- [x] Data model
- [x] display in order view in backend
- [x] review all usages of OrderPositions.objects
- [x] review all usages of order.positions
- [x] review all other model usages
- [x] review plugins
- [x] plugins backwards-compatible API?
- [x] decide on way forward for REST API
- [x] need to cancel fees
- [x] tests
- [ ] plugins
- [ ] gdpr
- [ ] reports
- [x] docs
- [x] Data model
- [x] Enforce constraint
- [x] Filter order list
- [x] Set channel on created order
- [x] Products API
- [x] Order API
- [x] Tests
- [x] Filter reports
- [x] Resellers
- [ ] deploy plugins
- [ ] posbackend
- [ ] resellers
- [ ] reports
- [x] Ticketlayouts
- [x] Support in pretixPOS
Here is my attempt to prevent user enumeration.
I've made the following changes:
**Application:**
- replaces success and failure messages in the form with two (with/without redis) information messages
- adds logging for attempted password resets of unknown users
- adds logging for failing emails
**Tests:**
- test_unknown asserts a redirect instead of a ok
- adds test_email_reset_twice_redis to assert the correct logging of a twice reset email
- adds a FakeRedis class similiar to the one implemented in test_metrics.py. I could refactor them into the testutils folder if prefered.
Please excuse the commit mess. I am currently fighting with my tooling.
* Add data shredders for PII
* First working shredder
* Add more shredders
* Add new shredders and download confirmation
* tmp
* PayPal, Stripe, banktransfer
* Add icon to logs
* Untested payment log shredders
* Add waiting list shredder
* First tests
* Add tests for shredders
* Improve templats, link to shredder
* Test payment info shredders
* More tests
* Documentation
* Fix enabled flag in payment provider overview
* Fix minor issues
* Checking for the last date in the event series before deleting a date. Last date in a event series should never be delted.
* Adding check to ensure that last date in a event series is not deleted. Editing unit test around deleting subevent to assert on alert-danger
* Increasing the scope of test_delete. We are now creating 2 subevents and testing deleting one and ensuring that the last one is not deleted
* Fixing alert text. Removing a redundant if condition for checking subevent count
* Adding assert for second event to ensure its not deleted
* Minor fixes and rebase
* First stab at notification settings
* Add "global" setting for notification levels
* Trigger notification task
* Get users with permission for event
* Actually send notification emails
* More notifications
* Allow to turn off notifications
* Link in email to pause all notifications
* Add NotificationType to wordlist
* Add notification tests
* Add documentation
* Rebase fixes
* Data model and migration
* Some backwards compatibility
* CRUD for checkin lists
* Show and perform checkins
* Correct numbers in table and dashboard widget
* event creation and cloning
* Allow to link specific exports and pass options per query
* Play with the CSV export
* PDF export
* Collapse exports by default
* Improve PDF exporter
* Addon stuff
* Subevent stuff, pretixdroid tests
* pretixdroid tests
* Add CRUD API
* Test compatibility
* Fix test
* DB-independent sorting behavior
* Add CRUD and coyp tests
* Re-enable pretixdroid plugin
* pretixdroid config
* Tests & fixes
* [WIP] manual check-in of attendees
This enables manual check-in of attendees. The post-code was heavily
copied from the APIRedeemView of the pretixdroid, thus so far this seems
to be working, but I have a few questions:
The checkin-Objects generated by the pretixdroid-app have a nonce.
Should the checkin object generated here have a nonce, too?
Should the result of the check-in be noted in any other way than by the
change of the status?
* addressed review comments
* implement unit test for manual checkin
* fix style-issues
* Slight layout change
* Log who did the manual check-in
* Improve unit test to check the result of the action
