Pluggable permissions (#5728)

* Data model draft * Refactor query and assignment usages of old permissions * Backend UI * API serializer * Big string replace * Docs, tests and fixes for teams api * Update docs for device auth * Eliminate old names * Make tests pass * Use new permissions, remove inconsistencies * Add test for translations * Show plugin permissions * Add permission for seating plans * Fix plugin activation * Fix failing test * Refactor to permission groups * Update doc/api/resources/devices.rst Co-authored-by: luelista <weller@rami.io> * Update doc/api/resources/events.rst Co-authored-by: luelista <weller@rami.io> * Update src/pretix/api/serializers/organizer.py Co-authored-by: luelista <weller@rami.io> * Fix typo * Fix python version compat * Replacement after rebase * Add proper permission handling for exports * Docs for exporters * Runtime linting of permission names * Fix typos * Show export page even without orders permission * More legacy compat * Do not strongly validate before plugins are loaded * Rebase migration * Add permission for outgoing mails * Review notes * Update doc/api/resources/teams.rst Co-authored-by: Richard Schreiber <schreiber@pretix.eu> * Clean up logic around exporters * Review and failures * Fix migration leading to forbidden combination * Handle permissions on event copying * Remove print-statements * Make test clearer * Review feedback * Add AnyPermissionOf * migration safety --------- Co-authored-by: luelista <weller@rami.io> Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
2026-05-21 17:54:08 +00:00 · 2026-03-17 14:43:56 +01:00
parent eddde2b6c0
commit df0b580dd6
203 changed files with 5374 additions and 2331 deletions
--- a/src/pretix/api/serializers/settings.py
+++ b/src/pretix/api/serializers/settings.py
@@ -37,6 +37,8 @@ logger = logging.getLogger(__name__)
 class SettingsSerializer(serializers.Serializer):
    default_fields = []
    readonly_fields = []
+    default_write_permission = 'organizer.settings.general:write'
+    write_permission_required = {}

    def __init__(self, *args, **kwargs):
        self.changed_data = []
@@ -58,9 +60,17 @@ class SettingsSerializer(serializers.Serializer):
            f._label = str(form_kwargs.get('label', fname))
            f._help_text = str(form_kwargs.get('help_text'))
            f.parent = self
+
+            self.write_permission_required[fname] = DEFAULTS[fname].get('write_permission', self.default_write_permission)
+
            self.fields[fname] = f

    def validate(self, attrs):
+        for k in attrs.keys():
+            p = self.write_permission_required.get(k, self.default_write_permission)
+            if p not in self.context["permissions"]:
+                raise ValidationError({k: f"Setting this field requires permission {p}"})
+
        return {k: v for k, v in attrs.items() if k not in self.readonly_fields}

    def update(self, instance: HierarkeyProxy, validated_data):