CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refs #710 -- Remove monkeypatch for django-hijack

Browse Source
This commit is contained in:
Raphael Michel
2018-08-08 09:24:42 +02:00
parent 5dc100d900
commit bd48112bf9
2 changed files with 3 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/pretix/control/views/users.py
View File

@@ -1,16 +1,13 @@
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import get_user_model
from django.contrib.auth.mixins import LoginRequiredMixin
from django.core.exceptions import PermissionDenied
from django.http import HttpResponseRedirect
from django.shortcuts import get_object_or_404, redirect, resolve_url
from django.shortcuts import get_object_or_404, redirect
from django.urls import reverse
from django.utils.functional import cached_property
from django.utils.http import is_safe_url
from django.utils.translation import ugettext_lazy as _
from django.views import View
from django.views.generic import ListView
from hijack.helpers import login_user, release_hijack
from pretix.base.models import User
from pretix.base.services.mail import SendMailException
@@ -164,78 +161,3 @@ class UserCreateView(AdministratorPermissionRequiredMixin, RecentAuthenticationR
def form_valid(self, form):
messages.success(self.request, _('The new user has been created.'))
return super().form_valid(form)
# TODO: COMPAT methods: Remove after https://github.com/arteria/django-hijack/pull/178 is merged
def login_user(request, hijacked):
from hijack.helpers import (
check_hijack_authorization, get_used_backend, no_update_last_login, login,
hijack_started, hijack_settings
)
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
with no_update_last_login():
# Actually log user in
login(request, hijacked)
hijack_started.send(
sender=None, request=request,
hijacker=hijacker, hijacked=hijacked,
# send IDs for backward compatibility
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def redirect_to_next(request, default_url):
redirect_to = request.GET.get('next', '')
if not is_safe_url(redirect_to, allowed_hosts=None):
redirect_to = default_url
return HttpResponseRedirect(resolve_url(redirect_to))
def release_hijack(request):
from hijack.helpers import (
get_used_backend, no_update_last_login, login, hijack_ended, hijack_settings
)
hijack_history = request.session.get('hijack_history', False)
if not hijack_history:
raise PermissionDenied
hijacker = None
hijacked = None
if hijack_history:
hijacked = request.user
user_pk = hijack_history.pop()
hijacker = get_object_or_404(get_user_model(), pk=user_pk)
backend = get_used_backend(request)
hijacker.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
with no_update_last_login():
login(request, hijacker)
if hijack_history:
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
else:
request.session.pop('hijack_history', None)
request.session.pop('is_hijacked_user', None)
request.session.pop('display_hijack_warning', None)
request.session.modified = True
hijack_ended.send(
sender=None, request=request,
hijacker=hijacker, hijacked=hijacked,
# send IDs for backward compatibility
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGOUT_REDIRECT_URL)