Pluggable permissions (#5728)

* Data model draft * Refactor query and assignment usages of old permissions * Backend UI * API serializer * Big string replace * Docs, tests and fixes for teams api * Update docs for device auth * Eliminate old names * Make tests pass * Use new permissions, remove inconsistencies * Add test for translations * Show plugin permissions * Add permission for seating plans * Fix plugin activation * Fix failing test * Refactor to permission groups * Update doc/api/resources/devices.rst Co-authored-by: luelista <weller@rami.io> * Update doc/api/resources/events.rst Co-authored-by: luelista <weller@rami.io> * Update src/pretix/api/serializers/organizer.py Co-authored-by: luelista <weller@rami.io> * Fix typo * Fix python version compat * Replacement after rebase * Add proper permission handling for exports * Docs for exporters * Runtime linting of permission names * Fix typos * Show export page even without orders permission * More legacy compat * Do not strongly validate before plugins are loaded * Rebase migration * Add permission for outgoing mails * Review notes * Update doc/api/resources/teams.rst Co-authored-by: Richard Schreiber <schreiber@pretix.eu> * Clean up logic around exporters * Review and failures * Fix migration leading to forbidden combination * Handle permissions on event copying * Remove print-statements * Make test clearer * Review feedback * Add AnyPermissionOf * migration safety --------- Co-authored-by: luelista <weller@rami.io> Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
2026-05-12 16:24:00 +00:00 · 2026-03-17 14:43:56 +01:00
parent eddde2b6c0
commit df0b580dd6
203 changed files with 5374 additions and 2331 deletions
--- a/src/pretix/plugins/sendmail/api.py
+++ b/src/pretix/plugins/sendmail/api.py
@@ -113,7 +113,7 @@ class RuleViewSet(viewsets.ModelViewSet):
    filterset_class = RuleFilter
    ordering = ('id',)
    ordering_fields = ('id',)
-    permission = 'can_change_event_settings'
+    permission = 'event.settings.general:write'

    def get_queryset(self):
        return Rule.objects.filter(event=self.request.event)
--- a/src/pretix/plugins/sendmail/signals.py
+++ b/src/pretix/plugins/sendmail/signals.py
@@ -79,7 +79,7 @@ def scheduled_mail_create(sender, **kwargs):
@receiver(nav_event, dispatch_uid="sendmail_nav")
 def control_nav_import(sender, request=None, **kwargs):
    url = resolve(request.path_info)
-    if not request.user.has_event_permission(request.organizer, request.event, 'can_change_orders', request=request):
+    if not request.user.has_event_permission(request.organizer, request.event, 'event.orders:write', request=request):
        return []
    return [
        {
--- a/src/pretix/plugins/sendmail/views.py
+++ b/src/pretix/plugins/sendmail/views.py
@@ -72,7 +72,7 @@ logger = logging.getLogger('pretix.plugins.sendmail')

 class IndexView(EventPermissionRequiredMixin, TemplateView):
    template_name = 'pretixplugins/sendmail/index.html'
-    permission = 'can_change_orders'
+    permission = 'event.orders:write'

    def get_context_data(self, **kwargs):
        from .signals import sendmail_view_classes
@@ -94,7 +94,7 @@ class IndexView(EventPermissionRequiredMixin, TemplateView):
 class BaseSenderView(EventPermissionRequiredMixin, FormView):
    # These parameters usually SHOULD NOT be overridden
    template_name = 'pretixplugins/sendmail/send_form.html'
-    permission = 'can_change_orders'
+    permission = 'event.orders:write'

    # These parameters MUST be overridden by subclasses
    form_fragment_name = None
@@ -523,7 +523,7 @@ class WaitinglistSendView(BaseSenderView):

 class EmailHistoryView(EventPermissionRequiredMixin, ListView):
    template_name = 'pretixplugins/sendmail/history.html'
-    permission = 'can_change_orders'
+    permission = 'event.orders:write'
    model = LogEntry
    context_object_name = 'logs'
    paginate_by = 5
@@ -571,7 +571,7 @@ class EmailHistoryView(EventPermissionRequiredMixin, ListView):

 class CreateRule(EventPermissionRequiredMixin, CreateView):
    template_name = 'pretixplugins/sendmail/rule_create.html'
-    permission = 'can_change_event_settings'
+    permission = 'event.settings.general:write'
    form_class = forms.RuleForm

    model = Rule
@@ -621,7 +621,7 @@ class UpdateRule(EventPermissionRequiredMixin, UpdateView):
    model = Rule
    form_class = forms.RuleForm
    template_name = 'pretixplugins/sendmail/rule_update.html'
-    permission = 'can_change_event_settings'
+    permission = 'event.settings.general:write'

    def get_object(self, queryset=None) -> Rule:
        return get_object_or_404(
@@ -701,7 +701,7 @@ class ListRules(EventPermissionRequiredMixin, PaginationMixin, ListView):

 class DeleteRule(EventPermissionRequiredMixin, DeleteView):
    model = Rule
-    permission = 'can_change_event_settings'
+    permission = 'event.settings.general:write'
    template_name = 'pretixplugins/sendmail/rule_delete.html'
    context_object_name = 'rule'