mirror of
https://github.com/pretix/pretix.git
synced 2026-05-16 17:03:58 +00:00
df0b580dd6
* Data model draft * Refactor query and assignment usages of old permissions * Backend UI * API serializer * Big string replace * Docs, tests and fixes for teams api * Update docs for device auth * Eliminate old names * Make tests pass * Use new permissions, remove inconsistencies * Add test for translations * Show plugin permissions * Add permission for seating plans * Fix plugin activation * Fix failing test * Refactor to permission groups * Update doc/api/resources/devices.rst Co-authored-by: luelista <weller@rami.io> * Update doc/api/resources/events.rst Co-authored-by: luelista <weller@rami.io> * Update src/pretix/api/serializers/organizer.py Co-authored-by: luelista <weller@rami.io> * Fix typo * Fix python version compat * Replacement after rebase * Add proper permission handling for exports * Docs for exporters * Runtime linting of permission names * Fix typos * Show export page even without orders permission * More legacy compat * Do not strongly validate before plugins are loaded * Rebase migration * Add permission for outgoing mails * Review notes * Update doc/api/resources/teams.rst Co-authored-by: Richard Schreiber <schreiber@pretix.eu> * Clean up logic around exporters * Review and failures * Fix migration leading to forbidden combination * Handle permissions on event copying * Remove print-statements * Make test clearer * Review feedback * Add AnyPermissionOf * migration safety --------- Co-authored-by: luelista <weller@rami.io> Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
96 lines
4.7 KiB
Python
96 lines
4.7 KiB
Python
#
|
|
# This file is part of pretix (Community Edition).
|
|
#
|
|
# Copyright (C) 2014-2020 Raphael Michel and contributors
|
|
# Copyright (C) 2020-today pretix GmbH and contributors
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
|
|
# Public License as published by the Free Software Foundation in version 3 of the License.
|
|
#
|
|
# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
|
|
# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
|
|
# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
|
|
# this file, see <https://pretix.eu/about/en/license>.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License along with this program. If not, see
|
|
# <https://www.gnu.org/licenses/>.
|
|
#
|
|
import warnings
|
|
|
|
# The first two mapping tables are used to migrate *configuration*, i.e. existing Team objects or Team objects
|
|
# created through old-style API calls. These need to be "complete on both sides", i.e. all new permissions are assigned
|
|
# to existing users in some scenario.
|
|
OLD_TO_NEW_EVENT_MIGRATION = {
|
|
"can_change_event_settings": [
|
|
"event.settings.general:write",
|
|
"event.settings.payment:write",
|
|
"event.settings.tax:write",
|
|
"event.settings.invoicing:write",
|
|
"event.subevents:write",
|
|
],
|
|
"can_change_items": ["event.items:write"],
|
|
"can_view_orders": ["event.orders:read"],
|
|
"can_change_orders": ["event.orders:write", "event:cancel"],
|
|
"can_checkin_orders": ["event.orders:checkin"],
|
|
"can_view_vouchers": ["event.vouchers:read"],
|
|
"can_change_vouchers": ["event.vouchers:write"],
|
|
}
|
|
OLD_TO_NEW_ORGANIZER_MIGRATION = {
|
|
"can_create_events": ["organizer.events:create"],
|
|
"can_change_organizer_settings": ["organizer.settings.general:write", "organizer.devices:read",
|
|
"organizer.devices:write", "organizer.seatingplans:write",
|
|
"organizer.outgoingmails:read"],
|
|
"can_change_teams": ["organizer.teams:write"],
|
|
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
|
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
|
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
|
}
|
|
|
|
# The second two mapping tables are used to migrate permission *checks*, i.e. they define which permissions a user needs
|
|
# to have to fulfill the "old-style condition". These are shorter than the migration mappings, since it does not
|
|
# make sense to check e.g. for event.settings.tax:write on every plugin that checks for can_change_event_settings
|
|
OLD_TO_NEW_EVENT_COMPAT = {
|
|
"can_change_event_settings": ["event.settings.general:write"],
|
|
"can_change_items": ["event.items:write"],
|
|
"can_view_orders": ["event.orders:read"],
|
|
"can_change_orders": ["event.orders:write"],
|
|
"can_checkin_orders": ["event.orders:checkin"],
|
|
"can_view_vouchers": ["event.vouchers:read"],
|
|
"can_change_vouchers": ["event.vouchers:write"],
|
|
}
|
|
OLD_TO_NEW_ORGANIZER_COMPAT = {
|
|
"can_create_events": ["organizer.events:create"],
|
|
"can_change_organizer_settings": ["organizer.settings.general:write"],
|
|
"can_change_teams": ["organizer.teams:write"],
|
|
"can_manage_gift_cards": ["organizer.giftcards:read", "organizer.giftcards:write"],
|
|
"can_manage_customers": ["organizer.customers:read", "organizer.customers:write"],
|
|
"can_manage_reusable_media": ["organizer.reusablemedia:read", "organizer.reusablemedia:write"],
|
|
}
|
|
|
|
|
|
class LegacyPermissionProperty:
|
|
name = None
|
|
|
|
def __set_name__(self, owner, name):
|
|
self.name = name
|
|
|
|
def __get__(self, instance, owner=None):
|
|
if instance is None:
|
|
return self
|
|
|
|
warnings.warn("Legacy permission attribute used", DeprecationWarning, stacklevel=2)
|
|
|
|
if self.name in OLD_TO_NEW_EVENT_COMPAT:
|
|
return instance.all_event_permissions or all(
|
|
kk in instance.limit_event_permissions for kk in OLD_TO_NEW_EVENT_COMPAT[self.name]
|
|
)
|
|
if self.name in OLD_TO_NEW_ORGANIZER_COMPAT:
|
|
return instance.all_organizer_permissions or all(
|
|
kk in instance.limit_organizer_permissions for kk in OLD_TO_NEW_ORGANIZER_COMPAT[self.name]
|
|
)
|
|
raise AttributeError("Unknown legacy attribute")
|