diff --git a/src/pretix/base/models/organizer.py b/src/pretix/base/models/organizer.py index 04da1b5334..ddac919f41 100644 --- a/src/pretix/base/models/organizer.py +++ b/src/pretix/base/models/organizer.py @@ -381,7 +381,7 @@ class Team(LoggedModel): can_change_orders = LegacyPermissionProperty() can_checkin_orders = LegacyPermissionProperty() can_view_vouchers = LegacyPermissionProperty() - can_change_vuchers = LegacyPermissionProperty() + can_change_vouchers = LegacyPermissionProperty() can_create_events = LegacyPermissionProperty() can_change_organizer_settings = LegacyPermissionProperty() can_change_teams = LegacyPermissionProperty() diff --git a/src/pretix/control/forms/event.py b/src/pretix/control/forms/event.py index 917b4de1c0..24118843e7 100644 --- a/src/pretix/control/forms/event.py +++ b/src/pretix/control/forms/event.py @@ -62,6 +62,7 @@ from pretix.base.forms import ( ) from pretix.base.models import Event, Organizer, TaxRule, Team from pretix.base.models.event import EventFooterLink, EventMetaValue, SubEvent +from pretix.base.models.organizer import TeamQuerySet from pretix.base.models.tax import TAX_CODE_LISTS from pretix.base.reldate import RelativeDateField, RelativeDateTimeField from pretix.base.services.placeholders import FormPlaceholderMixin @@ -104,7 +105,7 @@ class EventWizardFoundationForm(forms.Form): qs = Organizer.objects.all() if not self.user.has_active_staff_session(self.session.session_key): qs = qs.filter( - id__in=self.user.teams.filter(can_create_events=True).values_list('organizer', flat=True) + id__in=self.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).values_list('organizer', flat=True) ) self.fields['organizer'] = forms.ModelChoiceField( label=_("Organizer"), @@ -262,8 +263,12 @@ class EventWizardBasicsForm(I18nModelForm): @staticmethod def has_control_rights(user, organizer, session): return user.teams.filter( - organizer=organizer, all_events=True, can_change_event_settings=True, can_change_items=True, - can_change_orders=True, can_change_vouchers=True + TeamQuerySet.event_permission_q("event.items:write"), + TeamQuerySet.event_permission_q("event.orders:write"), + TeamQuerySet.event_permission_q("event.vouchers:write"), + TeamQuerySet.event_permission_q("event.settings.general:write"), + organizer=organizer, + all_events=True, ).exists() or user.has_active_staff_session(session.session_key) @@ -294,9 +299,14 @@ class EventWizardCopyForm(forms.Form): return Event.objects.all() return Event.objects.filter( Q(organizer_id__in=user.teams.filter( - all_events=True, can_change_event_settings=True, can_change_items=True + # TODO: review these! + # Restrict cross-organizer copying further than same-organizer copying? + TeamQuerySet.event_permission_q("event.settings.general:write"), + TeamQuerySet.event_permission_q("event.items:write"), + all_events=True, ).values_list('organizer', flat=True)) | Q(id__in=user.teams.filter( - can_change_event_settings=True, can_change_items=True + TeamQuerySet.event_permission_q("event.settings.general:write"), + TeamQuerySet.event_permission_q("event.items:write"), ).values_list('limit_events__id', flat=True)) ) diff --git a/src/pretix/control/forms/organizer.py b/src/pretix/control/forms/organizer.py index 54a0def181..ab65de1a8f 100644 --- a/src/pretix/control/forms/organizer.py +++ b/src/pretix/control/forms/organizer.py @@ -75,7 +75,7 @@ from pretix.base.models import ( ReusableMedium, SalesChannel, Team, ) from pretix.base.models.customers import CustomerSSOClient, CustomerSSOProvider -from pretix.base.models.organizer import OrganizerFooterLink +from pretix.base.models.organizer import OrganizerFooterLink, TeamQuerySet from pretix.base.settings import ( PERSON_NAME_SCHEMES, PERSON_NAME_TITLE_GROUPS, validate_organizer_settings, ) @@ -325,7 +325,8 @@ class TeamForm(forms.ModelForm): data = super().clean() if self.instance.pk and not data['can_change_teams']: if not self.instance.organizer.teams.exclude(pk=self.instance.pk).filter( - can_change_teams=True, members__isnull=False + TeamQuerySet.organizer_permission_q("organizer.teams:write"), + members__isnull=False ).exists(): raise ValidationError(_('The changes could not be saved because there would be no remaining team with ' 'the permission to change teams and permissions.')) diff --git a/src/pretix/control/views/dashboards.py b/src/pretix/control/views/dashboards.py index 25486f7c22..6903091d38 100644 --- a/src/pretix/control/views/dashboards.py +++ b/src/pretix/control/views/dashboards.py @@ -66,6 +66,7 @@ from pretix.control.signals import ( from pretix.helpers.daterange import daterange from ...base.models.orders import CancellationRequest +from ...base.models.organizer import TeamQuerySet from ...base.templatetags.money import money_filter from ..logdisplay import OVERVIEW_BANLIST @@ -491,8 +492,13 @@ def widgets_for_event_qs(request, qs, user, nmax, lazy=False): # Get set of events where we have the permission to show the # of orders if not lazy: events_with_orders = set(qs.filter( - Q(organizer_id__in=user.teams.filter(all_events=True, can_view_orders=True).values_list('organizer', flat=True)) - | Q(id__in=user.teams.filter(can_view_orders=True).values_list('limit_events__id', flat=True)) + Q(organizer_id__in=user.teams.filter( + TeamQuerySet.event_permission_q("event.orders:read"), + all_events=True, + ).values_list('organizer', flat=True)) + | Q(id__in=user.teams.filter( + TeamQuerySet.event_permission_q("event.orders:read"), + ).values_list('limit_events__id', flat=True)) ).values_list('id', flat=True)) tpl = """ diff --git a/src/pretix/control/views/main.py b/src/pretix/control/views/main.py index 8f0455818d..c21ceccf02 100644 --- a/src/pretix/control/views/main.py +++ b/src/pretix/control/views/main.py @@ -51,6 +51,7 @@ from i18nfield.strings import LazyI18nString from pretix.base.forms import SafeSessionWizardView from pretix.base.i18n import language from pretix.base.models import Event, EventMetaValue, Organizer, Quota, Team +from pretix.base.models.organizer import TeamQuerySet from pretix.base.services.quotas import QuotaAvailability from pretix.control.forms.event import ( EventWizardBasicsForm, EventWizardCopyForm, EventWizardFoundationForm, @@ -190,7 +191,9 @@ class EventWizard(SafeSessionWizardView): qs = Organizer.objects.all() if not self.request.user.has_active_staff_session(self.request.session.session_key): qs = qs.filter( - id__in=self.request.user.teams.filter(can_create_events=True).values_list('organizer', flat=True) + id__in=self.request.user.teams.filter( + TeamQuerySet.organizer_permission_q("organizer.events:create"), + ).values_list('organizer', flat=True) ) organizer = qs.get(slug=self.request.GET.get('organizer')) initial['organizer'] = organizer @@ -222,7 +225,7 @@ class EventWizard(SafeSessionWizardView): def get_context_data(self, form, **kwargs): ctx = super().get_context_data(form, **kwargs) - ctx['has_organizer'] = self.request.user.teams.filter(can_create_events=True).exists() + ctx['has_organizer'] = self.request.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).exists() if self.steps.current == 'basics': ctx['organizer'] = self.get_cleaned_data_for_step('foundation').get('organizer') return ctx @@ -284,21 +287,16 @@ class EventWizard(SafeSessionWizardView): name=_('Team {event}').format( event=str(event.name)[:100] + "…" if len(str(event.name)) > 100 else str(event.name) ), - can_change_event_settings=True, can_change_items=True, - can_view_orders=True, can_change_orders=True, can_view_vouchers=True, - can_change_vouchers=True + all_organizer_permissions=False, + all_event_permissions=True, ) t.members.add(self.request.user) t.limit_events.add(event) t.log_action('pretix.team.created', user=self.request.user, data={ '_created_by_event_wizard': True, 'name': t.name, - 'can_change_event_settings': True, - 'can_change_items': True, - 'can_view_orders': True, - 'can_change_orders': True, - 'can_view_vouchers': True, - 'can_change_vouchers': True, + 'all_organizer_permissions': False, + 'all_event_permissions': True, 'limit_events': [event.pk], }) diff --git a/src/pretix/control/views/organizer.py b/src/pretix/control/views/organizer.py index 0cf66555cf..f67b81af5e 100644 --- a/src/pretix/control/views/organizer.py +++ b/src/pretix/control/views/organizer.py @@ -96,7 +96,9 @@ from pretix.base.models.giftcards import ( GiftCardAcceptance, GiftCardTransaction, gen_giftcard_secret, ) from pretix.base.models.orders import CancellationRequest -from pretix.base.models.organizer import SalesChannel, TeamAPIToken +from pretix.base.models.organizer import ( + SalesChannel, TeamAPIToken, TeamQuerySet, +) from pretix.base.payment import PaymentException from pretix.base.plugins import ( PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID, @@ -581,10 +583,7 @@ class OrganizerCreate(CreateView): ret = super().form_valid(form) t = Team.objects.create( organizer=form.instance, name=_('Administrators'), - all_events=True, can_create_events=True, can_change_teams=True, can_manage_gift_cards=True, - can_change_organizer_settings=True, can_change_event_settings=True, can_change_items=True, - can_manage_customers=True, can_manage_reusable_media=True, - can_view_orders=True, can_change_orders=True, can_view_vouchers=True, can_change_vouchers=True + all_events=True, all_event_permissions=True, all_organizer_permissions=True, ) t.members.add(self.request.user) return ret @@ -972,7 +971,8 @@ class TeamDeleteView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin, def is_allowed(self) -> bool: return self.request.organizer.teams.exclude(pk=self.kwargs.get('team')).filter( - can_change_teams=True, members__isnull=False + TeamQuerySet.organizer_permission_q("organizer.teams:write"), + members__isnull=False ).exists() or self.request.user.has_active_staff_session(self.request.session.session_key) @transaction.atomic @@ -1067,9 +1067,10 @@ class TeamMemberView(OrganizerDetailViewMixin, OrganizerPermissionRequiredMixin, pass else: other_admin_teams = self.request.organizer.teams.exclude(pk=self.object.pk).filter( - can_change_teams=True, members__isnull=False + TeamQuerySet.organizer_permission_q("organizer.teams:write"), + members__isnull=False ).exists() or self.request.user.has_active_staff_session(self.request.session.session_key) - if not other_admin_teams and self.object.can_change_teams and self.object.members.count() == 1: + if not other_admin_teams and self.object.has_permission() and self.object.members.count() == 1: messages.error(self.request, _('You cannot remove the last member from this team as no one would ' 'be left with the permission to change teams.')) return redirect(self.get_success_url()) diff --git a/src/pretix/control/views/typeahead.py b/src/pretix/control/views/typeahead.py index ac8a1de8e4..e9d7584626 100644 --- a/src/pretix/control/views/typeahead.py +++ b/src/pretix/control/views/typeahead.py @@ -51,6 +51,7 @@ from pretix.base.models import ( ItemVariation, ItemVariationMetaValue, Order, OrderPosition, Organizer, SubEventMetaValue, User, Voucher, ) +from pretix.base.models.organizer import TeamQuerySet from pretix.control.forms.event import EventWizardCopyForm from pretix.control.permissions import ( event_permission_required, organizer_permission_required, @@ -240,8 +241,13 @@ def ticket_select2(request, **kwargs): qs_orders = qs_orders.filter( exact_match | ( soft_match & ( - Q(order__event__organizer_id__in=request.user.teams.filter(all_events=True, can_view_orders=True).values_list('organizer', flat=True)) - | Q(order__event_id__in=request.user.teams.filter(can_view_orders=True).values_list('limit_events__id', flat=True)) + Q(order__event__organizer_id__in=request.user.teams.filter( + TeamQuerySet.event_permission_q("event.orders:read"), + all_events=True, + ).values_list('organizer', flat=True)) + | Q(order__event_id__in=request.user.teams.filter( + TeamQuerySet.event_permission_q("event.orders:read") + ).values_list('limit_events__id', flat=True)) ) ) ) @@ -337,9 +343,9 @@ def nav_context_list(request): if not request.user.has_active_staff_session(request.session.session_key): qs_orders = qs_orders.filter( Q(event__organizer_id__in=request.user.teams.filter( - all_events=True, can_view_orders=True).values_list('organizer', flat=True)) + TeamQuerySet.event_permission_q("event.orders:read"), all_events=True).values_list('organizer', flat=True)) | Q(event_id__in=request.user.teams.filter( - can_view_orders=True).values_list('limit_events__id', flat=True)) + TeamQuerySet.event_permission_q("event.orders:read")).values_list('limit_events__id', flat=True)) ) qs_vouchers = Voucher.objects.filter( @@ -348,9 +354,9 @@ def nav_context_list(request): if not request.user.has_active_staff_session(request.session.session_key): qs_vouchers = qs_vouchers.filter( Q(event__organizer_id__in=request.user.teams.filter( - all_events=True, can_view_vouchers=True).values_list('organizer', flat=True)) + TeamQuerySet.event_permission_q("event.vouchers:read"), all_events=True).values_list('organizer', flat=True)) | Q(event_id__in=request.user.teams.filter( - can_view_vouchers=True).values_list('limit_events__id', flat=True)) + TeamQuerySet.event_permission_q("event.vouchers:read")).values_list('limit_events__id', flat=True)) ) else: qs_vouchers = Voucher.objects.none() @@ -813,7 +819,7 @@ def organizer_select2(request): qs = qs.filter(Q(name__icontains=term) | Q(slug__icontains=term)) if not request.user.has_active_staff_session(request.session.session_key): if 'can_create' in request.GET: - qs = qs.filter(pk__in=request.user.teams.filter(can_create_events=True).values_list('organizer', flat=True)) + qs = qs.filter(pk__in=request.user.teams.filter(TeamQuerySet.organizer_permission_q("organizer.events:create")).values_list('organizer', flat=True)) else: qs = qs.filter(pk__in=request.user.teams.values_list('organizer', flat=True)) @@ -976,21 +982,21 @@ def item_meta_values(request, organizer, event): var_matches = var_matches.filter(variation__item__event__organizer_id=organizer.pk) all_access = ( request.user.has_active_staff_session(request.session.session_key) - or request.user.teams.filter(all_events=True, organizer=organizer, can_change_items=True).exists() + or request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write"), all_events=True, organizer=organizer).exists() ) if not all_access: defaults = defaults.filter( - event__id__in=request.user.teams.filter(can_change_items=True).values_list( + event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list( 'limit_events__id', flat=True ) ) matches = matches.filter( - item__event__id__in=request.user.teams.filter(can_change_items=True).values_list( + item__event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list( 'limit_events__id', flat=True ) ) var_matches = var_matches.filter( - variation__item__event__id__in=request.user.teams.filter(can_change_items=True).values_list( + variation__item__event__id__in=request.user.teams.filter(TeamQuerySet.event_permission_q("event.items:write")).values_list( 'limit_events__id', flat=True ) ) diff --git a/src/pretix/helpers/permission_migration.py b/src/pretix/helpers/permission_migration.py index b810e63a2a..83a7e69e0c 100644 --- a/src/pretix/helpers/permission_migration.py +++ b/src/pretix/helpers/permission_migration.py @@ -42,7 +42,7 @@ OLD_TO_NEW_ORGANIZER_MIGRATION = { "can_create_events": ["organizer.events:create"], "can_change_organizer_settings": ["organizer.settings.general:write", "organizer.devices:read", "organizer.devices:write"], - "can_change_teams": ["organizer.teams:write"], + "can_change_teams": ["organizer.teams:write", "organizer.teams:read"], "can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"], "can_manage_customers": ["organizer.customers:read", "organizer.customers:write"], "can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"], @@ -59,7 +59,7 @@ OLD_TO_NEW_EVENT_COMPAT = { OLD_TO_NEW_ORGANIZER_COMPAT = { "can_create_events": ["organizer.events:create"], "can_change_organizer_settings": ["organizer.settings.general:write"], - "can_change_teams": ["organizer.teams:write"], + "can_change_teams": ["organizer.teams:write", "organizer.teams:read"], "can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"], "can_manage_customers": ["organizer.customers:read", "organizer.customers:write"], "can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"], diff --git a/src/pretix/plugins/banktransfer/views.py b/src/pretix/plugins/banktransfer/views.py index 29926aa2cb..2aef7fd550 100644 --- a/src/pretix/plugins/banktransfer/views.py +++ b/src/pretix/plugins/banktransfer/views.py @@ -58,6 +58,7 @@ from localflavor.generic.forms import BICFormField, IBANFormField from pretix.base.forms.widgets import DatePickerWidget from pretix.base.models import Event, Order, OrderPayment, OrderRefund, Quota +from pretix.base.models.organizer import TeamQuerySet from pretix.base.services.mail import SendMailException from pretix.base.settings import SettingsSandbox from pretix.base.templatetags.money import money_filter @@ -661,14 +662,20 @@ class OrganizerActionView(OrganizerBanktransferView, OrganizerPermissionRequired permission = 'can_change_orders' def order_qs(self): - all = self.request.user.teams.filter(organizer=self.request.organizer, can_change_orders=True, - can_view_orders=True, all_events=True).exists() + all = self.request.user.teams.filter( + TeamQuerySet.event_permission_q("event.orders:read"), + TeamQuerySet.event_permission_q("event.orders:write"), + all_events=True, + organizer=self.request.organizer, + ).exists() if self.request.user.has_active_staff_session(self.request.session.session_key) or all: return Order.objects.filter(event__organizer=self.request.organizer) else: return Order.objects.filter( event_id__in=self.request.user.teams.filter( - organizer=self.request.organizer, can_change_orders=True, can_view_orders=True + TeamQuerySet.event_permission_q("event.orders:read"), + TeamQuerySet.event_permission_q("event.orders:write"), + organizer=self.request.organizer, ).values_list('limit_events__id', flat=True) ) diff --git a/src/tests/api/conftest.py b/src/tests/api/conftest.py index 4947708d7c..b96c3e278d 100644 --- a/src/tests/api/conftest.py +++ b/src/tests/api/conftest.py @@ -106,17 +106,8 @@ def team(organizer): return Team.objects.create( organizer=organizer, name="Test-Team", - can_change_teams=True, - can_manage_gift_cards=True, - can_change_items=True, - can_create_events=True, - can_change_event_settings=True, - can_change_vouchers=True, - can_view_vouchers=True, - can_change_orders=True, - can_manage_customers=True, - can_manage_reusable_media=True, - can_change_organizer_settings=True + all_event_permissions=True, + all_organizer_permissions=True, ) @@ -140,8 +131,8 @@ def user(): @pytest.fixture @scopes_disabled() def user_client(client, team, user): - team.can_view_orders = True - team.can_view_vouchers = True + team.limit_event_permissions["event.orders:read"] = True + team.limit_event_permissions["event.vouchers:read"] = True team.all_events = True team.save() team.members.add(user) @@ -152,8 +143,8 @@ def user_client(client, team, user): @pytest.fixture @scopes_disabled() def token_client(client, team): - team.can_view_orders = True - team.can_view_vouchers = True + team.limit_event_permissions["event.orders:read"] = True + team.limit_event_permissions["event.vouchers:read"] = True team.all_events = True team.save() t = team.tokens.create(name='Foo') diff --git a/src/tests/api/test_checkin.py b/src/tests/api/test_checkin.py index 1dc696e6f3..c1d8bb13ff 100644 --- a/src/tests/api/test_checkin.py +++ b/src/tests/api/test_checkin.py @@ -1358,9 +1358,8 @@ def test_checkin_pdf_data_requires_permission(token_client, event, team, organiz )) assert resp.data['results'][0].get('pdf_data') with scopes_disabled(): - team.can_view_orders = False - team.can_change_orders = False - team.can_checkin_orders = True + team.limit_event_permissions = {"event.orders:checkin": True} + team.all_event_permissions = False team.save() resp = token_client.get('/api/v1/organizers/{}/events/{}/checkinlists/{}/positions/?search=z3fsn8jyu&pdf_data=true'.format( organizer.slug, event.slug, clist_all.pk diff --git a/src/tests/api/test_checkinrpc.py b/src/tests/api/test_checkinrpc.py index 9fb79cfa67..44e278a93d 100644 --- a/src/tests/api/test_checkinrpc.py +++ b/src/tests/api/test_checkinrpc.py @@ -984,9 +984,8 @@ def test_search_multiple_lists(token_client, organizer, clist_all, clist_event2, @pytest.mark.django_db def test_without_permission(token_client, event, team, organizer, clist_all, order): with scopes_disabled(): - team.can_view_orders = False - team.can_change_orders = False - team.can_checkin_orders = False + team.limit_event_permissions = {} + team.all_event_permissions = False team.save() resp = token_client.get( '/api/v1/organizers/{}/checkinrpc/search/?list={}&search=dummy.test&ordering=attendee_name'.format(organizer.slug, clist_all.pk)) @@ -1043,9 +1042,8 @@ def test_checkin_only_permission(token_client, event, team, organizer, clist_all assert resp.data['position'].get('pdf_data') with scopes_disabled(): - team.can_view_orders = False - team.can_change_orders = False - team.can_checkin_orders = True + team.limit_event_permissions = {"event.orders:checkin": True} + team.all_event_permissions = False team.save() # With limited permissions, I can not search with a 2-character query diff --git a/src/tests/api/test_events.py b/src/tests/api/test_events.py index b2b350216a..18f63caf35 100644 --- a/src/tests/api/test_events.py +++ b/src/tests/api/test_events.py @@ -243,7 +243,8 @@ def test_event_create(team, token_client, organizer, event, meta_prop): {"key": "Workshop", "label": {"en": "Workshop"}}, ] meta_prop.save() - team.can_change_organizer_settings = False + team.limit_organizer_permissions = {"organizer.events:create": True} + team.all_organizer_permissions = False team.save() organizer.meta_properties.create( name="protected", protected=True @@ -581,16 +582,8 @@ def test_event_create_with_clone_across_organizers(user, user_client, organizer, target_org = Organizer.objects.create(name='Dummy', slug='dummy2') team = target_org.teams.create( name="Test-Team", - can_change_teams=True, - can_manage_gift_cards=True, - can_change_items=True, - can_create_events=True, - can_change_event_settings=True, - can_change_vouchers=True, - can_view_vouchers=True, - can_change_orders=True, - can_manage_customers=True, - can_change_organizer_settings=True + all_event_permissions=True, + all_organizer_permissions=True, ) team.members.add(user) diff --git a/src/tests/api/test_exporters.py b/src/tests/api/test_exporters.py index 222362e6a1..58a25b2cfa 100644 --- a/src/tests/api/test_exporters.py +++ b/src/tests/api/test_exporters.py @@ -280,7 +280,8 @@ def test_org_level_export(token_client, organizer, team, event): }, format='json') assert resp.status_code == 202 - team.can_manage_gift_cards = False + team.limit_organizer_permissions = {"organizer.events:create": True} + team.all_organizer_permissions = False team.save() resp = token_client.post('/api/v1/organizers/{}/exporters/giftcardlist/run/'.format(organizer.slug), data={ @@ -339,7 +340,8 @@ def test_event_scheduled_export_list_token(token_client, organizer, event, user, assert resp.status_code == 200 assert [res] == resp.data['results'] - team.can_change_event_settings = False + team.limit_organizer_permissions = {"organizer.events:create": True} + team.all_organizer_permissions = False team.save() # Token can no longer sees it an gets error message @@ -361,7 +363,7 @@ def test_event_scheduled_export_list_user(user_client, organizer, event, user, t resp = user_client.get('/api/v1/organizers/{}/events/{}/scheduled_exports/'.format(organizer.slug, event.slug)) assert [res] == resp.data['results'] - team.can_change_event_settings = False + team.limit_event_permissions["event.settings.general:write"] = False team.save() # Owner still can @@ -498,7 +500,8 @@ def test_org_scheduled_export_list_token(token_client, organizer, user, team, or assert resp.status_code == 200 assert [res] == resp.data['results'] - team.can_change_organizer_settings = False + team.limit_organizer_permissions = {"organizer.events:create": True} + team.all_organizer_permissions = False team.save() # Token can no longer sees it an gets error message @@ -521,7 +524,8 @@ def test_org_scheduled_export_list_user(user_client, organizer, user, team, org_ resp = user_client.get('/api/v1/organizers/{}/scheduled_exports/'.format(organizer.slug)) assert [res] == resp.data['results'] - team.can_change_organizer_settings = False + team.limit_organizer_permissions = {"organizer.events:create": True} + team.all_organizer_permissions = False team.save() # Owner still can diff --git a/src/tests/api/test_oauth.py b/src/tests/api/test_oauth.py index 8a9054c9cd..082ad6e5e2 100644 --- a/src/tests/api/test_oauth.py +++ b/src/tests/api/test_oauth.py @@ -53,8 +53,13 @@ def organizer(): @pytest.fixture def admin_team(organizer): - return Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team', all_events=True, - can_create_events=True) + return Team.objects.create( + organizer=organizer, + name='Admin team', + all_events=True, + all_event_permissions=True, + all_organizer_permissions=True, + ) @pytest.fixture @@ -387,7 +392,7 @@ def test_token_from_code(client, admin_user, organizer, application: OAuthApplic @pytest.mark.django_db def test_use_token_for_access_one_organizer(client, admin_user, organizer, application: OAuthApplication): o2 = Organizer.objects.create(name='A', slug='a') - t2 = Team.objects.create(organizer=o2, can_change_teams=True, name='Admin team', all_events=True) + t2 = Team.objects.create(organizer=o2, all_organizer_permissions=True, name='Admin team', all_events=True) t2.members.add(admin_user) client.login(email='dummy@dummy.dummy', password='dummy') @@ -434,7 +439,13 @@ def test_use_token_for_access_one_organizer(client, admin_user, organizer, appli @pytest.mark.django_db def test_use_token_for_access_two_organizers(client, admin_user, organizer, application: OAuthApplication): o2 = Organizer.objects.create(name='A', slug='a') - t2 = Team.objects.create(organizer=o2, can_change_teams=True, name='Admin team', all_events=True) + t2 = Team.objects.create( + organizer=o2, + all_event_permissions=True, + all_organizer_permissions=True, + name='Admin team', + all_events=True + ) t2.members.add(admin_user) client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/api/test_permissions.py b/src/tests/api/test_permissions.py index 15da07f72e..d6b560381c 100644 --- a/src/tests/api/test_permissions.py +++ b/src/tests/api/test_permissions.py @@ -281,9 +281,9 @@ event_permission_root_urls = [ @pytest.fixture def token_client(client, team): - team.can_view_orders = True - team.can_view_vouchers = True - team.can_change_items = True + team.limit_event_permissions["event.orders:read"] = True + team.limit_event_permissions["event.vouchers:read"] = True + team.limit_event_permissions["event.items:write"] = True team.save() t = team.tokens.create(name='Foo') client.credentials(HTTP_AUTHORIZATION='Token ' + t.token) diff --git a/src/tests/api/test_subevents.py b/src/tests/api/test_subevents.py index 24478d89be..7d06c97c36 100644 --- a/src/tests/api/test_subevents.py +++ b/src/tests/api/test_subevents.py @@ -260,7 +260,8 @@ def test_all_subevents_list_filter(token_client, organizer, event, subevent): def test_subevent_create(team, token_client, organizer, event, subevent, meta_prop, item): meta_prop.choices = [{"key": "Conference", "label": {"en": "Conference"}}, {"key": "Workshop", "label": {"en": "Workshop"}}] meta_prop.save() - team.can_change_organizer_settings = False + team.limit_organizer_permissions = {"organizer.events:create": True} + team.all_organizer_permissions = False team.save() organizer.meta_properties.create( name="protected", protected=True diff --git a/src/tests/api/test_transactions.py b/src/tests/api/test_transactions.py index 9a0dea3051..df7d4b2f8c 100644 --- a/src/tests/api/test_transactions.py +++ b/src/tests/api/test_transactions.py @@ -242,7 +242,8 @@ def test_organizer_list(token_client, team, organizer, event, order, item, taxru assert resp.data["count"] == 0 team.all_events = True - team.can_view_orders = False + team.limit_organizer_permissions = {"event.vouchers:read": True} + team.all_organizer_permissions = False team.save() resp = token_client.get( diff --git a/src/tests/base/test_export.py b/src/tests/base/test_export.py index d07bb576d4..73f0bd39f4 100644 --- a/src/tests/base/test_export.py +++ b/src/tests/base/test_export.py @@ -48,7 +48,7 @@ def event(): @pytest.fixture def team(event): - return event.organizer.teams.create(all_events=True, can_view_orders=True) + return event.organizer.teams.create(all_events=True, all_event_permissions=True) @pytest.fixture @@ -143,7 +143,7 @@ def test_event_fail_user_no_permission(event, user, team): s.error_counter = 0 s.save() - team.can_view_orders = False + team.limit_event_permissions["event.orders:read"] = False team.save() run_scheduled_exports(None) @@ -273,7 +273,8 @@ def test_organizer_fail_user_does_not_have_specific_permission(event, user, team s.error_counter = 0 s.save() - team.can_manage_customers = False + team.all_event_permissions = False + team.limit_event_permissions = {"organizer.giftcards:write": True} team.save() run_scheduled_exports(None) diff --git a/src/tests/base/test_notifications.py b/src/tests/base/test_notifications.py index c3570be104..cc30b70cf5 100644 --- a/src/tests/base/test_notifications.py +++ b/src/tests/base/test_notifications.py @@ -65,7 +65,7 @@ def order(event): @pytest.fixture def team(event): - return event.organizer.teams.create(all_events=True, can_view_orders=True) + return event.organizer.teams.create(all_events=True, all_event_permissions=True) @pytest.fixture @@ -142,7 +142,7 @@ def test_notification_ignore_same_user(event, order, user, monkeypatch_on_commit @pytest.mark.django_db def test_notification_ignore_insufficient_permissions(event, order, user, team, monkeypatch_on_commit): djmail.outbox = [] - team.can_view_orders = False + team.limit_event_permissions["event.orders:read"] = False team.save() user.notification_settings.create( method='mail', event=event, action_type='pretix.event.order.paid', enabled=True diff --git a/src/tests/base/test_permissions.py b/src/tests/base/test_permissions.py index 366c40cfa3..cf74044e62 100644 --- a/src/tests/base/test_permissions.py +++ b/src/tests/base/test_permissions.py @@ -119,7 +119,7 @@ def test_specific_event_permission_limited(event, user): user._teamcache = {} assert not user.has_event_permission(event.organizer, event, 'can_change_orders') - team = Team.objects.create(organizer=event.organizer, can_change_orders=True) + team = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True}) user._teamcache = {} assert not user.has_event_permission(event.organizer, event, 'can_change_orders') @@ -135,7 +135,7 @@ def test_specific_event_permission_limited(event, user): assert user.has_event_permission(event.organizer, event, ('can_change_orders', 'can_change_event_settings')) assert not user.has_event_permission(event.organizer, event, ('can_change_teams', 'can_change_event_settings')) - team.can_change_orders = False + team.limit_event_permissions = {} team.save() user._teamcache = {} assert not user.has_event_permission(event.organizer, event, 'can_change_orders') @@ -146,7 +146,7 @@ def test_specific_event_permission_all(event, user): user._teamcache = {} assert not user.has_event_permission(event.organizer, event, 'can_change_orders') - team = Team.objects.create(organizer=event.organizer, can_change_orders=True) + team = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True}) user._teamcache = {} assert not user.has_event_permission(event.organizer, event, 'can_change_orders') @@ -159,7 +159,7 @@ def test_specific_event_permission_all(event, user): user._teamcache = {} assert user.has_event_permission(event.organizer, event, 'can_change_orders') - team.can_change_orders = False + team.limit_event_permissions = {} team.save() user._teamcache = {} assert not user.has_event_permission(event.organizer, event, 'can_change_orders') @@ -167,9 +167,9 @@ def test_specific_event_permission_all(event, user): @pytest.mark.django_db def test_event_permissions_multiple_teams(event, user): - team1 = Team.objects.create(organizer=event.organizer, can_change_orders=True, all_events=True) - team2 = Team.objects.create(organizer=event.organizer, can_change_vouchers=True) - team3 = Team.objects.create(organizer=event.organizer, can_change_event_settings=True) + team1 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True}, all_events=True) + team2 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.vouchers:write": True}) + team3 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.settings.general:write": True}) event2 = Event.objects.create( organizer=event.organizer, name='Dummy', slug='dummy2', date_from=now() @@ -207,7 +207,7 @@ def test_specific_organizer_permission(event, user): user._teamcache = {} assert not user.has_organizer_permission(event.organizer, 'can_create_events') - team = Team.objects.create(organizer=event.organizer, can_create_events=True) + team = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.events:create": True}) user._teamcache = {} assert not user.has_organizer_permission(event.organizer, 'can_create_events') @@ -219,12 +219,12 @@ def test_specific_organizer_permission(event, user): @pytest.mark.django_db def test_organizer_permissions_multiple_teams(event, user): - team1 = Team.objects.create(organizer=event.organizer, can_change_organizer_settings=True) - team2 = Team.objects.create(organizer=event.organizer, can_create_events=True) + team1 = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.settings.general:write": True}) + team2 = Team.objects.create(organizer=event.organizer, limit_organizer_permissions={"organizer.events:create": True}) team1.members.add(user) team2.members.add(user) orga2 = Organizer.objects.create(slug='d2', name='d2') - team3 = Team.objects.create(organizer=orga2, can_change_teams=True) + team3 = Team.objects.create(organizer=orga2, limit_organizer_permissions={"organizer.teams:write": True}) team3.members.add(user) assert user.has_organizer_permission(event.organizer, 'can_create_events') @@ -266,9 +266,9 @@ def test_list_of_events(event, user, admin, admin_request): assert not user.get_events_with_any_permission() - team1 = Team.objects.create(organizer=event.organizer, can_change_orders=True, all_events=True) - team2 = Team.objects.create(organizer=event.organizer, can_change_vouchers=True) - team3 = Team.objects.create(organizer=orga2, can_change_event_settings=True) + team1 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.orders:write": True}, all_events=True) + team2 = Team.objects.create(organizer=event.organizer, limit_event_permissions={"event.vouchers:write": True}) + team3 = Team.objects.create(organizer=orga2, limit_event_permissions={"event.settings.general:write": True}) team1.members.add(user) team2.members.add(user) team3.members.add(user) diff --git a/src/tests/control/test_auth.py b/src/tests/control/test_auth.py index 3787fbc33a..7b5fa54978 100644 --- a/src/tests/control/test_auth.py +++ b/src/tests/control/test_auth.py @@ -1123,7 +1123,7 @@ class Obligatory2FATest(TestCase): session.save() organizer = Organizer.objects.create(name='Dummy', slug='dummy') - team = Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team') + team = Team.objects.create(organizer=organizer, all_event_permissions=True, name='Admin team') team.members.add(self.user) self.user.require_2fa = False self.user.save() diff --git a/src/tests/control/test_checkins.py b/src/tests/control/test_checkins.py index a3afce9e83..759d744e92 100644 --- a/src/tests/control/test_checkins.py +++ b/src/tests/control/test_checkins.py @@ -61,7 +61,7 @@ def dashboard_env(): item_ticket = Item.objects.create(event=event, name="Ticket", default_price=23, admission=True) item_mascot = Item.objects.create(event=event, name="Mascot", default_price=10, admission=False) - t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=o, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) @@ -139,7 +139,7 @@ def checkin_list_env(): # permission orga = Organizer.objects.create(name='Dummy', slug='dummy') user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True) + team = Team.objects.create(organizer=orga, all_event_permissions=True) team.members.add(user) # event @@ -321,7 +321,7 @@ def test_manual_checkins_revert_requires_order_change_permission(client, checkin client.login(email='dummy@dummy.dummy', password='dummy') with scopes_disabled(): assert not checkin_list_env[5][3].checkins.exists() - Team.objects.update(can_change_orders=False, can_checkin_orders=True) + Team.objects.update(all_event_permissions=False, limit_event_permissions={"event.orders:checkin": True}) client.post('/control/event/dummy/dummy/checkinlists/{}/bulk_action'.format(checkin_list_env[6].pk), { 'checkin': [checkin_list_env[5][3].pk] }) @@ -363,7 +363,7 @@ def checkin_list_with_addon_env(): # permission orga = Organizer.objects.create(name='Dummy', slug='dummy') user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True) + team = Team.objects.create(organizer=orga, all_event_permissions=True) team.members.add(user) # event @@ -466,7 +466,7 @@ class CheckinListFormTest(SoupTest): date_from=datetime(2013, 12, 26, tzinfo=timezone.utc), ) self.event1.settings.timezone = 'Europe/Berlin' - t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True) + t = Team.objects.create(organizer=self.orga1, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/control/test_customer.py b/src/tests/control/test_customer.py index a973a19867..94e1f34618 100644 --- a/src/tests/control/test_customer.py +++ b/src/tests/control/test_customer.py @@ -85,7 +85,7 @@ def order(event, customer): def admin_user(organizer): u = User.objects.create_user('dummy@dummy.dummy', 'dummy') admin_team = Team.objects.create( - organizer=organizer, can_manage_customers=True, can_change_organizer_settings=True, + organizer=organizer, all_organizer_permissions=True, name='Admin team' ) admin_team.members.add(u) diff --git a/src/tests/control/test_events.py b/src/tests/control/test_events.py index 9042470562..809b5904f8 100644 --- a/src/tests/control/test_events.py +++ b/src/tests/control/test_events.py @@ -76,13 +76,11 @@ class EventsTest(SoupTest): date_from=datetime.datetime(2014, 9, 5, tzinfo=datetime.timezone.utc), ) - self.team1 = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True, - can_change_items=True) + self.team1 = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True) self.team1.members.add(self.user) self.team1.limit_events.add(self.event1) - self.team2 = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True, - can_change_orders=True, can_change_vouchers=True) + self.team2 = Team.objects.create(organizer=self.orga1, all_event_permissions=True) self.team2.members.add(self.user) self.client.login(email='dummy@dummy.dummy', password='dummy') @@ -1276,8 +1274,7 @@ class EventDeletionTest(SoupTest): has_subevents=False ) - t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True, - can_change_items=True) + t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.ticket = self.event1.items.create(name='Early-bird ticket', diff --git a/src/tests/control/test_export.py b/src/tests/control/test_export.py index ed28cb8697..12b715cc74 100644 --- a/src/tests/control/test_export.py +++ b/src/tests/control/test_export.py @@ -40,8 +40,7 @@ def env(): ) event.settings.set("ticketoutput_testdummy__enabled", True) user = User.objects.create_user("dummy@dummy.dummy", "dummy") - t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True, - can_change_event_settings=True) + t = Team.objects.create(organizer=o, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) @@ -163,7 +162,7 @@ def test_event_export_schedule(client, env): @pytest.mark.django_db(transaction=True) def test_event_limited_permission(client, env): - env[2].can_change_event_settings = False + env[2].limit_event_permissions = [] env[2].save() user2 = User.objects.create_user("dummy2@dummy.dummy", "dummy") @@ -199,7 +198,7 @@ def test_event_limited_permission(client, env): response = client.get(f"/control/event/dummy/dummy/orders/export/{s2.pk}/delete") assert response.status_code == 404 - env[2].can_change_event_settings = True + env[2].limit_event_permissions = {"event:settings.general:write": True} env[2].save() response = client.get("/control/event/dummy/dummy/orders/export/") assert b"RULE1" in response.content @@ -366,7 +365,7 @@ def test_organizer_limited_permission(client, env): response = client.post(f"/control/organizer/dummy/export/{s2.pk}/run") assert response.status_code == 404 - env[2].can_change_organizer_settings = True + env[2].limit_event_permissions = {"event:settings.general:write": True} env[2].save() response = client.get("/control/organizer/dummy/export/") assert b"RULE1" in response.content diff --git a/src/tests/control/test_giftcards.py b/src/tests/control/test_giftcards.py index eb6215212c..e4665e5cf1 100644 --- a/src/tests/control/test_giftcards.py +++ b/src/tests/control/test_giftcards.py @@ -213,8 +213,8 @@ def test_typeahead(organizer, admin_user, client, gift_card): assert d == {"results": [{"id": gift_card.pk, "text": gift_card.secret}], "pagination": {"more": False}} # Unprivileged user can only do exact match - team.can_manage_gift_cards = False - team.can_manage_reusable_media = True + team.all_organizer_permissions = False + team.limit_organizer_permissions = {"organizer.reusablemedia:write": True, "organizer.reusablemedia:read": True} team.save() r = client.get('/control/organizer/dummy/giftcards/select2?query=' + gift_card.secret[0:3]) diff --git a/src/tests/control/test_items.py b/src/tests/control/test_items.py index b3b4c00578..1cf62756ad 100644 --- a/src/tests/control/test_items.py +++ b/src/tests/control/test_items.py @@ -57,7 +57,7 @@ class ItemFormTest(SoupTest): date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc), ) self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1) - t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True) + t = Team.objects.create(organizer=self.orga1, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/control/test_mail_settings_preview.py b/src/tests/control/test_mail_settings_preview.py index 141fc043da..9a01a32c14 100644 --- a/src/tests/control/test_mail_settings_preview.py +++ b/src/tests/control/test_mail_settings_preview.py @@ -47,7 +47,7 @@ class MailSettingPreviewTest(SoupTest): ) self.locale_event.settings.locales = ['en', 'de-informal'] self.locale_event.save() - t = Team.objects.create(organizer=self.orga1, can_change_items=True, can_change_event_settings=True) + t = Team.objects.create(organizer=self.orga1, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.locale_event) t.limit_events.add(self.event1) diff --git a/src/tests/control/test_modelimport.py b/src/tests/control/test_modelimport.py index 31801950d6..87726bc924 100644 --- a/src/tests/control/test_modelimport.py +++ b/src/tests/control/test_modelimport.py @@ -35,8 +35,7 @@ def env(): date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal' ) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True, - can_change_vouchers=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) return event, user diff --git a/src/tests/control/test_orders.py b/src/tests/control/test_orders.py index 2b58501de6..b9e50e812c 100644 --- a/src/tests/control/test_orders.py +++ b/src/tests/control/test_orders.py @@ -67,7 +67,7 @@ def env(): ) event.settings.set('ticketoutput_testdummy__enabled', True) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True) + t = Team.objects.create(organizer=o, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o = Order.objects.create( @@ -1422,7 +1422,7 @@ class OrderChangeTests(SoupTest): self.quota.items.add(self.ticket) self.quota.items.add(self.shirt) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=o, all_event_permissions=True) t.members.add(user) t.limit_events.add(self.event) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/control/test_orders_bulk.py b/src/tests/control/test_orders_bulk.py index e3bd60d643..0f5a1e1ee0 100644 --- a/src/tests/control/test_orders_bulk.py +++ b/src/tests/control/test_orders_bulk.py @@ -56,7 +56,7 @@ def env(): ) event.settings.set('ticketoutput_testdummy__enabled', True) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True) + t = Team.objects.create(organizer=o, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) ticket = Item.objects.create(event=event, name='Early-bird ticket', diff --git a/src/tests/control/test_organizer.py b/src/tests/control/test_organizer.py index d1d42f5a04..68ed0f97e8 100644 --- a/src/tests/control/test_organizer.py +++ b/src/tests/control/test_organizer.py @@ -51,8 +51,7 @@ class OrganizerTest(SoupTest): plugins='pretix.plugins.banktransfer,tests.testdummy' ) - t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True, - can_change_items=True, can_change_organizer_settings=True) + t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) diff --git a/src/tests/control/test_reusable_media.py b/src/tests/control/test_reusable_media.py index 2ef20df84a..2566dd91db 100644 --- a/src/tests/control/test_reusable_media.py +++ b/src/tests/control/test_reusable_media.py @@ -122,7 +122,7 @@ def test_typeahead(organizer, admin_user, client, gift_card): # Privileged user can search team.all_events = True - team.can_view_orders = True + team.limit_event_permissions["event.orders:read"] = True team.save() r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3]) @@ -140,7 +140,7 @@ def test_typeahead(organizer, admin_user, client, gift_card): # Unprivileged user can only do exact match team.all_events = True - team.can_view_orders = False + team.limit_event_permissions["event.orders:read"] = False team.save() r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3]) @@ -154,7 +154,7 @@ def test_typeahead(organizer, admin_user, client, gift_card): assert d == {"results": [{'event': 'Dummy', 'id': op.pk, 'text': 'FOO-1 (Early-bird ticket)'}], "pagination": {"more": False}} team.all_events = False - team.can_view_orders = True + team.limit_event_permissions["event.orders:read"] = True team.save() r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3]) diff --git a/src/tests/control/test_search.py b/src/tests/control/test_search.py index 83c94cc01a..282bb3bd9e 100644 --- a/src/tests/control/test_search.py +++ b/src/tests/control/test_search.py @@ -86,7 +86,7 @@ class OrderSearchTest(SoupTest): attendee_name_parts={'full_name': "Mark", "_scheme": "full"} ) - self.team = Team.objects.create(organizer=self.orga1, can_view_orders=True) + self.team = Team.objects.create(organizer=self.orga1, limit_event_permissions={"event.orders:read": True}) self.team.members.add(self.user) self.team.limit_events.add(self.event1) @@ -98,7 +98,7 @@ class OrderSearchTest(SoupTest): assert 'DEFFO2' not in resp def test_team_limit_event_wrong_permission(self): - self.team.can_view_orders = False + self.team.limit_event_permissions["event.orders:read"] = False self.team.save() resp = self.client.get('/control/search/orders/').content.decode() assert 'ABCFO1' not in resp @@ -113,7 +113,7 @@ class OrderSearchTest(SoupTest): def test_team_all_events_wrong_permission(self): self.team.all_events = True - self.team.can_view_orders = False + self.team.limit_event_permissions["event.orders:read"] = False self.team.save() resp = self.client.get('/control/search/orders/').content.decode() assert 'ABCFO1' not in resp @@ -270,8 +270,8 @@ class PaymentSearchTest(SoupTest): info="{test payment order 2}" ) - self.team = Team.objects.create(organizer=self.orga1, can_view_orders=True) - self.team2 = Team.objects.create(organizer=self.orga2, can_view_orders=True) + self.team = Team.objects.create(organizer=self.orga1, limit_event_permissions={"event.orders:read": True}) + self.team2 = Team.objects.create(organizer=self.orga2, limit_event_permissions={"event.orders:read": True}) self.team.members.add(self.user) self.team.limit_events.add(self.event1) @@ -283,7 +283,7 @@ class PaymentSearchTest(SoupTest): assert 'DEFFO2' not in resp def test_team_limit_event_wrong_permission(self): - self.team.can_view_orders = False + self.team.limit_event_permissions["event.orders:read"] = False self.team.save() resp = self.client.get('/control/search/payments/').content.decode() assert 'ABCFO1' not in resp @@ -298,7 +298,7 @@ class PaymentSearchTest(SoupTest): def test_team_all_events_wrong_permission(self): self.team.all_events = True - self.team.can_view_orders = False + self.team.limit_event_permissions["event.orders:read"] = False self.team.save() resp = self.client.get('/control/search/payments/').content.decode() assert 'ABCFO1' not in resp diff --git a/src/tests/control/test_shredders.py b/src/tests/control/test_shredders.py index c409716ad1..7e8a14d5fa 100644 --- a/src/tests/control/test_shredders.py +++ b/src/tests/control/test_shredders.py @@ -58,8 +58,7 @@ class EventShredderTest(SoupTest): plugins='pretix.plugins.banktransfer,pretix.plugins.stripe,tests.testdummy' ) - t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True, - can_change_items=True, can_change_orders=True) + t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.order = Order.objects.create( diff --git a/src/tests/control/test_subevents.py b/src/tests/control/test_subevents.py index 2b82b7094a..273f1b3c17 100644 --- a/src/tests/control/test_subevents.py +++ b/src/tests/control/test_subevents.py @@ -45,8 +45,7 @@ class SubEventsTest(SoupTest): has_subevents=True ) - t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True, - can_change_items=True) + t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.ticket = self.event1.items.create(name='Early-bird ticket', diff --git a/src/tests/control/test_taxrates.py b/src/tests/control/test_taxrates.py index 62a58a26db..a69d995fca 100644 --- a/src/tests/control/test_taxrates.py +++ b/src/tests/control/test_taxrates.py @@ -41,7 +41,7 @@ class TaxRateFormTest(SoupTest): organizer=self.orga1, name='30C3', slug='30c3', date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc), ) - t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True) + t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/control/test_teams.py b/src/tests/control/test_teams.py index 65c3f2b0b0..df5a648f9f 100644 --- a/src/tests/control/test_teams.py +++ b/src/tests/control/test_teams.py @@ -56,7 +56,7 @@ def event(organizer): @pytest.fixture def admin_team(organizer): - return Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team') + return Team.objects.create(organizer=organizer, all_organizer_permissions=True, all_event_permissions=True, name='Admin team') @pytest.fixture @@ -216,7 +216,7 @@ def test_team_remove_last_admin(event, admin_user, admin_team, client): with scopes_disabled(): assert admin_user in admin_team.members.all() - t2.can_change_teams = True + t2.limit_organizer_permissions = {"organizer.teams:write": True} t2.save() resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), { 'remove-member': admin_user.pk diff --git a/src/tests/control/test_user.py b/src/tests/control/test_user.py index 95d9023a50..450cd48c63 100644 --- a/src/tests/control/test_user.py +++ b/src/tests/control/test_user.py @@ -478,7 +478,7 @@ class UserSettingsNotificationsTest(SoupTest): organizer=o, name='Dummy', slug='dummy', date_from=now(), plugins='pretix.plugins.banktransfer' ) - t = o.teams.create(can_change_orders=True, all_events=True) + t = o.teams.create(limit_event_permissions={"event.orders:write": True}, all_events=True) t.members.add(self.user) def test_toggle_all(self): diff --git a/src/tests/control/test_views.py b/src/tests/control/test_views.py index d73021dddc..f169df7024 100644 --- a/src/tests/control/test_views.py +++ b/src/tests/control/test_views.py @@ -110,9 +110,8 @@ def logged_in_client(client, event): user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy') t = Team.objects.create( organizer=event.organizer, - all_events=True, can_create_events=True, can_change_teams=True, - can_change_organizer_settings=True, can_change_event_settings=True, can_change_items=True, - can_view_orders=True, can_change_orders=True, can_view_vouchers=True, can_change_vouchers=True + all_event_permissions=True, + all_organizer_permissions=True, ) t.members.add(user) client.force_login(user) diff --git a/src/tests/control/test_vouchers.py b/src/tests/control/test_vouchers.py index 874b445744..80a9b0e94f 100644 --- a/src/tests/control/test_vouchers.py +++ b/src/tests/control/test_vouchers.py @@ -58,7 +58,7 @@ class VoucherFormTest(SoupTestMixin, TransactionTestCase): organizer=self.orga, name='30C3', slug='30c3', date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc), ) - t = Team.objects.create(organizer=self.orga, can_view_vouchers=True, can_change_vouchers=True) + t = Team.objects.create(organizer=self.orga, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/control/test_waitinglist.py b/src/tests/control/test_waitinglist.py index ea92dae2c9..3bb74e5d0f 100644 --- a/src/tests/control/test_waitinglist.py +++ b/src/tests/control/test_waitinglist.py @@ -75,7 +75,7 @@ def env(): event=event, item=item2, email='valid@example.org', voucher=v ) - t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=o, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) return event, user, o, item1 diff --git a/src/tests/plugins/autocheckin/conftest.py b/src/tests/plugins/autocheckin/conftest.py index d8b3b9e488..3cd16da3b8 100644 --- a/src/tests/plugins/autocheckin/conftest.py +++ b/src/tests/plugins/autocheckin/conftest.py @@ -68,18 +68,8 @@ def team(organizer): organizer=organizer, name="Test-Team", all_events=True, - can_change_teams=True, - can_manage_gift_cards=True, - can_change_items=True, - can_create_events=True, - can_change_event_settings=True, - can_change_vouchers=True, - can_view_vouchers=True, - can_view_orders=True, - can_change_orders=True, - can_manage_customers=True, - can_manage_reusable_media=True, - can_change_organizer_settings=True, + all_organizer_permissions=True, + all_event_permissions=True, ) diff --git a/src/tests/plugins/autocheckin/test_control.py b/src/tests/plugins/autocheckin/test_control.py index 610400f606..bd416a1407 100644 --- a/src/tests/plugins/autocheckin/test_control.py +++ b/src/tests/plugins/autocheckin/test_control.py @@ -46,24 +46,16 @@ class AutoCheckinFormTest(SoupTest): ) t = Team.objects.create( organizer=self.orga1, - can_change_event_settings=True, - can_view_orders=True, - can_change_items=True, + all_organizer_permissions=True, + all_event_permissions=True, all_events=True, - can_create_events=True, - can_change_orders=True, - can_change_vouchers=True, ) t.members.add(self.user) t = Team.objects.create( organizer=self.orga2, - can_change_event_settings=True, - can_view_orders=True, - can_change_items=True, + all_organizer_permissions=True, + all_event_permissions=True, all_events=True, - can_create_events=True, - can_change_orders=True, - can_change_vouchers=True, ) t.members.add(self.user) self.client.login(email="dummy@dummy.dummy", password="dummy") diff --git a/src/tests/plugins/badges/test_control.py b/src/tests/plugins/badges/test_control.py index 9053e18a16..fbad72b18a 100644 --- a/src/tests/plugins/badges/test_control.py +++ b/src/tests/plugins/badges/test_control.py @@ -53,9 +53,7 @@ class BadgeLayoutFormTest(SoupTest): date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc), ) self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1) - t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True, - can_change_items=True, all_events=True, can_create_events=True, - can_change_orders=True, can_change_vouchers=True) + t = Team.objects.create(organizer=self.orga1, all_events=True, all_event_permissions=True, all_organizer_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/plugins/banktransfer/test_actions.py b/src/tests/plugins/banktransfer/test_actions.py index 11dd96311f..2e8f9d975c 100644 --- a/src/tests/plugins/banktransfer/test_actions.py +++ b/src/tests/plugins/banktransfer/test_actions.py @@ -41,7 +41,7 @@ def env(): date_from=now(), plugins='pretix.plugins.banktransfer' ) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o1 = Order.objects.create( @@ -274,7 +274,8 @@ def test_assign_order_organizer_no_permission(env, client): state=BankTransaction.STATE_NOMATCH, amount=23, date='unknown') team = env[1].teams.first() - team.can_change_orders = False + team.limit_event_permissions = {} + team.all_event_permissions = False team.save() client.login(email='dummy@dummy.dummy', password='dummy') r = client.post('/control/organizer/{}/banktransfer/action/'.format(env[0].organizer.slug), { diff --git a/src/tests/plugins/banktransfer/test_api.py b/src/tests/plugins/banktransfer/test_api.py index 4300c85257..d008a08792 100644 --- a/src/tests/plugins/banktransfer/test_api.py +++ b/src/tests/plugins/banktransfer/test_api.py @@ -42,7 +42,7 @@ def env(): date_from=now(), plugins='pretix.plugins.banktransfer' ) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o1 = Order.objects.create( diff --git a/src/tests/plugins/banktransfer/test_import.py b/src/tests/plugins/banktransfer/test_import.py index d1bdf60a5d..ff5547e20f 100644 --- a/src/tests/plugins/banktransfer/test_import.py +++ b/src/tests/plugins/banktransfer/test_import.py @@ -61,7 +61,7 @@ def env(): event.settings.invoice_numbers_prefix = 'INV-' event.settings.invoice_numbers_counter_length = 3 user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o1 = Order.objects.create( diff --git a/src/tests/plugins/banktransfer/test_refund.py b/src/tests/plugins/banktransfer/test_refund.py index 02b689e8aa..f970f0f3f2 100644 --- a/src/tests/plugins/banktransfer/test_refund.py +++ b/src/tests/plugins/banktransfer/test_refund.py @@ -40,7 +40,7 @@ def env(): date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal' ) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) order = Order.objects.create( diff --git a/src/tests/plugins/banktransfer/test_refund_export.py b/src/tests/plugins/banktransfer/test_refund_export.py index 360310cdc4..b6c5cf255e 100644 --- a/src/tests/plugins/banktransfer/test_refund_export.py +++ b/src/tests/plugins/banktransfer/test_refund_export.py @@ -41,7 +41,7 @@ def env(): date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal' ) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) order = Order.objects.create( diff --git a/src/tests/plugins/paypal/test_webhook.py b/src/tests/plugins/paypal/test_webhook.py index 1d5c74516a..c6dd2223c8 100644 --- a/src/tests/plugins/paypal/test_webhook.py +++ b/src/tests/plugins/paypal/test_webhook.py @@ -41,7 +41,7 @@ def env(): organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.paypal', date_from=now(), live=True ) - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o1 = Order.objects.create( diff --git a/src/tests/plugins/paypal2/test_webhook.py b/src/tests/plugins/paypal2/test_webhook.py index 2c0cf68a26..b1355018c7 100644 --- a/src/tests/plugins/paypal2/test_webhook.py +++ b/src/tests/plugins/paypal2/test_webhook.py @@ -42,7 +42,7 @@ def env(): organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.paypal2', date_from=now(), live=True ) - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o1 = Order.objects.create( diff --git a/src/tests/plugins/sendmail/test_sendmail.py b/src/tests/plugins/sendmail/test_sendmail.py index e1322b393e..c971291d03 100644 --- a/src/tests/plugins/sendmail/test_sendmail.py +++ b/src/tests/plugins/sendmail/test_sendmail.py @@ -47,7 +47,7 @@ from pretix.base.models import Checkin, Item, Order, OrderPosition, Team, User def logged_in_client(client, event): """Returns a logged client""" user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) client.force_login(user) diff --git a/src/tests/plugins/stripe/test_webhook.py b/src/tests/plugins/stripe/test_webhook.py index 3885e67628..d9f2fa4155 100644 --- a/src/tests/plugins/stripe/test_webhook.py +++ b/src/tests/plugins/stripe/test_webhook.py @@ -41,7 +41,7 @@ def env(): organizer=o, name='Dummy', slug='dummy', plugins='pretix.plugins.stripe', date_from=now(), live=True ) - t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) o1 = Order.objects.create( diff --git a/src/tests/plugins/ticketoutputpdf/test_api.py b/src/tests/plugins/ticketoutputpdf/test_api.py index 533eb1bf37..e0e8b3d6a7 100644 --- a/src/tests/plugins/ticketoutputpdf/test_api.py +++ b/src/tests/plugins/ticketoutputpdf/test_api.py @@ -43,7 +43,7 @@ def env(): organizer=o, name='Dummy', slug='dummy', date_from=now(), plugins='pretix.plugins.banktransfer' ) - t = Team.objects.create(organizer=event.organizer, can_view_orders=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.limit_events.add(event) item1 = Item.objects.create(event=event, name="Ticket", default_price=23) tl = event.ticket_layouts.create( diff --git a/src/tests/plugins/ticketoutputpdf/test_control.py b/src/tests/plugins/ticketoutputpdf/test_control.py index e0ca09b1df..6c17ec11fd 100644 --- a/src/tests/plugins/ticketoutputpdf/test_control.py +++ b/src/tests/plugins/ticketoutputpdf/test_control.py @@ -54,9 +54,7 @@ class TicketLayoutFormTest(SoupTest): date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc), ) self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1) - t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True, - can_change_items=True, all_events=True, can_create_events=True, - can_change_vouchers=True, can_change_orders=True) + t = Team.objects.create(organizer=self.orga1, all_event_permissions=True) t.members.add(self.user) t.limit_events.add(self.event1) self.client.login(email='dummy@dummy.dummy', password='dummy') diff --git a/src/tests/plugins/ticketoutputpdf/test_defaults_and_copy.py b/src/tests/plugins/ticketoutputpdf/test_defaults_and_copy.py index d5b12ba90b..3cbe6e1a6f 100644 --- a/src/tests/plugins/ticketoutputpdf/test_defaults_and_copy.py +++ b/src/tests/plugins/ticketoutputpdf/test_defaults_and_copy.py @@ -36,7 +36,7 @@ def env(): date_from=now(), plugins='pretix.plugins.ticketoutputpdf' ) user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - t = Team.objects.create(organizer=event.organizer, can_create_events=True, can_change_event_settings=True, can_change_items=True) + t = Team.objects.create(organizer=event.organizer, all_event_permissions=True) t.members.add(user) t.limit_events.add(event) item1 = Item.objects.create(event=event, name="Ticket", default_price=23) diff --git a/src/tests/presale/test_timemachine.py b/src/tests/presale/test_timemachine.py index 92261b328d..e4d66e2df5 100644 --- a/src/tests/presale/test_timemachine.py +++ b/src/tests/presale/test_timemachine.py @@ -28,8 +28,7 @@ class TimemachineTestMixin: @scopes_disabled() def _login_with_permission(self, orga): self.user = User.objects.create_user('dummy@dummy.dummy', 'dummy') - self.team1 = Team.objects.create(organizer=orga, can_create_events=True, can_change_event_settings=True, - can_change_items=True, all_events=True) + self.team1 = Team.objects.create(organizer=orga, all_event_permissions=True, all_events=True) self.team1.members.add(self.user) self.client.login(email='dummy@dummy.dummy', password='dummy')