Add auditable superuser mode (#824)

* Remove is_superuser everywhere * Session handling * List of sessions, relative timeout * Absolute timeout * Optionally pseudo-force audit comments * Fix failing tests * Add tests * Add docs * Rebsae migration * Typos * Fix tests
2026-05-09 15:54:03 +00:00 · 2018-03-28 14:16:58 +02:00
parent 558c920181
commit a284e0c2f7
56 changed files with 965 additions and 130 deletions
--- a/src/pretix/control/templates/pretixcontrol/user/staff_session_edit.html
+++ b/src/pretix/control/templates/pretixcontrol/user/staff_session_edit.html
@@ -0,0 +1,47 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Staff session" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Session notes" %}</h1>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        {% bootstrap_form_errors form %}
+        {% bootstrap_field form.comment layout='horizontal' %}
+        <div class="form-group submit-group">
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Save" %}
+            </button>
+        </div>
+    </form>
+    <h1>{% trans "Audit log" %}</h1>
+    <dl class="dl-horizontal">
+        <dt>{% trans "Start date" %}</dt>
+        <dd>{{ session.date_start|date:"SHORT_DATETIME_FORMAT" }}</dd>
+        <dt>{% trans "End date" %}</dt>
+        <dd>{{ session.date_end|date:"SHORT_DATETIME_FORMAT" }}</dd>
+        <dt>{% trans "User" %}</dt>
+        <dd>{{ session.user.email }}</dd>
+    </dl>
+    <table class="table table-condensed">
+    <thead>
+    <tr>
+        <th>{% trans "Timestamp" %}</th>
+        <th>{% trans "Method" %}</th>
+        <th>{% trans "URL" %}</th>
+        <th>{% trans "On behalf of" %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    {% for log in logs %}
+        <tr>
+        <td>{{ log.datetime|date:"SHORT_DATETIME_FORMAT" }}</td>
+        <td>{{ log.method }}</td>
+        <td>{{ log.url }}</td>
+        <td>{{ log.impersonating|default:"" }}</td>
+        </tr>
+    {% endfor %}
+    </tbody>
+
+    </table>
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/staff_session_list.html
+++ b/src/pretix/control/templates/pretixcontrol/user/staff_session_list.html
@@ -0,0 +1,58 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% load urlreplace %}
+{% block title %}{% trans "Admin sessions" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Admin sessions" %}</h1>
+    <table class="table table-condensed table-hover">
+        <thead>
+        <tr>
+            <th>
+                #
+            </th>
+            <th>
+                {% trans "User" %}
+            </th>
+            <th>
+                {% trans "Start date" %}
+            </th>
+            <th>{% trans "End date" %}</th>
+            <th>{% trans "Comment" %}</th>
+            <th></th>
+        </tr>
+        </thead>
+        <tbody>
+        {% for s in sessions %}
+            <tr>
+                <td><strong>
+                    <a href="{% url "control:user.sudo.edit" id=s.pk %}">{{ s.pk }}</a>
+                </strong></td>
+                <td><strong>
+                    <a href="{% url "control:users.edit" id=s.user.pk %}">{{ s.user.email }}</a>
+                </strong></td>
+                <td>
+                    {{ s.date_start|date:"SHORT_DATETIME_FORMAT" }}
+                </td>
+                <td>
+                    {% if s.date_end %}
+                        {{ s.date_end|date:"SHORT_DATETIME_FORMAT" }}
+                    {% endif %}
+                </td>
+                <td>
+                    {% if s.comment %}
+                        <span class="fa fa-check"></span>
+                    {% else %}
+                        <span class="fa fa-times text-danger"></span>
+                    {% endif %}
+                </td>
+                <td class="text-right">
+                    <a href="{% url "control:user.sudo.edit" id=s.id %}" class="btn btn-default btn-sm"><i
+                            class="fa fa-edit"></i></a>
+                </td>
+            </tr>
+        {% endfor %}
+        </tbody>
+    </table>
+    {% include "pretixcontrol/pagination.html" %}
+{% endblock %}
--- a/src/pretix/control/templates/pretixcontrol/user/staff_session_start.html
+++ b/src/pretix/control/templates/pretixcontrol/user/staff_session_start.html
@@ -0,0 +1,22 @@
+{% extends "pretixcontrol/base.html" %}
+{% load i18n %}
+{% load bootstrap3 %}
+{% block title %}{% trans "Admin mode" %}{% endblock %}
+{% block content %}
+    <h1>{% trans "Admin mode" %}</h1>
+    <p>
+        {% blocktrans trimmed %}
+            To perform this action, you need to start an administrative session. Everything you do in that session
+            will be logged and you will later be asked to fill in a comment on what you did in your session for later
+            reference.
+        {% endblocktrans %}
+    </p>
+    <form action="" method="post" class="form-horizontal">
+        {% csrf_token %}
+        <div class="form-group submit-group">
+            <button type="submit" class="btn btn-primary btn-save">
+                {% trans "Start session" %}
+            </button>
+        </div>
+    </form>
+{% endblock %}