chore(ui/permissions): hide “Create Organizer” in admin tickets page, allow creation in common organizers view #890
Conversation
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
The pull request #890 has too many files changed.
The GitHub API will only let us fetch up to 300 changed files, and this pull request has 3968.
Saksham-Sirohi
requested review from
Gagan-Ram,
Sak1012,
hongquan and
mariobehling
|
So, as we proceed I think we need to have this in a bit more advanced way. In the admin section of the platform (e.g. https://wikimedia.eventyay.com/tickets/control/admin/global/settings/) there should be a section "Organizer Creation" with the following tick boxes.
For the second option test that accounts have payment info on file. |
mariobehling
changed the title
|
Following the above comment which requires to add an option for create organiser permissions in /tickets/control/admin/global/settings/ should follow the PR at #794. We need this PR to be made against the enext branch first. |
mariobehling
left a comment
mariobehling
left a comment
There was a problem hiding this comment.
Please make the required changes to display the create organizer option depending on the platform configuration.
Saksham-Sirohi
force-pushed
the
organizer-creation
branch
from
110ebaa to
473f9fa
Compare
Saksham-Sirohi
force-pushed
the
organizer-creation
branch
from
473f9fa to
221dd1a
Compare
Saksham-Sirohi
force-pushed
the
organizer-creation
branch
from
221dd1a to
896f553
Compare
@mariobehling updated pr please take a look
|
There was a problem hiding this comment.
Pull Request Overview
This PR implements configurable permissions for organizer creation by introducing a new OrganizerCreationPermissionMixin that allows system administrators to control who can create organizers through global settings. Previously, only users with active staff sessions could create organizers.
Key changes:
- Added
OrganizerCreationPermissionMixinwith configurable permission logic based on global settings - Introduced two new global settings:
allow_all_users_create_organizerandallow_payment_users_create_organizer - Updated
OrganizerCreateandOrganizerListviews to use the new permission mixin and display create buttons conditionally
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| app/eventyay/control/permissions.py | Added OrganizerCreationPermissionMixin with _can_create_organizer and _user_has_payment_info helper methods |
| app/eventyay/control/forms/global_settings.py | Added two new boolean fields for controlling organizer creation permissions |
| app/eventyay/control/views/organizer_views/organizer_view.py | Integrated permission mixin into OrganizerCreate and OrganizerList views with permission checks in dispatch |
| app/eventyay/control/templates/pretixcontrol/organizers/index.html | Conditionally display create button based on can_create_organizer context variable |
| app/eventyay/eventyay_common/views/organizer.py | Integrated permission mixin into OrganizerCreate and OrganizerList views with permission checks in dispatch |
| app/eventyay/eventyay_common/templates/eventyay_common/organizers/index.html | Changed from staff_session to can_create_organizer for displaying create button |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Saksham-Sirohi
force-pushed
the
organizer-creation
branch
from
adecb42 to
85d21d8
Compare
mariobehling
left a comment
mariobehling
left a comment
There was a problem hiding this comment.
It looks like your local tests are using an older version. Why is that?
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # Get all organizers where the user is a team member | ||
| user_organizers = Organizer.objects.filter( | ||
| teams__members=user | ||
| ).distinct() | ||
|
|
||
| # Single query to check if any billing record has payment info | ||
| # Check for either stripe_customer_id OR stripe_payment_method_id | ||
| return OrganizerBillingModel.objects.filter( | ||
| organizer__in=user_organizers | ||
| ).filter( | ||
| (Q(stripe_customer_id__isnull=False) & ~Q(stripe_customer_id='')) | | ||
| (Q(stripe_payment_method_id__isnull=False) & ~Q(stripe_payment_method_id='')) | ||
| ).exists() |
There was a problem hiding this comment.
[nitpick] The query could potentially be optimized by combining the two filter operations into a single query using joins. Instead of:
user_organizers = Organizer.objects.filter(teams__members=user).distinct()
return OrganizerBillingModel.objects.filter(organizer__in=user_organizers).filter(...).exists()Consider:
return OrganizerBillingModel.objects.filter(
organizer__teams__members=user
).filter(
(Q(stripe_customer_id__isnull=False) & ~Q(stripe_customer_id='')) |
(Q(stripe_payment_method_id__isnull=False) & ~Q(stripe_payment_method_id=''))
).exists()This would eliminate the intermediate queryset and potentially improve performance, though the impact may be minimal.
| ( | ||
| 'allow_all_users_create_organizer', | ||
| forms.BooleanField( | ||
| label=_('All registered users can create organizers'), | ||
| help_text=_('If enabled, all registered users will be allowed to create organizers. System admins can always create organizers.'), | ||
| required=False, | ||
| ), | ||
| ), | ||
| ( | ||
| 'allow_payment_users_create_organizer', | ||
| forms.BooleanField( | ||
| label=_('All accounts with payment information can create organizers'), | ||
| help_text=_('If enabled, users with valid payment information on file will be allowed to create organizers. System admins can always create organizers.'), | ||
| required=False, | ||
| ), | ||
| ), |
There was a problem hiding this comment.
[nitpick] The help texts for the two organizer creation permission settings don't explain how they interact when both are enabled or what takes precedence. Consider updating the help texts to clarify:
- When both settings are disabled (unchecked), only system admins can create organizers
- When "All registered users can create organizers" is enabled, it takes precedence and all authenticated users can create organizers, regardless of the payment setting
- When only "All accounts with payment information can create organizers" is enabled, only users with payment info on file can create organizers
For example:
allow_all_users_create_organizer: "If enabled, all registered users will be allowed to create organizers. This takes precedence over the payment information requirement below."allow_payment_users_create_organizer: "If enabled (and 'All registered users' is disabled), only users with valid payment information on file will be allowed to create organizers."
| # Get all organizers where the user is a team member | ||
| user_organizers = Organizer.objects.filter( | ||
| teams__members=user | ||
| ).distinct() | ||
|
|
||
| # Single query to check if any billing record has payment info | ||
| # Check for either stripe_customer_id OR stripe_payment_method_id | ||
| return OrganizerBillingModel.objects.filter( | ||
| organizer__in=user_organizers | ||
| ).filter( | ||
| (Q(stripe_customer_id__isnull=False) & ~Q(stripe_customer_id='')) | | ||
| (Q(stripe_payment_method_id__isnull=False) & ~Q(stripe_payment_method_id='')) | ||
| ).exists() |
There was a problem hiding this comment.
There's a circular dependency issue in the payment information check. The _user_has_payment_info method checks if the user has payment info by looking at billing records of organizers where the user is already a team member. However, for new users who haven't created any organizers yet, user_organizers will always be empty, causing this check to always return False.
This means when allow_payment_users_create_organizer=True and allow_all_users_create_organizer=False, new users will never be able to create their first organizer, even if they have payment information on file.
Consider modifying the logic to check for payment information at the user level (if such a model exists) or document that users need to be added to an existing organizer first before they can create new ones.
4 participants
fixes #651 to enext