CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-05 15:14:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Event list API: Do not show events without any access permissions

Browse Source
This commit is contained in:
Raphael Michel
2018-09-24 12:44:45 +02:00
parent e815cce143
commit 9935ba370d
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/pretix/api/views/event.py
View File

@@ -12,7 +12,7 @@ from pretix.api.serializers.event import (
TaxRuleSerializer,
)
from pretix.api.views import ConditionalListView
from pretix.base.models import Event, ItemCategory, TaxRule
from pretix.base.models import Event, ItemCategory, TaxRule, TeamAPIToken
from pretix.base.models.event import SubEvent
from pretix.helpers.dicts import merge_dicts
@@ -73,7 +73,16 @@ class EventViewSet(viewsets.ModelViewSet):
filterset_class = EventFilter
def get_queryset(self):
return self.request.organizer.events.prefetch_related('meta_values', 'meta_values__property')
if isinstance(self.request.auth, TeamAPIToken):
qs = self.request.auth.team.get_events_with_any_permission()
elif self.request.user.is_authenticated:
qs = self.request.user.get_events_with_any_permission(self.request).filter(
organizer=self.request.organizer
)
return qs.prefetch_related(
'meta_values', 'meta_values__property'
)
def perform_update(self, serializer):
current_live_value = serializer.instance.live