* Data model draft
* Refactor query and assignment usages of old permissions
* Backend UI
* API serializer
* Big string replace
* Docs, tests and fixes for teams api
* Update docs for device auth
* Eliminate old names
* Make tests pass
* Use new permissions, remove inconsistencies
* Add test for translations
* Show plugin permissions
* Add permission for seating plans
* Fix plugin activation
* Fix failing test
* Refactor to permission groups
* Update doc/api/resources/devices.rst
Co-authored-by: luelista <weller@rami.io>
* Update doc/api/resources/events.rst
Co-authored-by: luelista <weller@rami.io>
* Update src/pretix/api/serializers/organizer.py
Co-authored-by: luelista <weller@rami.io>
* Fix typo
* Fix python version compat
* Replacement after rebase
* Add proper permission handling for exports
* Docs for exporters
* Runtime linting of permission names
* Fix typos
* Show export page even without orders permission
* More legacy compat
* Do not strongly validate before plugins are loaded
* Rebase migration
* Add permission for outgoing mails
* Review notes
* Update doc/api/resources/teams.rst
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Clean up logic around exporters
* Review and failures
* Fix migration leading to forbidden combination
* Handle permissions on event copying
* Remove print-statements
* Make test clearer
* Review feedback
* Add AnyPermissionOf
* migration safety
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Navigation and dashboard: Hide useless items
If a user has access to *no organizer teams*, hide a number of things
from navigation and dashboard. This happens e.g. if a user only has
permissions in scope of the pretix-resellers or pretix-scheduling
plugins.
* New mechanism
* adds safeguard to prevent empty giftcard transactions on giftcards of value 0.00
* implement giftcard payment via order create
* styling
* let create_transactions() handle all the mailing
* docs
* provide more context for failed transactions
* documentation lectoring
* reject duplicate gift card secrets
* make payment_provider and use_gift_cards exclusive
* handle unknown gift cards
* Apply suggestion from @pajowu
Co-authored-by: pajowu <engelhardt@pretix.eu>
* Update src/pretix/control/templates/pretixcontrol/giftcards/payment.html
Co-authored-by: pajowu <engelhardt@pretix.eu>
---------
Co-authored-by: pajowu <engelhardt@pretix.eu>
* Include nix development enviornment
* Obfuscate contact email addresses in shop HTML and deanonymize via JavaScript
This change addresses #1907: "hide contact e-mail address in source code
of a shop".
- Contact email addresses rendered in public-facing templates are now
obfuscated in the HTML source (e.g., replacing "@" with "[at]" and "."
with "[dot]").
- A new JavaScript file is included in the relevant templates to
automatically rewrite and restore the email address for users after the
page loads.
- This approach helps protect email addresses from basic harvesting bots
and reduces spam, while keeping them accessible and user-friendly for
human visitors.
- The obfuscation and deanonymization logic is only applied to web
templates, not to emails sent via pretix.
This implementation follows the recommendations discussed in #1907,
using a standardized, maintainable approach that’s compatible with
pretix's asset pipeline and template structure.
* Undo nix development environment for merge into main
* convert complete mailto-link to HTML entities
* remove gitignore noise
* Update .gitignore
* fix gitignore noise
* Update .gitignore
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
The field Voucher.price_mode is sometimes called "Price mode" and
sometimes "Price effect" in the UI, which is inconsistent. I think
"price effect" is a little clearer, but I don't really care as long as
it is consistent.
I've kept it for 400/403/500/csrffail for now, because they also have a
"try again" link. Yes, both things have browser buttons, but they make
it a *little* clearer to technical users what one could to next, and
especially on csrffail, "step back" is always possible and possibly actually
helpful.
Not all transmission fields are visible to users at all times, depending on whether they are necessary for users to know/change but they are submitted for the backend. This change hides those fields that were hidden before in the confirmation step as well to avoid confusion.
* Tax rounding: Allow to apply only for B2B (Z#23220106)
Most effective in combination with #5807
* Update src/pretix/base/settings.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Order changes: Do not allow to double-book add-ons
* tests
* Update src/pretix/presale/templates/pretixpresale/event/fragment_addon_choice.html
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
