CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-10 16:04:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Event list API: Do not show events without any access permissions

Browse Source
This commit is contained in:
Raphael Michel
2018-09-24 12:44:45 +02:00
parent e815cce143
commit 9935ba370d
1 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/pretix/api/views/event.py
View File

@@ -12,7 +12,7 @@ from pretix.api.serializers.event import (
TaxRuleSerializer, TaxRuleSerializer,
) )
from pretix.api.views import ConditionalListView from pretix.api.views import ConditionalListView
from pretix.base.models import Event, ItemCategory, TaxRule from pretix.base.models import Event, ItemCategory, TaxRule, TeamAPIToken
from pretix.base.models.event import SubEvent from pretix.base.models.event import SubEvent
from pretix.helpers.dicts import merge_dicts from pretix.helpers.dicts import merge_dicts
@@ -73,7 +73,16 @@ class EventViewSet(viewsets.ModelViewSet):
filterset_class = EventFilter filterset_class = EventFilter
def get_queryset(self): def get_queryset(self):
return self.request.organizer.events.prefetch_related('meta_values', 'meta_values__property') if isinstance(self.request.auth, TeamAPIToken):
qs = self.request.auth.team.get_events_with_any_permission()
elif self.request.user.is_authenticated:
qs = self.request.user.get_events_with_any_permission(self.request).filter(
organizer=self.request.organizer
)
return qs.prefetch_related(
'meta_values', 'meta_values__property'
)
def perform_update(self, serializer): def perform_update(self, serializer):
current_live_value = serializer.instance.live current_live_value = serializer.instance.live