CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-06 15:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Correctly pass query string when redirecting to sudo page

Browse Source
This commit is contained in:
Raphael Michel
2021-01-28 21:34:30 +01:00
parent f156299cb3
commit a1bfe05879
4 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/pretix/control/permissions.py
View File

@@ -6,6 +6,13 @@ from django.urls import reverse
from django.utils.translation import gettext as _
def current_url(request):
if len(request.GET):
return request.path + '?' + request.GET.urlencode()
else:
return request.path
def event_permission_required(permission):
"""
This view decorator rejects all requests with a 403 response which are not from
@@ -94,7 +101,7 @@ def administrator_permission_required():
raise PermissionDenied()
if not request.user.has_active_staff_session(request.session.session_key):
if request.user.is_staff:
return redirect(reverse('control:user.sudo') + '?next=' + quote(request.path))
return redirect(reverse('control:user.sudo') + '?next=' + quote(current_url(request)))
raise PermissionDenied(_('You do not have permission to view this content.'))
return function(request, *args, **kw)
return wrapper

2
src/pretix/control/templates/pretixcontrol/base.html
View File

@@ -186,7 +186,7 @@
{% if request.user.is_staff and not staff_session %}
<li>
<form action="{% url 'control:user.sudo' %}?next={{ request.path|urlencode }}" method="post">
<form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
{% csrf_token %}
<button type="submit" class="btn btn-link" id="button-sudo">
<i class="fa fa-id-card"></i> {% trans "Admin mode" %}