From fb8a8142d9a68f9b62bbc7db22e96378cdac7bb4 Mon Sep 17 00:00:00 2001
From: Raphael Michel <michel@pretix.eu>
Date: Mon, 22 Sep 2025 10:22:12 +0200
Subject: [PATCH] Scheduled exports: Check permissions on creation

---
 src/pretix/control/views/orders.py    | 16 ++++++++++++++--
 src/pretix/control/views/organizer.py | 21 +++++++++++++++++++--
 2 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/src/pretix/control/views/orders.py b/src/pretix/control/views/orders.py
index 377150bd1a..b2a48197f6 100644
--- a/src/pretix/control/views/orders.py
+++ b/src/pretix/control/views/orders.py
@@ -2832,11 +2832,23 @@ class ExportView(EventPermissionRequiredMixin, ExportMixin, ListView):
     def get_queryset(self):
         return self.get_scheduled_queryset()
 
+    def has_permission(self):
+        return self.request.user.has_event_permission(self.request.organizer, self.request.event, "can_view_orders")
+
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
         if "schedule" in self.request.POST or self.scheduled:
-            ctx['schedule_form'] = self.schedule_form
-            ctx['rrule_form'] = self.rrule_form
+            if "schedule" in self.request.POST and not self.has_permission():
+                messages.error(
+                    self.request,
+                    _(
+                        "Your user account does not have sufficient permission to run this report, therefore "
+                        "you cannot schedule it."
+                    )
+                )
+            else:
+                ctx['schedule_form'] = self.schedule_form
+                ctx['rrule_form'] = self.rrule_form
         elif not self.exporter:
             for s in ctx['scheduled']:
                 try:
diff --git a/src/pretix/control/views/organizer.py b/src/pretix/control/views/organizer.py
index d0fe7a6ff3..6e014bb91f 100644
--- a/src/pretix/control/views/organizer.py
+++ b/src/pretix/control/views/organizer.py
@@ -2189,11 +2189,28 @@ class ExportView(OrganizerPermissionRequiredMixin, ExportMixin, ListView):
     def get_queryset(self):
         return self.get_scheduled_queryset()
 
+    def has_permission(self):
+        if isinstance(self.exporter, OrganizerLevelExportMixin):
+            if not self.request.user.has_organizer_permission(self.request.organizer, self.exporter.organizer_required_permission):
+                return False
+        if self.exporter and not self.exporter.available_for_user(self.request.user):
+            return False
+        return True
+
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
         if "schedule" in self.request.POST or self.scheduled:
-            ctx['schedule_form'] = self.schedule_form
-            ctx['rrule_form'] = self.rrule_form
+            if "schedule" in self.request.POST and not self.has_permission():
+                messages.error(
+                    self.request,
+                    _(
+                        "Your user account does not have sufficient permission to run this report, therefore "
+                        "you cannot schedule it."
+                    )
+                )
+            else:
+                ctx['schedule_form'] = self.schedule_form
+                ctx['rrule_form'] = self.rrule_form
         elif not self.exporter:
             for s in ctx['scheduled']:
                 try: