diff --git a/src/pretix/control/views/dashboards.py b/src/pretix/control/views/dashboards.py
index 50b03693f5..c29b3d2b1d 100644
--- a/src/pretix/control/views/dashboards.py
+++ b/src/pretix/control/views/dashboards.py
@@ -1,5 +1,7 @@
from decimal import Decimal
+from importlib import import_module
+from django.conf import settings
from django.contrib.contenttypes.models import ContentType
from django.core.urlresolvers import reverse
from django.db.models import Sum
@@ -17,6 +19,7 @@ from pretix.control.signals import (
from ..logdisplay import OVERVIEW_BLACKLIST
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
NUM_WIDGET = '
{num}{text}
'
@@ -167,11 +170,21 @@ def event_index(request, organizer, event):
a_qs = request.event.requiredaction_set.filter(done=False)
+ has_domain = request.event.organizer.domains.exists()
+
ctx = {
'widgets': rearrange(widgets),
'logs': qs[:5],
- 'actions': a_qs[:5] if request.eventperm.can_change_orders else []
+ 'actions': a_qs[:5] if request.eventperm.can_change_orders else [],
+ 'has_domain': has_domain
}
+
+ if not request.event.live and has_domain:
+ s = SessionStore()
+ s['pretix_event_access_{}'.format(request.event.pk)] = request.session.session_key
+ s.create()
+ ctx['new_session'] = s.session_key
+
for a in ctx['actions']:
a.display = a.display(request)
diff --git a/src/pretix/presale/urls.py b/src/pretix/presale/urls.py
index c4049c87b7..9b21f27b99 100644
--- a/src/pretix/presale/urls.py
+++ b/src/pretix/presale/urls.py
@@ -51,6 +51,7 @@ event_patterns = [
url(r'^order/(?P
[^/]+)/(?P[A-Za-z0-9]+)/invoice/(?P[0-9]+)$',
pretix.presale.views.order.InvoiceDownload.as_view(),
name='event.invoice.download'),
+ url(r'^auth/$', pretix.presale.views.event.EventAuth.as_view(), name='event.auth'),
url(r'^$', pretix.presale.views.event.EventIndex.as_view(), name='event.index'),
]
diff --git a/src/pretix/presale/utils.py b/src/pretix/presale/utils.py
index 05acf84e05..37098352aa 100644
--- a/src/pretix/presale/utils.py
+++ b/src/pretix/presale/utils.py
@@ -1,5 +1,7 @@
+from importlib import import_module
from urllib.parse import urljoin
+from django.conf import settings
from django.core.exceptions import PermissionDenied
from django.core.urlresolvers import resolve
from django.http import Http404
@@ -11,6 +13,8 @@ from pretix.base.models import Event, EventPermission, Organizer
from pretix.multidomain.urlreverse import get_domain
from pretix.presale.signals import process_request, process_response
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+
def _detect_event(request, require_live=True):
url = resolve(request.path_info)
@@ -59,8 +63,19 @@ def _detect_event(request, require_live=True):
LocaleMiddleware().process_request(request)
if require_live and not request.event.live:
- if not request.user.is_authenticated or not EventPermission.objects.filter(
- event=request.event, user=request.user).exists():
+ can_access = (
+ url.url_name == 'event.auth'
+ or (
+ request.user.is_authenticated
+ and EventPermission.objects.filter(event=request.event, user=request.user).exists()
+ )
+
+ )
+ if not can_access and 'pretix_event_access_{}'.format(request.event.pk) in request.session:
+ sparent = SessionStore(request.session.get('pretix_event_access_{}'.format(request.event.pk)))
+ can_access = sparent.exists(request.session.get('pretix_event_access_{}'.format(request.event.pk)))
+
+ if not can_access:
raise PermissionDenied(_('The selected ticket shop is currently not available.'))
for receiver, response in process_request.send(request.event, request=request):
diff --git a/src/pretix/presale/views/event.py b/src/pretix/presale/views/event.py
index 5222abf494..b6fe8436df 100644
--- a/src/pretix/presale/views/event.py
+++ b/src/pretix/presale/views/event.py
@@ -1,13 +1,24 @@
import sys
+from importlib import import_module
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
from django.db.models import Count, Prefetch, Q
+from django.shortcuts import redirect
+from django.utils.decorators import method_decorator
from django.utils.timezone import now
+from django.utils.translation import ugettext_lazy as _
+from django.views import View
+from django.views.decorators.csrf import csrf_exempt
from django.views.generic import TemplateView
from pretix.base.models import ItemVariation
+from pretix.multidomain.urlreverse import eventreverse
from . import CartMixin, EventViewMixin
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+
def item_group_by_category(items):
return sorted(
@@ -90,3 +101,27 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
context['cart'] = self.get_cart()
context['frontpage_text'] = str(self.request.event.settings.frontpage_text)
return context
+
+
+class EventAuth(View):
+
+ @method_decorator(csrf_exempt)
+ def dispatch(self, request, *args, **kwargs):
+ return super().dispatch(request, *args, **kwargs)
+
+ def post(self, request, *args, **kwargs):
+ s = SessionStore(request.POST.get('session'))
+
+ try:
+ data = s.load()
+ except:
+ raise PermissionDenied(_('Please go back and try again.'))
+
+ parent = data.get('pretix_event_access_{}'.format(request.event.pk))
+ sparent = SessionStore(parent)
+
+ if not sparent.exists(parent):
+ raise PermissionDenied(_('Please go back and try again.'))
+
+ request.session['pretix_event_access_{}'.format(request.event.pk)] = parent
+ return redirect(eventreverse(request.event, 'presale:event.index'))