* change linked orderpositions to many-to-many
* Update media views to list ops
* return last op as fallback for linked_orderposition
* add multi-op to export
* update media-API
* fix media-view filter
* update control media forms
* fix API orders
* fix API orders matching media
* remove cached_property linked_orderposition - keep only in API
* fix media-issue signal
* adapt checkin API for multiple orderpositions
* remove unneeded comment
* fix create/update logging
* fix tests
* fix more tests
* fix code style
* add label to reusablemedium
* fix migration NOT NULL
* fix tests
* update docs
* clarify docs updating multiple linked_orderpositions
* clarify docs
* no need to prefetch linked_orderpositions
* improve readability
* select_related order instead prefetch
* add filter based on op.valid_from/until
* rename secret to claim_token
* Update docs for claim_token
* unifiy deprecated style
* Update reusablemedia.rst
* Update reusablemedia.rst
* Update reusablemedia.rst
* fix missing claim_token in serializer
* fix flake8
* add add_to_reusable_medium to order-serializer
* fix tests regarding claim_token
* fix flake8
* Clarify docs
* list ops comma-separated in export
* Add test for order-API add_to_reusable_medium
* fix linked_orderpositions filter in checkinrpc
* add test
* Add help-text
* fix multi-op media filter
* fix flake8
* improve check
* Fix sorting of reusable media type in overview
* Add copy and qr button to reusable medium detail view
* Rebase against origin/master
* Add logentrytype reusable_medium.linked_orderposition.removed
* add missing label_from_instance for SafeOrderPositionMultipleChoiceField
* add tests for create with linked_orderposition
* API add test for fallback-values in medium patch
* fix flake8
* Fix indentation
* fix migrations numbering
* fix test
* unify qutation marks
* fix flake8
* micro-improve linked_op-removal-logging
* simplify filter instead of annotate/get
* Do not translate API-errors
Co-authored-by: Raphael Michel <michel@pretix.eu>
* Fix typos in doc
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Update versionchanged in docs
Co-authored-by: Raphael Michel <michel@pretix.eu>
* Change log to always added not changed
* Add test for checkinrpc for ops out of timerang or canceled
* improve tests mixing ops from different organizers
* Fix logging of changed order_positions
* properly log added/removed when using UI
* refactor logging code
* unify logging adding/removing ops via API
* fix flake8
* remove unnecessary prefetch as already prefetched
* optimize fetching ops
* combine addon match and time-based validity match
* fix combined valid and product check
* re-number migrations
* Apply suggestion from @raphaelm
Co-authored-by: Raphael Michel <michel@pretix.eu>
* fix flake8
* New attempt at logic
* Improve op_candidate-selection for error message if no op matches check-in
* Fix typo
* fix valid_from start time being included
* use the datetime parameter for the comparison time so that the simulator works too
---------
Co-authored-by: Maximilian Richt <richt@pretix.eu>
Co-authored-by: Martin Gross <gross@rami.io>
Co-authored-by: Raphael Michel <michel@pretix.eu>
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
The old code relied on the `Voucher.redeemed` value obtained *before*
the lock was taken, not afterwards.
The change in services/orders.py is functionally pointless, but it makes
the pattern of "fill availability only after lock" clearer and might
avoid introducing similar bugs in the future.
* Display invoice and tickets inline in browser (Z#23225892)
* Use FileResponse filename for AnswerDownload
* Use inline for PDF-view in pretix-control editor
* use as_attachment for API FileResponses
* do not ignore csp even for disposition=inline
* use as_attachment for file responses in control
* remove unused code
* improve code style
* Invoice preview inline
* do not force download on tickets in backend
* do not force download on AnswerDownload
* imrpove code style
* improve code style
* fix missing int str conversion
* Apply suggestions from code review
Co-authored-by: luelista <mira@teamwiki.de>
---------
Co-authored-by: luelista <mira@teamwiki.de>
* Data model draft
* Refactor query and assignment usages of old permissions
* Backend UI
* API serializer
* Big string replace
* Docs, tests and fixes for teams api
* Update docs for device auth
* Eliminate old names
* Make tests pass
* Use new permissions, remove inconsistencies
* Add test for translations
* Show plugin permissions
* Add permission for seating plans
* Fix plugin activation
* Fix failing test
* Refactor to permission groups
* Update doc/api/resources/devices.rst
Co-authored-by: luelista <weller@rami.io>
* Update doc/api/resources/events.rst
Co-authored-by: luelista <weller@rami.io>
* Update src/pretix/api/serializers/organizer.py
Co-authored-by: luelista <weller@rami.io>
* Fix typo
* Fix python version compat
* Replacement after rebase
* Add proper permission handling for exports
* Docs for exporters
* Runtime linting of permission names
* Fix typos
* Show export page even without orders permission
* More legacy compat
* Do not strongly validate before plugins are loaded
* Rebase migration
* Add permission for outgoing mails
* Review notes
* Update doc/api/resources/teams.rst
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Clean up logic around exporters
* Review and failures
* Fix migration leading to forbidden combination
* Handle permissions on event copying
* Remove print-statements
* Make test clearer
* Review feedback
* Add AnyPermissionOf
* migration safety
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* adds safeguard to prevent empty giftcard transactions on giftcards of value 0.00
* implement giftcard payment via order create
* styling
* let create_transactions() handle all the mailing
* docs
* provide more context for failed transactions
* documentation lectoring
* reject duplicate gift card secrets
* make payment_provider and use_gift_cards exclusive
* handle unknown gift cards
* Apply suggestion from @pajowu
Co-authored-by: pajowu <engelhardt@pretix.eu>
* Update src/pretix/control/templates/pretixcontrol/giftcards/payment.html
Co-authored-by: pajowu <engelhardt@pretix.eu>
---------
Co-authored-by: pajowu <engelhardt@pretix.eu>
* initial implementation
* handle permissions
* split out organizer list endpoint
* remove left over empty lines
* revert import changes
* tidying up
* revert no longer needed test changes
* revert no longer needed test changes
* Apply suggestions from code review
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* add event to api response
* prefetch
* handle auth
* document event
* bump querycounts for prefetches
* Use existing Permission Denied Error Message
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Tax rounding: Allow to apply only for B2B (Z#23220106)
Most effective in combination with #5807
* Update src/pretix/base/settings.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Invoices: Allow issuing invoices only to businesses
In situations where every invoice has a significant accounting cost and
consumers usually do not need invoices, this can save a lot of money or
effort.
* Improve backend UI if not qualified for invoice
* Add option to restrict anonymous access to order URLs
By default, users who place orders while logged in can still access
their order URLs without authentication. This raises potential
security risks, particularly if order confirmation emails are
forwarded.
This commit introduces an organiser-level setting to disable anonymous
access for such orders. When enabled, unauthenticated attempts to access
URLs starting with `/order/`, which are intended for the customer, are
redirected to the login page. Upon successful authentication, the user
is redirected back to the original order URL.
It is important to note that this change does not impact routes intended
for attendees (e.g., `/ticket/*`), which remain accessible without
authentication.
* Change name of setting for future clarity
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Update message wording
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Eliminate database query
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Rename feature flag to fix breaking tests
* Refactor order access verification code into `OrderDetailsMixin`
* Add test for logged-in customer accessing another customer's order
* Refactor order access conditions to remove nesting
* Handle case where customer is not yet verified
* Add additional information to help message
* Fix multidomain issue
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Merge order/position variants into single tests
* Add docstring explaining return type of `order` property
* Apply suggestion from @raphaelm
* Fix indentation
---------
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
Co-authored-by: Raphael Michel <michel@rami.io>
* Fix not allowing program times on event series (API/copy)
* Return 400 when reading endpoint in event series
* add docs program times not available on event series
* fix isort
* Add program times for items
* Fix frontend date validation
* Add ical data for program times [wip]
* Improve ical data for program times
* Remove duplicate code and add comments
* Adjust migration
* Remove program times form for event series
* Add pdf placeholder [wip]
* Improve explanation text with suggestion
Co-authored-by: Raphael Michel <michel@pretix.eu>
* Fix import sorting
* Improve ical generation
* Improve ical entry description
* Fix migration
* Add copyability for program times fot items and events
* Update migration
* Add API endpoints/functions, fix isort
* Improve variable name
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Remove todo comment
* Add documentation, Change endpoint name
* Change related name
* Remove unnecessary code block
* Add program times to item API
* Fix imports
* Add log text
* Use daterange helper
* Add and update API tests
* Add another API test
* Add program times to cloning tests
* Update query count because of program times query
* Invalidate cached tickets on program time changes
* Reduce invalidation calls
* Update migration after rebase
* Apply improvements to invalidation from review
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* remove unneccessary attr=item param
* remove unnecessary kwargs for formset_factory
* fix local var name being overwritten in for-loop
* fix empty formset being saved
* Use subevent if available
* make code less verbose
* remove double event-label in ical desc
* fix unnecessary var re-assign
* fix ev vs p.subevent
---------
Co-authored-by: Raphael Michel <michel@pretix.eu>
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Allow to round taxes on order-level
* Rename get_cart_total
* Persist rounding mode with order
* Add general docs
* Order creation API
* Update fee algorithm
* Rounding on payment method change
* Round when splitting order
* Fix failing tests
* Add settings page
* Add tests
* Replace algorithm
* Add test case for currency rounding
* Improve order change
* Update flowchart
* Update discount logic (more hypothetical, we don't store rounding on cart positions atm)
* Rename internal method
* Fix typo
* Update help text
* Apply suggestions from code review
Co-authored-by: luelista <weller@rami.io>
* Order rounding refactor (#5571)
* Add RoundingCorrectionMixin providing before-rounding-values as properties
* Use gross_price_before_rounding in more places
* Update doc/development/algorithms/pricing.rst
Co-authored-by: Martin Gross <gross@rami.io>
* Allow to override on perform_order
* Rebase migration
* Fix event cancellation
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Martin Gross <gross@rami.io>
* datasync: add immediate parameter to enqueue_order
* interactive argument for order_placed signal
The ``interactive`` argument specifies whether the order was
placed interactively, by a customer (as opposed to via a bulk
import or the REST API).
* use bulk=True instead of interactive=False to mark bulk imports
