Allow to access not-yet-live shop on different domain

src/pretix/presale/urls.py

@@ -51,6 +51,7 @@ event_patterns = [
     url(r'^order/(?P<order>[^/]+)/(?P<secret>[A-Za-z0-9]+)/invoice/(?P<invoice>[0-9]+)$',
         pretix.presale.views.order.InvoiceDownload.as_view(),
         name='event.invoice.download'),
+    url(r'^auth/$', pretix.presale.views.event.EventAuth.as_view(), name='event.auth'),
     url(r'^$', pretix.presale.views.event.EventIndex.as_view(), name='event.index'),
 ]
 

src/pretix/presale/utils.py

@@ -1,5 +1,7 @@
+from importlib import import_module
 from urllib.parse import urljoin
 
+from django.conf import settings
 from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import resolve
 from django.http import Http404
@@ -11,6 +13,8 @@ from pretix.base.models import Event, EventPermission, Organizer
 from pretix.multidomain.urlreverse import get_domain
 from pretix.presale.signals import process_request, process_response
 
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+
 
 def _detect_event(request, require_live=True):
     url = resolve(request.path_info)
@@ -59,8 +63,19 @@ def _detect_event(request, require_live=True):
             LocaleMiddleware().process_request(request)
 
             if require_live and not request.event.live:
-                if not request.user.is_authenticated or not EventPermission.objects.filter(
-                        event=request.event, user=request.user).exists():
+                can_access = (
+                    url.url_name == 'event.auth'
+                    or (
+                        request.user.is_authenticated
+                        and EventPermission.objects.filter(event=request.event, user=request.user).exists()
+                    )
+
+                )
+                if not can_access and 'pretix_event_access_{}'.format(request.event.pk) in request.session:
+                    sparent = SessionStore(request.session.get('pretix_event_access_{}'.format(request.event.pk)))
+                    can_access = sparent.exists(request.session.get('pretix_event_access_{}'.format(request.event.pk)))
+
+                if not can_access:
                     raise PermissionDenied(_('The selected ticket shop is currently not available.'))
 
             for receiver, response in process_request.send(request.event, request=request):

src/pretix/presale/views/event.py

@@ -1,13 +1,24 @@
 import sys
+from importlib import import_module
 
+from django.conf import settings
+from django.core.exceptions import PermissionDenied
 from django.db.models import Count, Prefetch, Q
+from django.shortcuts import redirect
+from django.utils.decorators import method_decorator
 from django.utils.timezone import now
+from django.utils.translation import ugettext_lazy as _
+from django.views import View
+from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView
 
 from pretix.base.models import ItemVariation
+from pretix.multidomain.urlreverse import eventreverse
 
 from . import CartMixin, EventViewMixin
 
+SessionStore = import_module(settings.SESSION_ENGINE).SessionStore
+
 
 def item_group_by_category(items):
     return sorted(
@@ -90,3 +101,27 @@ class EventIndex(EventViewMixin, CartMixin, TemplateView):
         context['cart'] = self.get_cart()
         context['frontpage_text'] = str(self.request.event.settings.frontpage_text)
         return context
+
+
+class EventAuth(View):
+
+    @method_decorator(csrf_exempt)
+    def dispatch(self, request, *args, **kwargs):
+        return super().dispatch(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        s = SessionStore(request.POST.get('session'))
+
+        try:
+            data = s.load()
+        except:
+            raise PermissionDenied(_('Please go back and try again.'))
+
+        parent = data.get('pretix_event_access_{}'.format(request.event.pk))
+        sparent = SessionStore(parent)
+
+        if not sparent.exists(parent):
+            raise PermissionDenied(_('Please go back and try again.'))
+
+        request.session['pretix_event_access_{}'.format(request.event.pk)] = parent
+        return redirect(eventreverse(request.event, 'presale:event.index'))