CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-04 15:04:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add device security profiles (#1806)

Browse Source
This commit is contained in:
Raphael Michel
2020-10-13 17:40:25 +02:00
committed by GitHub
parent 301849f771
commit e8f3ad633a
15 changed files with 177 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
src/pretix/api/auth/devicesecurity.py Normal file
View File

@@ -0,0 +1,110 @@
from django.utils.translation import ugettext_lazy as _
class FullAccessSecurityProfile:
identifier = 'full'
verbose_name = _('Full access')
def is_allowed(self, request):
return True
class WhiteListSecurityProfile:
whitelist = tuple()
def is_allowed(self, request):
key = (request.method, f"{request.resolver_match.namespace}:{request.resolver_match.url_name}")
return key in self.whitelist
class PretixScanSecurityProfile(WhiteListSecurityProfile):
identifier = 'pretixscan'
verbose_name = _('pretixSCAN')
whitelist = (
('GET', 'api-v1:version'),
('GET', 'api-v1:device.update'),
('GET', 'api-v1:device.revoke'),
('GET', 'api-v1:event-list'),
('GET', 'api-v1:event-detail'),
('GET', 'api-v1:subevent-list'),
('GET', 'api-v1:subevent-detail'),
('GET', 'api-v1:itemcategory-list'),
('GET', 'api-v1:item-list'),
('GET', 'api-v1:question-list'),
('GET', 'api-v1:badgelayout-list'),
('GET', 'api-v1:badgeitem-list'),
('GET', 'api-v1:checkinlist-list'),
('GET', 'api-v1:checkinlist-status'),
('GET', 'api-v1:checkinlistpos-list'),
('POST', 'api-v1:checkinlistpos-redeem'),
('GET', 'api-v1:order-list'),
('GET', 'api-v1:event.settings'),
)
class PretixScanNoSyncSecurityProfile(WhiteListSecurityProfile):
identifier = 'pretixscan_online_kiosk'
verbose_name = _('pretixSCAN (kiosk mode, online only)')
whitelist = (
('GET', 'api-v1:version'),
('GET', 'api-v1:device.update'),
('GET', 'api-v1:device.revoke'),
('GET', 'api-v1:event-list'),
('GET', 'api-v1:event-detail'),
('GET', 'api-v1:subevent-list'),
('GET', 'api-v1:subevent-detail'),
('GET', 'api-v1:itemcategory-list'),
('GET', 'api-v1:item-list'),
('GET', 'api-v1:question-list'),
('GET', 'api-v1:badgelayout-list'),
('GET', 'api-v1:badgeitem-list'),
('POST', 'api-v1:checkinlistpos-redeem'),
('GET', 'api-v1:event.settings'),
)
class PretixPosSecurityProfile(WhiteListSecurityProfile):
identifier = 'pretixpos'
verbose_name = _('pretixPOS')
whitelist = (
('GET', 'api-v1:version'),
('GET', 'api-v1:device.update'),
('GET', 'api-v1:device.revoke'),
('GET', 'api-v1:event-list'),
('GET', 'api-v1:event-detail'),
('GET', 'api-v1:subevent-list'),
('GET', 'api-v1:subevent-detail'),
('GET', 'api-v1:itemcategory-list'),
('GET', 'api-v1:item-list'),
('GET', 'api-v1:question-list'),
('GET', 'api-v1:quota-list'),
('GET', 'api-v1:taxrule-list'),
('GET', 'api-v1:ticketlayout-list'),
('GET', 'api-v1:ticketlayoutitem-list'),
('GET', 'api-v1:order-list'),
('POST', 'api-v1:order-list'),
('GET', 'api-v1:order-detail'),
('DELETE', 'api-v1:orderposition-detail'),
('POST', 'api-v1:order-mark_canceled'),
('POST', 'api-v1:orderrefund-list'),
('POST', 'api-v1:orderrefund-done'),
('POST', 'api-v1:cartposition-list'),
('DELETE', 'api-v1:cartposition-detail'),
('GET', 'api-v1:giftcard-list'),
('POST', 'api-v1:giftcard-transact'),
('POST', 'plugins:pretix_posbackend:posreceipt-list'),
('POST', 'plugins:pretix_posbackend:posclosing-list'),
('POST', 'plugins:pretix_posbackend:posdebugdump-list'),
('POST', 'plugins:pretix_posbackend:stripeterminal.token'),
('GET', 'api-v1:event.settings'),
)
DEVICE_SECURITY_PROFILES = {
k.identifier: k() for k in (
FullAccessSecurityProfile,
PretixScanSecurityProfile,
PretixScanNoSyncSecurityProfile,
PretixPosSecurityProfile,
)
}