CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-09 15:54:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Permission bypass for superusers

Browse Source
This commit is contained in:
Raphael Michel
2017-01-21 14:29:56 +01:00
parent 1d0def19b1
commit d4573e8c25
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pretix/control/permissions.py
View File

@@ -14,6 +14,8 @@ def event_permission_required(permission):
if not request.user.is_authenticated: # NOQA if not request.user.is_authenticated: # NOQA
# just a double check, should not ever happen # just a double check, should not ever happen
raise PermissionDenied() raise PermissionDenied()
if request.user.is_superuser:
return function(request, *args, **kw)
try: try:
perm = EventPermission.objects.get( perm = EventPermission.objects.get(
event=request.event, event=request.event,
@@ -28,7 +30,7 @@ def event_permission_required(permission):
allowed = getattr(perm, permission) allowed = getattr(perm, permission)
except AttributeError: except AttributeError:
pass pass
if allowed: if allowed or request.user.is_superuser:
return function(request, *args, **kw) return function(request, *args, **kw)
raise PermissionDenied(_('You do not have permission to view this content.')) raise PermissionDenied(_('You do not have permission to view this content.'))
return wrapper return wrapper
@@ -58,6 +60,8 @@ def organizer_permission_required(permission):
if not request.user.is_authenticated: # NOQA if not request.user.is_authenticated: # NOQA
# just a double check, should not ever happen # just a double check, should not ever happen
raise PermissionDenied() raise PermissionDenied()
if request.user.is_superuser:
return function(request, *args, **kw)
try: try:
perm = OrganizerPermission.objects.get( perm = OrganizerPermission.objects.get(
organizer=request.organizer, organizer=request.organizer,