fix formatting

make "Show in backend" button on ticket pages available on custom domain (with valid cross-domain session)
2025-12-21 16:42:26 +00:00 · 2025-01-14 18:36:35 +01:00 · 2025-01-13 17:05:27 +01:00
4 changed files with 21 additions and 23 deletions
--- a/src/pretix/base/auth.py
+++ b/src/pretix/base/auth.py
@@ -222,3 +222,15 @@ class HistoryPasswordValidator:
        user.historic_passwords.filter(
            pk__in=user.historic_passwords.order_by("-created")[self.history_length:].values_list("pk", flat=True),
        ).delete()
 def has_event_access_permission(request, permission='can_change_event_settings'):
    return (
        request.user.is_authenticated and
        request.user.has_event_permission(request.organizer, request.event, permission, request=request)
    ) or (
        getattr(request, 'event_access_user', None) and
        request.event_access_user.is_authenticated and
        request.event_access_user.has_event_permission(request.organizer, request.event, permission,
                                                       session_key=request.event_access_parent_session_key)
    )
--- a/src/pretix/base/timemachine.py
+++ b/src/pretix/base/timemachine.py
@@ -25,13 +25,15 @@ from contextlib import contextmanager
 from dateutil.parser import parse
 from django.utils.timezone import now
 from pretix.base.auth import has_event_access_permission
 timemachine_now_var = contextvars.ContextVar('timemachine_now', default=None)
@contextmanager
 def time_machine_now_assigned_from_request(request):
    if hasattr(request, 'event') and f'timemachine_now_dt:{request.event.pk}' in request.session and \
-            request.event.testmode and has_time_machine_permission(request, request.event):
+            request.event.testmode and has_event_access_permission(request):
        request.now_dt = parse(request.session[f'timemachine_now_dt:{request.event.pk}'])
        request.now_dt_is_fake = True
    else:
@@ -70,17 +72,3 @@ def time_machine_now_assigned(now_dt):
        yield
    finally:
        timemachine_now_var.set(None)
 def has_time_machine_permission(request, event):
    permission = 'can_change_event_settings'
    return (
        request.user.is_authenticated and
        request.user.has_event_permission(request.organizer, request.event, permission, request=request)
    ) or (
        getattr(request, 'event_access_user', None) and
        request.event_access_user.is_authenticated and
        request.event_access_user.has_event_permission(request.organizer, request.event, permission,
                                                       session_key=request.event_access_parent_session_key)
    )
--- a/src/pretix/presale/views/event.py
+++ b/src/pretix/presale/views/event.py
@@ -63,6 +63,7 @@ from django.views import View
 from django.views.decorators.csrf import csrf_exempt
 from django.views.generic import TemplateView
 from pretix.base.auth import has_event_access_permission
 from pretix.base.forms.widgets import SplitDateTimePickerWidget
 from pretix.base.models import (
    ItemVariation, Quota, SalesChannel, SeatCategoryMapping, Voucher,
@@ -73,9 +74,7 @@ from pretix.base.models.items import (
 )
 from pretix.base.services.placeholders import PlaceholderContext
 from pretix.base.services.quotas import QuotaAvailability
-from pretix.base.timemachine import (
+from pretix.base.timemachine import time_machine_now
    has_time_machine_permission, time_machine_now,
 )
 from pretix.helpers.compat import date_fromisocalendar
 from pretix.helpers.formats.en.formats import (
    SHORT_MONTH_DAY_FORMAT, WEEK_FORMAT,
@@ -963,7 +962,7 @@ class EventTimeMachine(EventViewMixin, TemplateView):
    def setup(self, request, *args, **kwargs):
        super().setup(request, *args, **kwargs)
-        if not has_time_machine_permission(request, request.event):
+        if not has_event_access_permission(request):
            raise PermissionDenied(_('You are not allowed to access time machine mode.'))
        if not request.event.testmode:
            raise PermissionDenied(_('This feature is only available in test mode.'))
--- a/src/pretix/presale/views/order.py
+++ b/src/pretix/presale/views/order.py
@@ -60,6 +60,7 @@ from django.utils.translation import gettext, gettext_lazy as _
 from django.views.decorators.clickjacking import xframe_options_exempt
 from django.views.generic import ListView, TemplateView, View
 from pretix.base.auth import has_event_access_permission
 from pretix.base.models import (
    CachedTicket, Checkin, GiftCard, Invoice, Order, OrderPosition, Quota,
    TaxRule,
@@ -205,10 +206,8 @@ class TicketPageMixin:
        ctx['download_buttons'] = self.download_buttons
-        ctx['backend_user'] = (
+        ctx['backend_user'] = has_event_access_permission(self.request, 'can_view_orders')
-            self.request.user.is_authenticated
+
            and self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_orders', request=self.request)
        )
        return ctx
    @cached_property
Author	SHA1	Message	Date
Mira Weller	57b1b595b5	fix formatting	2025-01-14 18:36:35 +01:00
Mira Weller	19d1336e98	make "Show in backend" button on ticket pages available on custom domain (with valid cross-domain session)	2025-01-13 17:05:27 +01:00