mirror of
https://github.com/pretix/pretix.git
synced 2026-05-06 15:24:02 +00:00
Refactor query and assignment usages of old permissions
This commit is contained in:
Raphael Michel
committed by
Raphael Michel
Raphael Michel
parent
5767f15709
commit
a5f4aebba8
@@ -1123,7 +1123,7 @@ class Obligatory2FATest(TestCase):
|
||||
session.save()
|
||||
|
||||
organizer = Organizer.objects.create(name='Dummy', slug='dummy')
|
||||
team = Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team')
|
||||
team = Team.objects.create(organizer=organizer, all_event_permissions=True, name='Admin team')
|
||||
team.members.add(self.user)
|
||||
self.user.require_2fa = False
|
||||
self.user.save()
|
||||
|
||||
@@ -61,7 +61,7 @@ def dashboard_env():
|
||||
item_ticket = Item.objects.create(event=event, name="Ticket", default_price=23, admission=True)
|
||||
item_mascot = Item.objects.create(event=event, name="Mascot", default_price=10, admission=False)
|
||||
|
||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
|
||||
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(event)
|
||||
|
||||
@@ -139,7 +139,7 @@ def checkin_list_env():
|
||||
# permission
|
||||
orga = Organizer.objects.create(name='Dummy', slug='dummy')
|
||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True)
|
||||
team = Team.objects.create(organizer=orga, all_event_permissions=True)
|
||||
team.members.add(user)
|
||||
|
||||
# event
|
||||
@@ -321,7 +321,7 @@ def test_manual_checkins_revert_requires_order_change_permission(client, checkin
|
||||
client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
with scopes_disabled():
|
||||
assert not checkin_list_env[5][3].checkins.exists()
|
||||
Team.objects.update(can_change_orders=False, can_checkin_orders=True)
|
||||
Team.objects.update(all_event_permissions=False, limit_event_permissions={"event.orders:checkin": True})
|
||||
client.post('/control/event/dummy/dummy/checkinlists/{}/bulk_action'.format(checkin_list_env[6].pk), {
|
||||
'checkin': [checkin_list_env[5][3].pk]
|
||||
})
|
||||
@@ -363,7 +363,7 @@ def checkin_list_with_addon_env():
|
||||
# permission
|
||||
orga = Organizer.objects.create(name='Dummy', slug='dummy')
|
||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True)
|
||||
team = Team.objects.create(organizer=orga, all_event_permissions=True)
|
||||
team.members.add(user)
|
||||
|
||||
# event
|
||||
@@ -466,7 +466,7 @@ class CheckinListFormTest(SoupTest):
|
||||
date_from=datetime(2013, 12, 26, tzinfo=timezone.utc),
|
||||
)
|
||||
self.event1.settings.timezone = 'Europe/Berlin'
|
||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
|
||||
@@ -85,7 +85,7 @@ def order(event, customer):
|
||||
def admin_user(organizer):
|
||||
u = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
admin_team = Team.objects.create(
|
||||
organizer=organizer, can_manage_customers=True, can_change_organizer_settings=True,
|
||||
organizer=organizer, all_organizer_permissions=True,
|
||||
name='Admin team'
|
||||
)
|
||||
admin_team.members.add(u)
|
||||
|
||||
@@ -76,13 +76,11 @@ class EventsTest(SoupTest):
|
||||
date_from=datetime.datetime(2014, 9, 5, tzinfo=datetime.timezone.utc),
|
||||
)
|
||||
|
||||
self.team1 = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
||||
can_change_items=True)
|
||||
self.team1 = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||
self.team1.members.add(self.user)
|
||||
self.team1.limit_events.add(self.event1)
|
||||
|
||||
self.team2 = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True,
|
||||
can_change_orders=True, can_change_vouchers=True)
|
||||
self.team2 = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||
self.team2.members.add(self.user)
|
||||
|
||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
@@ -1276,8 +1274,7 @@ class EventDeletionTest(SoupTest):
|
||||
has_subevents=False
|
||||
)
|
||||
|
||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
||||
can_change_items=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
self.ticket = self.event1.items.create(name='Early-bird ticket',
|
||||
|
||||
@@ -40,8 +40,7 @@ def env():
|
||||
)
|
||||
event.settings.set("ticketoutput_testdummy__enabled", True)
|
||||
user = User.objects.create_user("dummy@dummy.dummy", "dummy")
|
||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True,
|
||||
can_change_event_settings=True)
|
||||
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(event)
|
||||
|
||||
@@ -163,7 +162,7 @@ def test_event_export_schedule(client, env):
|
||||
|
||||
@pytest.mark.django_db(transaction=True)
|
||||
def test_event_limited_permission(client, env):
|
||||
env[2].can_change_event_settings = False
|
||||
env[2].limit_event_permissions = []
|
||||
env[2].save()
|
||||
user2 = User.objects.create_user("dummy2@dummy.dummy", "dummy")
|
||||
|
||||
@@ -199,7 +198,7 @@ def test_event_limited_permission(client, env):
|
||||
response = client.get(f"/control/event/dummy/dummy/orders/export/{s2.pk}/delete")
|
||||
assert response.status_code == 404
|
||||
|
||||
env[2].can_change_event_settings = True
|
||||
env[2].limit_event_permissions = {"event:settings.general:write": True}
|
||||
env[2].save()
|
||||
response = client.get("/control/event/dummy/dummy/orders/export/")
|
||||
assert b"RULE1" in response.content
|
||||
@@ -366,7 +365,7 @@ def test_organizer_limited_permission(client, env):
|
||||
response = client.post(f"/control/organizer/dummy/export/{s2.pk}/run")
|
||||
assert response.status_code == 404
|
||||
|
||||
env[2].can_change_organizer_settings = True
|
||||
env[2].limit_event_permissions = {"event:settings.general:write": True}
|
||||
env[2].save()
|
||||
response = client.get("/control/organizer/dummy/export/")
|
||||
assert b"RULE1" in response.content
|
||||
|
||||
@@ -213,8 +213,8 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
||||
assert d == {"results": [{"id": gift_card.pk, "text": gift_card.secret}], "pagination": {"more": False}}
|
||||
|
||||
# Unprivileged user can only do exact match
|
||||
team.can_manage_gift_cards = False
|
||||
team.can_manage_reusable_media = True
|
||||
team.all_organizer_permissions = False
|
||||
team.limit_organizer_permissions = {"organizer.reusablemedia:write": True, "organizer.reusablemedia:read": True}
|
||||
team.save()
|
||||
|
||||
r = client.get('/control/organizer/dummy/giftcards/select2?query=' + gift_card.secret[0:3])
|
||||
|
||||
@@ -57,7 +57,7 @@ class ItemFormTest(SoupTest):
|
||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||
)
|
||||
self.item1 = Item.objects.create(event=self.event1, name="Standard", default_price=0, position=1)
|
||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
|
||||
@@ -47,7 +47,7 @@ class MailSettingPreviewTest(SoupTest):
|
||||
)
|
||||
self.locale_event.settings.locales = ['en', 'de-informal']
|
||||
self.locale_event.save()
|
||||
t = Team.objects.create(organizer=self.orga1, can_change_items=True, can_change_event_settings=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.locale_event)
|
||||
t.limit_events.add(self.event1)
|
||||
|
||||
@@ -35,8 +35,7 @@ def env():
|
||||
date_from=now(), plugins='pretix.plugins.banktransfer,pretix.plugins.paypal'
|
||||
)
|
||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
t = Team.objects.create(organizer=event.organizer, can_view_orders=True, can_change_orders=True,
|
||||
can_change_vouchers=True)
|
||||
t = Team.objects.create(organizer=event.organizer, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(event)
|
||||
return event, user
|
||||
|
||||
@@ -67,7 +67,7 @@ def env():
|
||||
)
|
||||
event.settings.set('ticketoutput_testdummy__enabled', True)
|
||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True)
|
||||
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(event)
|
||||
o = Order.objects.create(
|
||||
@@ -1422,7 +1422,7 @@ class OrderChangeTests(SoupTest):
|
||||
self.quota.items.add(self.ticket)
|
||||
self.quota.items.add(self.shirt)
|
||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
|
||||
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(self.event)
|
||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
|
||||
@@ -56,7 +56,7 @@ def env():
|
||||
)
|
||||
event.settings.set('ticketoutput_testdummy__enabled', True)
|
||||
user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
|
||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True, can_manage_customers=True)
|
||||
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(event)
|
||||
ticket = Item.objects.create(event=event, name='Early-bird ticket',
|
||||
|
||||
@@ -51,8 +51,7 @@ class OrganizerTest(SoupTest):
|
||||
plugins='pretix.plugins.banktransfer,tests.testdummy'
|
||||
)
|
||||
|
||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
||||
can_change_items=True, can_change_organizer_settings=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
|
||||
|
||||
@@ -122,7 +122,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
||||
|
||||
# Privileged user can search
|
||||
team.all_events = True
|
||||
team.can_view_orders = True
|
||||
team.limit_event_permissions["event.orders:read"] = True
|
||||
team.save()
|
||||
|
||||
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
||||
@@ -140,7 +140,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
||||
|
||||
# Unprivileged user can only do exact match
|
||||
team.all_events = True
|
||||
team.can_view_orders = False
|
||||
team.limit_event_permissions["event.orders:read"] = False
|
||||
team.save()
|
||||
|
||||
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
||||
@@ -154,7 +154,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
|
||||
assert d == {"results": [{'event': 'Dummy', 'id': op.pk, 'text': 'FOO-1 (Early-bird ticket)'}], "pagination": {"more": False}}
|
||||
|
||||
team.all_events = False
|
||||
team.can_view_orders = True
|
||||
team.limit_event_permissions["event.orders:read"] = True
|
||||
team.save()
|
||||
|
||||
r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
|
||||
|
||||
@@ -86,7 +86,7 @@ class OrderSearchTest(SoupTest):
|
||||
attendee_name_parts={'full_name': "Mark", "_scheme": "full"}
|
||||
)
|
||||
|
||||
self.team = Team.objects.create(organizer=self.orga1, can_view_orders=True)
|
||||
self.team = Team.objects.create(organizer=self.orga1, limit_event_permissions={"event.orders:read": True})
|
||||
self.team.members.add(self.user)
|
||||
self.team.limit_events.add(self.event1)
|
||||
|
||||
@@ -98,7 +98,7 @@ class OrderSearchTest(SoupTest):
|
||||
assert 'DEFFO2' not in resp
|
||||
|
||||
def test_team_limit_event_wrong_permission(self):
|
||||
self.team.can_view_orders = False
|
||||
self.team.limit_event_permissions["event.orders:read"] = False
|
||||
self.team.save()
|
||||
resp = self.client.get('/control/search/orders/').content.decode()
|
||||
assert 'ABCFO1' not in resp
|
||||
@@ -113,7 +113,7 @@ class OrderSearchTest(SoupTest):
|
||||
|
||||
def test_team_all_events_wrong_permission(self):
|
||||
self.team.all_events = True
|
||||
self.team.can_view_orders = False
|
||||
self.team.limit_event_permissions["event.orders:read"] = False
|
||||
self.team.save()
|
||||
resp = self.client.get('/control/search/orders/').content.decode()
|
||||
assert 'ABCFO1' not in resp
|
||||
@@ -270,8 +270,8 @@ class PaymentSearchTest(SoupTest):
|
||||
info="{test payment order 2}"
|
||||
)
|
||||
|
||||
self.team = Team.objects.create(organizer=self.orga1, can_view_orders=True)
|
||||
self.team2 = Team.objects.create(organizer=self.orga2, can_view_orders=True)
|
||||
self.team = Team.objects.create(organizer=self.orga1, limit_event_permissions={"event.orders:read": True})
|
||||
self.team2 = Team.objects.create(organizer=self.orga2, limit_event_permissions={"event.orders:read": True})
|
||||
self.team.members.add(self.user)
|
||||
self.team.limit_events.add(self.event1)
|
||||
|
||||
@@ -283,7 +283,7 @@ class PaymentSearchTest(SoupTest):
|
||||
assert 'DEFFO2' not in resp
|
||||
|
||||
def test_team_limit_event_wrong_permission(self):
|
||||
self.team.can_view_orders = False
|
||||
self.team.limit_event_permissions["event.orders:read"] = False
|
||||
self.team.save()
|
||||
resp = self.client.get('/control/search/payments/').content.decode()
|
||||
assert 'ABCFO1' not in resp
|
||||
@@ -298,7 +298,7 @@ class PaymentSearchTest(SoupTest):
|
||||
|
||||
def test_team_all_events_wrong_permission(self):
|
||||
self.team.all_events = True
|
||||
self.team.can_view_orders = False
|
||||
self.team.limit_event_permissions["event.orders:read"] = False
|
||||
self.team.save()
|
||||
resp = self.client.get('/control/search/payments/').content.decode()
|
||||
assert 'ABCFO1' not in resp
|
||||
|
||||
@@ -58,8 +58,7 @@ class EventShredderTest(SoupTest):
|
||||
plugins='pretix.plugins.banktransfer,pretix.plugins.stripe,tests.testdummy'
|
||||
)
|
||||
|
||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
||||
can_change_items=True, can_change_orders=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
self.order = Order.objects.create(
|
||||
|
||||
@@ -45,8 +45,7 @@ class SubEventsTest(SoupTest):
|
||||
has_subevents=True
|
||||
)
|
||||
|
||||
t = Team.objects.create(organizer=self.orga1, can_create_events=True, can_change_event_settings=True,
|
||||
can_change_items=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
self.ticket = self.event1.items.create(name='Early-bird ticket',
|
||||
|
||||
@@ -41,7 +41,7 @@ class TaxRateFormTest(SoupTest):
|
||||
organizer=self.orga1, name='30C3', slug='30c3',
|
||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||
)
|
||||
t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_change_items=True)
|
||||
t = Team.objects.create(organizer=self.orga1, all_organizer_permissions=True, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event1)
|
||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
|
||||
@@ -56,7 +56,7 @@ def event(organizer):
|
||||
|
||||
@pytest.fixture
|
||||
def admin_team(organizer):
|
||||
return Team.objects.create(organizer=organizer, can_change_teams=True, name='Admin team')
|
||||
return Team.objects.create(organizer=organizer, all_organizer_permissions=True, all_event_permissions=True, name='Admin team')
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
@@ -216,7 +216,7 @@ def test_team_remove_last_admin(event, admin_user, admin_team, client):
|
||||
with scopes_disabled():
|
||||
assert admin_user in admin_team.members.all()
|
||||
|
||||
t2.can_change_teams = True
|
||||
t2.limit_organizer_permissions = {"organizer.teams:write": True}
|
||||
t2.save()
|
||||
resp = client.post('/control/organizer/dummy/team/{}/'.format(admin_team.pk), {
|
||||
'remove-member': admin_user.pk
|
||||
|
||||
@@ -478,7 +478,7 @@ class UserSettingsNotificationsTest(SoupTest):
|
||||
organizer=o, name='Dummy', slug='dummy',
|
||||
date_from=now(), plugins='pretix.plugins.banktransfer'
|
||||
)
|
||||
t = o.teams.create(can_change_orders=True, all_events=True)
|
||||
t = o.teams.create(limit_event_permissions={"event.orders:write": True}, all_events=True)
|
||||
t.members.add(self.user)
|
||||
|
||||
def test_toggle_all(self):
|
||||
|
||||
@@ -110,9 +110,8 @@ def logged_in_client(client, event):
|
||||
user = User.objects.create_superuser('dummy@dummy.dummy', 'dummy')
|
||||
t = Team.objects.create(
|
||||
organizer=event.organizer,
|
||||
all_events=True, can_create_events=True, can_change_teams=True,
|
||||
can_change_organizer_settings=True, can_change_event_settings=True, can_change_items=True,
|
||||
can_view_orders=True, can_change_orders=True, can_view_vouchers=True, can_change_vouchers=True
|
||||
all_event_permissions=True,
|
||||
all_organizer_permissions=True,
|
||||
)
|
||||
t.members.add(user)
|
||||
client.force_login(user)
|
||||
|
||||
@@ -58,7 +58,7 @@ class VoucherFormTest(SoupTestMixin, TransactionTestCase):
|
||||
organizer=self.orga, name='30C3', slug='30c3',
|
||||
date_from=datetime.datetime(2013, 12, 26, tzinfo=datetime.timezone.utc),
|
||||
)
|
||||
t = Team.objects.create(organizer=self.orga, can_view_vouchers=True, can_change_vouchers=True)
|
||||
t = Team.objects.create(organizer=self.orga, all_event_permissions=True)
|
||||
t.members.add(self.user)
|
||||
t.limit_events.add(self.event)
|
||||
self.client.login(email='dummy@dummy.dummy', password='dummy')
|
||||
|
||||
@@ -75,7 +75,7 @@ def env():
|
||||
event=event, item=item2, email='valid@example.org', voucher=v
|
||||
)
|
||||
|
||||
t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
|
||||
t = Team.objects.create(organizer=o, all_event_permissions=True)
|
||||
t.members.add(user)
|
||||
t.limit_events.add(event)
|
||||
return event, user, o, item1
|
||||
|
||||
Reference in New Issue
Block a user