|
||||||
event.settings.set("ticketoutput_testdummy__enabled", True)
|
event.settings.set("ticketoutput_testdummy__enabled", True)
|
||||||
user = User.objects.create_user("dummy@dummy.dummy", "dummy")
|
user = User.objects.create_user("dummy@dummy.dummy", "dummy")
|
||||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True,
|
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||||
can_change_event_settings=True)
|
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
|
|
||||||
@@ -163,7 +162,7 @@ def test_event_export_schedule(client, env):
|
|||||||
|
|
||||||
@pytest.mark.django_db(transaction=True)
|
@pytest.mark.django_db(transaction=True)
|
||||||
def test_event_limited_permission(client, env):
|
def test_event_limited_permission(client, env):
|
||||||
env[2].can_change_event_settings = False
|
env[2].limit_event_permissions = []
|
||||||
env[2].save()
|
env[2].save()
|
||||||
user2 = User.objects.create_user("dummy2@dummy.dummy", "dummy")
|
user2 = User.objects.create_user("dummy2@dummy.dummy", "dummy")
|
||||||
|
|
||||||
@@ -199,7 +198,7 @@ def test_event_limited_permission(client, env):
|
|||||||
response = client.get(f"/control/event/dummy/dummy/orders/export/{s2.pk}/delete")
|
response = client.get(f"/control/event/dummy/dummy/orders/export/{s2.pk}/delete")
|
||||||
assert response.status_code == 404
|
assert response.status_code == 404
|
||||||
|
|
||||||
env[2].can_change_event_settings = True
|
env[2].limit_event_permissions = {"event:settings.general:write": True}
|
||||||
env[2].save()
|
env[2].save()
|
||||||
response = client.get("/control/event/dummy/dummy/orders/export/")
|
response = client.get("/control/event/dummy/dummy/orders/export/")
|
||||||
assert b"RULE1" in response.content
|
assert b"RULE1" in response.content
|
||||||
@@ -366,7 +365,7 @@ def test_organizer_limited_permission(client, env):
|
|||||||
response = client.post(f"/control/organizer/dummy/export/{s2.pk}/run")
|
response = client.post(f"/control/organizer/dummy/export/{s2.pk}/run")
|
||||||
assert response.status_code == 404
|
assert response.status_code == 404
|
||||||
|
|
||||||
env[2].can_change_organizer_settings = True
|
env[2].limit_event_permissions = {"event:settings.general:write": True}
|
||||||
env[2].save()
|
env[2].save()
|
||||||
response = client.get("/control/organizer/dummy/export/")
|
response = client.get("/control/organizer/dummy/export/")
|
||||||
assert b"RULE1" in response.content
|
assert b"RULE1" in response.content
|
||||||
|
|||||||
@@ -213,8 +213,8 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
|||||||
assert d == {"results": [{"id": gift_card.pk, "text": gift_card.secret}], "pagination": {"more": False}}
|
assert d == {"results": [{"id": gift_card.pk, "text": gift_card.secret}], "pagination": {"more": False}}
|
||||||
|
|
||||||
# Unprivileged user can only do exact match
|
# Unprivileged user can only do exact match
|
||||||
team.can_manage_gift_cards = False
|
team.all_organizer_permissions = False
|
||||||
team.can_manage_reusable_media = True
|
team.limit_organizer_permissions = {"organizer.reusablemedia:write": True, "organizer.reusablemedia:read": True}
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
r = client.get('/control/organizer/dummy/giftcards/select2?query=' + gift_card.secret[0:3])
|
r = client.get('/control/organizer/dummy/giftcards/select2?query=' + gift_card.secret[0:3])
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ class ItemFormTest(SoupTest):
|
|||||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||||
)
|
)
|
||||||
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
||||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True)
|
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ class MailSettingPreviewTest(SoupTest):
|
|||||||
)
|
)
|
||||||
self.locale_event.settings.locales = ['en', 'de-informal']
|
self.locale_event.settings.locales = ['en', 'de-informal']
|
||||||
self.locale_event.save()
|
self.locale_event.save()
|
||||||
t = Team.objects.create(organizer=self.orga1, can_change_items=True, can_change_event_settings=True)
|
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.locale_event)
|
t.limit_events.add(self.locale_event)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
|
|||||||
@@ -35,8 +35,7 @@ def env():
|
|||||||
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
||||||
)
|
)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True,
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
can_change_vouchers=True)
|
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
return event, user
|
return event, user
|
||||||
|
|||||||
@@ -67,7 +67,7 @@ def env():
|
|||||||
)
|
)
|
||||||
event.settings.set('ticketoutput_testdummy__enabled', True)
|
event.settings.set('ticketoutput_testdummy__enabled', True)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True)
|
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o = Order.objects.create(
|
o = Order.objects.create(
|
||||||
@@ -1422,7 +1422,7 @@ class OrderChangeTests(SoupTest):
|
|||||||
self.quota.items.add(self.ticket)
|
self.quota.items.add(self.ticket)
|
||||||
self.quota.items.add(self.shirt)
|
self.quota.items.add(self.shirt)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(self.event)
|
t.limit_events.add(self.event)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ def env():
|
|||||||
)
|
)
|
||||||
event.settings.set('ticketoutput_testdummy__enabled', True)
|
event.settings.set('ticketoutput_testdummy__enabled', True)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True)
|
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
ticket = Item.objects.create(event=event, name='Early-bird ticket',
|
ticket = Item.objects.create(event=event, name='Early-bird ticket',
|
||||||
|
|||||||
@@ -52,8 +52,7 @@ class OrganizerTest(SoupTest):
|
|||||||
plugins='pretix.plugins.banktransfer,tests.testdummy'
|
plugins='pretix.plugins.banktransfer,tests.testdummy'
|
||||||
)
|
)
|
||||||
|
|
||||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||||
can_change_items=True, can_change_organizer_settings=True)
|
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
|
|
||||||
|
|||||||
@@ -122,7 +122,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
|||||||
|
|
||||||
# Privileged user can search
|
# Privileged user can search
|
||||||
team.all_events = True
|
team.all_events = True
|
||||||
team.can_view_orders = True
|
team.limit_event_permissions["event.orders:read"] = True
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
||||||
@@ -140,7 +140,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
|||||||
|
|
||||||
# Unprivileged user can only do exact match
|
# Unprivileged user can only do exact match
|
||||||
team.all_events = True
|
team.all_events = True
|
||||||
team.can_view_orders = False
|
team.limit_event_permissions["event.orders:read"] = False
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
||||||
@@ -154,7 +154,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
|||||||
assert d == {"results": [{'event': 'Dummy', 'id': op.pk, 'text': 'FOO-1 (Early-bird ticket)'}], "pagination": {"more": False}}
|
assert d == {"results": [{'event': 'Dummy', 'id': op.pk, 'text': 'FOO-1 (Early-bird ticket)'}], "pagination": {"more": False}}
|
||||||
|
|
||||||
team.all_events = False
|
team.all_events = False
|
||||||
team.can_view_orders = True
|
team.limit_event_permissions["event.orders:read"] = True
|
||||||
team.save()
|
team.save()
|
||||||
|
|
||||||
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
||||||
|
|||||||
@@ -86,7 +86,7 @@ class OrderSearchTest(SoupTest):
|
|||||||
attendee_name_parts={'full_name': "Mark", "_scheme": "full"}
|
attendee_name_parts={'full_name': "Mark", "_scheme": "full"}
|
||||||
)
|
)
|
||||||
|
|
||||||
self.team = Team.objects.create(organizer=self.orga1, can_view_orders=True)
|
self.team = Team.objects.create(organizer=self.orga1, limit_event_permissions={"event.orders:read": True})
|
||||||
self.team.members.add(self.user)
|
self.team.members.add(self.user)
|
||||||
self.team.limit_events.add(self.event1)
|
self.team.limit_events.add(self.event1)
|
||||||
|
|
||||||
@@ -98,7 +98,7 @@ class OrderSearchTest(SoupTest):
|
|||||||
assert 'DEFFO2' not in resp
|
assert 'DEFFO2' not in resp
|
||||||
|
|
||||||
def test_team_limit_event_wrong_permission(self):
|
def test_team_limit_event_wrong_permission(self):
|
||||||
self.team.can_view_orders = False
|
self.team.limit_event_permissions["event.orders:read"] = False
|
||||||
self.team.save()
|
self.team.save()
|
||||||
resp = self.client.get('/control/search/orders/').content.decode()
|
resp = self.client.get('/control/search/orders/').content.decode()
|
||||||
assert 'ABCFO1' not in resp
|
assert 'ABCFO1' not in resp
|
||||||
@@ -113,7 +113,7 @@ class OrderSearchTest(SoupTest):
|
|||||||
|
|
||||||
def test_team_all_events_wrong_permission(self):
|
def test_team_all_events_wrong_permission(self):
|
||||||
self.team.all_events = True
|
self.team.all_events = True
|
||||||
self.team.can_view_orders = False
|
self.team.limit_event_permissions["event.orders:read"] = False
|
||||||
self.team.save()
|
self.team.save()
|
||||||
resp = self.client.get('/control/search/orders/').content.decode()
|
resp = self.client.get('/control/search/orders/').content.decode()
|
||||||
assert 'ABCFO1' not in resp
|
assert 'ABCFO1' not in resp
|
||||||
@@ -270,8 +270,8 @@ class PaymentSearchTest(SoupTest):
|
|||||||
info="{test payment order 2}"
|
info="{test payment order 2}"
|
||||||
)
|
)
|
||||||
|
|
||||||
self.team = Team.objects.create(organizer=self.orga1, can_view_orders=True)
|
self.team = Team.objects.create(organizer=self.orga1, limit_event_permissions={"event.orders:read": True})
|
||||||
self.team2 = Team.objects.create(organizer=self.orga2, can_view_orders=True)
|
self.team2 = Team.objects.create(organizer=self.orga2, limit_event_permissions={"event.orders:read": True})
|
||||||
self.team.members.add(self.user)
|
self.team.members.add(self.user)
|
||||||
self.team.limit_events.add(self.event1)
|
self.team.limit_events.add(self.event1)
|
||||||
|
|
||||||
@@ -283,7 +283,7 @@ class PaymentSearchTest(SoupTest):
|
|||||||
assert 'DEFFO2' not in resp
|
assert 'DEFFO2' not in resp
|
||||||
|
|
||||||
def test_team_limit_event_wrong_permission(self):
|
def test_team_limit_event_wrong_permission(self):
|
||||||
self.team.can_view_orders = False
|
self.team.limit_event_permissions["event.orders:read"] = False
|
||||||
self.team.save()
|
self.team.save()
|
||||||
resp = self.client.get('/control/search/payments/').content.decode()
|
resp = self.client.get('/control/search/payments/').content.decode()
|
||||||
assert 'ABCFO1' not in resp
|
assert 'ABCFO1' not in resp
|
||||||
@@ -298,7 +298,7 @@ class PaymentSearchTest(SoupTest):
|
|||||||
|
|
||||||
def test_team_all_events_wrong_permission(self):
|
def test_team_all_events_wrong_permission(self):
|
||||||
self.team.all_events = True
|
self.team.all_events = True
|
||||||
self.team.can_view_orders = False
|
self.team.limit_event_permissions["event.orders:read"] = False
|
||||||
self.team.save()
|
self.team.save()
|
||||||
resp = self.client.get('/control/search/payments/').content.decode()
|
resp = self.client.get('/control/search/payments/').content.decode()
|
||||||
assert 'ABCFO1' not in resp
|
assert 'ABCFO1' not in resp
|
||||||
|
|||||||
@@ -58,8 +58,7 @@ class EventShredderTest(SoupTest):
|
|||||||
plugins='pretix.plugins.banktransfer,pretix.plugins.stripe,tests.testdummy'
|
plugins='pretix.plugins.banktransfer,pretix.plugins.stripe,tests.testdummy'
|
||||||
)
|
)
|
||||||
|
|
||||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||||
can_change_items=True, can_change_orders=True)
|
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.order = Order.objects.create(
|
self.order = Order.objects.create(
|
||||||
|
|||||||
@@ -45,8 +45,7 @@ class SubEventsTest(SoupTest):
|
|||||||
has_subevents=True
|
has_subevents=True
|
||||||
)
|
)
|
||||||
|
|
||||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||||
can_change_items=True)
|
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.ticket = self.event1.items.create(name='Early-bird ticket',
|
self.ticket = self.event1.items.create(name='Early-bird ticket',
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ class TaxRateFormTest(SoupTest):
|
|||||||
organizer=self.orga1, name='30C3', slug='30c3',
|
organizer=self.orga1, name='30C3', slug='30c3',
|
||||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||||
)
|
)
|
||||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True)
|
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -56,7 +56,7 @@ def event(organizer):
|
|||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def admin_team(organizer):
|
def admin_team(organizer):
|
||||||
return Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team')
|
return Team.objects.create(organizer=organizer, all_organizer_permissions=True, all_event_permissions=True, name='Admin team')
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
@@ -216,7 +216,7 @@ def test_team_remove_last_admin(event, admin_user, admin_team, client):
|
|||||||
with scopes_disabled():
|
with scopes_disabled():
|
||||||
assert admin_user in admin_team.members.all()
|
assert admin_user in admin_team.members.all()
|
||||||
|
|
||||||
t2.can_change_teams = True
|
t2.limit_organizer_permissions = {"organizer.teams:write": True}
|
||||||
t2.save()
|
t2.save()
|
||||||
resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
|
resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
|
||||||
'remove-member': admin_user.pk
|
'remove-member': admin_user.pk
|
||||||
|
|||||||
@@ -482,7 +482,7 @@ class UserSettingsNotificationsTest(SoupTest):
|
|||||||
organizer=o, name='Dummy', slug='dummy',
|
organizer=o, name='Dummy', slug='dummy',
|
||||||
date_from=now(), plugins='pretix.plugins.banktransfer'
|
date_from=now(), plugins='pretix.plugins.banktransfer'
|
||||||
)
|
)
|
||||||
t = o.teams.create(can_change_orders=True, all_events=True)
|
t = o.teams.create(limit_event_permissions={"event.orders:write": True}, all_events=True)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
|
|
||||||
def test_toggle_all(self):
|
def test_toggle_all(self):
|
||||||
|
|||||||
@@ -110,9 +110,8 @@ def logged_in_client(client, event):
|
|||||||
user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(
|
t = Team.objects.create(
|
||||||
organizer=event.organizer,
|
organizer=event.organizer,
|
||||||
all_events=True, can_create_events=True, can_change_teams=True,
|
all_event_permissions=True,
|
||||||
can_change_organizer_settings=True, can_change_event_settings=True, can_change_items=True,
|
all_organizer_permissions=True,
|
||||||
can_view_orders=True, can_change_orders=True, can_view_vouchers=True, can_change_vouchers=True
|
|
||||||
)
|
)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
client.force_login(user)
|
client.force_login(user)
|
||||||
|
|||||||
@@ -58,7 +58,7 @@ class VoucherFormTest(SoupTestMixin, TransactionTestCase):
|
|||||||
organizer=self.orga, name='30C3', slug='30c3',
|
organizer=self.orga, name='30C3', slug='30c3',
|
||||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||||
)
|
)
|
||||||
t = Team.objects.create(organizer=self.orga, can_view_vouchers=True, can_change_vouchers=True)
|
t = Team.objects.create(organizer=self.orga, all_event_permissions=True)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event)
|
t.limit_events.add(self.event)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ def env():
|
|||||||
event=event, item=item2, email='valid@example.org', voucher=v
|
event=event, item=item2, email='valid@example.org', voucher=v
|
||||||
)
|
)
|
||||||
|
|
||||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
|
|
||||||
|
|||||||
@@ -68,18 +68,8 @@ def team(organizer):
|
|||||||
organizer=organizer,
|
organizer=organizer,
|
||||||
name="Test-Team",
|
name="Test-Team",
|
||||||
all_events=True,
|
all_events=True,
|
||||||
can_change_teams=True,
|
all_organizer_permissions=True,
|
||||||
can_manage_gift_cards=True,
|
all_event_permissions=True,
|
||||||
can_change_items=True,
|
|
||||||
can_create_events=True,
|
|
||||||
can_change_event_settings=True,
|
|
||||||
can_change_vouchers=True,
|
|
||||||
can_view_vouchers=True,
|
|
||||||
can_view_orders=True,
|
|
||||||
can_change_orders=True,
|
|
||||||
can_manage_customers=True,
|
|
||||||
can_manage_reusable_media=True,
|
|
||||||
can_change_organizer_settings=True,
|
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -46,24 +46,16 @@ class AutoCheckinFormTest(SoupTest):
|
|||||||
)
|
)
|
||||||
t = Team.objects.create(
|
t = Team.objects.create(
|
||||||
organizer=self.orga1,
|
organizer=self.orga1,
|
||||||
can_change_event_settings=True,
|
all_organizer_permissions=True,
|
||||||
can_view_orders=True,
|
all_event_permissions=True,
|
||||||
can_change_items=True,
|
|
||||||
all_events=True,
|
all_events=True,
|
||||||
can_create_events=True,
|
|
||||||
can_change_orders=True,
|
|
||||||
can_change_vouchers=True,
|
|
||||||
)
|
)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t = Team.objects.create(
|
t = Team.objects.create(
|
||||||
organizer=self.orga2,
|
organizer=self.orga2,
|
||||||
can_change_event_settings=True,
|
all_organizer_permissions=True,
|
||||||
can_view_orders=True,
|
all_event_permissions=True,
|
||||||
can_change_items=True,
|
|
||||||
all_events=True,
|
all_events=True,
|
||||||
can_create_events=True,
|
|
||||||
can_change_orders=True,
|
|
||||||
can_change_vouchers=True,
|
|
||||||
)
|
)
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
self.client.login(email="dummy@dummy.dummy", password="dummy")
|
self.client.login(email="dummy@dummy.dummy", password="dummy")
|
||||||
|
|||||||
@@ -53,9 +53,7 @@ class BadgeLayoutFormTest(SoupTest):
|
|||||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||||
)
|
)
|
||||||
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
||||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True,
|
t = Team.objects.create(organizer=self.orga1, all_events=True, all_event_permissions=True, all_organizer_permissions=True)
|
||||||
can_change_items=True, all_events=True, can_create_events=True,
|
|
||||||
can_change_orders=True, can_change_vouchers=True)
|
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ def env():
|
|||||||
date_from=now(), plugins='pretix.plugins.banktransfer'
|
date_from=now(), plugins='pretix.plugins.banktransfer'
|
||||||
)
|
)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o1 = Order.objects.create(
|
o1 = Order.objects.create(
|
||||||
@@ -274,7 +274,8 @@ def test_assign_order_organizer_no_permission(env, client):
|
|||||||
state=BankTransaction.STATE_NOMATCH,
|
state=BankTransaction.STATE_NOMATCH,
|
||||||
amount=23, date='unknown')
|
amount=23, date='unknown')
|
||||||
team = env[1].teams.first()
|
team = env[1].teams.first()
|
||||||
team.can_change_orders = False
|
team.limit_event_permissions = {}
|
||||||
|
team.all_event_permissions = False
|
||||||
team.save()
|
team.save()
|
||||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
r = client.post('/control/organizer/{}/banktransfer/action/'.format(env[0].organizer.slug), {
|
r = client.post('/control/organizer/{}/banktransfer/action/'.format(env[0].organizer.slug), {
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ def env():
|
|||||||
date_from=now(), plugins='pretix.plugins.banktransfer'
|
date_from=now(), plugins='pretix.plugins.banktransfer'
|
||||||
)
|
)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o1 = Order.objects.create(
|
o1 = Order.objects.create(
|
||||||
|
|||||||
@@ -61,7 +61,7 @@ def env():
|
|||||||
event.settings.invoice_numbers_prefix = 'INV-'
|
event.settings.invoice_numbers_prefix = 'INV-'
|
||||||
event.settings.invoice_numbers_counter_length = 3
|
event.settings.invoice_numbers_counter_length = 3
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o1 = Order.objects.create(
|
o1 = Order.objects.create(
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ def env():
|
|||||||
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
||||||
)
|
)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
order = Order.objects.create(
|
order = Order.objects.create(
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ def env():
|
|||||||
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
||||||
)
|
)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
order = Order.objects.create(
|
order = Order.objects.create(
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ def env():
|
|||||||
organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.paypal',
|
organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.paypal',
|
||||||
date_from=now(), live=True
|
date_from=now(), live=True
|
||||||
)
|
)
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o1 = Order.objects.create(
|
o1 = Order.objects.create(
|
||||||
|
|||||||
@@ -42,7 +42,7 @@ def env():
|
|||||||
organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.paypal2',
|
organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.paypal2',
|
||||||
date_from=now(), live=True
|
date_from=now(), live=True
|
||||||
)
|
)
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o1 = Order.objects.create(
|
o1 = Order.objects.create(
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ from pretix.base.models import Checkin, Item, Order, OrderPosition, Team, User
|
|||||||
def logged_in_client(client, event):
|
def logged_in_client(client, event):
|
||||||
"""Returns a logged client"""
|
"""Returns a logged client"""
|
||||||
user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
client.force_login(user)
|
client.force_login(user)
|
||||||
|
|||||||
@@ -41,7 +41,7 @@ def env():
|
|||||||
organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.stripe',
|
organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.stripe',
|
||||||
date_from=now(), live=True
|
date_from=now(), live=True
|
||||||
)
|
)
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
o1 = Order.objects.create(
|
o1 = Order.objects.create(
|
||||||
|
|||||||
@@ -43,7 +43,7 @@ def env():
|
|||||||
organizer=o, name='Dummy', slug='dummy',
|
organizer=o, name='Dummy', slug='dummy',
|
||||||
date_from=now(), plugins='pretix.plugins.banktransfer'
|
date_from=now(), plugins='pretix.plugins.banktransfer'
|
||||||
)
|
)
|
||||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
item1 = Item.objects.create(event=event, name="Ticket", default_price=23)
|
item1 = Item.objects.create(event=event, name="Ticket", default_price=23)
|
||||||
tl = event.ticket_layouts.create(
|
tl = event.ticket_layouts.create(
|
||||||
|
|||||||
@@ -54,9 +54,7 @@ class TicketLayoutFormTest(SoupTest):
|
|||||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||||
)
|
)
|
||||||
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
||||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True,
|
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||||
can_change_items=True, all_events=True, can_create_events=True,
|
|
||||||
can_change_vouchers=True, can_change_orders=True)
|
|
||||||
t.members.add(self.user)
|
t.members.add(self.user)
|
||||||
t.limit_events.add(self.event1)
|
t.limit_events.add(self.event1)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ def env():
|
|||||||
date_from=now(), plugins='pretix.plugins.ticketoutputpdf'
|
date_from=now(), plugins='pretix.plugins.ticketoutputpdf'
|
||||||
)
|
)
|
||||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
t = Team.objects.create(organizer=event.organizer, can_create_events=True, can_change_event_settings=True, can_change_items=True)
|
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||||
t.members.add(user)
|
t.members.add(user)
|
||||||
t.limit_events.add(event)
|
t.limit_events.add(event)
|
||||||
item1 = Item.objects.create(event=event, name="Ticket", default_price=23)
|
item1 = Item.objects.create(event=event, name="Ticket", default_price=23)
|
||||||
|
|||||||
@@ -28,8 +28,7 @@ class TimemachineTestMixin:
|
|||||||
@scopes_disabled()
|
@scopes_disabled()
|
||||||
def _login_with_permission(self, orga):
|
def _login_with_permission(self, orga):
|
||||||
self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||||
self.team1 = Team.objects.create(organizer=orga, can_create_events=True, can_change_event_settings=True,
|
self.team1 = Team.objects.create(organizer=orga, all_event_permissions=True, all_events=True)
|
||||||
can_change_items=True, all_events=True)
|
|
||||||
self.team1.members.add(self.user)
|
self.team1.members.add(self.user)
|
||||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user