Allow to access not-yet-live shop on different domain

src/pretix/control/templates/pretixcontrol/event/index.html

@@ -3,12 +3,21 @@
 {% load eventurl %}
 {% block title %}{{ request.event.name }}{% endblock %}
 {% block content %}
-    <h1>
-        {{ request.event.name }}
-        <a href="{% eventurl request.event "presale:event.index" %}" class="btn btn-default btn-sm" target="_blank">
-            {% trans "Go to shop" %}
-        </a>
-    </h1>
+    <form action="{% eventurl request.event "presale:event.auth" %}" method="post" target="_blank">
+        <h1>
+            {{ request.event.name }}
+            {% if has_domain and not request.event.live %}
+                <input type="hidden" value="{{ new_session }}" name="session">
+                <button type="submit" class="btn btn-default btn-sm">
+                    {% trans "Go to shop" %}
+                </button>
+            {% else %}
+                <a href="{% eventurl request.event "presale:event.index" %}" class="btn btn-default btn-sm" target="_blank">
+                    {% trans "Go to shop" %}
+                </a>
+            {% endif %}
+        </h1>
+    </form>
 
     {% if actions|length > 0 %}
         <div class="panel panel-danger">

src/pretix/control/views/dashboards.py

@@ -1,5 +1,7 @@
 from decimal import Decimal
+from importlib import import_module
 
+from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
 from django.core.urlresolvers import reverse
 from django.db.models import Sum
@@ -17,6 +19,7 @@ from pretix.control.signals import (
 
 from ..logdisplay import OVERVIEW_BLACKLIST
 
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
 NUM_WIDGET = '<div class="numwidget"><span class="num">{num}</span><span class="text">{text}</span></div>'
 
 
@@ -167,11 +170,21 @@ def event_index(request, organizer, event):
 
     a_qs = request.event.requiredaction_set.filter(done=False)
 
+    has_domain = request.event.organizer.domains.exists()
+
     ctx = {
         'widgets': rearrange(widgets),
         'logs': qs[:5],
-        'actions': a_qs[:5] if request.eventperm.can_change_orders else []
+        'actions': a_qs[:5] if request.eventperm.can_change_orders else [],
+        'has_domain': has_domain
     }
+
+    if not request.event.live and has_domain:
+        s = SessionStore()
+        s['pretix_event_access_{}'.format(request.event.pk)] = request.session.session_key
+        s.create()
+        ctx['new_session'] = s.session_key
+
     for a in ctx['actions']:
         a.display = a.display(request)
 

src/pretix/presale/urls.py

@@ -51,6 +51,7 @@ event_patterns = [
     url(r'^order/(?P<order>[^/]+)/(?P<secret>[A-Za-z0-9]+)/invoice/(?P<invoice>[0-9]+)$',
         pretix.presale.views.order.InvoiceDownload.as_view(),
         name='event.invoice.download'),
+    url(r'^auth/$', pretix.presale.views.event.EventAuth.as_view(), name='event.auth'),
     url(r'^$', pretix.presale.views.event.EventIndex.as_view(), name='event.index'),
 ]
 

src/pretix/presale/utils.py

@@ -1,5 +1,7 @@
+from importlib import import_module
 from urllib.parse import urljoin
 
+from django.conf import settings
 from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import resolve
 from django.http import Http404
@@ -11,6 +13,8 @@ from pretix.base.models import Event, EventPermission, Organizer
 from pretix.multidomain.urlreverse import get_domain
 from pretix.presale.signals import process_request, process_response
 
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+
 
 def _detect_event(request, require_live=True):
     url = resolve(request.path_info)
@@ -59,8 +63,19 @@ def _detect_event(request, require_live=True):
             LocaleMiddleware().process_request(request)
 
             if require_live and not request.event.live:
-                if not request.user.is_authenticated or not EventPermission.objects.filter(
-                        event=request.event, user=request.user).exists():
+                can_access = (
+                    url.url_name == 'event.auth'
+                    or (
+                        request.user.is_authenticated
+                        and EventPermission.objects.filter(event=request.event, user=request.user).exists()
+                    )
+
+                )
+                if not can_access and 'pretix_event_access_{}'.format(request.event.pk) in request.session:
+                    sparent = SessionStore(request.session.get('pretix_event_access_{}'.format(request.event.pk)))
+                    can_access = sparent.exists(request.session.get('pretix_event_access_{}'.format(request.event.pk)))
+
+                if not can_access:
                     raise PermissionDenied(_('The selected ticket shop is currently not available.'))
 
             for receiver, response in process_request.send(request.event, request=request):

src/pretix/presale/views/event.py

@@ -1,13 +1,24 @@
 import sys
+from importlib import import_module
 
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
 from django.db.models import Count, Prefetch, Q
+from django.shortcuts import redirect
+from django.utils.decorators import method_decorator
 from django.utils.timezone import now
+from django.utils.translation import ugettext_lazy as _
+from django.views import View
+from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView
 
 from pretix.base.models import ItemVariation
+from pretix.multidomain.urlreverse import eventreverse
 
 from . import CartMixin, EventViewMixin
 
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+
 
 def item_group_by_category(items):
     return sorted(
@@ -90,3 +101,27 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
         context['cart'] = self.get_cart()
         context['frontpage_text'] = str(self.request.event.settings.frontpage_text)
         return context
+
+
+class EventAuth(View):
+
+    @method_decorator(csrf_exempt)
+    def dispatch(self, request, *args, **kwargs):
+        return super().dispatch(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        s = SessionStore(request.POST.get('session'))
+
+        try:
+            data = s.load()
+        except:
+            raise PermissionDenied(_('Please go back and try again.'))
+
+        parent = data.get('pretix_event_access_{}'.format(request.event.pk))
+        sparent = SessionStore(parent)
+
+        if not sparent.exists(parent):
+            raise PermissionDenied(_('Please go back and try again.'))
+
+        request.session['pretix_event_access_{}'.format(request.event.pk)] = parent
+        return redirect(eventreverse(request.event, 'presale:event.index'))