Add auditable superuser mode (#824)

* Remove is_superuser everywhere * Session handling * List of sessions, relative timeout * Absolute timeout * Optionally pseudo-force audit comments * Fix failing tests * Add tests * Add docs * Rebsae migration * Typos * Fix tests
2026-05-04 15:04:03 +00:00 · 2018-03-28 14:16:58 +02:00
parent 558c920181
commit a284e0c2f7
56 changed files with 965 additions and 130 deletions
--- a/src/pretix/control/forms/users.py
+++ b/src/pretix/control/forms/users.py
@@ -8,6 +8,13 @@ from django.utils.translation import ugettext_lazy as _
 from pytz import common_timezones

 from pretix.base.models import User
+from pretix.base.models.auth import StaffSession
+
+
+class StaffSessionForm(forms.ModelForm):
+    class Meta:
+        model = StaffSession
+        fields = ['comment']


 class UserEditForm(forms.ModelForm):
@@ -41,7 +48,7 @@ class UserEditForm(forms.ModelForm):
            'email',
            'require_2fa',
            'is_active',
-            'is_superuser'
+            'is_staff'
        ]

    def __init__(self, *args, **kwargs):