Added team invitations

2026-05-07 15:34:02 +00:00 · 2017-01-07 13:05:36 +01:00
parent 981d82b0ee
commit d134dcf6a9
11 changed files with 223 additions and 12 deletions
--- a/src/pretix/control/views/auth.py
+++ b/src/pretix/control/views/auth.py
@@ -23,7 +23,7 @@ from u2flib_server.utils import rand_bytes
 from pretix.base.forms.auth import (
    LoginForm, PasswordForgotForm, PasswordRecoverForm, RegistrationForm,
 )
-from pretix.base.models import U2FDevice, User
+from pretix.base.models import EventPermission, U2FDevice, User
 from pretix.base.services.mail import SendMailException, mail
 from pretix.helpers.urls import build_absolute_uri

@@ -99,6 +99,60 @@ def register(request):
    return render(request, 'pretixcontrol/auth/register.html', ctx)


+def invite(request, token):
+    """
+    Registration form in case of an invite
+    """
+    ctx = {}
+
+    try:
+        perm = EventPermission.objects.get(invite_token=token)
+    except EventPermission.DoesNotExist:
+        messages.error(request, _('You used an invalid link. Please copy the link from your email to the address bar '
+                                  'and make sure it is correct and that the link has not been used before.'))
+        return redirect('control:auth.login')
+
+    if request.user.is_authenticated:
+        try:
+            EventPermission.objects.get(event=perm.event, user=request.user)
+            messages.error(request, _('You cannot accept the invitation for "{}" as you already are part of '
+                                      'that event\'s team.').format(perm.event.name))
+            return redirect('control:index')
+        except EventPermission.DoesNotExist:
+            pass
+
+        perm.invite_token = None
+        perm.invite_email = None
+        perm.user = request.user
+        perm.save()
+        messages.success(request, _('You have now access to "{}".').format(perm.event.name))
+        return redirect('control:index')
+
+    if request.method == 'POST':
+        form = RegistrationForm(data=request.POST)
+        if form.is_valid():
+            user = User.objects.create_user(
+                form.cleaned_data['email'], form.cleaned_data['password'],
+                locale=request.LANGUAGE_CODE,
+                timezone=request.timezone if hasattr(request, 'timezone') else settings.TIME_ZONE
+            )
+            user = authenticate(email=user.email, password=form.cleaned_data['password'])
+            user.log_action('pretix.control.auth.user.created', user=user)
+            auth_login(request, user)
+            request.session['pretix_auth_login_time'] = int(time.time())
+
+            perm.invite_token = None
+            perm.invite_email = None
+            perm.user = user
+            perm.save()
+            messages.success(request, _('Welcome to pretix! You have now access to "{}".').format(perm.event.name))
+            return redirect('control:index')
+    else:
+        form = RegistrationForm(initial={'email': perm.invite_email})
+    ctx['form'] = form
+    return render(request, 'pretixcontrol/auth/invite.html', ctx)
+
+
 class Forgot(TemplateView):
    template_name = 'pretixcontrol/auth/forgot.html'

--- a/src/pretix/control/views/event.py
+++ b/src/pretix/control/views/event.py
@@ -22,6 +22,7 @@ from pretix.base.models import (
 )
 from pretix.base.services import tickets
 from pretix.base.services.invoices import build_preview_invoice_pdf
+from pretix.base.services.mail import SendMailException, mail
 from pretix.base.signals import (
    register_payment_providers, register_ticket_outputs,
 )
@@ -31,6 +32,7 @@ from pretix.control.forms.event import (
    TicketSettingsForm,
 )
 from pretix.control.permissions import EventPermissionRequiredMixin
+from pretix.helpers.urls import build_absolute_uri
 from pretix.presale.style import regenerate_css

 from . import UpdateView
@@ -544,27 +546,57 @@ class EventPermissions(EventPermissionRequiredMixin, TemplateView):
        ctx['add_form'] = self.add_form
        return ctx

+    def _send_invite(self, instance):
+        try:
+            mail(
+                instance.invite_email,
+                _('Account information changed'),
+                'pretixcontrol/email/invitation.txt',
+                {
+                    'user': self,
+                    'event': self.request.event.name,
+                    'url': build_absolute_uri('control:auth.invite', kwargs={
+                        'token': instance.invite_token
+                    })
+                },
+                event=None,
+                locale=self.request.LANGUAGE_CODE
+            )
+        except SendMailException:
+            pass  # Already logged
+
    @transaction.atomic
    def post(self, *args, **kwargs):
        if self.formset.is_valid() and self.add_form.is_valid():
            if self.add_form.has_changed():
+                logdata = {
+                    k: v for k, v in self.add_form.cleaned_data.items()
+                }
+
                try:
-                    self.add_form.instance.user = User.objects.get(email=self.add_form.cleaned_data['user'])
-                    self.add_form.instance.user_id = self.add_form.instance.user.id
                    self.add_form.instance.event = self.request.event
                    self.add_form.instance.event_id = self.request.event.id
+                    self.add_form.instance.user = User.objects.get(email=self.add_form.cleaned_data['user'])
+                    self.add_form.instance.user_id = self.add_form.instance.user.id
                except User.DoesNotExist:
-                    messages.error(self.request, _('There is no user with the email address you entered.'))
-                    return self.get(*args, **kwargs)
+                    self.add_form.instance.invite_email = self.add_form.cleaned_data['user']
+                    if EventPermission.objects.filter(invite_email=self.add_form.instance.invite_email,
+                                                      event=self.request.event).exists():
+                        messages.error(self.request, _('This user already has been invited for this event.'))
+                        return self.get(*args, **kwargs)
+
+                    self.add_form.save()
+                    self._send_invite(self.add_form.instance)
+
+                    self.request.event.log_action(
+                        'pretix.event.permissions.invited', user=self.request.user, data=logdata
+                    )
                else:
                    if EventPermission.objects.filter(user=self.add_form.instance.user,
                                                      event=self.request.event).exists():
                        messages.error(self.request, _('This user already has permissions for this event.'))
                        return self.get(*args, **kwargs)
                    self.add_form.save()
-                    logdata = {
-                        k: v for k, v in self.add_form.cleaned_data.items()
-                    }
                    logdata['user'] = self.add_form.instance.user_id
                    self.request.event.log_action(
                        'pretix.event.permissions.added', user=self.request.user, data=logdata
@@ -583,6 +615,14 @@ class EventPermissions(EventPermissionRequiredMixin, TemplateView):
                        messages.error(self.request, _('You cannot remove your own permission to view this page.'))
                        return self.get(*args, **kwargs)

+            for form in self.formset.deleted_forms:
+                logdata = {
+                    k: v for k, v in form.cleaned_data.items()
+                }
+                self.request.event.log_action(
+                    'pretix.event.permissions.deleted', user=self.request.user, data=logdata
+                )
+
            self.formset.save()
            messages.success(self.request, _('Your changes have been saved.'))
            return redirect(self.get_success_url())