CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-06 15:24:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Permission bypass for superusers

Browse Source
This commit is contained in:
Raphael Michel
2017-01-21 14:29:56 +01:00
parent 1d0def19b1
commit d4573e8c25
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pretix/control/permissions.py
View File

@@ -14,6 +14,8 @@ def event_permission_required(permission):
if not request.user.is_authenticated: # NOQA
# just a double check, should not ever happen
raise PermissionDenied()
if request.user.is_superuser:
return function(request, *args, **kw)
try:
perm = EventPermission.objects.get(
event=request.event,
@@ -28,7 +30,7 @@ def event_permission_required(permission):
allowed = getattr(perm, permission)
except AttributeError:
pass
if allowed:
if allowed or request.user.is_superuser:
return function(request, *args, **kw)
raise PermissionDenied(_('You do not have permission to view this content.'))
return wrapper
@@ -58,6 +60,8 @@ def organizer_permission_required(permission):
if not request.user.is_authenticated: # NOQA
# just a double check, should not ever happen
raise PermissionDenied()
if request.user.is_superuser:
return function(request, *args, **kw)
try:
perm = OrganizerPermission.objects.get(
organizer=request.organizer,