Disable scopes for a management command

.clabot

@@ -1,5 +0,0 @@
-{
-  "contributors": "https://crm.rami.io/cla/check/?project=pretix&checkContributor=",
-  "message": "Hey there! :) Thank you very much for offering a contribution to pretix! For legal reasons, we need you to sign a Contributor License Agreement in order to be able to merge the code. Sorry for the hassle :( Please download the agreement from https://pretix.eu/about/en/cla and send a signed copy to support@pretix.eu. Feel free to also contact us there or via comments here if you have any questions!",
-  "label": "cla-signed"
-}

.dockerignore

@@ -1,10 +1,3 @@
 doc/
 env/
 res/
-local/
-.git/
-pretixeu/
-src/data/
-src/pretix/static.dist/
-src/dist/
-

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,23 +0,0 @@
----
-name: Bug report
-about: Please only create issues for bug reports. Feature requests or general questions
-  should start as a "Discussion" on GitHub.
-title: ''
-labels: ''
-assignees: ''
-
----
-
-<!-- Please only create issues for bug reports. Feature requests or general questions should start as a "Discussion" on GitHub. -->
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Additional context**
-Add any other context about the problem here.

.github/workflows/docs.yml

@@ -1,42 +0,0 @@
-name: Documentation
-
-on:
-  push:
-    branches: [ master ]
-    paths-ignore:
-      - 'src/pretix/locale/**'
-      - 'src/pretix/static/**'
-      - 'src/tests/**'
-  pull_request:
-    branches: [ master ]
-    paths-ignore:
-      - 'src/pretix/locale/**'
-      - 'src/pretix/static/**'
-      - 'src/tests/**'
-
-jobs:
-  spelling:
-    name: Spellcheck
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-      - uses: actions/cache@v1
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-      - name: Install system packages
-        run: sudo apt update && sudo apt install enchant hunspell aspell-en
-      - name: Install Dependencies
-        run: pip3 install -Ur doc/requirements.txt
-      - name: Spellcheck docs
-        run: make spelling
-        working-directory: ./doc
-      - name:
-        run: '[ ! -s _build/spelling/output.txt ]'
-        working-directory: ./doc

.github/workflows/strings.yml

@@ -1,62 +0,0 @@
-name: Strings
-
-on:
-  push:
-    branches: [ master ]
-    paths:
-      - 'doc/**'
-      - 'src/pretix/locale/**'
-  pull_request:
-    branches: [ master ]
-    paths:
-      - 'doc/**'
-      - 'src/pretix/locale/**'
-
-jobs:
-  compile:
-    runs-on: ubuntu-latest
-    name: Check gettext syntax
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-      - uses: actions/cache@v1
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-      - name: Install system packages
-        run: sudo apt update && sudo apt install gettext
-      - name: Install Dependencies
-        run: pip3 install -Ur src/requirements.txt
-      - name: Compile messages
-        run: python manage.py compilemessages
-        working-directory: ./src
-      - name: Compile jsi18n
-        run: python manage.py compilejsi18n
-        working-directory: ./src
-  spelling:
-    runs-on: ubuntu-latest
-    name: Spellcheck
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-      - uses: actions/cache@v1
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-      - name: Install system packages
-        run: sudo apt update && sudo apt install enchant hunspell hunspell-de-de aspell-en aspell-de
-      - name: Install Dependencies
-        run: pip3 install -Ur src/requirements/dev.txt
-      - name: Spellcheck translations
-        run: potypo
-        working-directory: ./src

.github/workflows/style.yml

@@ -1,72 +0,0 @@
-name: Code Style
-
-on:
-  push:
-    branches: [ master ]
-    paths-ignore:
-      - 'src/pretix/locale/**'
-      - 'src/pretix/static/**'
-  pull_request:
-    branches: [ master ]
-    paths-ignore:
-      - 'src/pretix/locale/**'
-      - 'src/pretix/static/**'
-
-jobs:
-  isort:
-    name: isort
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-      - uses: actions/cache@v1
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-      - name: Install Dependencies
-        run: pip3 install -Ur src/requirements/dev.txt
-      - name: Run isort
-        run: isort -c .
-        working-directory: ./src
-  flake:
-    name: flake8
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-      - uses: actions/cache@v1
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-      - name: Install Dependencies
-        run: pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
-      - name: Run flake8
-        run: flake8 .
-        working-directory: ./src
-  licenseheader:
-    name: licenseheaders
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v1
-        with:
-          python-version: 3.8
-      - name: Install Dependencies
-        run: pip3 install licenseheaders
-      - name: Run licenseheaders
-        run: licenseheaders -t ../.licenseheader -E .py -x "*/migrations/*.py"
-        working-directory: ./src
-      - name: Check for changes
-        run: git diff --exit-code
-        working-directory: ./src

.github/workflows/tests.yml

@@ -1,78 +0,0 @@
-name: Tests
-
-on:
-  push:
-    branches: [ master ]
-    paths-ignore:
-      - 'doc/**'
-      - 'src/pretix/locale/**'
-  pull_request:
-    branches: [ master ]
-    paths-ignore:
-      - 'doc/**'
-      - 'src/pretix/locale/**'
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    name: Tests
-    strategy:
-      matrix:
-        python-version: [3.6, 3.7, 3.8]
-        database: [sqlite, postgres, mysql]
-        exclude:
-          - database: mysql
-            python-version: 3.7
-          - database: sqlite
-            python-version: 3.7
-          - database: mysql
-            python-version: 3.6
-          - database: sqlite
-            python-version: 3.6
-    steps:
-      - uses: actions/checkout@v2
-      - uses: getong/mariadb-action@v1.1
-        with:
-          mariadb version: '10.4'
-          mysql database: 'pretix'
-          mysql root password: ''
-        if: matrix.database == 'mysql'
-      - uses: harmon758/postgresql-action@v1
-        with:
-          postgresql version: '11'
-          postgresql db: 'pretix'
-          postgresql user: 'postgres'
-          postgresql password: 'postgres'
-        if: matrix.database == 'postgres'
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v1
-        with:
-          python-version: ${{ matrix.python-version }}
-      - uses: actions/cache@v1
-        with:
-          path: ~/.cache/pip
-          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-pip-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install gettext mysql-client
-      - name: Install Python dependencies
-        run: pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt mysqlclient psycopg2-binary
-      - name: Run checks
-        run: python manage.py check
-        working-directory: ./src
-      - name: Install JS dependencies
-        working-directory: ./src
-        run: make npminstall
-      - name: Compile
-        working-directory: ./src
-        run: make all compress
-      - name: Run tests
-        working-directory: ./src
-        run: PRETIX_CONFIG_FILE=tests/travis_${{ matrix.database }}.cfg py.test -n 3 -p no:sugar --cov=./ --cov-report=xml --reruns 3 tests --maxfail=100
-      - name: Upload coverage
-        uses: codecov/codecov-action@v1
-        with:
-          file: src/coverage.xml
-          fail_ci_if_error: true
-        if: matrix.database == 'postgres' && matrix.python-version == '3.8'

.gitlab-ci.yml

@@ -5,11 +5,7 @@ tests:
         - virtualenv env
         - source env/bin/activate
         - pip install -U pip wheel setuptools
-        - XDG_CACHE_HOME=/cache pip3 install -r src/requirements.txt --no-use-pep517 -Ur src/requirements/dev.txt
-        - cd src
-        - python manage.py check
-        - make all compress
-        - py.test --reruns 3 -n 3 tests
+        - XDG_CACHE_HOME=/cache bash .travis.sh tests
     tags:
         - python3
     except:
@@ -20,18 +16,15 @@ pypi:
         - cp /keys/.pypirc ~/.pypirc
         - virtualenv env
         - source env/bin/activate
-        - pip install -U pip wheel setuptools check-manifest twine
+        - pip install -U pip wheel setuptools
         - XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements.txt -r src/requirements/dev.txt
         - cd src
         - python setup.py sdist
         - pip install dist/pretix-*.tar.gz
         - python -m pretix migrate
         - python -m pretix check
-        - check-manifest
-        - make npminstall
-        - python setup.py sdist bdist_wheel
-        - twine check dist/*
-        - twine upload dist/*
+        - python setup.py sdist upload
+        - python setup.py bdist_wheel upload
     tags:
         - python3
     only:

.licenseheader

@@ -1,19 +0,0 @@
-This file is part of pretix (Community Edition).
-
-Copyright (C) 2014-2020 Raphael Michel and contributors
-Copyright (C) 2020-2021 rami.io GmbH and contributors
-
-This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
-Public License as published by the Free Software Foundation in version 3 of the License.
-
-ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
-applicable granting you additional permissions and placing additional restrictions on your usage of this software.
-Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
-this file, see <https://pretix.eu/about/en/license>.
-
-This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
-warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
-details.
-
-You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
-<https://www.gnu.org/licenses/>.

.travis.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+set -e
+set -x
+
+echo "Executing job $1"
+
+if [ "$PRETIX_CONFIG_FILE" == "tests/travis_mysql.cfg" ]; then
+    mysql -u root -e 'CREATE DATABASE pretix DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;'
+    pip3 install -Ur src/requirements/mysql.txt
+fi
+
+if [ "$PRETIX_CONFIG_FILE" == "tests/travis_postgres.cfg" ]; then
+    psql -c 'create database travis_ci_test;' -U postgres
+fi
+
+if [ "$1" == "style" ]; then
+	XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements.txt -r src/requirements/dev.txt
+	cd src
+    flake8 .
+    isort -c -rc -df .
+fi
+if [ "$1" == "doctests" ]; then
+	XDG_CACHE_HOME=/cache pip3 install -Ur doc/requirements.txt
+	cd doc
+	make doctest
+fi
+if [ "$1" == "doc-spelling" ]; then
+	XDG_CACHE_HOME=/cache pip3 install -Ur doc/requirements.txt
+	cd doc
+	make spelling
+	if [ -s _build/spelling/output.txt ]; then
+		exit 1
+	fi
+fi
+if [ "$1" == "translation-spelling" ]; then
+	XDG_CACHE_HOME=/cache pip3 install -Ur src/requirements/dev.txt
+	cd src
+	potypo
+fi
+if [ "$1" == "tests" ]; then
+	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
+	cd src
+	python manage.py check
+	make all compress
+	py.test --reruns 5 -n 3 tests
+fi
+if [ "$1" == "tests-cov" ]; then
+	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
+	cd src
+	python manage.py check
+	make all compress
+	coverage run -m py.test --reruns 5 tests && codecov
+fi
+if [ "$1" == "plugins" ]; then
+	pip3 install -r src/requirements.txt -Ur src/requirements/dev.txt
+	cd src
+	python setup.py develop
+	make all compress
+
+	pushd ~
+    git clone --depth 1 https://github.com/pretix/pretix-cartshare.git
+    cd pretix-cartshare
+    python setup.py develop
+    make
+	py.test --reruns 5 tests
+    popd
+
+fi

.travis.yml

@@ -0,0 +1,45 @@
+language: python
+dist: xenial
+sudo: false
+install:
+  - pip install -U pip wheel setuptools
+script:
+  - bash .travis.sh $JOB
+cache:
+  directories:
+    - $HOME/.cache/pip
+services:
+  - mysql
+  - postgresql
+matrix:
+  include:
+    - python: 3.7
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_sqlite.cfg
+    - python: 3.7
+      env: JOB=tests-cov PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
+    - python: 3.7
+      env: JOB=style
+    - python: 3.7
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_mysql.cfg
+    - python: 3.7
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
+    - python: 3.5
+      env: JOB=tests PRETIX_CONFIG_FILE=tests/travis_postgres.cfg
+    - python: 3.7
+      env: JOB=doc-spelling
+    - python: 3.7
+      env: JOB=translation-spelling
+addons:
+  postgresql: "9.4"
+  mariadb: '10.3'
+  apt:
+      packages:
+          - enchant
+          - myspell-de-de
+          - aspell-en
+          - sqlite3
+  sources:
+    - travis-ci/sqlite3
+branches:
+  except:
+  - /^weblate-.*/

AUTHORS

@@ -0,0 +1,37 @@
+Here is an inevitably incomplete list of much-appreciated contributors --
+people who have submitted patches, reported bugs, added translations, helped
+answer newbie questions, improved the documentation, and generally made pretix
+an awesome project. Thank you all!
+
+	Adam K. Sumner <asumner101@gmail.com>
+	Ahrdie <robert.deppe@me.com>
+	Alexander Brock <Brock.Alexander@web.de>
+	Brandon Pineda
+	Bolutife Lawrence
+	Christian Franke <nobody@nowhere.ws>
+	Christopher Dambamuromo <me@chridam.com>
+	chotee <chotee@openended.eu>
+	Cpt. Foo
+	Daniel Rosenblüh
+	Enrique Saez
+	Flavia Bastos
+	informancer <informancer@web.de>
+	Jakob Schnell <github@ezelo.de>
+	Jan Felix Wiebe <git@jfwie.be>
+	Jan Weiß
+	Jason Estibeiro <jasonestibeiro@live.com>
+	jlwt90
+	Jonas Große Sundrup <cherti@letopolis.de>
+	Kevin Nelson
+	Leah Oswald
+	Lukas Martini
+	Nathan Mattes
+	Nicole Klünder
+	Marc-Pascal Clement
+	Martin Gross <martin@pc-coholic.de>
+	Raphael Michel <mail@raphaelmichel.de>
+	Team MRMCD
+	Tobias Kunze <rixx@cutebit.de>
+	Oliver Knapp <github@oliverknapp.de>
+	Vishal Sodani <vishalsodani@rediffmail.com>
+	Jan Felix Wiebe <git@jfwie.be>

CONTRIBUTING.md

@@ -3,9 +3,9 @@ Contributing to pretix
 
 Hey there and welcome to pretix!
 
-* We've got a contributors guide in [our documentation](https://docs.pretix.eu/en/latest/development/contribution/) together with notes on the [development setup](https://docs.pretix.eu/en/latest/development/setup.html).
+We've got an contributors guide in [our documentation](https://docs.pretix.eu/en/latest/development/contribution/)
+together with notes on the [development setup](https://docs.pretix.eu/en/latest/development/setup.html).
 
-* Please note that we have a [Code of Conduct](https://docs.pretix.eu/en/latest/development/contribution/codeofconduct.html) in place that applies to all project contributions, including issues, pull requests, etc.
-
-* Before we can accept a PR from you we'll need you to sign [our CLA](https://pretix.eu/about/en/cla). You can find more information about the how and why in our [License FAQ](https://docs.pretix.eu/en/latest/license/faq.html#) and in our [license change blog post](https://pretix.eu/about/en/blog/20210412-license/).
+Please note that we have a [Code of Conduct](https://docs.pretix.eu/en/latest/development/contribution/codeofconduct.html)
+in place that applies to all project contributions, including issues, pull requests, etc.
 

COPYRIGHT

@@ -0,0 +1,32 @@
+Copyright 2014-2016 Raphael Michel
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+This project includes the work of others, namely:
+
+* Django, (c) Django Software Foundation and contributors, BSD License
+* Font Awesome, (c) Dave Gandy, SIL Open Font License and MIT License
+* Bootstrap, (c) Twitter, Inc., MIT License
+* jQuery, (c) jQuery Foundation and contributors, MIT License
+* django-formset-js, (c) Ionata Web Solutions, BSD License
+* CleanerVersion, (c) Jean-Christophe Zulian, Brian King, Andrea Marcacci, Manuel Jeckelmann, Apache License
+* django-bootstrap3, (c) Dylan Verheul, Apache License
+* pytz, (c) Stuart Bishop, MIT License
+* python-dateutil, (c) Yaron de Leeuw, BSD License
+* startbootstrap-sb-admin-2, (c) Iron Summit Media Strategies, LLC, Apache License
+* metismenu, (c) Osman Nuri Okumus, MIT License
+* easy-thumbnails, (c) Chris Beaven and contributors
+* reportlab, (c) ReportLab Europe Ltd, BSD License
+* django-compressor, (c) Jannis Leidel and contributors, MIT License
+* static3, (c) Roman Mohr and contributors, LGPL License
+* Lightbox, (c) Lokesh Dhakar, MIT License

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.8
+FROM python:3.6
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -29,13 +29,8 @@ RUN apt-get update && \
     mkdir /etc/pretix && \
     mkdir /data && \
     useradd -ms /bin/bash -d /pretix -u 15371 pretixuser && \
-    echo 'pretixuser ALL=(ALL) NOPASSWD:SETENV: /usr/bin/supervisord' >> /etc/sudoers && \
-    mkdir /static && \
-    mkdir /etc/supervisord && \
-	curl -fsSL https://deb.nodesource.com/setup_15.x | sudo -E bash - && \
-    apt-get install -y nodejs && \
-    curl -qL https://www.npmjs.com/install.sh | sh
-
+    echo 'pretixuser ALL=(ALL) NOPASSWD: /usr/bin/supervisord' >> /etc/sudoers && \
+    mkdir /static
 
 ENV LC_ALL=C.UTF-8 \
     DJANGO_SETTINGS_MODULE=production_settings
@@ -52,19 +47,16 @@ RUN pip3 install -U \
         -r requirements.txt \
         -r requirements/memcached.txt \
         -r requirements/mysql.txt \
-        gunicorn django-extensions ipython && \
+        -r requirements/redis.txt \
+        gunicorn && \
     rm -rf ~/.cache/pip
 
 COPY deployment/docker/pretix.bash /usr/local/bin/pretix
-COPY deployment/docker/supervisord /etc/supervisord
-COPY deployment/docker/supervisord.all.conf /etc/supervisord.all.conf
-COPY deployment/docker/supervisord.web.conf /etc/supervisord.web.conf
+COPY deployment/docker/supervisord.conf /etc/supervisord.conf
 COPY deployment/docker/nginx.conf /etc/nginx/nginx.conf
 COPY deployment/docker/production_settings.py /pretix/src/production_settings.py
 COPY src /pretix/src
 
-RUN cd /pretix/src && pip3 install .
-
 RUN chmod +x /usr/local/bin/pretix && \
     rm /etc/nginx/sites-enabled/default && \
     cd /pretix/src && \

README.rst

@@ -4,10 +4,11 @@ pretix
 .. image:: https://img.shields.io/pypi/v/pretix.svg
    :target: https://pypi.python.org/pypi/pretix
 
-.. image:: https://github.com/pretix/pretix/workflows/Documentation/badge.svg
+.. image:: https://readthedocs.org/projects/pretix/badge/?version=latest
    :target: https://docs.pretix.eu/en/latest/
 
-.. image:: https://github.com/pretix/pretix/workflows/Tests/badge.svg
+.. image:: https://travis-ci.org/pretix/pretix.svg?branch=master
+   :target: https://travis-ci.org/pretix/pretix
 
 .. image:: https://codecov.io/gh/pretix/pretix/branch/master/graph/badge.svg
    :target: https://codecov.io/gh/pretix/pretix
@@ -19,8 +20,9 @@ Reinventing ticket presales, one ticket at a time.
 Project status & release cycle
 ------------------------------
 
-While there is always a lot to do and improve on, pretix by now has been in use for thousands of events
-conferences that sold millions of tickets combined. We therefore think of pretix as being stable and ready to use.
+While there is always a lot to do and improve on, pretix by now has been in use for more than a dozen
+conferences that sold over ten thousand tickets combined without major problems. We therefore think of
+pretix as being stable and ready to use.
 
 If you want to use or extend pretix, we strongly recommend to follow our `blog`_. We will announce all
 releases there. You can always find the latest stable version on PyPI or in the ``release/X.Y`` branch of
@@ -29,13 +31,9 @@ the sense that it does not break your data,  but its APIs might change without p
 
 To get started using pretix on your own server, look at the `installation guide`_ in our documentation.
 
-Support
--------
-
-This project is 100 percent free and open source software. You are welcome to ask questions in the GitHub
-repository. Private support via email or phone is only offered to customers of our pretix Hosted or pretix
-Enterprise offerings. If you are interested in commercial support, hosting services or supporting this project
-financially, please go to `pretix.eu`_ or contact us at support@pretix.eu.
+This project is 100 percent free and open source software. If you are interested in commercial support,
+hosting services or supporting this project financially, please go to `pretix.eu`_ or contact us at
+support@pretix.eu.
 
 Contributing
 ------------
@@ -52,9 +50,11 @@ including issues, pull requests, etc.
 
 License
 -------
+The code in this repository is published under the terms of the Apache License. 
+See the LICENSE file for the complete license text.
 
-The code in this repository is covered by different licenses. Most of it is available to everyone under the terms of
-the GNU AGPL license v3 with additional terms. See the LICENSE file for the complete license details.
+This project is maintained by Raphael Michel <mail@raphaelmichel.de>. See the
+AUTHORS file for a list of all the awesome folks who contributed to this project.
 
 .. _installation guide: https://docs.pretix.eu/en/latest/admin/installation/index.html
 .. _developer documentation: https://docs.pretix.eu/en/latest/development/index.html

deployment/docker/nginx.conf

@@ -1,13 +1,10 @@
 user www-data www-data;
-worker_processes auto;
+worker_processes 1;
 pid /var/run/nginx.pid;
 daemon off;
-worker_rlimit_nofile 262144;
 
 events {
-    worker_connections 16384;
-    multi_accept on;
-    use epoll;
+	worker_connections 768;
 }
 
 http {
@@ -33,7 +30,7 @@ http {
 
 	gzip on;
 	gzip_disable "msie6";
-	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml;
+	gzip_types text/plain text/html text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml image/svg+xml;
 	gzip_vary on;
 	gzip_proxied any;
 	gzip_comp_level 6;
@@ -42,7 +39,7 @@ http {
 	include /etc/nginx/conf.d/*.conf;
 
     server {
-        listen 80 backlog=4096 default_server;
+        listen 80 default_server;
         listen [::]:80 ipv6only=on default_server;
         server_name _;
         index index.php index.html;

deployment/docker/pretix.bash

@@ -3,10 +3,7 @@ cd /pretix/src
 export DJANGO_SETTINGS_MODULE=production_settings
 export DATA_DIR=/data/
 export HOME=/pretix
-
-AUTOMIGRATE=${AUTOMIGRATE:-yes}
-NUM_WORKERS_DEFAULT=$((2 * $(nproc --all)))
-export NUM_WORKERS=${NUM_WORKERS:-$NUM_WORKERS_DEFAULT}
+export NUM_WORKERS=$((2 * $(nproc --all)))
 
 if [ ! -d /data/logs ]; then
     mkdir /data/logs;
@@ -19,16 +16,10 @@ if [ "$1" == "cron" ]; then
     exec python3 -m pretix runperiodic
 fi
 
-if [ "$AUTOMIGRATE" != "skip" ]; then
-  python3 -m pretix migrate --noinput
-fi
+python3 -m pretix migrate --noinput
 
 if [ "$1" == "all" ]; then
-    exec sudo -E /usr/bin/supervisord -n -c /etc/supervisord.all.conf
-fi
-
-if [ "$1" == "web" ]; then
-    exec sudo -E /usr/bin/supervisord -n -c /etc/supervisord.web.conf
+    exec sudo /usr/bin/supervisord -n -c /etc/supervisord.conf
 fi
 
 if [ "$1" == "webworker" ]; then
@@ -42,12 +33,17 @@ if [ "$1" == "webworker" ]; then
 fi
 
 if [ "$1" == "taskworker" ]; then
-    shift
-    exec celery -A pretix.celery_app worker -l info "$@"
+    export C_FORCE_ROOT=True
+    exec celery -A pretix.celery_app worker -l info
+fi
+
+if [ "$1" == "shell" ]; then
+    exec python3 -m pretix shell
 fi
 
 if [ "$1" == "upgrade" ]; then
     exec python3 -m pretix updatestyles
 fi
 
-exec python3 -m pretix "$@"
+echo "Specify argument: all|cron|webworker|taskworker|shell|upgrade"
+exit 1

deployment/docker/supervisord.all.conf

@@ -1,2 +0,0 @@
-[include]
-files = /etc/supervisord/*.conf

deployment/docker/supervisord.conf

@@ -0,0 +1,44 @@
+[unix_http_server]
+file=/tmp/supervisor.sock
+
+[supervisord]
+logfile=/tmp/supervisord.log
+logfile_maxbytes=50MB
+logfile_backups=10
+loglevel=info
+pidfile=/tmp/supervisord.pid
+nodaemon=false
+minfds=1024
+minprocs=200
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl=unix:///tmp/supervisor.sock
+
+[program:pretixweb]
+command=/usr/local/bin/pretix webworker
+autostart=true
+autorestart=true
+priority=5
+user=pretixuser
+environment=HOME=/pretix
+
+[program:pretixtask]
+command=/usr/local/bin/pretix taskworker
+autostart=true
+autorestart=true
+priority=5
+user=pretixuser
+
+[program:nginx]
+command=/usr/sbin/nginx
+autostart=true
+autorestart=true
+priority=10
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[include]
+files = /etc/supervisord-*.conf

deployment/docker/supervisord.web.conf

@@ -1,2 +0,0 @@
-[include]
-files = /etc/supervisord/base.conf /etc/supervisord/nginx.conf /etc/supervisord/pretixweb.conf

deployment/docker/supervisord/base.conf

@@ -1,17 +0,0 @@
-[unix_http_server]
-file=/tmp/supervisor.sock
-
-[supervisord]
-logfile=/dev/stdout
-logfile_maxbytes=0
-loglevel=info
-pidfile=/tmp/supervisord.pid
-nodaemon=false
-minfds=1024
-minprocs=200
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl=unix:///tmp/supervisor.sock

deployment/docker/supervisord/nginx.conf

@@ -1,9 +0,0 @@
-[program:nginx]
-command=/usr/sbin/nginx
-autostart=true
-autorestart=true
-priority=10
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/fd/2
-stderr_logfile_maxbytes=0

deployment/docker/supervisord/pretixtask.conf

@@ -1,10 +0,0 @@
-[program:pretixtask]
-command=/usr/local/bin/pretix taskworker
-autostart=true
-autorestart=true
-priority=5
-user=pretixuser
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/fd/2
-stderr_logfile_maxbytes=0

deployment/docker/supervisord/pretixweb.conf

@@ -1,11 +0,0 @@
-[program:pretixweb]
-command=/usr/local/bin/pretix webworker
-autostart=true
-autorestart=true
-priority=5
-user=pretixuser
-environment=HOME=/pretix
-stdout_logfile=/dev/fd/1
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/fd/2
-stderr_logfile_maxbytes=0

doc/LICENSE.txt

@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

doc/_themes/pretix_theme/static/css/pretix.css

@@ -6099,6 +6099,3 @@ img.screenshot, a.screenshot img {
 .versionchanged p:last-child {
     margin-bottom: 0;
 }
-.rst-content td > .line-block {
-    margin-left: 0 !important;
-}

doc/admin/config.rst

@@ -23,14 +23,6 @@ The config file may contain the following sections (all settings are optional an
 default values). We suggest that you start from the examples given in one of the
 installation tutorials.
 
-.. note::
-
-    The configuration file is the recommended way to configure pretix. However, you can
-    also set them through environment variables. In this case, the syntax is
-    ``PRETIX_SECTION_CONFIG``. For example, to configure the setting ``password_reset``
-    from the ``[pretix]`` section, set ``PRETIX_PRETIX_PASSWORD_RESET=off`` in your
-    environment.
-
 pretix settings
 ---------------
 
@@ -65,9 +57,6 @@ Example::
     A comma-separated list of plugins that are not available even though they are installed.
     Defaults to an empty string.
 
-``auth_backends``
-    A comma-separated list of available auth backends. Defaults to ``pretix.base.auth.NativeAuthBackend``.
-
 ``cookie_domain``
     The cookie domain to be set. Defaults to ``None``.
 
@@ -89,30 +78,6 @@ Example::
     Enables or disables nagging staff users for leaving comments on their sessions for auditability.
     Defaults to ``off``.
 
-``obligatory_2fa``
-    Enables or disables obligatory usage of Two-Factor Authentication for users of the pretix backend.
-    Defaults to ``False``
-
-``trust_x_forwarded_for``
-    Specifies whether the ``X-Forwarded-For`` header can be trusted. Only set to ``on`` if you have a reverse
-    proxy that actively removes and re-adds the header to make sure the correct client IP is the first value.
-    Defaults to ``off``.
-
-``trust_x_forwarded_proto``
-    Specifies whether the ``X-Forwarded-Proto`` header can be trusted. Only set to ``on`` if you have a reverse
-    proxy that actively removes and re-adds the header to make sure the correct value is set.
-    Defaults to ``off``.
-
-``csp_log``
-    Log violations of the Content Security Policy (CSP). Defaults to ``on``.
-
-``csp_additional_header``
-    Specifies a CSP header that will be **merged** with pretix's default header. For example, if you set this
-    to ``script-src https://mycdn.com``, pretix will add ``https://mycdn.com`` as an **additional** allowed source
-    to all CSP headers. Empty by default.
-
-``loglevel``
-    Set console and file log level (``DEBUG``, ``INFO``, ``WARNING``, ``ERROR`` or ``CRITICAL``). Defaults to ``INFO``.
 
 Locale settings
 ---------------
@@ -355,15 +320,6 @@ application. If you want to use sentry, you need to set a DSN in the configurati
     You will be given this value by your sentry installation.
 
 
-Caching
--------
-
-You can adjust some caching settings to control how much storage pretix uses::
-
-    [cache]
-    tickets=48  ; Number of hours tickets (PDF, passbook, …) are cached
-
-
 Secret length
 -------------
 

doc/admin/index.rst

@@ -12,4 +12,3 @@ This documentation is for everyone who wants to install pretix on a server.
    config
    maintainance
    scaling
-   indexes

doc/admin/indexes.rst

@@ -1,77 +0,0 @@
-Additional database indices
-===========================
-
-If you have a large pretix database, some features such as search for orders or events might turn pretty slow.
-For PostgreSQL, we have compiled a list of additional database indexes that you can add to speed things up.
-Just like any index, they in turn make write operations insignificantly slower and cause the database to use
-more disk space.
-
-The indexes aren't automatically created by pretix since Django does not allow us to do so only on PostgreSQL
-(and they won't work on other databases). Also, they're really not necessary if you're not having tens of
-thousands of records in your database.
-
-However, this also means they won't automatically adapt if some of the referred fields change in future updates of pretix
-and you might need to re-check this page and change them manually.
-
-Here is the currently recommended set of commands::
-
-    CREATE EXTENSION pg_trgm;
-
-    CREATE INDEX CONCURRENTLY pretix_addidx_event_slug
-        ON pretixbase_event
-        USING gin (upper("slug") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_event_name
-        ON pretixbase_event
-        USING gin (upper("name") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_order_code
-        ON pretixbase_order
-        USING gin (upper("code") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_voucher_code
-        ON pretixbase_voucher
-        USING gin (upper("code") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_invoice_nu1
-        ON "pretixbase_invoice" (UPPER("invoice_no"));
-    CREATE INDEX CONCURRENTLY pretix_addidx_invoice_nu2
-        ON "pretixbase_invoice" (UPPER("full_invoice_no"));
-    CREATE INDEX CONCURRENTLY pretix_addidx_organizer_name
-        ON pretixbase_organizer
-        USING gin (upper("name") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_organizer_slug
-        ON pretixbase_organizer
-        USING gin (upper("slug") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_order_email
-        ON pretixbase_order
-        USING gin (upper("email") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_order_comment
-        ON pretixbase_order
-        USING gin (upper("comment") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_orderpos_name
-        ON pretixbase_orderposition
-        USING gin (upper("attendee_name_cached") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_orderpos_scret
-        ON pretixbase_orderposition
-        USING gin (upper("secret") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_orderpos_email
-        ON pretixbase_orderposition
-        USING gin (upper("attendee_email") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_ia_name
-        ON pretixbase_invoiceaddress
-        USING gin (upper("name_cached") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_ia_company
-        ON pretixbase_invoiceaddress
-        USING gin (upper("company") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_orderpos_email_upper
-        ON public.pretixbase_orderposition (upper((attendee_email)::text));
-    CREATE INDEX CONCURRENTLY pretix_addidx_voucher_code_upper
-        ON public.pretixbase_voucher (upper((code)::text));
-
-
-Also, if you use our ``pretix-shipping`` plugin::
-
-    CREATE INDEX CONCURRENTLY pretix_addidx_sa_name
-        ON pretix_shipping_shippingaddress
-        USING gin (upper("name") gin_trgm_ops);
-    CREATE INDEX CONCURRENTLY pretix_addidx_sa_company
-        ON pretix_shipping_shippingaddress
-        USING gin (upper("company") gin_trgm_ops);
-

doc/admin/installation/docker_smallscale.rst

@@ -26,7 +26,7 @@ installation guides):
 * `Docker`_
 * A SMTP server to send out mails, e.g. `Postfix`_ on your machine or some third-party server you have credentials for
 * A HTTP reverse proxy, e.g. `nginx`_ or Apache to allow HTTPS connections
-* A `PostgreSQL`_ 9.5+, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
+* A `PostgreSQL`_, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
 * A `redis`_ server
 
 We also recommend that you use a firewall, although this is not a pretix-specific recommendation. If you're new to
@@ -125,8 +125,6 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten
     ; DO NOT change the following value, it has to be set to the location of the
     ; directory *inside* the docker container
     datadir=/data
-    trust_x_forwarded_for=on
-    trust_x_forwarded_proto=on
 
     [database]
     ; Replace postgresql with mysql for MySQL
@@ -135,7 +133,7 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten
     user=pretix
     ; Replace with the password you chose above
     password=*********
-    ; In most docker setups, 172.17.0.1 is the address of the docker host. Adjust
+    ; In most docker setups, 172.17.0.1 is the address of the docker host. Adjuts
     ; this to wherever your database is running, e.g. the name of a linked container
     ; or of a mounted MySQL socket.
     host=172.17.0.1
@@ -182,7 +180,6 @@ named ``/etc/systemd/system/pretix.service`` with the following content::
         -v /var/pretix-data:/data \
         -v /etc/pretix:/etc/pretix \
         -v /var/run/redis:/var/run/redis \
-        --sysctl net.core.somaxconn=4096 \
         pretix/standalone:stable all
     ExecStop=/usr/bin/docker stop %n
 
@@ -279,38 +276,18 @@ choice)::
 
 Then, go to that directory and build the image::
 
-    $ docker build . -t mypretix
+    $ docker build -t mypretix
 
 You can now use that image ``mypretix`` instead of ``pretix/standalone`` in your service file (see above). Be sure
 to re-build your custom image after you pulled ``pretix/standalone`` if you want to perform an update.
 
-Scaling up
-----------
-
-If you need to scale to multiple machines, please first read our :ref:`scaling guide <scaling>`.
-
-If you run the official docker container on multiple machines, it is recommended to set the environment
-variable ``AUTOMIGRATE=skip`` on all containers and run ``docker exec -it pretix.service pretix migrate``
-on one machine after each upgrade manually, otherwise multiple containers might try to upgrade the
-database schema at the same time.
-
-To run only the ``pretix-web`` component of pretix as well as a nginx server serving static files, you
-can invoke the container with ``docker run … pretix/standalone:stable web`` (instead of ``all``). You
-can adjust the number of ``gunicorn`` processes with the ``NUM_WORKERS`` environment variable (defaults to
-two times the number of CPUs detected).
-
-To run only ``pretix-worker``, you can run ``docker run … pretix/standalone:stable taskworker``. You can
-also pass arguments to limit the worker to specific queues or to change the number of concurrent task
-workers, e.g. ``docker run … taskworker -Q notifications --concurrency 32``.
-
-
 .. _Docker: https://docs.docker.com/engine/installation/linux/debian/
 .. _Postfix: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp-server-on-ubuntu-16-04
 .. _nginx: https://botleg.com/stories/https-with-lets-encrypt-and-nginx/
 .. _Let's Encrypt: https://letsencrypt.org/
 .. _pretix.eu: https://pretix.eu/
 .. _MySQL: https://dev.mysql.com/doc/refman/5.7/en/linux-installation-apt-repo.html
-.. _PostgreSQL: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-20-04
+.. _PostgreSQL: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-9-4-on-debian-8
 .. _redis: https://blog.programster.org/debian-8-install-redis-server/
 .. _ufw: https://en.wikipedia.org/wiki/Uncomplicated_Firewall
 .. _redis website: https://redis.io/topics/security

doc/admin/installation/enterprise.rst

@@ -68,7 +68,7 @@ generated key and installs the plugin from the URL we told you::
         mkdir -p /etc/ssh && \
         ssh-keyscan -t rsa -p 10022 code.rami.io >> /root/.ssh/known_hosts && \
         echo StrictHostKeyChecking=no >> /root/.ssh/config && \
-        DJANGO_SETTINGS_MODULE=pretix.settings pip3 install -U "git+ssh://git@code.rami.io:10022/pretix/pretix-slack.git@stable#egg=pretix-slack" && \
+        pip3 install -Ue "git+ssh://git@code.rami.io:10022/pretix/pretix-slack.git@stable#egg=pretix-slack" && \
         cd /pretix/src && \
         sudo -u pretixuser make production
     USER pretixuser

doc/admin/installation/manual_smallscale.rst

@@ -12,7 +12,7 @@ solution with many things readily set-up, look at :ref:`dockersmallscale`.
              get it right. If you're not feeling comfortable managing a Linux server, check out our hosting and service
              offers at `pretix.eu`_.
 
-We tested this guide on the Linux distribution **Debian 10.0** but it should work very similar on other
+We tested this guide on the Linux distribution **Debian 8.0** but it should work very similar on other
 modern distributions, especially on all systemd-based ones.
 
 Requirements
@@ -23,9 +23,8 @@ installation guides):
 
 * A SMTP server to send out mails, e.g. `Postfix`_ on your machine or some third-party server you have credentials for
 * A HTTP reverse proxy, e.g. `nginx`_ or Apache to allow HTTPS connections
-* A `PostgreSQL`_ 9.5+, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
+* A `PostgreSQL`_, `MySQL`_ 5.7+, or MariaDB 10.2.7+ database server
 * A `redis`_ server
-* A `nodejs_` installation
 
 We also recommend that you use a firewall, although this is not a pretix-specific recommendation. If you're new to
 Linux and firewalls, we recommend that you start with `ufw`_.
@@ -86,8 +85,6 @@ Fill the configuration file ``/etc/pretix/pretix.cfg`` with the following conten
     url=https://pretix.mydomain.com
     currency=EUR
     datadir=/var/pretix/data
-    trust_x_forwarded_for=on
-    trust_x_forwarded_proto=on
 
     [database]
     ; For MySQL, replace with "mysql"
@@ -134,7 +131,7 @@ command if you're running MySQL::
 
     (venv)$ pip3 install "pretix[postgres]" gunicorn
 
-Note that you need Python 3.6 or newer. You can find out your Python version using ``python -V``.
+Note that you need Python 3.5 or newer. You can find out your Python version using ``python -V``.
 
 We also need to create a data directory::
 
@@ -309,8 +306,7 @@ example::
 .. _Let's Encrypt: https://letsencrypt.org/
 .. _pretix.eu: https://pretix.eu/
 .. _MySQL: https://dev.mysql.com/doc/refman/5.7/en/linux-installation-apt-repo.html
-.. _PostgreSQL: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-20-04
+.. _PostgreSQL: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-9-4-on-debian-8
 .. _redis: https://blog.programster.org/debian-8-install-redis-server/
 .. _ufw: https://en.wikipedia.org/wiki/Uncomplicated_Firewall
 .. _strong encryption settings: https://mozilla.github.io/server-side-tls/ssl-config-generator/
-.. _nodejs: https://github.com/nodesource/distributions/blob/master/README.md#deb

doc/admin/maintainance.rst

@@ -92,14 +92,7 @@ pretix_task_duration_seconds
 
 pretix_model_instances
     Gauge. Measures number of instances of a certain model within the database, labeled with
-    the ``model`` name. Starting with pretix 3.11, these numbers might only be approximate for
-    most tables when running on PostgreSQL to mitigate performance impact.
-
-pretix_celery_tasks_queued_count
-    The number of background tasks in the worker queue, labeled with ``queue``.
-
-pretix_celery_tasks_queued_age_seconds
-    The age of the longest-waiting in the worker queue in seconds, labeled with ``queue``.
+    the ``model`` name.
 
 .. _metric types: https://prometheus.io/docs/concepts/metric_types/
 .. _Prometheus: https://prometheus.io/

doc/api/deviceauth.rst

@@ -49,15 +49,11 @@ information on your device as well as your API token:
        "device_id": 5,
        "unique_serial": "HHZ9LW9JWP390VFZ",
        "api_token": "1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd",
-       "name": "Bar",
-       "gate": {
-           "id": 3,
-           "name": "South entrance"
-       }
+       "name": "Bar"
    }
 
 Please make sure that you store this ``api_token`` value. We also recommend storing your device ID, your assigned
-``unique_serial``, and the ``organizer`` you have access to, but that's up to you. ``gate`` might be ``null``.
+``unique_serial``, and the ``organizer`` you have access to, but that's up to you.
 
 In case of an error, the response will look like this:
 
@@ -102,8 +98,6 @@ following endpoint:
        "software_version": "4.1.0"
    }
 
-You will receive a response equivalent to the response of your initialization request.
-
 Creating a new API key
 ----------------------
 
@@ -132,65 +126,12 @@ invalidate your API key. There is no way to reverse this operation.
 
 This can also be done by the user through the web interface.
 
-Permissions & security profiles
--------------------------------
+Permissions
+-----------
 
 Device authentication is currently hardcoded to grant the following permissions:
 
 * View event meta data and products etc.
-* View orders
-* Change orders
-* Manage gift cards
+* View and change orders
 
 Devices cannot change events or products and cannot access vouchers.
-
-Additionally, when creating a device through the user interface or API, a user can specify a "security profile" for
-the device. These include an allow list of specific API calls that may be made by the device. pretix ships with security
-policies for official pretix apps like pretixSCAN and pretixPOS.
-
-Removing a device
------------------
-
-If you want implement a way to to deprovision a device in your software, you can call the ``revoke`` endpoint to
-invalidate your API key. There is no way to reverse this operation.
-
-.. sourcecode:: http
-
-   POST /api/v1/device/revoke HTTP/1.1
-   Host: pretix.eu
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-This can also be done by the user through the web interface.
-
-Event selection
----------------
-
-In most cases, your application should allow the user to select the event and check-in list they work with manually
-from a list. However, in some cases it is required to automatically configure the device for the correct event, for
-example in a kiosk-like situation where nobody is operating the device. In this case, the app can query the server
-for a suggestion which event should be used. You can also submit the configuration that is currently in use via
-query parameters:
-
-.. sourcecode:: http
-
-   GET /api/v1/device/eventselection?current_event=democon&current_subevent=42&current_checkinlist=542 HTTP/1.1
-   Host: pretix.eu
-   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
-
-You can get three response codes:
-
-* ``304`` The server things you already selected a good event
-* ``404`` The server has not found a suggestion for you
-* ``200`` The server suggests a new event (body see below)
-
-.. sourcecode:: http
-
-   HTTP/1.1 200 OK
-   Content-Type: application/json
-
-   {
-      "event": "democon",
-      "subevent": 23,
-      "checkinlist": 5
-   }
-

doc/api/fundamentals.rst

@@ -170,22 +170,6 @@ Date                  String in ISO 8601 format    ``2017-12-27``
 Multi-lingual string  Object of strings            ``{"en": "red", "de": "rot", "de_Informal": "rot"}``
 Money                 String with decimal number   ``"23.42"``
 Currency              String with ISO 4217 code    ``"EUR"``, ``"USD"``
-Relative datetime     *either* String in ISO 8601  ``"2017-12-27T10:00:00.596934Z"``,
-                      format *or* specification of ``"RELDATE/3/12:00:00/presale_start/"``
-                      a relative datetime,
-                      constructed from a number of
-                      days before the base point,
-                      a time of day, and the base
-                      point.
-Relative date         *either* String in ISO 8601  ``"2017-12-27"``,
-                      format *or* specification of ``"RELDATE/3/-/presale_start/"``
-                      a relative date,
-                      constructed from a number of
-                      days before the base point
-                      and the base point.
-File                  URL in responses, ``file:``  ``"https://…"``, ``"file:…"``
-                      specifiers in requests
-                      (see below).
 ===================== ============================ ===================================
 
 Query parameters
@@ -213,16 +197,13 @@ Please note that this also goes for most error responses. For example, if we ret
 error and you retry with the same ``X-Idempotency-Key``, you will get the same error again, even if you were granted
 permission in the meantime! This includes internal server errors on our side that might have been fixed in the meantime.
 
-There are only the following exceptions to the rule:
+There are only three exceptions to the rule:
 
 * Responses with status code ``409 Conflict`` are not cached. If you send the request again, it will be executed as a
   new request, since these responses are intended to be retried.
 
 * Rate-limited responses with status code ``429 Too Many Requests`` are not cached and you can safely retry them.
 
-* Responses with status code ``500 Internal Server Error`` are not cached and you can retry them. This is not guaranteed
-  to be safe in all theoretical cases,  but 500 by definition is an unforeseen situation and we need to have some way out.
-
 * Responses with status code ``503 Service Unavailable`` are not cached and you can safely retry them.
 
 If you send a request with an ``X-Idempotency-Key`` header that we have seen before but that has not yet received a
@@ -233,48 +214,4 @@ We store idempotency keys for 24 hours, so you should never retry a request afte
 All ``POST``, ``PUT``, ``PATCH``, or ``DELETE`` api calls support idempotency keys. Adding an idempotency key to a
 ``GET``, ``HEAD``, or ``OPTIONS`` request has no effect.
 
-
-File upload
------------
-
-In some places, the API supports working with files, for example when setting the picture of a product. In this case,
-you will first need to make a separate request to our file upload endpoint:
-
-.. sourcecode:: http
-
-   POST /api/v1/upload HTTP/1.1
-   Host: pretix.eu
-   Authorization: Token e1l6gq2ye72thbwkacj7jbri7a7tvxe614ojv8ybureain92ocub46t5gab5966k
-   Content-Type: image/png
-   Content-Disposition: attachment; filename="logo.png"
-   Content-Length: 1234
-
-   <raw file content>
-
-Note that the ``Content-Type`` and ``Content-Disposition`` headers are required. If the upload was successful, you will
-receive a JSON response with the ID of the file:
-
-.. sourcecode:: http
-
-   HTTP/1.1 201 Created
-   Content-Type: application/json
-
-   {
-     "id": "file:1cd99455-1ebd-4cda-b1a2-7a7d2a969ad1"
-   }
-
-You can then use this file ID in the request you want to use it in. File IDs are currently valid for 24 hours and can only
-be used using the same authorization method and user that was used to upload them.
-
-.. sourcecode:: http
-
-   PATCH /api/v1/organizers/test/events/test/items/3/ HTTP/1.1
-   Host: pretix.eu
-   Content-Type: application/json
-
-   {
-     "picture": "file:1cd99455-1ebd-4cda-b1a2-7a7d2a969ad1"
-   }
-
-
 .. _CSRF policies: https://docs.djangoproject.com/en/1.11/ref/csrf/#ajax

doc/api/guides/custom_checkout.rst

@@ -1,132 +0,0 @@
-Creating an external checkout process
-=====================================
-
-Occasionally, we get asked whether it is possible to just use pretix' powerful backend as a ticketing engine but use
-a fully-customized checkout process that only communicates via the API. This is possible, but with a few limitations.
-If you go down this route, you will miss out on many of pretix features and safeguards, as well as the added flexibility
-by most of pretix' plugins. We strongly recommend to talk this through with us before you decide this is the way to go.
-
-However, this is really useful if you need to tightly integrate pretix into existing web applications that e.g. control
-the pricing of your products in a way that cannot be mapped to pretix' product structures.
-
-Creating orders
----------------
-
-After letting your user select the products to  buy in your application, you should create a new order object inside
-pretix. Below, you can see an example of such an order, but most fields are optional and there are some more features
-supported. Read :ref:`rest-orders-create` to learn more about this endpoint.
-
-Please note that this endpoint assumes trustworthy input for the most part. By default, the endpoint checks that
-you do not exceed any quotas, do not sell any seats twice, or do not use any redeemed vouchers. However, it will not
-complain about violation of any other availability constraints, such as violation of time frames or minimum/maximum
-amounts of either your product or event. Bundled products will not be added in automatically and fees will not be
-calculated automatically.
-
-.. sourcecode:: http
-
-    POST /api/v1/organizers/democon/events/3vjrh/orders/ HTTP/1.1
-    Host: test.pretix.eu
-    Accept: application/json, text/javascript
-    Content-Type: application/json
-    Authorization: …
-
-    {
-      "email": "dummy@example.org",
-      "locale": "en",
-      "sales_channel": "web",
-      "payment_provider": "banktransfer",
-      "invoice_address": {
-        "is_business": false,
-        "company": "Sample company",
-        "name_parts": {"full_name": "John Doe"},
-        "street": "Sesam Street 12",
-        "zipcode": "12345",
-        "city": "Sample City",
-        "country": "US",
-        "state": "NY",
-        "internal_reference": "",
-        "vat_id": ""
-      },
-      "positions": [
-        {
-          "item": 21,
-          "variation": null,
-          "attendee_name_parts": {
-            "full_name": "Peter"
-          },
-          "answers": [
-            {
-              "question": 1,
-              "answer": "23",
-              "options": []
-            }
-          ],
-          "subevent": null
-        }
-      ],
-      "fees": []
-    }
-
-You will be returned a full order object that you can inspect, store, or use to build emails or confirmation pages for
-the user. If you don't want to do that yourself, it will also contain the URL to our confirmation page in the ``url``
-attribute. If you pass the ``"send_mail": true`` option, pretix will also send order confirmations for you.
-
-Handling payments yourself
---------------------------
-
-If you want to handle payments in your application, you can either just create the orders with status "paid" or you can
-create them in "pending" state (the default) and later confirm the payment. We strongly advise to use the payment
-provider ``"manual"`` in this case to avoid interference with payment code with pretix.
-
-However, it is often unfeasible to implement the payment process yourself, and it also requires you to give up a
-lot of pretix functionality, such as automatic refunds. Therefore, it is also possible to utilize pretix' native
-payment process even in this case:
-
-Using pretix payment providers
-------------------------------
-
-If you passed a ``payment_provider`` during order creation above, pretix will have created a payment object with state
-``created`` that you can see in the returned order object. This payment object will have an attribute ``payment_url``
-that you can use to let the user pay. For example, you could link or redirect to this page.
-
-If you want the user to return to your application after the payment is complete, you can pass a query parameter
-``return_url``. To prepare your event for this, open your event in the pretix backend and go to "Settings", then
-"Plugins". Enable the plugin "Redirection from order page". Then, go to the new page "Settings", then "Redirection".
-Enter the base URL of your web application. This will allow you to redirect to pages under this base URL later on.
-For example, if you want users to be redirected to ``https://example.org/order/return?tx_id=1234``, you could now
-either enter ``https://example.org`` or ``https://example.org/order/``.
-
-The user will be redirected back to your page instead of pretix' order confirmation page after the payment,
-**regardless of whether it was successful or not**. Make sure you use our API to check if the payment actually
-worked! Your final URL could look like this::
-
-    https://test.pretix.eu/democon/3vjrh/order/NSLEZ/ujbrnsjzbq4dzhck/pay/123/?return_url=https%3A%2F%2Fexample.org%2Forder%2Freturn%3Ftx_id%3D1234
-
-You can also embed this page in an ``<iframe>`` instead. Note, however, that this causes problems with some payment
-methods such as PayPal which do not allow being opened in an iframe. pretix can partly work around these issues by
-opening a new window, but will only to so if you also append an ``iframe=1`` parameter to the URL::
-
-    https://test.pretix.eu/democon/3vjrh/order/NSLEZ/ujbrnsjzbq4dzhck/pay/123/?return_url=https%3A%2F%2Fexample.org%2Forder%2Freturn%3Ftx_id%3D1234&iframe=1
-
-If you did **not** pass a payment method since you want us to ask the user which payment method they want to use, you
-need to construct the URL from the ``url`` attribute of the order and the sub-path ``pay/change```. For example, you
-would end up with the following URL::
-
-    https://test.pretix.eu/democon/3vjrh/order/NSLEZ/ujbrnsjzbq4dzhck/pay/change
-
-Of course, you can also use the ``iframe`` and ``return_url`` parameters here.
-
-Optional: Cart reservations
----------------------------
-
-Creating orders is an atomic operation: The order is either created as a whole or not at all. However, pretix'
-built-in checkout automatically reserves tickets in a user's cart for a configurable amount of time to ensure users
-will actually get their tickets once they started entering all their details. If you want a similar behavior in your
-application, you need to create :ref:`rest-carts` through the API.
-
-When creating your order, you can pass a ``consume_carts`` parameter with the cart ID(s) of your user. This way, the
-quota reserved by the cart will be credited towards the order and the carts will be destroyed if (and only if) the
-order creation succeeds.
-
-Cart creation is currently even more limited than the order creation endpoints, as cart creation currently does not
-support vouchers or automatic price calculation. If you require these features, please get in touch with us.

doc/api/guides/index.rst

@@ -1,12 +0,0 @@
-.. _`rest-api-guides`:
-
-API Usage Guides
-================
-
-This part of the documentation contains how-to guides on some special use cases of our API.
-
-.. toctree::
-   :maxdepth: 2
-
-   order_lifecycle
-   custom_checkout

doc/api/guides/order_lifecycle.rst

@@ -1,56 +0,0 @@
-Understanding the life cycle of orders
-======================================
-
-When integrating pretix with other systems, it is important that you understand how orders and related objects
-such as order positions, fees, payments, refunds, and invoices work together, in order to react to their changes
-properly and map them to processes in your system.
-
-Order states
-------------
-
-Generally, an order can be in six states. For compatibility reasons, the ``status`` field only allows four values
-and the two remaining states are modeled through the ``require_approval`` field and the number of positions within
-an order. The states and their allowed changes are shown in the following graph:
-
-.. image:: /images/order_states.png
-
-
-Object types
-------------
-
-Order
-    One order represents one purchase. It's the main object you interact with and bundles all the other objects
-    together. Orders can change in many ways during their lifetime, but will never be deleted (unless ``testmode``
-    is set to ``true``).
-
-Order position
-    An order position represents one product contained in the order. Orders can usually have multiple positions.
-    There might be a parent-child relation between order positions if one position is an add-on to another position.
-    Order positions can change in many ways during their lifetime, and can also be removed or added to an order.
-
-Order fees
-    A fee represents a charge that is not related to a product. Examples include shipping fees, service fees, and
-    cancellation fees.
-    Order fees can change in many ways during their lifetime, and can also be removed or added to an order.
-
-Order payment
-    An order payment represents one payment attempt with a specific payment method and amount. An order can have
-    multiple payments attached.
-    Order payments have their own state diagram. Apart from their state and their meta information (e.g. used
-    credit card, …) they usually don't change. They may be added at any time, but will never be deleted.
-
-Order refund
-    An order payment represents one refund attempt with a specific payment method and amount. An order can have
-    multiple refunds attached.
-    Order refunds have their own state diagram. Apart from their state and their meta information (e.g. used
-    credit card, …) they usually don't change. They may be added at any time, but will never be deleted.
-
-Invoice
-    An invoice represents a legal document stating the contents of an order. While the backend technically allows
-    to update an invoice in some situations, invoices are generally considered immutable. Once they are issued,
-    they no longer change. If the order changes substantially (e.g. prices change), an invoice is canceled through
-    creation of a new invoice with the opposite amount, plus the issuance of a new invoice.
-
-Here's an example of how they all play together:
-
-.. image:: /images/order_objects.png

doc/api/index.rst

@@ -7,6 +7,9 @@ This part of the documentation contains information about the REST-style API
 exposed by pretix since version 1.5 that can be used by third-party programs
 to interact with pretix and its data structures.
 
+Currently, the API provides mostly read-only capabilities, but it will be extended
+in functionality over time.
+
 .. toctree::
    :maxdepth: 2
 
@@ -15,4 +18,3 @@ to interact with pretix and its data structures.
    resources/index
    ratelimit
    webhooks
-   guides/index

doc/api/oauth.rst

@@ -25,7 +25,7 @@ Obtaining an authorization grant
 --------------------------------
 
 To authorize a new user, link or redirect them to the ``authorize`` endpoint, passing your client ID as a query
-parameter. Additionally, you can pass a scope (currently either ``read``, ``write``, ``read write`` or ``profile``)
+parameter. Additionally, you can pass a scope (currently either ``read``, ``write``, or ``read write``)
 and an URL the user should be redirected to after successful or failed authorization. You also need to pass the
 ``response_type`` parameter with a value of ``code``. Example::
 
@@ -47,9 +47,11 @@ You will need this ``code`` parameter to perform the next step.
 
 On a failed registration, a query string like ``?error=access_denied`` will be appended to the redirection URL.
 
-.. note:: By default, the user is asked to give permission on every call to this URL. If you **only** request the
-          ``profile`` scope, i.e. no access to organizer data, you can pass the ``approval_prompt=auto`` parameter
-          to skip user interaction on subsequent calls.
+.. note:: In this step, the user is allowed to restrict your access to certain organizer accounts. If you try to
+          re-authenticate the user later, the user might be instantly redirected back to you if authorization is already
+          given and would therefore be unable to review their organizer restriction settings. You can append the
+          ``approval_prompt=force`` query parameter if you want to make sure the user actively needs to confirm the
+          authorization.
 
 Getting an access token
 -----------------------
@@ -59,7 +61,7 @@ access to the API. The ``token`` endpoint expects you to authenticate using `HTT
 ID as a username and your client secret as a password. You are also required to again supply the same ``redirect_uri``
 parameter that you used for the authorization.
 
-.. http:post:: /api/v1/oauth/token
+.. http:get:: /api/v1/oauth/token
 
    Request a new access token
 
@@ -191,11 +193,10 @@ If you need the user's meta data, you can fetch it here:
       Content-Type: application/json
 
       {
-        "email": "admin@localhost",
-        "fullname": "John Doe",
-        "locale": "de",
-        "is_staff": false,
-        "timezone": "Europe/Berlin"
+        email: "admin@localhost",
+        fullname: "John Doe",
+        locale: "de",
+        timezone: "Europe/Berlin"
       }
 
    :statuscode 200: no error

doc/api/resources/billing_var.rst

@@ -1,148 +0,0 @@
-pretix Hosted reseller API
-==========================
-
-This API is only accessible to our `value-added reseller partners`_ on pretix Hosted.
-
-.. note:: This API is only accessible with user-level permissions, not with API tokens. Therefore, you will need to
-          create an :ref:`OAuth application <rest-oauth>` and obtain an OAuth access token for a user account that has
-          permission to your reseller account.
-
-Reseller account resource
--------------------------
-
-The resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Your reseller ID
-name                                  string                     Internal name of your reseller account
-public_name                           string                     Public name of your reseller account
-public_url                            string                     Public URL of your company
-support_email                         string                     Your support email address
-support_phone                         string                     Your support phone number
-communication_language                string                     Language code we use to communicate with you
-===================================== ========================== =======================================================
-
-
-Endpoints
----------
-
-.. http:get:: /api/v1/var/
-
-   Returns a list of all reseller accounts you have access to.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/var/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "name": "ticketshop.live Ltd & Co. KG",
-            "public_name": "ticketshop.live",
-            "public_url": "https://ticketshop.live",
-            "support_email": "support@ticketshop.live",
-            "support_phone": "+4962213217750",
-            "communication_language": "de"
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-
-.. http:get:: /api/v1/var/(id)/
-
-   Returns information on one reseller account, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/var/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "ticketshop.live Ltd & Co. KG",
-        "public_name": "ticketshop.live",
-        "public_url": "https://ticketshop.live",
-        "support_email": "support@ticketshop.live",
-        "support_phone": "+4962213217750",
-        "communication_language": "de"
-      }
-
-   :param id: The ``id`` field of the reseller account to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 404: The requested account does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/var/(id)/create_organizer/
-
-   Creates a new organizer account that will be associated with a given reseller account.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/var/1/create_organizer/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 123
-
-      {
-        "name": "My new client",
-        "slug": "New client"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "My new client",
-        "slug": "New client"
-      }
-
-   :param id: The ``id`` field of the reseller account to fetch
-   :statuscode 201: no error
-   :statuscode 400: Invalid request body, usually the slug is invalid or already taken.
-   :statuscode 401: Authentication failure
-   :statuscode 404: The requested account does not exist **or** you have no permission to view this resource.
-
-.. _value-added reseller partners: https://pretix.eu/about/en/var

doc/api/resources/carts.rst

@@ -36,15 +36,11 @@ answers                               list of objects            Answers to user
 ├ question_identifier                 string                     The question's ``identifier`` field
 ├ options                             list of integers           Internal IDs of selected option(s)s (only for choice types)
 └ option_identifiers                  list of strings            The ``identifier`` fields of the selected option(s)s
-seat                                  objects                    The assigned seat. Can be ``null``.
-├ id                                  integer                    Internal ID of the seat instance
-├ name                                string                     Human-readable seat name
-└ seat_guid                           string                     Identifier of the seat within the seating plan
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.0
+.. versionchanged:: 1.17
 
-   This ``seat`` attribute has been added.
+   This resource has been added.
 
 
 Cart position endpoints
@@ -91,7 +87,6 @@ Cart position endpoints
             "datetime": "2018-06-11T10:00:00Z",
             "expires": "2018-06-11T10:00:00Z",
             "includes_tax": true,
-            "seat": null,
             "answers": []
           }
         ]
@@ -137,7 +132,6 @@ Cart position endpoints
         "datetime": "2018-06-11T10:00:00Z",
         "expires": "2018-06-11T10:00:00Z",
         "includes_tax": true,
-        "seat": null,
         "answers": []
       }
 
@@ -184,13 +178,11 @@ Cart position endpoints
    * ``item``
    * ``variation`` (optional)
    * ``price``
-   * ``seat`` (The ``seat_guid`` attribute of a seat. Required when the specified ``item`` requires a seat, otherwise must be ``null``.)
    * ``attendee_name`` **or** ``attendee_name_parts`` (optional)
    * ``attendee_email`` (optional)
    * ``subevent`` (optional)
    * ``expires`` (optional)
    * ``includes_tax`` (optional)
-   * ``sales_channel`` (optional)
    * ``answers``
 
       * ``question``
@@ -204,7 +196,7 @@ Cart position endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/cartpositions/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "item": 1,

doc/api/resources/categories.rst

@@ -25,6 +25,14 @@ is_addon                              boolean                    If ``true``, it
                                                                  defining add-ons for other products.
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 1.14
+
+   The operations POST, PATCH, PUT and DELETE have been added.
+
+.. versionchanged:: 1.16
+
+   The field ``internal_name`` has been added.
+
 
 Endpoints
 ---------
@@ -123,7 +131,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/categories/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": {"en": "Tickets"},

doc/api/resources/checkinlists.rst

@@ -1,5 +1,3 @@
-.. spelling:: checkin
-
 Check-in lists
 ==============
 
@@ -29,33 +27,27 @@ subevent                              integer                    ID of the date
 position_count                        integer                    Number of tickets that match this list (read-only).
 checkin_count                         integer                    Number of check-ins performed on this list (read-only).
 include_pending                       boolean                    If ``true``, the check-in list also contains tickets from orders in pending state.
-auto_checkin_sales_channels           list of strings            All items on the check-in list will be automatically marked as checked-in when purchased through any of the listed sales channels.
-allow_multiple_entries                boolean                    If ``true``, subsequent scans of a ticket on this list should not show a warning but instead be stored as an additional check-in.
-allow_entry_after_exit                boolean                    If ``true``, subsequent scans of a ticket on this list are valid if the last scan of the ticket was an exit scan.
-rules                                 object                     Custom check-in logic. The contents of this field are currently not considered a stable API and modifications through the API are highly discouraged.
-exit_all_at                           datetime                   Automatically check out (i.e. perform an exit scan) at this point in time. After this happened, this property will automatically be set exactly one day into the future. Note that this field is considered "internal configuration" and if you pull the list with ``If-Modified-Since``, the daily change in this field will not trigger a response.
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.9
+.. versionchanged:: 1.10
 
-    The ``subevent`` attribute may now be ``null`` inside event series. The ``allow_multiple_entries``,
-    ``allow_entry_after_exit``, and ``rules`` attributes have been added.
+   This resource has been added.
 
-.. versionchanged:: 3.11
+.. versionchanged:: 1.11
 
-    The ``subevent_match`` and ``exclude`` query parameters have been added.
+   The ``positions`` endpoints have been added.
 
-.. versionchanged:: 3.12
+.. versionchanged:: 1.13
 
-    The ``exit_all_at`` attribute has been added.
-
-.. versionchanged:: 3.17
-
-    The ``ends_after`` and ``expand`` query parameters have been added.
+   The ``include_pending`` field has been added.
 
 Endpoints
 ---------
 
+.. versionchanged:: 1.15
+
+   The ``../status/`` detail endpoint has been added.
+
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/checkinlists/
 
    Returns a list of all check-in lists within a given event.
@@ -89,24 +81,13 @@ Endpoints
             "all_products": true,
             "limit_products": [],
             "include_pending": false,
-            "subevent": null,
-            "allow_multiple_entries": false,
-            "allow_entry_after_exit": true,
-            "exit_all_at": null,
-            "rules": {},
-            "auto_checkin_sales_channels": [
-              "pretixpos"
-            ]
+            "subevent": null
           }
         ]
       }
 
    :query integer page: The page number in case of a multi-page result set, default is 1
    :query integer subevent: Only return check-in lists of the sub-event with the given ID
-   :query integer subevent_match: Only return check-in lists that are valid for the sub-event with the given ID (i.e. also lists valid for all subevents)
-   :query string ends_after: Exclude all check-in lists attached to a sub-event that is already in the past at the given time.
-   :query string expand: Expand a field into a full object. Currently only ``subevent`` is supported. Can be passed multiple times.
-   :query string exclude: Exclude a field from the output, e.g. ``checkin_count``. Can be used as a performance optimization. Can be passed multiple times.
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch
    :statuscode 200: no error
@@ -141,14 +122,7 @@ Endpoints
         "all_products": true,
         "limit_products": [],
         "include_pending": false,
-        "subevent": null,
-        "allow_multiple_entries": false,
-        "allow_entry_after_exit": true,
-        "exit_all_at": null,
-        "rules": {},
-        "auto_checkin_sales_channels": [
-          "pretixpos"
-        ]
+        "subevent": null
       }
 
    :param organizer: The ``slug`` field of the organizer to fetch
@@ -181,7 +155,6 @@ Endpoints
       {
         "checkin_count": 17,
         "position_count": 42,
-        "inside_count": 12,
         "event": {
           "name": "Demo Conference"
         },
@@ -236,18 +209,13 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/checkinlists/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": "VIP entry",
         "all_products": false,
         "limit_products": [1, 2],
-        "subevent": null,
-        "allow_multiple_entries": false,
-        "allow_entry_after_exit": true,
-        "auto_checkin_sales_channels": [
-          "pretixpos"
-        ]
+        "subevent": null
       }
 
    **Example response**:
@@ -266,12 +234,7 @@ Endpoints
         "all_products": false,
         "limit_products": [1, 2],
         "include_pending": false,
-        "subevent": null,
-        "allow_multiple_entries": false,
-        "allow_entry_after_exit": true,
-        "auto_checkin_sales_channels": [
-          "pretixpos"
-        ]
+        "subevent": null
       }
 
    :param organizer: The ``slug`` field of the organizer of the event/item to create a list for
@@ -320,12 +283,7 @@ Endpoints
         "all_products": false,
         "limit_products": [1, 2],
         "include_pending": false,
-        "subevent": null,
-        "allow_multiple_entries": false,
-        "allow_entry_after_exit": true,
-        "auto_checkin_sales_channels": [
-          "pretixpos"
-        ]
+        "subevent": null
       }
 
    :param organizer: The ``slug`` field of the organizer to modify
@@ -366,6 +324,24 @@ Endpoints
 Order position endpoints
 ------------------------
 
+.. versionchanged:: 1.15
+
+   The order positions endpoint has been extended by the filter queries ``item__in``, ``variation__in``,
+   ``order__status__in``, ``subevent__in``, ``addon_to__in``, and ``search``. The search for attendee names and order
+   codes is now case-insensitive.
+
+   The ``.../redeem/`` endpoint has been added.
+
+.. versionchanged:: 2.0
+
+   The order positions endpoint has been extended by the filter queries ``voucher`` and ``voucher__code``.
+
+.. versionchanged:: 2.7
+
+   The resource now contains the new attributes ``require_attention`` and ``order__status`` and accepts the new
+   ``ignore_status`` filter. The ``attendee_name`` field is now "smart" (see below) and the redemption endpoint
+   returns ``400`` instead of ``404`` on tickets which are known but not paid.
+
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/checkinlists/(list)/positions/
 
    Returns a list of all order positions within a given event. The result is the same as
@@ -420,12 +396,10 @@ Order position endpoints
             "addon_to": null,
             "subevent": null,
             "pseudonymization_id": "MQLJvANO3B",
-            "seat": null,
             "checkins": [
               {
                 "list": 1,
-                "datetime": "2017-12-25T12:45:23Z",
-                "auto_checked_in": true
+                "datetime": "2017-12-25T12:45:23Z"
               }
             ],
             "answers": [
@@ -453,7 +427,6 @@ Order position endpoints
                            ``attendee_name,positionid``
    :query string order: Only return positions of the order with the given order code
    :query string search: Fuzzy search matching the attendee name, order code, invoice address name as well as to the beginning of the secret.
-   :query string expand: Expand a field into a full object. Currently only ``subevent``, ``item``, and ``variation`` are supported. Can be passed multiple times.
    :query integer item: Only return positions with the purchased item matching the given ID.
    :query integer item__in: Only return positions with the purchased item matching one of the given comma-separated IDs.
    :query integer variation: Only return positions with the purchased item variation matching the given ID.
@@ -532,12 +505,10 @@ Order position endpoints
         "addon_to": null,
         "subevent": null,
         "pseudonymization_id": "MQLJvANO3B",
-        "seat": null,
         "checkins": [
           {
             "list": 1,
-            "datetime": "2017-12-25T12:45:23Z",
-            "auto_checked_in": true
+            "datetime": "2017-12-25T12:45:23Z"
           }
         ],
         "answers": [
@@ -575,12 +546,9 @@ Order position endpoints
                                        you do not implement question handling in your user interface, you **must**
                                        set this to ``false``. In that case, questions will just be ignored. Defaults
                                        to ``true``.
-   :<json boolean canceled_supported: When this parameter is set to ``true``, the response code ``canceled`` may be
-                                      returned. Otherwise, canceled orders will return ``unpaid``.
    :<json datetime datetime: Specifies the datetime of the check-in. If not supplied, the current time will be used.
    :<json boolean force: Specifies that the check-in should succeed regardless of previous check-ins or required
                          questions that have not been filled. Defaults to ``false``.
-   :<json string type: Send ``"exit"`` for an exit and ``"entry"`` (default) for an entry.
    :<json boolean ignore_unpaid: Specifies that the check-in should succeed even if the order is in pending state.
                                  Defaults to ``false`` and only works when ``include_pending`` is set on the check-in
                                  list.
@@ -606,7 +574,6 @@ Order position endpoints
         "nonce": "Pvrk50vUzQd0DhdpNRL4I4OcXsvg70uA",
         "datetime": null,
         "questions_supported": true,
-        "canceled_supported": true,
         "answers": {
           "4": "XS"
         }
@@ -690,12 +657,9 @@ Order position endpoints
 
    Possible error reasons:
 
-   * ``unpaid`` - Ticket is not paid for
-   * ``canceled`` – Ticket is canceled or expired. This reason is only sent when your request sets
-     ``canceled_supported`` to ``true``, otherwise these orders return ``unpaid``.
+   * ``unpaid`` - Ticket is not paid for or has been refunded
    * ``already_redeemed`` - Ticket already has been redeemed
    * ``product`` - Tickets with this product may not be scanned at this device
-   * ``rules`` - Check-in prevented by a user-defined rule
 
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch

doc/api/resources/devices.rst

@@ -1,224 +0,0 @@
-.. spelling:: fullname
-
-.. _`rest-devices`:
-
-Devices
-=======
-
-See also :ref:`rest-deviceauth`.
-
-Device resource
-----------------
-
-The device resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-device_id                             integer                    Internal ID of the device within this organizer
-unique_serial                         string                     Unique identifier of this device
-name                                  string                     Device name
-all_events                            boolean                    Whether this device has access to all events
-limit_events                          list                       List of event slugs this device has access to
-hardware_brand                        string                     Device hardware manufacturer (read-only)
-hardware_model                        string                     Device hardware model (read-only)
-software_brand                        string                     Device software product (read-only)
-software_version                      string                     Device software version (read-only)
-created                               datetime                   Creation time
-initialized                           datetime                   Time of initialization (or ``null``)
-initialization_token                  string                     Token for initialization
-revoked                               boolean                    Whether this device no longer has access
-security_profile                      string                     The name of a supported security profile restricting API access
-===================================== ========================== =======================================================
-
-Device endpoints
-----------------
-
-.. http:get:: /api/v1/organizers/(organizer)/devices/
-
-   Returns a list of all devices within a given organizer.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/devices/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "device_id": 1,
-            "unique_serial": "UOS3GNZ27O39V3QS",
-            "initialization_token": "frkso3m2w58zuw70",
-            "all_events": false,
-            "limit_events": [
-              "museum"
-            ],
-            "revoked": false,
-            "name": "Scanner",
-            "created": "2020-09-18T14:17:40.971519Z",
-            "initialized": "2020-09-18T14:17:44.190021Z",
-            "security_profile": "full",
-            "hardware_brand": "Zebra",
-            "hardware_model": "TC25",
-            "software_brand": "pretixSCAN",
-            "software_version": "1.5.1"
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:get:: /api/v1/organizers/(organizer)/devices/(device_id)/
-
-   Returns information on one device, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/devices/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "device_id": 1,
-        "unique_serial": "UOS3GNZ27O39V3QS",
-        "initialization_token": "frkso3m2w58zuw70",
-        "all_events": false,
-        "limit_events": [
-          "museum"
-        ],
-        "revoked": false,
-        "name": "Scanner",
-        "created": "2020-09-18T14:17:40.971519Z",
-        "initialized": "2020-09-18T14:17:44.190021Z",
-        "security_profile": "full",
-        "hardware_brand": "Zebra",
-        "hardware_model": "TC25",
-        "software_brand": "pretixSCAN",
-        "software_version": "1.5.1"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param device_id: The ``device_id`` field of the device to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/devices/
-
-   Creates a new device
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/devices/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "name": "Scanner",
-        "all_events": true,
-        "limit_events": [],
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "device_id": 1,
-        "unique_serial": "UOS3GNZ27O39V3QS",
-        "initialization_token": "frkso3m2w58zuw70",
-        "all_events": true,
-        "limit_events": [],
-        "revoked": false,
-        "name": "Scanner",
-        "created": "2020-09-18T14:17:40.971519Z",
-        "security_profile": "full",
-        "initialized": null
-        "hardware_brand": null,
-        "hardware_model": null,
-        "software_brand": null,
-        "software_version": null
-      }
-
-   :param organizer: The ``slug`` field of the organizer to create a device for
-   :statuscode 201: no error
-   :statuscode 400: The device could not be created due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/devices/(device_id)/
-
-   Update a device.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/devices/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "name": "Foo"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "Foo",
-        ...
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param device_id: The ``device_id`` field of the device to modify
-   :statuscode 200: no error
-   :statuscode 400: The device could not be modified due to invalid submitted data
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
-

doc/api/resources/events.rst

@@ -1,9 +1,3 @@
-.. spelling::
-
-   geo
-   lat
-   lon
-
 Events
 ======
 
@@ -31,55 +25,38 @@ is_public                             boolean                    If ``true``, th
 presale_start                         datetime                   The date at which the ticket shop opens (or ``null``)
 presale_end                           datetime                   The date at which the ticket shop closes (or ``null``)
 location                              multi-lingual string       The event location (or ``null``)
-geo_lat                               float                      Latitude of the location (or ``null``)
-geo_lon                               float                      Longitude of the location (or ``null``)
 has_subevents                         boolean                    ``true`` if the event series feature is active for this
                                                                  event. Cannot change after event is created.
-meta_data                             object                     Values set for organizer-specific meta data parameters.
+meta_data                             dict                       Values set for organizer-specific meta data parameters.
 plugins                               list                       A list of package names of the enabled plugins for this
                                                                  event.
-seating_plan                          integer                    If reserved seating is in use, the ID of a seating
-                                                                 plan. Otherwise ``null``.
-seat_category_mapping                 object                     An object mapping categories of the seating plan
-                                                                 (strings) to items in the event (integers or ``null``).
-timezone                              string                     Event timezone name
-item_meta_properties                  object                     Item-specific meta data parameters and default values.
-valid_keys                            object                     Cryptographic keys for non-default signature schemes.
-                                                                 For performance reason, value is omitted in lists and
-                                                                 only contained in detail views. Value can be cached.
-sales_channels                        list                       A list of sales channels this event is available for
-                                                                 sale on.
 ===================================== ========================== =======================================================
 
 
-.. versionchanged:: 3.3
+.. versionchanged:: 1.7
 
-   The attributes ``geo_lat`` and ``geo_lon`` have been added.
+   The ``meta_data`` field has been added.
 
-.. versionchanged:: 3.4
+.. versionchanged:: 1.15
 
-   The attribute ``timezone`` has been added.
+   The ``plugins`` field has been added.
+   The operations POST, PATCH, PUT and DELETE have been added.
 
-.. versionchanged:: 3.7
+.. versionchanged:: 2.1
 
-   The attribute ``item_meta_properties`` has been added.
+   Filters have been added to the list of events.
 
-.. versionchanged:: 3.12
+.. versionchanged:: 2.5
 
-   The attribute ``valid_keys`` has been added.
+   The ``testmode`` attribute has been added.
 
-.. versionchanged:: 3.14
-
-    The attribute ``sales_channels`` has been added.
+.. versionchanged:: 2.8
 
+    When cloning events, the ``testmode`` attribute will now be cloned, too.
 
 Endpoints
 ---------
 
-.. versionchanged:: 3.3
-
-    The events resource can now be filtered by meta data attributes.
-
 .. http:get:: /api/v1/organizers/(organizer)/events/
 
    Returns a list of all events within a given organizer the authenticated user/token has access to.
@@ -120,24 +97,13 @@ Endpoints
             "presale_start": null,
             "presale_end": null,
             "location": null,
-            "geo_lat": null,
-            "geo_lon": null,
             "has_subevents": false,
             "meta_data": {},
-            "seating_plan": null,
-            "seat_category_mapping": {},
-            "timezone": "Europe/Berlin",
-            "item_meta_properties": {},
             "plugins": [
-              "pretix.plugins.banktransfer",
-              "pretix.plugins.stripe",
-              "pretix.plugins.paypal",
+              "pretix.plugins.banktransfer"
+              "pretix.plugins.stripe"
+              "pretix.plugins.paypal"
               "pretix.plugins.ticketoutputpdf"
-            ],
-            "sales_channels": [
-              "web",
-              "pretixpos",
-              "resellers"
             ]
           }
         ]
@@ -153,11 +119,6 @@ Endpoints
    :query string ordering: Manually set the ordering of results. Valid fields to be used are ``date_from`` and
                            ``slug``. Keep in mind that ``date_from`` of event series does not really tell you anything.
                            Default: ``slug``.
-   :query array attr[meta_data_key]: By providing the key and value of a meta data attribute, the list of events will
-        only contain the events matching the set criteria. Providing ``?attr[Format]=Seminar`` would return only those
-        events having set their ``Format`` meta data to ``Seminar``, ``?attr[Format]=`` only those, that have no value
-        set. Please note that this filter will respect default values set on organizer level.
-   :query sales_channel: If set to a sales channel identifier, only events allowed to be sold on the specified sales channel are returned.
    :param organizer: The ``slug`` field of a valid organizer
    :statuscode 200: no error
    :statuscode 401: Authentication failure
@@ -198,29 +159,13 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
         "has_subevents": false,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "meta_data": {},
-        "timezone": "Europe/Berlin",
-        "item_meta_properties": {},
         "plugins": [
-          "pretix.plugins.banktransfer",
-          "pretix.plugins.stripe",
-          "pretix.plugins.paypal",
+          "pretix.plugins.banktransfer"
+          "pretix.plugins.stripe"
+          "pretix.plugins.paypal"
           "pretix.plugins.ticketoutputpdf"
-        ],
-        "valid_keys": {
-          "pretix_sig1": [
-            "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUNvd0JRWURLMlZ3QXlFQTdBRDcvdkZBMzNFc1k0ejJQSHI3aVpQc1o4bjVkaDBhalA4Z3l6Tm1tSXM9Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo="
-          ]
-        },
-        "sales_channels": [
-          "web",
-          "pretixpos",
-          "resellers"
         ]
       }
 
@@ -246,7 +191,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": {"en": "Sample Conference"},
@@ -260,23 +205,12 @@ Endpoints
         "is_public": false,
         "presale_start": null,
         "presale_end": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
         "has_subevents": false,
         "meta_data": {},
-        "timezone": "Europe/Berlin",
-        "item_meta_properties": {},
         "plugins": [
           "pretix.plugins.stripe",
           "pretix.plugins.paypal"
-        ],
-        "sales_channels": [
-          "web",
-          "pretixpos",
-          "resellers"
         ]
       }
 
@@ -301,22 +235,11 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "has_subevents": false,
         "meta_data": {},
-        "timezone": "Europe/Berlin",
-        "item_meta_properties": {},
         "plugins": [
           "pretix.plugins.stripe",
           "pretix.plugins.paypal"
-        ],
-        "sales_channels": [
-          "web",
-          "pretixpos",
-          "resellers"
         ]
       }
 
@@ -329,11 +252,11 @@ Endpoints
 
 .. http:post:: /api/v1/organizers/(organizer)/events/(event)/clone/
 
-   Creates a new event with properties as set in the request body. The properties that are copied are: ``is_public``,
-   ``testmode``, ``has_subevents``, settings, plugin settings, items, variations, add-ons, quotas, categories, tax rules, questions.
+   Creates a new event with properties as set in the request body. The properties that are copied are: 'is_public',
+   `testmode`, settings, plugin settings, items, variations, add-ons, quotas, categories, tax rules, questions.
 
-   If the ``plugins``, ``has_subevents`` and/or ``is_public`` fields are present in the post body this will determine their
-   value. Otherwise their value will be copied from the existing event.
+   If the 'plugins' and/or 'is_public' fields are present in the post body this will determine their value. Otherwise
+   their value will be copied from the existing event.
 
    Please note that you can only copy from events under the same organizer.
 
@@ -346,7 +269,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/clone/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": {"en": "Sample Conference"},
@@ -361,22 +284,11 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "has_subevents": false,
         "meta_data": {},
-        "timezone": "Europe/Berlin",
-        "item_meta_properties": {},
         "plugins": [
           "pretix.plugins.stripe",
           "pretix.plugins.paypal"
-        ],
-        "sales_channels": [
-          "web",
-          "pretixpos",
-          "resellers"
         ]
       }
 
@@ -401,22 +313,11 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
         "has_subevents": false,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "meta_data": {},
-        "timezone": "Europe/Berlin",
-        "item_meta_properties": {},
         "plugins": [
           "pretix.plugins.stripe",
           "pretix.plugins.paypal"
-        ],
-        "sales_channels": [
-          "web",
-          "pretixpos",
-          "resellers"
         ]
       }
 
@@ -441,7 +342,7 @@ Endpoints
       PATCH /api/v1/organizers/bigevents/events/sampleconf/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "plugins": [
@@ -473,24 +374,13 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
         "has_subevents": false,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "meta_data": {},
-        "timezone": "Europe/Berlin",
-        "item_meta_properties": {},
         "plugins": [
           "pretix.plugins.banktransfer",
           "pretix.plugins.stripe",
           "pretix.plugins.paypal",
           "pretix.plugins.pretixdroid"
-        ],
-        "sales_channels": [
-          "web",
-          "pretixpos",
-          "resellers"
         ]
       }
 
@@ -502,7 +392,7 @@ Endpoints
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create this resource.
 
 
-.. http:delete:: /api/v1/organizers/(organizer)/events/(event)/
+.. http:delete:: /api/v1/organizers/(organizer)/events/(event)/items/(id)/
 
    Delete an event. Note that events with orders cannot be deleted to ensure data integrity.
 
@@ -528,123 +418,3 @@ Endpoints
    :statuscode 204: no error
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to delete this resource.
-
-Event settings
---------------
-
-pretix events have lots and lots of parameters of different types that are stored in a key-value store on our system.
-Since many of these settings depend on each other in complex ways, we can not give direct access to all of these
-settings through the API. However, we do expose many of the simple and useful flags through the API.
-
-Please note that the available settings flags change between pretix versions and also between events, depending on the
-installed plugins, and we do not give a guarantee on backwards-compatibility like with other parts of the API.
-Therefore, we're also not including a list of the options here, but instead recommend to look at the endpoint output
-to see available options. The ``explain=true`` flag enables a verbose mode that provides you with human-readable
-information about the properties.
-
-.. note:: Please note that this is not a complete representation of all event settings. You will find more settings
-          in the web interface.
-
-.. warning:: This API is intended for advanced users. Even though we take care to validate your input, you will be
-             able to break your event using this API by creating situations of conflicting settings. Please take care.
-
-.. versionchanged:: 3.6
-
-   Initial support for settings has been added to the API.
-
-.. http:get:: /api/v1/organizers/(organizer)/events/(event)/settings/
-
-   Get current values of event settings.
-
-   Permission required: "Can change event settings" (Exception: with device auth, *some* settings can always be *read*.)
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/events/sampleconf/settings/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example standard response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "imprint_url": "https://pretix.eu",
-        …
-      }
-
-   **Example verbose response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "imprint_url":
-          {
-            "value": "https://pretix.eu",
-            "label": "Imprint URL",
-            "help_text": "This should point e.g. to a part of your website that has your contact details and legal information."
-          }
-        },
-        …
-      }
-
-   :param organizer: The ``slug`` field of the organizer of the event to access
-   :param event: The ``slug`` field of the event to access
-   :query explain: Set to ``true`` to enable verbose response mode
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/events/(event)/settings/
-
-   Updates event settings. Note that ``PUT`` is not allowed here, only ``PATCH``.
-
-    .. warning::
-
-       Settings can be stored at different levels in pretix. If a value is not set on event level, a default setting
-       from a higher level (organizer, global) will be returned. If you explicitly set a setting on event level, it
-       will no longer be inherited from the higher levels. Therefore, we recommend you to send only settings that you
-       explicitly want to set on event level. To unset a settings, pass ``null``.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/events/sampleconf/settings/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "imprint_url": "https://example.org/imprint/"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "imprint_url": "https://example.org/imprint/",
-        …
-      }
-
-   :param organizer: The ``slug`` field of the organizer of the event to update
-   :param event: The ``slug`` field of the event to update
-   :statuscode 200: no error
-   :statuscode 400: The event could not be updated due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create this resource.

doc/api/resources/exporters.rst

@@ -1,215 +0,0 @@
-.. spelling:: checkin
-
-Data exporters
-==============
-
-pretix and it's plugins include a number of data exporters that allow you to bulk download various data from pretix in
-different formats. This page shows you how to use these exporters through the API.
-
-.. versionchanged:: 3.13
-
-   This feature has been added to the API.
-
-.. warning::
-
-   While we consider the methods listed on this page to be a stable API, the availability and specific input field
-   requirements of individual exporters is **not considered a stable API**. Specific exporters and their input parameters
-   may change at any time without warning.
-
-Listing available exporters
----------------------------
-
-.. http:get:: /api/v1/organizers/(organizer)/events/(event)/exporters/
-
-   Returns a list of all exporters available for a given event. You will receive a list of export methods as well as their
-   supported input fields. Note that the exact type and validation requirements of the input fields are not given in the
-   response, and you might need to look into the pretix web interface to figure out the exact input required.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/events/sampleconf/exporters/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "identifier": "orderlist",
-            "verbose_name": "Order data",
-            "input_parameters": [
-              {
-                "name": "_format",
-                "required": true,
-                "choices": [
-                  "xlsx",
-                  "orders:default",
-                  "orders:excel",
-                  "orders:semicolon",
-                  "positions:default",
-                  "positions:excel",
-                  "positions:semicolon",
-                  "fees:default",
-                  "fees:excel",
-                  "fees:semicolon"
-                ]
-              },
-              {
-                "name": "paid_only",
-                "required": false
-              }
-            ]
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param event: The ``slug`` field of the event to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-.. http:get:: /api/v1/organizers/(organizer)/exporters/
-
-   Returns a list of all cross-event exporters available for a given organizer. You will receive a list of export methods as well as their
-   supported input fields. Note that the exact type and validation requirements of the input fields are not given in the
-   response, and you might need to look into the pretix web interface to figure out the exact input required.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/exporters/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "identifier": "orderlist",
-            "verbose_name": "Order data",
-            "input_parameters": [
-              {
-                "name": "events",
-                "required": true
-              },
-              {
-                "name": "_format",
-                "required": true,
-                "choices": [
-                  "xlsx",
-                  "orders:default",
-                  "orders:excel",
-                  "orders:semicolon",
-                  "positions:default",
-                  "positions:excel",
-                  "positions:semicolon",
-                  "fees:default",
-                  "fees:excel",
-                  "fees:semicolon"
-                ]
-              },
-              {
-                "name": "paid_only",
-                "required": false
-              }
-            ]
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-Running an export
------------------
-
-Since exports often include large data sets, they might take longer than the duration of an HTTP request. Therefore,
-creating an export is a two-step process. First you need to start an export task with one of the following to API
-endpoints:
-
-.. http:post:: /api/v1/organizers/(organizer)/events/(event)/exporters/(identifier)/run/
-
-   Starts an export task. If your input parameters validate correctly, a ``202 Accepted`` status code is returned.
-   The body points you to the download URL of the result.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/events/sampleconf/exporters/orderlist/run/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "_format": "xlsx"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "download": "https://pretix.eu/api/v1/organizers/bigevents/events/sampleconf/orderlist/download/29891ede-196f-4942-9e26-d055a36e98b8/3f279f13-c198-4137-b49b-9b360ce9fcce/"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param event: The ``slug`` field of the event to fetch
-   :param identifier: The ``identifier`` field of the exporter to run
-   :statuscode 202: no error
-   :statuscode 400: Invalid input options
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/exporters/(identifier)/run/
-
-   The endpoint for organizer-level exports works just like event-level exports (see above).
-
-
-Downloading the result
-----------------------
-
-When starting an export, you receive a ``url`` for downloading the result. Running a ``GET`` request on that result will
-yield one of the following status codes:
-
-* ``200 OK`` – The export succeeded. The body will be your resulting file. Might be large!
-* ``409 Conflict`` – Your export is still running. The body will be JSON with the structure ``{"status": "running", "percentage": 40}``. ``percentage`` can be ``null`` if it is not known and ``status`` can be ``waiting`` before the task is actually being processed. Please retry, but wait at least one second before you do.
-* ``410 Gone`` – Running the export has failed permanently. The body will be JSON with the structure ``{"status": "failed", "message": "Error message"}``
-* ``404 Not Found`` – The export does not exist / is expired.
-
-.. warning::
-
-   Running exports puts a lot of stress on the system, we kindly ask you not to run more than two exports at the same time.
-

doc/api/resources/giftcards.rst

@@ -1,313 +0,0 @@
-.. _`rest-giftcards`:
-
-Gift cards
-==========
-
-Resource description
---------------------
-
-The gift card resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the gift card
-secret                                string                     Gift card code (can not be modified later)
-value                                 money (string)             Current gift card value
-currency                              string                     Currency of the value (can not be modified later)
-testmode                              boolean                    Whether this is a test gift card
-expires                               datetime                   Expiry date (or ``null``)
-conditions                            string                     Special terms and conditions for this card (or ``null``)
-===================================== ========================== =======================================================
-
-The gift card transaction resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the gift card transaction
-datetime                              datetime                   Creation date of the transaction
-value                                 money (string)             Transaction amount
-event                                 string                     Event slug, if the gift card was used in the web shop (or ``null``)
-order                                 string                     Order code, if the gift card was used in the web shop (or ``null``)
-text                                  string                     Custom text of the transaction (or ``null``)
-===================================== ========================== =======================================================
-
-Endpoints
----------
-
-.. versionadded:: 3.14
-
-   The transaction list endpoint was added.
-
-.. http:get:: /api/v1/organizers/(organizer)/giftcards/
-
-   Returns a list of all gift cards issued by a given organizer.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/giftcards/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "secret": "HLBYVELFRC77NCQY",
-            "currency": "EUR",
-            "testmode": false,
-            "expires": null,
-            "conditions": null,
-            "value": "13.37"
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :query string secret: Only show gift cards with the given secret.
-   :query boolean testmode: Filter for gift cards that are (not) in test mode.
-   :query boolean include_accepted: Also show gift cards issued by other organizers that are accepted by this organizer.
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:get:: /api/v1/organizers/(organizer)/giftcards/(id)/
-
-   Returns information on one gift card, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/giftcards/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "secret": "HLBYVELFRC77NCQY",
-        "currency": "EUR",
-        "testmode": false,
-        "expires": null,
-        "conditions": null,
-        "value": "13.37"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param id: The ``id`` field of the gift card to fetch
-   :query boolean include_accepted: Also show gift cards issued by other organizers that are accepted by this organizer.
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/giftcards/
-
-   Creates a new gift card
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/giftcards/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "secret": "HLBYVELFRC77NCQY",
-        "currency": "EUR",
-        "value": "13.37"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "secret": "HLBYVELFRC77NCQY",
-        "testmode": false,
-        "currency": "EUR",
-        "expires": null,
-        "conditions": null,
-        "value": "13.37"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to create a gift card for
-   :statuscode 201: no error
-   :statuscode 400: The gift card could not be created due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/giftcards/(id)/
-
-   Update a gift card. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of
-   the resource, other fields will be reset to default. With ``PATCH``, you only need to provide the fields that you
-   want to change.
-
-   You can change all fields of the resource except the ``id``, ``secret``, ``testmode``, and ``currency`` fields. Be
-   careful when modifying the ``value`` field to avoid race conditions. We recommend to use the ``transact`` method
-   described below.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/giftcards/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "value": "14.00"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "secret": "HLBYVELFRC77NCQY",
-        "testmode": false,
-        "currency": "EUR",
-        "expires": null,
-        "conditions": null,
-        "value": "14.00"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the gift card to modify
-   :statuscode 200: no error
-   :statuscode 400: The gift card could not be modified due to invalid submitted data
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/giftcards/(id)/transact/
-
-   Atomically change the value of a gift card. A positive amount will increase the value of the gift card,
-   a negative amount will decrease it.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/giftcards/1/transact/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 79
-
-      {
-        "value": "2.00",
-        "text": "Optional value explaining the transaction"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "secret": "HLBYVELFRC77NCQY",
-        "currency": "EUR",
-        "testmode": false,
-        "expires": null,
-        "conditions": null,
-        "value": "15.37"
-      }
-
-   .. versionchanged:: 3.5
-
-      This endpoint now returns status code ``409`` if the transaction would lead to a negative gift card value.
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the gift card to modify
-   :query boolean include_accepted: Also show gift cards issued by other organizers that are accepted by this organizer.
-   :statuscode 200: no error
-   :statuscode 400: The gift card could not be modified due to invalid submitted data
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
-   :statuscode 409: There is not sufficient credit on the gift card.
-
-.. http:get:: /api/v1/organizers/(organizer)/giftcards/(id)/transactions/
-
-   List all transactions of a gift card.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/giftcards/1/transactions/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 82,
-            "datetime": "2020-06-22T15:41:42.800534Z",
-            "value": "50.00",
-            "event": "democon",
-            "order": "FXQYW",
-            "text": null
-          }
-        ]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to view
-   :param id: The ``id`` field of the gift card to view
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.

doc/api/resources/index.rst

@@ -21,12 +21,6 @@ Resources and endpoints
    vouchers
    checkinlists
    waitinglist
-   giftcards
    carts
-   teams
-   devices
    webhooks
-   seatingplans
-   exporters
    billing_invoices
-   billing_var

doc/api/resources/invoices.rst

@@ -15,24 +15,8 @@ number                                string                     Invoice number
 order                                 string                     Order code of the order this invoice belongs to
 is_cancellation                       boolean                    ``true``, if this invoice is the cancellation of a
                                                                  different invoice.
-invoice_from_name                     string                     Sender address: Name
-invoice_from                          string                     Sender address: Address lines
-invoice_from_zipcode                  string                     Sender address: ZIP code
-invoice_from_city                     string                     Sender address: City
-invoice_from_country                  string                     Sender address: Country code
-invoice_from_tax_id                   string                     Sender address: Local Tax ID
-invoice_from_vat_id                   string                     Sender address: EU VAT ID
-invoice_to                            string                     Full recipient address
-invoice_to_company                    string                     Recipient address: Company name
-invoice_to_name                       string                     Recipient address: Person name
-invoice_to_street                     string                     Recipient address: Address lines
-invoice_to_zipcode                    string                     Recipient address: ZIP code
-invoice_to_city                       string                     Recipient address: City
-invoice_to_state                      string                     Recipient address: State (only used in some countries)
-invoice_to_country                    string                     Recipient address: Country code
-invoice_to_vat_id                     string                     Recipient address: EU VAT ID
-invoice_to_beneficiary                string                     Invoice beneficiary
-custom_field                          string                     Custom invoice address field
+invoice_from                          string                     Sender address
+invoice_to                            string                     Receiver address
 date                                  date                       Invoice date
 refers                                string                     Invoice number of an invoice this invoice refers to
                                                                  (for example a cancellation refers to the invoice it
@@ -44,33 +28,7 @@ payment_provider_text                 string                     Text to be prin
                                                                  payment information
 footer_text                           string                     Text to be printed in the page footer area
 lines                                 list of objects            The actual invoice contents
-├ position                            integer                    Number of the line within an invoice.
 ├ description                         string                     Text representing the invoice line (e.g. product name)
-├ item                                integer                    Product used to create this line. Note that everything
-                                                                 about the product might have changed since the creation
-                                                                 of the invoice. Can be ``null`` for all invoice lines
-                                                                 created before this field was introduced as well as for
-                                                                 all lines not created by a product (e.g. a shipping or
-                                                                 cancellation fee).
-├ variation                           integer                    Product variation used to create this line. Note that everything
-                                                                 about the product might have changed since the creation
-                                                                 of the invoice. Can be ``null`` for all invoice lines
-                                                                 created before this field was introduced as well as for
-                                                                 all lines not created by a product (e.g. a shipping or
-                                                                 cancellation fee).
-├ event_date_from                     datetime                   Start date of the (sub)event this line was created for as it
-                                                                 was set during invoice creation. Can be ``null`` for all invoice
-                                                                 lines created before this was introduced as well as for lines in
-                                                                 an event series not created by a product (e.g. shipping or
-                                                                 cancellation fees).
-├ event_date_to                       datetime                   End date of the (sub)event this line was created for as it
-                                                                 was set during invoice creation. Can be ``null`` for all invoice
-                                                                 lines created before this was introduced as well as for lines in
-                                                                 an event series not created by a product (e.g. shipping or
-                                                                 cancellation fees) as well as whenever the respective (sub)event
-                                                                 has no end date set.
-├ attendee_name                       string                     Attendee name at time of invoice creation. Can be ``null`` if no
-                                                                 name was set or if names are configured to not be added to invoices.
 ├ gross_value                         money (string)             Price including taxes
 ├ tax_value                           money (string)             Tax amount included
 ├ tax_name                            string                     Name of used tax rate (e.g. "VAT")
@@ -87,15 +45,22 @@ internal_reference                    string                     Customer's refe
 ===================================== ========================== =======================================================
 
 
-.. versionchanged:: 3.4
+.. versionchanged:: 1.6
 
-   The attribute ``lines.number`` has been added.
+   The attribute ``invoice_no`` has been dropped in favor of ``number`` which includes the number including the prefix,
+   since the prefix can now vary. Also, invoices now need to be identified by their ``number`` instead of the raw
+   number.
 
-.. versionchanged:: 3.17
 
-   The attribute ``invoice_to_*``, ``invoice_from_*``, ``custom_field``, ``lines.item``, ``lines.variation``, ``lines.event_date_from``,
-   ``lines.event_date_to``, and ``lines.attendee_name`` have been added.
-   ``refers`` now returns an invoice number including the prefix.
+.. versionchanged:: 1.7
+
+   The attributes ``lines.tax_name``, ``foreign_currency_display``, ``foreign_currency_rate``, and
+   ``foreign_currency_rate_date`` have been added.
+
+
+.. versionchanged:: 1.9
+
+   The attribute ``internal_reference`` has been added.
 
 
 Endpoints
@@ -130,24 +95,8 @@ Endpoints
             "number": "SAMPLECONF-00001",
             "order": "ABC12",
             "is_cancellation": false,
-            "invoice_from_name": "Big Events LLC",
-            "invoice_from": "Demo street 12",
-            "invoice_from_zipcode":"",
-            "invoice_from_city":"Demo town",
-            "invoice_from_country":"US",
-            "invoice_from_tax_id":"",
-            "invoice_from_vat_id":"",
-            "invoice_to": "Sample company\nJohn Doe\nTest street 12\n12345 Testington\nTestikistan\nVAT-ID: EU123456789",
-            "invoice_to_company": "Sample company",
-            "invoice_to_name": "John Doe",
-            "invoice_to_street": "Test street 12",
-            "invoice_to_zipcode": "12345",
-            "invoice_to_city": "Testington",
-            "invoice_to_state": null,
-            "invoice_to_country": "TE",
-            "invoice_to_vat_id": "EU123456789",
-            "invoice_to_beneficiary": "",
-            "custom_field": null,
+            "invoice_from": "Big Events LLC\nDemo street 12\nDemo town",
+            "invoice_to": "Sample company\nJohn Doe\nTest street 12\n12345 Testington\nTestikistan\nVAT ID: EU123456789",
             "date": "2017-12-01",
             "refers": null,
             "locale": "en",
@@ -158,13 +107,7 @@ Endpoints
             "footer_text": "Big Events LLC - Registration No. 123456 - VAT ID: EU0987654321",
             "lines": [
               {
-                "position": 1,
                 "description": "Budget Ticket",
-                "item": 1234,
-                "variation": 245,
-                "event_date_from": "2017-12-27T10:00:00Z",
-                "event_date_to": null,
-                "attendee_name": null,
                 "gross_value": "23.00",
                 "tax_value": "0.00",
                 "tax_name": "VAT",
@@ -216,24 +159,8 @@ Endpoints
         "number": "SAMPLECONF-00001",
         "order": "ABC12",
         "is_cancellation": false,
-        "invoice_from_name": "Big Events LLC",
-        "invoice_from": "Demo street 12",
-        "invoice_from_zipcode":"",
-        "invoice_from_city":"Demo town",
-        "invoice_from_country":"US",
-        "invoice_from_tax_id":"",
-        "invoice_from_vat_id":"",
-        "invoice_to": "Sample company\nJohn Doe\nTest street 12\n12345 Testington\nTestikistan\nVAT-ID: EU123456789",
-        "invoice_to_company": "Sample company",
-        "invoice_to_name": "John Doe",
-        "invoice_to_street": "Test street 12",
-        "invoice_to_zipcode": "12345",
-        "invoice_to_city": "Testington",
-        "invoice_to_state": null,
-        "invoice_to_country": "TE",
-        "invoice_to_vat_id": "EU123456789",
-        "invoice_to_beneficiary": "",
-        "custom_field": null,
+        "invoice_from": "Big Events LLC\nDemo street 12\nDemo town",
+        "invoice_to": "Sample company\nJohn Doe\nTest street 12\n12345 Testington\nTestikistan\nVAT ID: EU123456789",
         "date": "2017-12-01",
         "refers": null,
         "locale": "en",
@@ -244,13 +171,7 @@ Endpoints
         "footer_text": "Big Events LLC - Registration No. 123456 - VAT ID: EU0987654321",
         "lines": [
           {
-            "position": 1,
             "description": "Budget Ticket",
-            "item": 1234,
-            "variation": 245,
-            "event_date_from": "2017-12-27T10:00:00Z",
-            "event_date_to": null,
-            "attendee_name": null,
             "gross_value": "23.00",
             "tax_value": "0.00",
             "tax_name": "VAT",

doc/api/resources/item_add-ons.rst

@@ -24,10 +24,13 @@ addon_category                        integer                    Internal ID of
 min_count                             integer                    The minimal number of add-ons that need to be chosen.
 max_count                             integer                    The maximal number of add-ons that can be chosen.
 position                              integer                    An integer, used for sorting
-multi_allowed                         boolean                    Adding the same item multiple times is allowed
 price_included                        boolean                    Adding this add-on to the item is free
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 1.12
+
+   This resource has been added.
+
 Endpoints
 ---------
 
@@ -62,7 +65,6 @@ Endpoints
             "min_count": 0,
             "max_count": 10,
             "position": 0,
-            "multi_allowed": false,
             "price_included": true
           },
           {
@@ -71,7 +73,6 @@ Endpoints
             "min_count": 0,
             "max_count": 10,
             "position": 1,
-            "multi_allowed": false,
             "price_included": true
           }
         ]
@@ -111,7 +112,6 @@ Endpoints
         "min_count": 0,
         "max_count": 10,
         "position": 1,
-        "multi_allowed": false,
         "price_included": true
       }
 
@@ -134,14 +134,13 @@ Endpoints
       POST /api/v1/organizers/(organizer)/events/(event)/items/(item)/addons/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "addon_category": 1,
         "min_count": 0,
         "max_count": 10,
         "position": 1,
-        "multi_allowed": false,
         "price_included": true
       }
 
@@ -159,7 +158,6 @@ Endpoints
         "min_count": 0,
         "max_count": 10,
         "position": 1,
-        "multi_allowed": false,
         "price_included": true
       }
 
@@ -208,7 +206,6 @@ Endpoints
         "min_count": 0,
         "max_count": 10,
         "position": 1,
-        "multi_allowed": false,
         "price_included": true
       }
 

doc/api/resources/item_bundles.rst

@@ -30,6 +30,10 @@ designated_price                      money (string)             Designated pric
                                                                  taxation. This is not added to the price.
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 2.6
+
+   This resource has been added.
+
 Endpoints
 ---------
 
@@ -130,7 +134,7 @@ Endpoints
       POST /api/v1/organizers/(organizer)/events/(event)/items/(item)/bundles/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "bundled_item": 3,

doc/api/resources/item_variations.rst

@@ -26,6 +26,14 @@ description                           multi-lingual string       A public descri
 position                              integer                    An integer, used for sorting
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 2.7
+
+   The attribute ``original_price`` has been added.
+
+.. versionchanged:: 1.12
+
+   This resource has been added.
+
 Endpoints
 ---------
 
@@ -144,7 +152,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/items/1/variations/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "value": {"en": "Student"},

doc/api/resources/items.rst

@@ -36,17 +36,14 @@ admission                             boolean                    ``true`` for it
                                                                  (such as primary tickets) and ``false`` for others
                                                                  (such as add-ons or merchandise).
 position                              integer                    An integer, used for sorting
-picture                               file                       A product picture to be displayed in the shop
-                                                                 (can be ``null``).
+picture                               string                     A product picture to be displayed in the shop
+                                                                 (read-only, can be ``null``).
 sales_channels                        list of strings            Sales channels this product is available on, such as
                                                                  ``"web"`` or ``"resellers"``. Defaults to ``["web"]``.
 available_from                        datetime                   The first date time at which this item can be bought
                                                                  (or ``null``).
 available_until                       datetime                   The last date time at which this item can be bought
                                                                  (or ``null``).
-hidden_if_available                   integer                    The internal ID of a quota object, or ``null``. If
-                                                                 set, this item won't be shown publicly as long as this
-                                                                 quota is available.
 require_voucher                       boolean                    If ``true``, this item can only be bought using a
                                                                  voucher that is specifically assigned to this item.
 hide_without_voucher                  boolean                    If ``true``, this item is only shown during the voucher
@@ -75,11 +72,6 @@ generate_tickets                      boolean                    If ``false``, t
                                                                  non-admission or add-on product, regardless of event
                                                                  settings. If this is ``null``, regular ticketing
                                                                  rules apply.
-allow_waitinglist                     boolean                    If ``false``, no waiting list will be shown for this
-                                                                 product when it is sold out.
-issue_giftcard                        boolean                    If ``true``, buying this product will yield a gift card.
-show_quota_left                       boolean                    Publicly show how many tickets are still available.
-                                                                 If this is ``null``, the event default is used.
 has_variations                        boolean                    Shows whether or not this item has variations.
 variations                            list of objects            A list with one object for each variation of this item.
                                                                  Can be empty. Only writable during creation,
@@ -104,7 +96,6 @@ addons                                list of objects            Definition of a
 ├ min_count                           integer                    The minimal number of add-ons that need to be chosen.
 ├ max_count                           integer                    The maximal number of add-ons that can be chosen.
 ├ position                            integer                    An integer, used for sorting
-├ multi_allowed                       boolean                    Adding the same item multiple times is allowed
 └ price_included                      boolean                    Adding this add-on to the item is free
 bundles                               list of objects            Definition of bundles that are included in this item.
                                                                  Only writable during creation,
@@ -115,16 +106,41 @@ bundles                               list of objects            Definition of b
 └ designated_price                    money (string)             Designated price of the bundled product. This will be
                                                                  used to split the price of the base item e.g. for mixed
                                                                  taxation. This is not added to the price.
-meta_data                             object                     Values set for event-specific meta data parameters.
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.7
+.. versionchanged:: 2.7
 
-   The attribute ``meta_data`` has been added.
+   The attribute ``original_price`` has been added for ``variations``.
 
-.. versionchanged:: 3.10
+.. versionchanged:: 1.7
 
-   The attribute ``multi_allowed`` has been added to ``addons``.
+   The attribute ``tax_rule`` has been added. ``tax_rate`` is kept for compatibility. The attribute
+   ``checkin_attention`` has been added.
+
+.. versionchanged:: 1.12
+
+   The write operations ``POST``, ``PATCH``, ``PUT``, and ``DELETE`` have been added.
+   The attribute ``price_included`` has been added to ``addons``.
+
+.. versionchanged:: 1.16
+
+   The ``internal_name`` and ``original_price`` fields have been added.
+
+.. versionchanged:: 2.0
+
+   The field ``require_approval`` has been added.
+
+.. versionchanged:: 2.3
+
+   The ``sales_channels`` attribute has been added.
+
+.. versionchanged:: 2.4
+
+   The ``generate_tickets`` attribute has been added.
+
+.. versionchanged:: 2.6
+
+   The ``bundles`` and ``require_bundling`` attributes have been added.
 
 Notes
 -----
@@ -179,13 +195,10 @@ Endpoints
             "tax_rate": "0.00",
             "tax_rule": 1,
             "admission": false,
-            "issue_giftcard": false,
-            "meta_data": {},
             "position": 0,
             "picture": null,
             "available_from": null,
             "available_until": null,
-            "hidden_if_available": null,
             "require_voucher": false,
             "hide_without_voucher": false,
             "allow_cancel": true,
@@ -194,8 +207,6 @@ Endpoints
             "checkin_attention": false,
             "has_variations": false,
             "generate_tickets": null,
-            "allow_waitinglist": true,
-            "show_quota_left": null,
             "require_approval": false,
             "require_bundling": false,
             "variations": [
@@ -275,19 +286,14 @@ Endpoints
         "tax_rate": "0.00",
         "tax_rule": 1,
         "admission": false,
-        "issue_giftcard": false,
-        "meta_data": {},
         "position": 0,
         "picture": null,
         "available_from": null,
         "available_until": null,
-        "hidden_if_available": null,
         "require_voucher": false,
         "hide_without_voucher": false,
         "allow_cancel": true,
         "generate_tickets": null,
-        "allow_waitinglist": true,
-        "show_quota_left": null,
         "min_per_order": null,
         "max_per_order": null,
         "checkin_attention": false,
@@ -336,7 +342,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/items/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "id": 1,
@@ -352,19 +358,14 @@ Endpoints
         "tax_rate": "0.00",
         "tax_rule": 1,
         "admission": false,
-        "issue_giftcard": false,
-        "meta_data": {},
         "position": 0,
         "picture": null,
         "available_from": null,
         "available_until": null,
-        "hidden_if_available": null,
         "require_voucher": false,
         "hide_without_voucher": false,
         "allow_cancel": true,
         "generate_tickets": null,
-        "allow_waitinglist": true,
-        "show_quota_left": null,
         "min_per_order": null,
         "max_per_order": null,
         "checkin_attention": false,
@@ -416,21 +417,16 @@ Endpoints
         "tax_rate": "0.00",
         "tax_rule": 1,
         "admission": false,
-        "issue_giftcard": false,
-        "meta_data": {},
         "position": 0,
         "picture": null,
         "available_from": null,
         "available_until": null,
-        "hidden_if_available": null,
         "require_voucher": false,
         "hide_without_voucher": false,
         "allow_cancel": true,
         "min_per_order": null,
         "max_per_order": null,
         "generate_tickets": null,
-        "allow_waitinglist": true,
-        "show_quota_left": null,
         "checkin_attention": false,
         "has_variations": true,
         "require_approval": false,
@@ -512,18 +508,13 @@ Endpoints
         "tax_rate": "0.00",
         "tax_rule": 1,
         "admission": false,
-        "issue_giftcard": false,
-        "meta_data": {},
         "position": 0,
         "picture": null,
         "available_from": null,
         "available_until": null,
-        "hidden_if_available": null,
         "require_voucher": false,
         "hide_without_voucher": false,
         "generate_tickets": null,
-        "allow_waitinglist": true,
-        "show_quota_left": null,
         "allow_cancel": true,
         "min_per_order": null,
         "max_per_order": null,

doc/api/resources/orders.rst

@@ -30,7 +30,6 @@ testmode                              boolean                    If ``true``, th
                                                                  test mode. Only orders in test mode can be deleted.
 secret                                string                     The secret contained in the link sent to the customer
 email                                 string                     The customer email address
-phone                                 string                     The customer phone number
 locale                                string                     The locale used for communication with this customer
 sales_channel                         string                     Channel this sale was created through, such as
                                                                  ``"web"``.
@@ -54,18 +53,15 @@ invoice_address                       object                     Invoice address
 ├ street                              string                     Customer street
 ├ zipcode                             string                     Customer ZIP code
 ├ city                                string                     Customer city
-├ country                             string                     Customer country code
-├ state                               string                     Customer state (ISO 3166-2 code). Only supported in
-                                                                 AU, BR, CA, CN, MY, MX, and US.
+├ country                             string                     Customer country
 ├ internal_reference                  string                     Customer's internal reference to be printed on the invoice
 ├ vat_id                              string                     Customer VAT ID
 └ vat_id_validated                    string                     ``true``, if the VAT ID has been validated against the
                                                                  EU VAT service and validation was successful. This only
                                                                  happens in rare cases.
-positions                             list of objects            List of order positions (see below). By default, only
-                                                                 non-canceled positions are included.
-fees                                  list of objects            List of fees included in the order total. By default, only
-                                                                 non-canceled fees are included.
+positions                             list of objects            List of non-canceled order positions (see below)
+fees                                  list of objects            List of non-canceled fees included in the order total
+                                                                 (i.e. payment fees)
 ├ fee_type                            string                     Type of fee (currently ``payment``, ``passbook``,
                                                                  ``other``)
 ├ value                               money (string)             Fee amount
@@ -74,8 +70,7 @@ fees                                  list of objects            List of fees in
                                                                  can be empty
 ├ tax_rate                            decimal (string)           VAT rate applied for this fee
 ├ tax_value                           money (string)             VAT included in this fee
-├ tax_rule                            integer                    The ID of the used tax rule (or ``null``)
-└ canceled                            boolean                    Whether or not this fee has been canceled.
+└ tax_rule                            integer                    The ID of the used tax rule (or ``null``)
 downloads                             list of objects            List of ticket download options for order-wise ticket
                                                                  downloading. This might be a multi-page PDF or a ZIP
                                                                  file of tickets for outputs that do not support
@@ -87,37 +82,60 @@ require_approval                      boolean                    If ``true`` and
                                                                  needs approval by an organizer before it can
                                                                  continue. If ``true`` and the order is canceled,
                                                                  this order has been denied by the event organizer.
-url                                   string                     The full URL to the order confirmation page
 payments                              list of objects            List of payment processes (see below)
 refunds                               list of objects            List of refund processes (see below)
 last_modified                         datetime                   Last modification of this object
 ===================================== ========================== =======================================================
 
 
-.. versionchanged:: 3.5
+.. versionchanged:: 1.6
 
-   The ``order.fees.canceled`` attribute has been added.
+   The ``invoice_address.country`` attribute contains a two-letter country code for all new orders. For old orders,
+   a custom text might still be returned.
 
-.. versionchanged:: 3.8
+.. versionchanged:: 1.7
 
-   The ``reactivate`` operation has been added.
+   The attributes ``invoice_address.vat_id_validated`` and ``invoice_address.is_business`` have been added.
+   The attributes ``order.payment_fee``, ``order.payment_fee_tax_rate`` and ``order.payment_fee_tax_value`` have been
+   deprecated in favor of the new ``fees`` attribute but will still be served and removed in 1.9.
 
-.. versionchanged:: 3.10
+.. versionchanged:: 1.9
 
-   The ``search`` query parameter has been added.
+   First write operations (``…/mark_paid/``, ``…/mark_pending/``, ``…/mark_canceled/``, ``…/mark_expired/``) have been added.
+   The attribute ``invoice_address.internal_reference`` has been added.
 
-.. versionchanged:: 3.11
+.. versionchanged:: 1.13
 
-   The ``exclude`` and ``subevent_after`` query parameter has been added.
+   The field ``checkin_attention`` has been added.
 
-.. versionchanged:: 3.13
+.. versionchanged:: 1.15
 
-   The ``subevent_before`` query parameter has been added.
+   The attributes ``order.payment_fee``, ``order.payment_fee_tax_rate``, ``order.payment_fee_tax_value`` and
+   ``order.payment_fee_tax_rule`` have finally been removed.
 
-.. versionchanged:: 3.14
+.. versionchanged:: 1.16
 
-   The ``phone`` attribute has been added.
+   The attributes ``order.last_modified`` as well as the corresponding filters to the resource have been added.
+   An endpoint for order creation as well as ``…/mark_refunded/`` has been added.
 
+.. versionchanged:: 2.0
+
+   The ``order.payment_date`` and ``order.payment_provider`` attributes have been deprecated in favor of the new
+   nested ``payments`` and ``refunds`` resources, but will still be served and removed in 2.2. The ``require_approval``
+   attribute has been added, as have been the ``…/approve/`` and ``…/deny/`` endpoints.
+
+.. versionchanged:: 2.3
+
+   The ``sales_channel`` attribute has been added.
+
+.. versionchanged:: 2.4:
+
+   ``order.status`` can no longer be ``r``, ``…/mark_canceled/`` now accepts a ``cancellation_fee`` parameter and
+   ``…/mark_refunded/`` has been deprecated.
+
+.. versionchanged:: 2.5:
+
+   The ``testmode`` attribute has been added and ``DELETE`` has been implemented for orders.
 
 .. _order-position-resource:
 
@@ -132,21 +150,12 @@ Field                                 Type                       Description
 id                                    integer                    Internal ID of the order position
 order                                 string                     Order code of the order the position belongs to
 positionid                            integer                    Number of the position within the order
-canceled                              boolean                    Whether or not this position has been canceled. Note that
-                                                                 by default, only non-canceled positions are shown.
 item                                  integer                    ID of the purchased item
 variation                             integer                    ID of the purchased variation (or ``null``)
 price                                 money (string)             Price of this position
 attendee_name                         string                     Specified attendee name for this position (or ``null``)
 attendee_name_parts                   object of strings          Decomposition of attendee name (i.e. given name, family name)
 attendee_email                        string                     Specified attendee email address for this position (or ``null``)
-company                               string                     Attendee company name (or ``null``)
-street                                string                     Attendee street (or ``null``)
-zipcode                               string                     Attendee ZIP code (or ``null``)
-city                                  string                     Attendee city (or ``null``)
-country                               string                     Attendee country code (or ``null``)
-state                                 string                     Attendee state (ISO 3166-2 code). Only supported in
-                                                                 AU, BR, CA, CN, MY, MX, and US, otherwise ``null``.
 voucher                               integer                    Internal ID of the voucher used for this position (or ``null``)
 tax_rate                              decimal (string)           VAT rate applied for this position
 tax_value                             money (string)             VAT included in this position
@@ -156,49 +165,37 @@ addon_to                              integer                    Internal ID of
 subevent                              integer                    ID of the date inside an event series this position belongs to (or ``null``).
 pseudonymization_id                   string                     A random ID, e.g. for use in lead scanning apps
 checkins                              list of objects            List of check-ins with this ticket
-├ id                                  integer                    Internal ID of the check-in event
 ├ list                                integer                    Internal ID of the check-in list
-├ datetime                            datetime                   Time of check-in
-├ type                                string                     Type of scan (defaults to ``entry``)
-└ auto_checked_in                     boolean                    Indicates if this check-in been performed automatically by the system
+└ datetime                            datetime                   Time of check-in
 downloads                             list of objects            List of ticket download options
 ├ output                              string                     Ticket output provider (e.g. ``pdf``, ``passbook``)
 └ url                                 string                     Download URL
 answers                               list of objects            Answers to user-defined questions
 ├ question                            integer                    Internal ID of the answered question
-├ answer                              string                     Text representation of the answer (URL if answer is a file)
+├ answer                              string                     Text representation of the answer
 ├ question_identifier                 string                     The question's ``identifier`` field
 ├ options                             list of integers           Internal IDs of selected option(s)s (only for choice types)
 └ option_identifiers                  list of strings            The ``identifier`` fields of the selected option(s)s
-seat                                  objects                    The assigned seat. Can be ``null``.
-├ id                                  integer                    Internal ID of the seat instance
-├ name                                string                     Human-readable seat name
-└ seat_guid                           string                     Identifier of the seat within the seating plan
 pdf_data                              object                     Data object required for ticket PDF generation. By default,
                                                                  this field is missing. It will be added only if you add the
                                                                  ``pdf_data=true`` query parameter to your request.
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.3
+.. versionchanged:: 1.7
 
-  The ``url`` of a ticket ``download`` can now also return a ``text/uri-list`` instead of a file. See
-  :ref:`order-position-ticket-download` for details.
+   The attribute ``tax_rule`` has been added.
 
-.. versionchanged:: 3.5
+.. versionchanged:: 1.11
 
-  The attribute ``canceled`` has been added.
+   The attribute ``checkins.list`` has been added.
 
-.. versionchanged:: 3.8
+.. versionchanged:: 1.14
 
-  The attributes ``company``, ``street``, ``zipcode``, ``city``, ``country``, and ``state`` have been added.
+  The attributes ``answers.question_identifier`` and ``answers.option_identifiers`` have been added.
 
-.. versionchanged:: 3.9
+.. versionchanged:: 1.16
 
-  The ``checkin.type`` attribute has been added.
-
-.. versionchanged:: 3.16
-
-   Answers to file questions are now returned as an URL.
+  The attributes ``pseudonymization_id`` and ``pdf_data`` have been added.
 
 .. _order-payment-resource:
 
@@ -216,19 +213,13 @@ amount                                money (string)             Payment amount
 created                               datetime                   Date and time of creation of this payment
 payment_date                          datetime                   Date and time of completion of this payment (or ``null``)
 provider                              string                     Identification string of the payment provider
-payment_url                           string                     The URL where an user can continue with the payment (or ``null``)
-details                               object                     Payment-specific information. This is a dictionary
-                                                                 with various fields that can be different between
-                                                                 payment providers, versions, payment states, etc. If
-                                                                 you read this field, you always need to be able to
-                                                                 deal with situations where values that you expect are
-                                                                 missing. Mostly, the field contains various IDs that
-                                                                 can be used for matching with other systems. If a
-                                                                 payment provider does not implement this feature,
-                                                                 the object is empty.
 ===================================== ========================== =======================================================
 
-.. _order-refund-resource:
+.. versionchanged:: 2.0
+
+  This resource has been added.
+
+.. _order-payment-resource:
 
 Order refund resource
 ---------------------
@@ -243,17 +234,20 @@ state                                 string                     Payment state,
 source                                string                     How this refund has been created, one of ``buyer``, ``admin``, or ``external``
 amount                                money (string)             Payment amount
 created                               datetime                   Date and time of creation of this payment
-comment                               string                     Reason for refund (shown to the customer in some cases, can be ``null``).
-execution_date                        datetime                   Date and time of completion of this refund (or ``null``)
+payment_date                          datetime                   Date and time of completion of this payment (or ``null``)
 provider                              string                     Identification string of the payment provider
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 2.0
+
+  This resource has been added.
+
 List of all orders
 ------------------
 
-.. versionchanged:: 3.5
+.. versionchanged:: 1.15
 
-   The ``include_canceled_positions`` and ``include_canceled_fees`` query parameters have been added.
+   Filtering for emails or order codes is now case-insensitive.
 
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/orders/
 
@@ -286,9 +280,7 @@ List of all orders
             "status": "p",
             "testmode": false,
             "secret": "k24fiuwvu8kxz3y1",
-            "url": "https://test.pretix.eu/dummy/dummy/order/ABC12/k24fiuwvu8kxz3y1/",
             "email": "tester@example.org",
-            "phone": "+491234567",
             "locale": "en",
             "sales_channel": "web",
             "datetime": "2017-12-01T10:00:00Z",
@@ -310,8 +302,7 @@ List of all orders
                 "street": "Test street 12",
                 "zipcode": "12345",
                 "city": "Testington",
-                "country": "DE",
-                "state": "",
+                "country": "Testikistan",
                 "internal_reference": "",
                 "vat_id": "EU123456789",
                 "vat_id_validated": false
@@ -321,7 +312,6 @@ List of all orders
                 "id": 23442,
                 "order": "ABC12",
                 "positionid": 1,
-                "canceled": false,
                 "item": 1345,
                 "variation": null,
                 "price": "23.00",
@@ -330,12 +320,6 @@ List of all orders
                   "full_name": "Peter",
                 },
                 "attendee_email": null,
-                "company": "Sample company",
-                "street": "Test street 12",
-                "zipcode": "12345",
-                "city": "Testington",
-                "country": "DE",
-                "state": null,
                 "voucher": null,
                 "tax_rate": "0.00",
                 "tax_value": "0.00",
@@ -344,13 +328,10 @@ List of all orders
                 "addon_to": null,
                 "subevent": null,
                 "pseudonymization_id": "MQLJvANO3B",
-                "seat": null,
                 "checkins": [
                   {
                     "list": 44,
-                    "type": "entry",
-                    "datetime": "2017-12-25T12:45:23Z",
-                    "auto_checked_in": false
+                    "datetime": "2017-12-25T12:45:23Z"
                   }
                 ],
                 "answers": [
@@ -383,8 +364,6 @@ List of all orders
                 "amount": "23.00",
                 "created": "2017-12-01T10:00:00Z",
                 "payment_date": "2017-12-04T12:13:12Z",
-                "payment_url": null,
-                "details": {},
                 "provider": "banktransfer"
               }
             ],
@@ -398,22 +377,15 @@ List of all orders
                            ``last_modified``, and ``status``. Default: ``datetime``
    :query string code: Only return orders that match the given order code
    :query string status: Only return orders in the given order status (see above)
-   :query string search: Only return orders matching a given search query
    :query boolean testmode: Only return orders with ``testmode`` set to ``true`` or ``false``
    :query boolean require_approval: If set to ``true`` or ``false``, only categories with this value for the field
                                     ``require_approval`` will be returned.
-   :query include_canceled_positions: If set to ``true``, the output will contain canceled order positions. Note that this
-                                      only affects position-level cancellations, not fully-canceled orders.
-   :query include_canceled_fees: If set to ``true``, the output will contain canceled order fees.
    :query string email: Only return orders created with the given email address
    :query string locale: Only return orders with the given customer locale
    :query datetime modified_since: Only return orders that have changed since the given date. Be careful: We only
        recommend using this in combination with ``testmode=false``, since test mode orders can vanish at any time and
        you will not notice it using this method.
    :query datetime created_since: Only return orders that have been created since the given date.
-   :query datetime subevent_after: Only return orders that contain a ticket for a subevent taking place after the given date. This is an exclusive after, and it considers the **end** of the subevent (or its start, if the end is not set).
-   :query datetime subevent_before: Only return orders that contain a ticket for a subevent taking place after the given date. This is an exclusive before, and it considers the **start** of the subevent.
-   :query string exclude: Exclude a field from the output, e.g. ``fees`` or ``positions.downloads``. Can be used as a performance optimization. Can be passed multiple times.
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch
    :resheader X-Page-Generated: The server time at the beginning of the operation. If you're using this API to fetch
@@ -425,10 +397,6 @@ List of all orders
 Fetching individual orders
 --------------------------
 
-.. versionchanged:: 3.5
-
-   The ``include_canceled_positions`` and ``include_canceled_fees`` query parameters have been added.
-
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/
 
    Returns information on one order, identified by its order code.
@@ -454,9 +422,7 @@ Fetching individual orders
         "status": "p",
         "testmode": false,
         "secret": "k24fiuwvu8kxz3y1",
-        "url": "https://test.pretix.eu/dummy/dummy/order/ABC12/k24fiuwvu8kxz3y1/",
         "email": "tester@example.org",
-        "phone": "+491234567",
         "locale": "en",
         "sales_channel": "web",
         "datetime": "2017-12-01T10:00:00Z",
@@ -478,8 +444,7 @@ Fetching individual orders
             "street": "Test street 12",
             "zipcode": "12345",
             "city": "Testington",
-            "country": "DE",
-            "state": "",
+            "country": "Testikistan",
             "internal_reference": "",
             "vat_id": "EU123456789",
             "vat_id_validated": false
@@ -489,7 +454,6 @@ Fetching individual orders
             "id": 23442,
             "order": "ABC12",
             "positionid": 1,
-            "canceled": false,
             "item": 1345,
             "variation": null,
             "price": "23.00",
@@ -498,12 +462,6 @@ Fetching individual orders
               "full_name": "Peter",
             },
             "attendee_email": null,
-            "company": "Sample company",
-            "street": "Test street 12",
-            "zipcode": "12345",
-            "city": "Testington",
-            "country": "DE",
-            "state": null,
             "voucher": null,
             "tax_rate": "0.00",
             "tax_rule": null,
@@ -512,13 +470,10 @@ Fetching individual orders
             "addon_to": null,
             "subevent": null,
             "pseudonymization_id": "MQLJvANO3B",
-            "seat": null,
             "checkins": [
               {
                 "list": 44,
-                "type": "entry",
-                "datetime": "2017-12-25T12:45:23Z",
-                "auto_checked_in": false
+                "datetime": "2017-12-25T12:45:23Z"
               }
             ],
             "answers": [
@@ -551,8 +506,6 @@ Fetching individual orders
             "amount": "23.00",
             "created": "2017-12-01T10:00:00Z",
             "payment_date": "2017-12-04T12:13:12Z",
-            "payment_url": null,
-            "details": {},
             "provider": "banktransfer"
           }
         ],
@@ -562,9 +515,6 @@ Fetching individual orders
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch
    :param code: The ``code`` field of the order to fetch
-   :query include_canceled_positions: If set to ``true``, the output will contain canceled order positions. Note that this
-                                      only affects position-level cancellations, not fully-canceled orders.
-   :query include_canceled_fees: If set to ``true``, the output will contain canceled order fees.
    :statuscode 200: no error
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
@@ -623,8 +573,6 @@ Updating order fields
 
    * ``email``
 
-   * ``phone``
-
    * ``checkin_attention``
 
    * ``locale``
@@ -733,8 +681,6 @@ Deleting orders
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to delete this resource **or** the order may not be deleted.
    :statuscode 404: The requested order does not exist.
 
-.. _rest-orders-create:
-
 Creating orders
 ---------------
 
@@ -742,6 +688,8 @@ Creating orders
 
    Creates a new order.
 
+   .. warning:: This endpoint is considered **experimental**. It might change at any time without prior notice.
+
    .. warning::
 
        This endpoint is intended for advanced users. It is not designed to be used to build your own shop frontend,
@@ -760,20 +708,24 @@ Creating orders
 
        * does not validate the number of items per order or the number of times an item can be included in an order
 
-       * does not validate any requirements related to add-on products and does not add bundled products automatically
+       * does not validate any requirements related to add-on products
 
-       * does not check prices but believes any prices you send
+       * does not check or calculate prices but believes any prices you send
+
+       * does not support the redemption of vouchers
 
        * does not prevent you from buying items that can only be bought with a voucher
 
-       * does not calculate fees automatically
+       * does not calculate fees
 
        * does not allow to pass data to plugins and will therefore cause issues with some plugins like the shipping
          module
 
-       * does not support file upload questions
+       * does not send order confirmations via email
 
-       * does not support redeeming gift cards
+       * does not support reverse charge taxation
+
+       * does not support file upload questions
 
    You can supply the following fields of the resource:
 
@@ -785,15 +737,14 @@ Creating orders
      then call the ``mark_paid`` API method.
    * ``testmode`` (optional) – Defaults to ``false``
    * ``consume_carts`` (optional) – A list of cart IDs. All cart positions with these IDs will be deleted if the
-     order creation is successful. Any quotas or seats that become free by this operation will be credited to your order
+     order creation is successful. Any quotas that become free by this operation will be credited to your order
      creation.
-   * ``email`` (optional)
+   * ``email``
    * ``locale``
-   * ``sales_channel`` (optional)
-   * ``payment_provider`` (optional) – The identifier of the payment provider set for this order. This needs to be an
-     existing payment provider. You should use ``"free"`` for free orders, and we strongly advise to use ``"manual"``
-     for all orders you create as paid. This field is optional when the order status is ``"n"`` or the order total is
-     zero, otherwise it is required.
+   * ``sales_channel``
+   * ``payment_provider`` – The identifier of the payment provider set for this order. This needs to be an existing
+     payment provider. You should use ``"free"`` for free orders, and we strongly advise to use ``"manual"`` for all
+     orders you create as paid.
    * ``payment_info`` (optional) – You can pass a nested JSON object that will be set as the internal ``info``
      value of the payment object that will be created. How this value is handled is up to the payment provider and you
      should only use this if you know the specific payment provider in detail. Please keep in mind that the payment
@@ -811,32 +762,20 @@ Creating orders
       * ``zipcode``
       * ``city``
       * ``country``
-      * ``state``
       * ``internal_reference``
       * ``vat_id``
-      * ``vat_id_validated`` (optional) – If you need support for reverse charge (rarely the case), you need to check
-       yourself if the passed VAT ID is a valid EU VAT ID. In that case, set this to ``true``. Only valid VAT IDs will
-       trigger reverse charge taxation. Don't forget to set ``is_business`` as well!
 
    * ``positions``
 
       * ``positionid`` (optional, see below)
       * ``item``
-      * ``variation`` (optional)
-      * ``price`` (optional, if set to ``null`` or missing the price will be computed from the given product)
-      * ``seat`` (The ``seat_guid`` attribute of a seat. Required when the specified ``item`` requires a seat, otherwise must be ``null``.)
-      * ``attendee_name`` **or** ``attendee_name_parts`` (optional)
-      * ``voucher`` (optional, the ``code`` attribute of a valid voucher)
-      * ``attendee_email`` (optional)
-      * ``company`` (optional)
-      * ``street`` (optional)
-      * ``zipcode`` (optional)
-      * ``city`` (optional)
-      * ``country`` (optional)
-      * ``state`` (optional)
+      * ``variation``
+      * ``price``
+      * ``attendee_name`` **or** ``attendee_name_parts``
+      * ``attendee_email``
       * ``secret`` (optional)
       * ``addon_to`` (optional, see below)
-      * ``subevent`` (optional)
+      * ``subevent``
       * ``answers``
 
         * ``question``
@@ -850,32 +789,14 @@ Creating orders
       * ``description``
       * ``internal_type``
       * ``tax_rule``
-      * ``_treat_value_as_percentage`` (Optional convenience flag. If set to ``true``, your ``value`` parameter will
-        be treated as a percentage and the fee will be calculated using that percentage and the sum of all product
-        prices. Note that this will not include other fees and is calculated once during order generation and will not
-        be respected automatically when the order changes later.)
-      * ``_split_taxes_like_products`` (Optional convenience flag. If set to ``true``, your ``tax_rule`` will be ignored
-        and the fee will be taxed like the products in the order. If the products have multiple tax rates, multiple fees
-        will be generated with weights adjusted to the net price of the products. Note that this will be calculated once
-        during order generation and is not respected automatically when the order changes later.)
 
    * ``force`` (optional). If set to ``true``, quotas will be ignored.
-   * ``send_email`` (optional). If set to ``true``, the same emails will be sent as for a regular order, regardless of
-     whether these emails are enabled for certain sales channels. Defaults to
-     ``false``. Used to be ``send_mail`` before pretix 3.14.
 
    If you want to use add-on products, you need to set the ``positionid`` fields of all positions manually
    to incrementing integers starting with ``1``. Then, you can reference one of these
    IDs in the ``addon_to`` field of another position. Note that all add_ons for a specific position need to come
    immediately after the position itself.
 
-   Starting with pretix 3.7, you can add ``"simulate": true`` to the body to do a "dry run" of your order. This will
-   validate your order and return you an order object with the resulting prices, but will not create an actual order.
-   You can use this for testing or to look up prices. In this case, some attributes are ignored, such as whether
-   to send an email or what payment provider will be used. Note that some returned fields will contain empty values
-   (e.g. all ``id`` fields of positions will be zero) and some will contain fake values (e.g. the order code will
-   always be ``PREVIEW``). pretix plugins will not be triggered, so some special behavior might be missing as well.
-
    **Example request**:
 
    .. sourcecode:: http
@@ -907,7 +828,6 @@ Creating orders
           "zipcode": "12345",
           "city": "Sample City",
           "country": "UK",
-          "state": "",
           "internal_reference": "",
           "vat_id": ""
         },
@@ -931,7 +851,7 @@ Creating orders
             ],
             "subevent": null
           }
-        ]
+        ],
       }
 
    **Example response**:
@@ -955,10 +875,6 @@ Creating orders
 Order state operations
 ----------------------
 
-.. versionchanged:: 3.12
-
-   The ``mark_paid`` operation now takes a ``send_email`` parameter.
-
 .. http:post:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/mark_paid/
 
    Marks a pending or expired order as successfully paid.
@@ -970,11 +886,6 @@ Order state operations
       POST /api/v1/organizers/bigevents/events/sampleconf/orders/ABC12/mark_paid/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-          "send_email": true
-      }
 
    **Example response**:
 
@@ -1044,42 +955,6 @@ Order state operations
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
    :statuscode 404: The requested order does not exist.
 
-.. http:post:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/reactivate/
-
-   Reactivates a canceled order. This will set the order to pending or paid state. Only possible if all products are
-   still available.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/events/sampleconf/orders/ABC12/reactivate/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "code": "ABC12",
-        "status": "n",
-        ...
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param event: The ``slug`` field of the event to modify
-   :param code: The ``code`` field of the order to modify
-   :statuscode 200: no error
-   :statuscode 400: The order cannot be reactivated
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested order does not exist.
-
 .. http:post:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/mark_pending/
 
    Marks a paid order as unpaid.
@@ -1356,9 +1231,18 @@ Sending e-mails
 List of all order positions
 ---------------------------
 
-.. versionchanged:: 3.5
+.. versionchanged:: 1.15
 
-   The ``include_canceled_positions`` and ``include_canceled_fees`` query parameters have been added.
+   The order positions endpoint has been extended by the filter queries ``item__in``, ``variation__in``,
+   ``order__status__in``, ``subevent__in``, ``addon_to__in`` and ``search``. The search for attendee names and order
+   codes is now case-insensitive.
+
+.. versionchanged:: 2.0
+
+   The order positions endpoint has been extended by the filter queries ``voucher``, ``voucher__code`` and
+   ``pseudonymization_id``.
+
+.. note:: Individually canceled order positions are currently not visible via the API at all.
 
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/orderpositions/
 
@@ -1389,7 +1273,6 @@ List of all order positions
             "id": 23442,
             "order": "ABC12",
             "positionid": 1,
-            "canceled": false,
             "item": 1345,
             "variation": null,
             "price": "23.00",
@@ -1404,15 +1287,12 @@ List of all order positions
             "tax_value": "0.00",
             "secret": "z3fsn8jyufm5kpk768q69gkbyr5f4h6w",
             "pseudonymization_id": "MQLJvANO3B",
-            "seat": null,
             "addon_to": null,
             "subevent": null,
             "checkins": [
               {
                 "list": 44,
-                "type": "entry",
-                "datetime": "2017-12-25T12:45:23Z",
-                "auto_checked_in": false
+                "datetime": "2017-12-25T12:45:23Z"
               }
             ],
             "answers": [
@@ -1460,8 +1340,6 @@ List of all order positions
                                 comma-separated IDs.
    :query string voucher: Only return positions with a specific voucher.
    :query string voucher__code: Only return positions with a specific voucher code.
-   :query include_canceled_positions: If set to ``true``, the output will contain canceled order positions. Note that this
-                                      only affects position-level cancellations, not fully-canceled orders.
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch
    :statuscode 200: no error
@@ -1495,7 +1373,6 @@ Fetching individual positions
         "id": 23442,
         "order": "ABC12",
         "positionid": 1,
-        "canceled": false,
         "item": 1345,
         "variation": null,
         "price": "23.00",
@@ -1512,13 +1389,10 @@ Fetching individual positions
         "addon_to": null,
         "subevent": null,
         "pseudonymization_id": "MQLJvANO3B",
-        "seat": null,
         "checkins": [
           {
             "list": 44,
-            "type": "entry",
-            "datetime": "2017-12-25T12:45:23Z",
-            "auto_checked_in": false
+            "datetime": "2017-12-25T12:45:23Z"
           }
         ],
         "answers": [
@@ -1541,14 +1415,11 @@ Fetching individual positions
    :param organizer: The ``slug`` field of the organizer to fetch
    :param event: The ``slug`` field of the event to fetch
    :param id: The ``id`` field of the order position to fetch
-   :query include_canceled_positions: If set to ``true``, canceled positions may be returned (otherwise, they return 404).
    :statuscode 200: no error
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
    :statuscode 404: The requested order position does not exist.
 
-.. _`order-position-ticket-download`:
-
 Order position ticket download
 ------------------------------
 
@@ -1558,11 +1429,6 @@ Order position ticket download
    Depending on the chosen output, the response might be a ZIP file, PDF file or something else. The order details
    response contains a list of output options for this particular order position.
 
-   Be aware that the output does not have to be a file, but can also be a regular HTTP response with a ``Content-Type``
-   set to ``text/uri-list``. In this case, the user is expected to navigate to that URL in order to access their ticket.
-   The referenced URL can provide a download or a regular, human-viewable website - so it is advised to open this URL
-   in a webbrowser and leave it up to the user to handle the result.
-
    Tickets can be only downloaded if the order is paid and if ticket downloads are active. Also, depending on event
    configuration downloads might be only unavailable for add-on products or non-admission products.
    Note that in some cases the ticket file might not yet have been created. In that case, you will receive a status
@@ -1602,68 +1468,6 @@ Order position ticket download
 Manipulating individual positions
 ---------------------------------
 
-.. versionchanged:: 3.15
-
-   The ``PATCH`` method has been added for individual positions.
-
-.. http:patch:: /api/v1/organizers/(organizer)/events/(event)/orderpositions/(id)/
-
-   Updates specific fields on an order position. Currently, only the following fields are supported:
-
-   * ``attendee_email``
-
-   * ``attendee_name_parts`` or ``attendee_name``
-
-   * ``company``
-
-   * ``street``
-
-   * ``zipcode``
-
-   * ``city``
-
-   * ``country``
-
-   * ``state``
-
-   * ``answers``: If specified, you will need to provide **all** answers for this order position.
-     Validation is handled the same way as when creating orders through the API. You are therefore
-     expected to provide ``question``, ``answer``, and possibly ``options``. ``question_identifier``
-     and ``option_identifiers`` will be ignored. As a special case, you can submit the magic value
-     ``"file:keep"`` as the answer to a file question to keep the current value without re-uploading it.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/events/sampleconf/orderpositions/23442/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "attendee_email": "other@example.org"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      (Full order resource, see above.)
-
-   :param organizer: The ``slug`` field of the organizer of the event
-   :param event: The ``slug`` field of the event
-   :param id: The ``id`` field of the order position to update
-
-   :statuscode 200: no error
-   :statuscode 400: The order could not be updated due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to update this order.
-
 .. http:delete:: /api/v1/organizers/(organizer)/events/(event)/orderpositions/(id)/
 
    Deletes an order position, identified by its internal ID.
@@ -1696,13 +1500,9 @@ Manipulating individual positions
 Order payment endpoints
 -----------------------
 
-.. versionchanged:: 3.6
+.. versionchanged:: 2.0
 
-   Payments can now be created through the API.
-
-.. versionchanged:: 3.12
-
-   The ``confirm`` operation now takes a ``send_email`` parameter.
+  These endpoints have been added.
 
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/payments/
 
@@ -1735,8 +1535,6 @@ Order payment endpoints
             "amount": "23.00",
             "created": "2017-12-01T10:00:00Z",
             "payment_date": "2017-12-04T12:13:12Z",
-            "payment_url": null,
-            "details": {},
             "provider": "banktransfer"
           }
         ]
@@ -1777,8 +1575,6 @@ Order payment endpoints
         "amount": "23.00",
         "created": "2017-12-01T10:00:00Z",
         "payment_date": "2017-12-04T12:13:12Z",
-        "payment_url": null,
-        "details": {},
         "provider": "banktransfer"
       }
 
@@ -1804,10 +1600,7 @@ Order payment endpoints
       Accept: application/json, text/javascript
       Content-Type: application/json
 
-      {
-          "send_email": true,
-          "force": false
-      }
+      {"force": false}
 
    **Example response**:
 
@@ -1915,66 +1708,14 @@ Order payment endpoints
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
    :statuscode 404: The requested order or payment does not exist.
 
-.. http:post:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/payments/
-
-   Creates a new payment.
-
-   Be careful with the ``info`` parameter: You can pass a nested JSON object that will be set as the internal ``info``
-   value of the payment object that will be created. How this value is handled is up to the payment provider and you
-   should only use this if you know the specific payment provider in detail. Please keep in mind that the payment
-   provider will not be called to do anything about this (i.e. if you pass a bank account to a debit provider, *no*
-   charge will be created), this is just informative in case you *handled the payment already*.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/events/sampleconf/orders/ABC12/payments/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "state": "confirmed",
-        "amount": "23.00",
-        "payment_date": "2017-12-04T12:13:12Z",
-        "info": {},
-        "send_email": false,
-        "provider": "banktransfer"
-      }
-
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "local_id": 1,
-        "state": "confirmed",
-        "amount": "23.00",
-        "created": "2017-12-01T10:00:00Z",
-        "payment_date": "2017-12-04T12:13:12Z",
-        "payment_url": null,
-        "details": {},
-        "provider": "banktransfer"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to access
-   :param event: The ``slug`` field of the event to access
-   :param order: The ``code`` field of the order to access
-   :statuscode 201: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested order does not exist.
-
 
 Order refund endpoints
 ----------------------
 
+.. versionchanged:: 2.0
+
+  These endpoints have been added.
+
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/orders/(code)/refunds/
 
    Returns a list of all refunds for an order.
@@ -2008,7 +1749,6 @@ Order refund endpoints
             "payment": 1,
             "created": "2017-12-01T10:00:00Z",
             "execution_date": "2017-12-04T12:13:12Z",
-            "comment": "Cancellation",
             "provider": "banktransfer"
           }
         ]
@@ -2051,7 +1791,6 @@ Order refund endpoints
         "payment": 1,
         "created": "2017-12-01T10:00:00Z",
         "execution_date": "2017-12-04T12:13:12Z",
-        "comment": "Cancellation",
         "provider": "banktransfer"
       }
 
@@ -2086,10 +1825,8 @@ Order refund endpoints
         "amount": "23.00",
         "payment": 1,
         "execution_date": null,
-        "comment": "Cancellation",
         "provider": "manual",
-        "mark_canceled": false,
-        "mark_pending": true
+        "mark_canceled": false
       }
 
    **Example response**:
@@ -2108,7 +1845,6 @@ Order refund endpoints
         "payment": 1,
         "created": "2017-12-01T10:00:00Z",
         "execution_date": null,
-        "comment": "Cancellation",
         "provider": "manual"
       }
 
@@ -2232,57 +1968,3 @@ Order refund endpoints
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
    :statuscode 404: The requested order or refund does not exist.
-
-Revoked ticket secrets
-----------------------
-
-With some non-default ticket secret generation methods, a list of revoked ticket secrets is required for proper validation.
-
-.. versionchanged:: 3.12
-
-   Added revocation lists.
-
-.. http:get:: /api/v1/organizers/(organizer)/events/(event)/revokedsecrets/
-
-   Returns a list of all revoked secrets within a given event.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/events/sampleconf/revokedsecrets/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-      X-Page-Generated: 2017-12-01T10:00:00Z
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1234,
-            "secret": "k24fiuwvu8kxz3y1",
-            "created": "2017-12-01T10:00:00Z",
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :query string ordering: Manually set the ordering of results. Valid fields to be used are ``secret`` and ``created``. Default: ``-created``
-   :query datetime created_since: Only return revocations that have been created since the given date.
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param event: The ``slug`` field of the event to fetch
-   :resheader X-Page-Generated: The server time at the beginning of the operation. If you're using this API to fetch
-                                differences, this is the value you want to use as ``created_since`` in your next call.
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.

doc/api/resources/organizers.rst

@@ -90,120 +90,3 @@ Endpoints
    :statuscode 200: no error
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer does not exist **or** you have no permission to view it.
-
-Organizer settings
-------------------
-
-pretix organizers and events have lots and lots of parameters of different types that are stored in a key-value store on our system.
-Since many of these settings depend on each other in complex ways, we can not give direct access to all of these
-settings through the API. However, we do expose many of the simple and useful flags through the API.
-
-Please note that the available settings flags change between pretix versions, and we do not give a guarantee on backwards-compatibility like with other parts of the API.
-Therefore, we're also not including a list of the options here, but instead recommend to look at the endpoint output
-to see available options. The ``explain=true`` flag enables a verbose mode that provides you with human-readable
-information about the properties.
-
-.. note:: Please note that this is not a complete representation of all organizer settings. You will find more settings
-          in the web interface.
-
-.. warning:: This API is intended for advanced users. Even though we take care to validate your input, you will be
-             able to break your shops using this API by creating situations of conflicting settings. Please take care.
-
-.. versionchanged:: 3.14
-
-   Initial support for settings has been added to the API.
-
-.. http:get:: /api/v1/organizers/(organizer)/settings/
-
-   Get current values of organizer settings.
-
-   Permission required: "Can change organizer settings"
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/settings/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example standard response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "event_list_type": "calendar",
-        …
-      }
-
-   **Example verbose response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "event_list_type":
-          {
-            "value": "calendar",
-            "label": "Default overview style",
-            "help_text": "If your event series has more than 50 dates in the future, only the month or week calendar can be used."
-          }
-        },
-        …
-      }
-
-   :param organizer: The ``slug`` field of the organizer to access
-   :query explain: Set to ``true`` to enable verbose response mode
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/settings/
-
-   Updates organizer settings. Note that ``PUT`` is not allowed here, only ``PATCH``.
-
-    .. warning::
-
-       Settings can be stored at different levels in pretix. If a value is not set on organizer level, a default setting
-       from a higher level (global) will be returned. If you explicitly set a setting on organizer level, it
-       will no longer be inherited from the higher levels. Therefore, we recommend you to send only settings that you
-       explicitly want to set on organizer level. To unset a settings, pass ``null``.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/settings/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "event_list_type": "calendar"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "event_list_type": "calendar",
-        …
-      }
-
-   :param organizer: The ``slug`` field of the organizer to update
-   :statuscode 200: no error
-   :statuscode 400: The organizer could not be updated due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.

doc/api/resources/question_options.rst

@@ -19,6 +19,10 @@ identifier                            string                     An arbitrary st
 answer                                multi-lingual string       The displayed value of this option
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 1.12
+
+   This resource has been added.
+
 Endpoints
 ---------
 

doc/api/resources/questions.rst

@@ -1,7 +1,4 @@
-.. spelling::
-
-   checkin
-   datetime
+.. spelling:: checkin
 
 .. _rest-questions:
 
@@ -21,7 +18,6 @@ Field                                 Type                       Description
 ===================================== ========================== =======================================================
 id                                    integer                    Internal ID of the question
 question                              multi-lingual string       The field label shown to the customer
-help_text                             multi-lingual string       The help text shown to the customer
 type                                  string                     The expected type of answer. Valid options:
 
                                                                  * ``N`` – number
@@ -35,7 +31,6 @@ type                                  string                     The expected ty
                                                                  * ``H`` – time
                                                                  * ``W`` – date and time
                                                                  * ``CC`` – country code (ISO 3666-1 alpha-2)
-                                                                 * ``TEL`` – telephone number
 required                              boolean                    If ``true``, the question needs to be filled out.
 position                              integer                    An integer, used for sorting
 items                                 list of integers           List of item IDs this question is assigned to.
@@ -46,8 +41,6 @@ ask_during_checkin                    boolean                    If ``true``, th
                                                                  the ticket instead.
 hidden                                boolean                    If ``true``, the question will only be shown in the
                                                                  backend.
-print_on_invoice                      boolean                    If ``true``, the question will only be shown on
-                                                                 invoices.
 options                               list of objects            In case of question type ``C`` or ``M``, this lists the
                                                                  available objects. Only writable during creation,
                                                                  use separate endpoint to modify this later.
@@ -56,37 +49,31 @@ options                               list of objects            In case of ques
 ├ identifier                          string                     An arbitrary string that can be used for matching with
                                                                  other sources.
 └ answer                              multi-lingual string       The displayed value of this option
-valid_number_min                      string                     Minimum value for number questions (optional)
-valid_number_max                      string                     Maximum value for number questions (optional)
-valid_date_min                        date                       Minimum value for date questions (optional)
-valid_date_max                        date                       Maximum value for date questions (optional)
-valid_datetime_min                    datetime                   Minimum value for date and time questions (optional)
-valid_datetime_max                    datetime                   Maximum value for date and time questions (optional)
-valid_file_portrait                   boolean                    Turn on file validation for portrait photos
 dependency_question                   integer                    Internal ID of a different question. The current
                                                                  question will only be shown if the question given in
                                                                  this attribute is set to the value given in
                                                                  ``dependency_value``. This cannot be combined with
                                                                  ``ask_during_checkin``.
-dependency_values                     list of strings            If ``dependency_question`` is set to a boolean
-                                                                 question, this should be ``["True"]`` or ``["False"]``.
-                                                                 Otherwise, it should be a list of ``identifier`` values
-                                                                 of question options.
-dependency_value                      string                     An old version of ``dependency_values`` that only allows
-                                                                 for one value. **Deprecated.**
+dependency_value                      string                     The value ``dependency_question`` needs to be set to.
+                                                                 If ``dependency_question`` is set to a boolean
+                                                                 question, this should be ``"true"`` or ``"false"``.
+                                                                 Otherwise, it should be the ``identifier`` of a
+                                                                 question option.
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.5
+.. versionchanged:: 1.12
 
-  The attribute ``help_text`` has been added.
+  The values ``D``, ``H``, and ``W`` for the field ``type`` are now allowed and the ``ask_during_checkin`` field has
+  been added.
 
-.. versionchanged:: 3.14
+.. versionchanged:: 1.14
 
-  The attributes ``valid_*`` have been added.
+  Write methods have been added. The attribute ``identifier`` has been added to both the resource itself and the
+  options resource. The ``position`` attribute has been added to the options resource.
 
-.. versionchanged:: 3.18
+.. versionchanged:: 2.7
 
-  The attribute ``valid_file_portrait`` have been added.
+  The attribute ``hidden`` and the question type ``CC`` have been added.
 
 Endpoints
 ---------
@@ -124,7 +111,6 @@ Endpoints
           {
             "id": 1,
             "question": {"en": "T-Shirt size"},
-            "help_text": {"en": "Choose your preferred t-shirt-size"},
             "type": "C",
             "required": false,
             "items": [1, 2],
@@ -132,17 +118,8 @@ Endpoints
             "identifier": "WY3TP9SL",
             "ask_during_checkin": false,
             "hidden": false,
-            "print_on_invoice": false,
-            "valid_number_min": null,
-            "valid_number_max": null,
-            "valid_date_min": null,
-            "valid_date_max": null,
-            "valid_datetime_min": null,
-            "valid_datetime_max": null,
-            "valid_file_portrait": false,
             "dependency_question": null,
             "dependency_value": null,
-            "dependency_values": [],
             "options": [
               {
                 "id": 1,
@@ -202,7 +179,6 @@ Endpoints
       {
         "id": 1,
         "question": {"en": "T-Shirt size"},
-        "help_text": {"en": "Choose your preferred t-shirt-size"},
         "type": "C",
         "required": false,
         "items": [1, 2],
@@ -210,17 +186,8 @@ Endpoints
         "identifier": "WY3TP9SL",
         "ask_during_checkin": false,
         "hidden": false,
-        "print_on_invoice": false,
-        "valid_number_min": null,
-        "valid_number_max": null,
-        "valid_date_min": null,
-        "valid_date_max": null,
-        "valid_datetime_min": null,
-        "valid_datetime_max": null,
-        "valid_file_portrait": false,
         "dependency_question": null,
         "dependency_value": null,
-        "dependency_values": [],
         "options": [
           {
             "id": 1,
@@ -261,20 +228,18 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/questions/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "question": {"en": "T-Shirt size"},
-        "help_text": {"en": "Choose your preferred t-shirt-size"},
         "type": "C",
         "required": false,
         "items": [1, 2],
         "position": 1,
         "ask_during_checkin": false,
         "hidden": false,
-        "print_on_invoice": false,
         "dependency_question": null,
-        "dependency_values": [],
+        "dependency_value": null,
         "options": [
           {
             "answer": {"en": "S"}
@@ -300,7 +265,6 @@ Endpoints
       {
         "id": 1,
         "question": {"en": "T-Shirt size"},
-        "help_text": {"en": "Choose your preferred t-shirt-size"},
         "type": "C",
         "required": false,
         "items": [1, 2],
@@ -308,17 +272,8 @@ Endpoints
         "identifier": "WY3TP9SL",
         "ask_during_checkin": false,
         "hidden": false,
-        "print_on_invoice": false,
         "dependency_question": null,
         "dependency_value": null,
-        "dependency_values": [],
-        "valid_number_min": null,
-        "valid_number_max": null,
-        "valid_date_min": null,
-        "valid_date_max": null,
-        "valid_datetime_min": null,
-        "valid_datetime_max": null,
-        "valid_file_portrait": false,
         "options": [
           {
             "id": 1,
@@ -382,7 +337,6 @@ Endpoints
       {
         "id": 1,
         "question": {"en": "T-Shirt size"},
-        "help_text": {"en": "Choose your preferred t-shirt-size"},
         "type": "C",
         "required": false,
         "items": [1, 2],
@@ -390,17 +344,8 @@ Endpoints
         "identifier": "WY3TP9SL",
         "ask_during_checkin": false,
         "hidden": false,
-        "print_on_invoice": false,
         "dependency_question": null,
         "dependency_value": null,
-        "dependency_values": [],
-        "valid_number_min": null,
-        "valid_number_max": null,
-        "valid_date_min": null,
-        "valid_date_max": null,
-        "valid_datetime_min": null,
-        "valid_datetime_max": null,
-        "valid_file_portrait": false,
         "options": [
           {
             "id": 1,

doc/api/resources/quotas.rst

@@ -20,19 +20,11 @@ size                                  integer                    The size of the
 items                                 list of integers           List of item IDs this quota acts on.
 variations                            list of integers           List of item variation IDs this quota acts on.
 subevent                              integer                    ID of the date inside an event series this quota belongs to (or ``null``).
-close_when_sold_out                   boolean                    If ``true``, the quota will "close" as soon as it is
-                                                                 sold out once. Even if tickets become available again,
-                                                                 they will not be sold unless the quota is set to open
-                                                                 again.
-closed                                boolean                    Whether the quota is currently closed (see above
-                                                                 field).
-release_after_exit                    boolean                    Whether the quota regains capacity as soon as some tickets
-                                                                 have been scanned at an exit.
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.10
+.. versionchanged:: 1.10
 
-   The attribute ``release_after_exit`` has been added.
+   The write operations ``POST``, ``PATCH``, ``PUT``, and ``DELETE`` have been added.
 
 
 Endpoints
@@ -69,9 +61,7 @@ Endpoints
             "size": 200,
             "items": [1, 2],
             "variations": [1, 4, 5, 7],
-            "subevent": null,
-            "close_when_sold_out": false,
-            "closed": false
+            "subevent": null
           }
         ]
       }
@@ -112,9 +102,7 @@ Endpoints
         "size": 200,
         "items": [1, 2],
         "variations": [1, 4, 5, 7],
-        "subevent": null,
-        "close_when_sold_out": false,
-        "closed": false
+        "subevent": null
       }
 
    :param organizer: The ``slug`` field of the organizer to fetch
@@ -135,16 +123,14 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/quotas/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": "Ticket Quota",
         "size": 200,
         "items": [1, 2],
         "variations": [1, 4, 5, 7],
-        "subevent": null,
-        "close_when_sold_out": false,
-        "closed": false
+        "subevent": null
       }
 
    **Example response**:
@@ -161,9 +147,7 @@ Endpoints
         "size": 200,
         "items": [1, 2],
         "variations": [1, 4, 5, 7],
-        "subevent": null,
-        "close_when_sold_out": false,
-        "closed": false
+        "subevent": null
       }
 
    :param organizer: The ``slug`` field of the organizer of the event/item to create a quota for
@@ -216,9 +200,7 @@ Endpoints
           1,
           2
         ],
-        "subevent": null,
-        "close_when_sold_out": false,
-        "closed": false
+        "subevent": null
       }
 
    :param organizer: The ``slug`` field of the organizer to modify
@@ -281,7 +263,6 @@ Endpoints
         "total_size": 1000,
         "pending_orders": 25,
         "paid_orders": 423,
-        "exited_orders": 0,
         "cart_positions": 7,
         "blocking_vouchers": 126,
         "waiting_list": 0

doc/api/resources/seatingplans.rst

@@ -1,205 +0,0 @@
-.. _`rest-seatingplans`:
-
-Seating plans
-=============
-
-Resource description
---------------------
-
-The seating plan resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the plan
-name                                  string                     Human-readable name of the plan
-layout                                object                     JSON representation of the seating plan. These
-                                                                 representations follow a JSON schema that currently
-                                                                 still evolves. The version in use can be found `here`_.
-===================================== ========================== =======================================================
-
-Endpoints
----------
-
-.. http:get:: /api/v1/organizers/(organizer)/seatingplans/
-
-   Returns a list of all seating plans within a given organizer.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/seatingplans/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 2,
-            "name": "Main plan",
-            "layout": { … }
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:get:: /api/v1/organizers/(organizer)/seatingplans/(id)/
-
-   Returns information on one plan, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/seatingplans/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 2,
-        "name": "Main plan",
-        "layout": { … }
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param id: The ``id`` field of the seating plan to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/seatingplans/
-
-   Creates a new seating plan
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/seatingplans/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "name": "Main plan",
-        "layout": { … }
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 3,
-        "name": "Main plan",
-        "layout": { … }
-      }
-
-   :param organizer: The ``slug`` field of the organizer to create a seating plan for
-   :statuscode 201: no error
-   :statuscode 400: The seating plan could not be created due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/seatingplans/(id)/
-
-   Update a plan. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of
-   the resource, other fields will be reset to default. With ``PATCH``, you only need to provide the fields that you
-   want to change.
-
-   You can change all fields of the resource except the ``id`` field. **You can not change a plan while it is in use for
-   any events.**
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/seatingplans/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "name": "Old plan"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "Old plan",
-        "layout": { … }
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the plan to modify
-   :statuscode 200: no error
-   :statuscode 400: The plan could not be modified due to invalid submitted data
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource **or** the plan is currently in use.
-
-.. http:delete:: /api/v1/organizers/(organizer)/seatingplans/(id)/
-
-   Delete a plan. You can not delete plans which are currently in use by any events.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      DELETE /api/v1/organizers/bigevents/seatingplans/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 204 No Content
-      Vary: Accept
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the plan to delete
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to delete this resource **or** the plan is currently in use.
-
-
-.. _here: https://github.com/pretix/pretix/blob/master/src/pretix/static/seating/seating-plan.schema.json

doc/api/resources/subevents.rst

@@ -1,9 +1,3 @@
-.. spelling::
-
-   geo
-   lat
-   lon
-
 .. _rest-subevents:
 
 Event series dates / Sub-events
@@ -33,55 +27,36 @@ date_to                               datetime                   The sub-event's
 date_admission                        datetime                   The sub-event's admission date (or ``null``)
 presale_start                         datetime                   The sub-date at which the ticket shop opens (or ``null``)
 presale_end                           datetime                   The sub-date at which the ticket shop closes (or ``null``)
-frontpage_text                        multi-lingual string       The description of the event (or ``null``)
 location                              multi-lingual string       The sub-event location (or ``null``)
-geo_lat                               float                      Latitude of the location (or ``null``)
-geo_lon                               float                      Longitude of the location (or ``null``)
 item_price_overrides                  list of objects            List of items for which this sub-event overrides the
-                                                                 default price or settings
+                                                                 default price
 ├ item                                integer                    The internal item ID
-├ disabled                            boolean                    If ``true``, item should not be available for this sub-event
-├ available_from                      datetime                   Start of availability (or ``null``)
-├ available_until                     datetime                   End of availability (or ``null``)
 └ price                               money (string)             The price or ``null`` for the default price
 variation_price_overrides             list of objects            List of variations for which this sub-event overrides
-                                                                 the default price or settings
+                                                                 the default price
 ├ variation                           integer                    The internal variation ID
-├ disabled                            boolean                    If ``true``, variation should not be available for this sub-event
-├ available_from                      datetime                   Start of availability (or ``null``)
-├ available_until                     datetime                   End of availability (or ``null``)
 └ price                               money (string)             The price or ``null`` for the default price
-meta_data                             object                     Values set for organizer-specific meta data parameters.
-seating_plan                          integer                    If reserved seating is in use, the ID of a seating
-                                                                 plan. Otherwise ``null``.
-seat_category_mapping                 object                     An object mapping categories of the seating plan
-                                                                 (strings) to items in the event (integers or ``null``).
-last_modified                         datetime                   Last modification of this object
+meta_data                             dict                       Values set for organizer-specific meta data parameters.
 ===================================== ========================== =======================================================
 
-.. versionchanged:: 3.3
+.. versionchanged:: 1.7
 
-   The attributes ``geo_lat`` and ``geo_lon`` have been added.
+   The ``meta_data`` field has been added.
 
-.. versionchanged:: 3.10
+.. versionchanged:: 2.1
 
-   The ``disabled`` attribute has been added to ``item_price_overrides`` and ``variation_price_overrides``.
+   The ``event`` field has been added, together with filters on the list of dates and an organizer-level list.
 
-.. versionchanged:: 3.12
+.. versionchanged:: 2.6
+   The write operations ``POST``, ``PATCH``, ``PUT``, and ``DELETE`` have been added.
 
-   The ``last_modified`` attribute has been added.
+.. versionchanged:: 2.7
 
-.. versionchanged:: 3.18
-
-   The ``available_from``/``available_until`` attributes have been added to ``item_price_overrides`` and ``variation_price_overrides``.
+   The attribute ``is_public`` has been added.
 
 Endpoints
 ---------
 
-.. versionchanged:: 3.3
-
-    The sub-events resource can now be filtered by meta data attributes.
-
 .. http:get:: /api/v1/organizers/(organizer)/events/(event)/subevents/
 
    Returns a list of all sub-events of an event.
@@ -118,17 +93,10 @@ Endpoints
             "date_admission": null,
             "presale_start": null,
             "presale_end": null,
-            "seating_plan": null,
-            "seat_category_mapping": {},
             "location": null,
-            "geo_lat": null,
-            "geo_lon": null,
             "item_price_overrides": [
               {
                 "item": 2,
-                "disabled": false,
-                "available_from": null,
-                "available_until": null,
                 "price": "12.00"
               }
             ],
@@ -145,13 +113,6 @@ Endpoints
    :query ends_after: If set to a date and time, only events that happen during of after the given time are returned.
    :param organizer: The ``slug`` field of a valid organizer
    :param event: The ``slug`` field of the main event
-   :query datetime modified_since: Only return objects that have changed since the given date. Be careful: This does not
-       allow you to know if a subevent was deleted.
-   :query array attr[meta_data_key]: By providing the key and value of a meta data attribute, the list of sub-events
-        will only contain the sub-events matching the set criteria. Providing ``?attr[Format]=Seminar`` would return
-        only those sub-events having set their ``Format`` meta data to ``Seminar``, ``?attr[Format]=`` only those, that
-        have no value set. Please note that this filter will respect default values set on 
-        organizer or event level.
    :statuscode 200: no error
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer does not exist **or** you have no permission to view it.
@@ -169,7 +130,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/events/sampleconf/subevents/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": {"en": "First Sample Conference"},
@@ -181,16 +142,9 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "item_price_overrides": [
           {
             "item": 2,
-            "disabled": false,
-            "available_from": null,
-            "available_until": null,
             "price": "12.00"
           }
         ],
@@ -218,16 +172,9 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "item_price_overrides": [
           {
             "item": 2,
-            "disabled": false,
-            "available_from": null,
-            "available_until": null,
             "price": "12.00"
           }
         ],
@@ -276,16 +223,9 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "item_price_overrides": [
           {
             "item": 2,
-            "disabled": false,
-            "available_from": null,
-            "available_until": null,
             "price": "12.00"
           }
         ],
@@ -315,16 +255,13 @@ Endpoints
       PATCH /api/v1/organizers/bigevents/events/sampleconf/subevents/1/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "name": {"en": "New Subevent Name"},
         "item_price_overrides": [
           {
             "item": 2,
-            "disabled": false,
-            "available_from": null,
-            "available_until": null,
             "price": "23.42"
           }
         ],
@@ -350,16 +287,9 @@ Endpoints
         "presale_start": null,
         "presale_end": null,
         "location": null,
-        "geo_lat": null,
-        "geo_lon": null,
-        "seating_plan": null,
-        "seat_category_mapping": {},
         "item_price_overrides": [
           {
             "item": 2,
-            "disabled": false,
-            "available_from": null,
-            "available_until": null,
             "price": "23.42"
           }
         ],
@@ -441,16 +371,9 @@ Endpoints
             "presale_start": null,
             "presale_end": null,
             "location": null,
-            "geo_lat": null,
-            "geo_lon": null,
-            "seating_plan": null,
-            "seat_category_mapping": {},
             "item_price_overrides": [
               {
                 "item": 2,
-                "disabled": false,
-                "available_from": null,
-                "available_until": null,
                 "price": "12.00"
               }
             ],

doc/api/resources/taxrules.rst

@@ -24,6 +24,14 @@ home_country                          string                     Merchant countr
                                                                  ``null`` or empty string
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 1.7
+
+   This resource has been added.
+
+.. versionchanged:: 1.9
+
+   The write operations ``POST``, ``PATCH``, ``PUT``, and ``DELETE`` have been added.
+
 
 Endpoints
 ---------

doc/api/resources/teams.rst

@@ -1,672 +0,0 @@
-.. spelling:: fullname checkin
-
-.. _`rest-teams`:
-
-Teams
-=====
-
-.. warning:: Unlike our user interface, the team API **does** allow you to lock yourself out by deleting or modifying
-             the team your user or API key belongs to. Be careful around here!
-
-Team resource
--------------
-
-The team resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the team
-name                                  string                     Team name
-all_events                            boolean                    Whether this team has access to all events
-limit_events                          list                       List of event slugs this team has access to
-can_create_events                     boolean
-can_change_teams                      boolean
-can_change_organizer_settings         boolean
-can_manage_gift_cards                 boolean
-can_change_event_settings             boolean
-can_change_items                      boolean
-can_view_orders                       boolean
-can_change_orders                     boolean
-can_view_vouchers                     boolean
-can_change_vouchers                   boolean
-can_checkin_orders                    boolean
-===================================== ========================== =======================================================
-
-Team member resource
---------------------
-
-The team member resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the user
-email                                 string                     The user's email address
-fullname                              string                     The user's full name (or ``null``)
-require_2fa                           boolean                    Whether this user uses two-factor-authentication
-===================================== ========================== =======================================================
-
-Team invite resource
---------------------
-
-The team invite resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the invite
-email                                 string                     The invitee's email address
-===================================== ========================== =======================================================
-
-Team API token resource
------------------------
-
-The team API token resource contains the following public fields:
-
-.. rst-class:: rest-resource-table
-
-===================================== ========================== =======================================================
-Field                                 Type                       Description
-===================================== ========================== =======================================================
-id                                    integer                    Internal ID of the invite
-name                                  string                     Name of this API token
-active                                boolean                    Whether this API token is active (can never be set to
-                                                                 ``true`` again once ``false``)
-token                                 string                     The actual API token. Will only be sent back during
-                                                                 token creation.
-===================================== ========================== =======================================================
-
-Team endpoints
---------------
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/
-
-   Returns a list of all teams within a given organizer.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "name": "Admin team",
-            "all_events": true,
-            "limit_events": [],
-            "can_create_events": true,
-            ...
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(id)/
-
-   Returns information on one team, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "Admin team",
-        "all_events": true,
-        "limit_events": [],
-        "can_create_events": true,
-        ...
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param id: The ``id`` field of the team to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-
-.. http:post:: /api/v1/organizers/(organizer)/teams/
-
-   Creates a new team
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/teams/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-
-      {
-        "name": "Admin team",
-        "all_events": true,
-        "limit_events": [],
-        "can_create_events": true,
-        ...
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 2,
-        "name": "Admin team",
-        "all_events": true,
-        "limit_events": [],
-        "can_create_events": true,
-        ...
-      }
-
-   :param organizer: The ``slug`` field of the organizer to create a team for
-   :statuscode 201: no error
-   :statuscode 400: The team could not be created due to invalid submitted data.
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-
-.. http:patch:: /api/v1/organizers/(organizer)/teams/(id)/
-
-   Update a team. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of
-   the resource, other fields will be reset to default. With ``PATCH``, you only need to provide the fields that you
-   want to change.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      PATCH /api/v1/organizers/bigevents/teams/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "can_create_events": true
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "Admin team",
-        "all_events": true,
-        "limit_events": [],
-        "can_create_events": true,
-        ...
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the team to modify
-   :statuscode 200: no error
-   :statuscode 400: The team could not be modified due to invalid submitted data
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
-
-.. http:delete:: /api/v1/organizers/(organizer)/teams/(id)/
-
-   Deletes a team.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      DELETE /api/v1/organizers/bigevents/teams/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 204 No Content
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param id: The ``id`` field of the team to delete
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to change this resource.
-
-Team member endpoints
----------------------
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(team)/members/
-
-   Returns a list of all members of a team.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/members/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "fullname": "John Doe",
-            "email": "john@example.com",
-            "require_2fa": true
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param team: The ``id`` field of the team to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested team does not exist
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(team)/members/(id)/
-
-   Returns information on one team member, identified by their ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/members/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "fullname": "John Doe",
-        "email": "john@example.com",
-        "require_2fa": true
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param team: The ``id`` field of the team to fetch
-   :param id: The ``id`` field of the member to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested team or member does not exist
-
-.. http:delete:: /api/v1/organizers/(organizer)/teams/(team)/members/(id)/
-
-   Removes a member from the team.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      DELETE /api/v1/organizers/bigevents/teams/1/members/1/ HTTP/1.1
-      Host: pretix.eu
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 204 No Content
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param team: The ``id`` field of the team to modify
-   :param id: The ``id`` field of the member to delete
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-   :statuscode 404: The requested team or member does not exist
-
-Team invite endpoints
----------------------
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(team)/invites/
-
-   Returns a list of all invitations to a team.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/invites/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "email": "john@example.com"
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param team: The ``id`` field of the team to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested team does not exist
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(team)/invites/(id)/
-
-   Returns information on one invite, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/invites/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "email": "john@example.org"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param team: The ``id`` field of the team to fetch
-   :param id: The ``id`` field of the invite to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested team or invite does not exist
-
-.. http:post:: /api/v1/organizers/(organizer)/teams/(team)/invites/
-
-   Invites someone into the team. Note that if the user already has a pretix account, you will receive a response without
-   an ``id`` and instead of an invite being created, the user will be directly added to the team.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/teams/1/invites/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "email": "mark@example.org"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "email": "mark@example.org"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param team: The ``id`` field of the team to modify
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-   :statuscode 404: The requested team does not exist
-
-.. http:delete:: /api/v1/organizers/(organizer)/teams/(team)/invites/(id)/
-
-   Revokes an invite.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      DELETE /api/v1/organizers/bigevents/teams/1/invites/1/ HTTP/1.1
-      Host: pretix.eu
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 204 No Content
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param team: The ``id`` field of the team to modify
-   :param id: The ``id`` field of the invite to delete
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-   :statuscode 404: The requested team or invite does not exist
-
-Team API token endpoints
-------------------------
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(team)/tokens/
-
-   Returns a list of all API tokens of a team.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/tokens/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id": 1,
-            "active": true,
-            "name": "Test token"
-          }
-        ]
-      }
-
-   :query integer page: The page number in case of a multi-page result set, default is 1
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param team: The ``id`` field of the team to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested team does not exist
-
-.. http:get:: /api/v1/organizers/(organizer)/teams/(team)/tokens/(id)/
-
-   Returns information on one token, identified by its ID.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/teams/1/tokens/1/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "active": true,
-        "name": "Test token"
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :param team: The ``id`` field of the team to fetch
-   :param id: The ``id`` field of the token to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to view this resource.
-   :statuscode 404: The requested team or token does not exist
-
-.. http:post:: /api/v1/organizers/(organizer)/teams/(team)/tokens/
-
-   Creates a new token.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      POST /api/v1/organizers/bigevents/teams/1/tokens/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-      Content-Type: application/json
-      Content-Length: 94
-
-      {
-        "name": "New token"
-      }
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 201 Created
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 2,
-        "name": "New token",
-        "active": true,
-        "token": "",
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param team: The ``id`` field of the team to create a token for
-   :statuscode 204: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-   :statuscode 404: The requested team does not exist
-
-.. http:delete:: /api/v1/organizers/(organizer)/teams/(team)/tokens/(id)/
-
-   Disables a token.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      DELETE /api/v1/organizers/bigevents/teams/1/tokens/1/ HTTP/1.1
-      Host: pretix.eu
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-
-      {
-        "id": 1,
-        "name": "My token",
-        "active": false
-      }
-
-   :param organizer: The ``slug`` field of the organizer to modify
-   :param team: The ``id`` field of the team to modify
-   :param id: The ``id`` field of the token to delete
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer does not exist **or** you have no permission to create this resource.
-   :statuscode 404: The requested team or token does not exist

doc/api/resources/vouchers.rst

@@ -38,17 +38,15 @@ quota                                 integer                    An ID of a quot
                                                                  attached either to a specific product or to all
                                                                  products within one quota or it can be available
                                                                  for all items without restriction.
-seat                                  string                     ``seat_guid`` attribute of a specific seat (or ``null``)
 tag                                   string                     A string that is used for grouping vouchers
 comment                               string                     An internal comment on the voucher
 subevent                              integer                    ID of the date inside an event series this voucher belongs to (or ``null``).
-show_hidden_items                     boolean                    Only if set to ``true``, this voucher allows to buy products with the property ``hide_without_voucher``. Defaults to ``true``.
 ===================================== ========================== =======================================================
 
 
-.. versionchanged:: 3.4
+.. versionchanged:: 1.9
 
-   The attribute ``seat`` has been added.
+   The write operations ``POST``, ``PATCH``, ``PUT``, and ``DELETE`` have been added.
 
 Endpoints
 ---------
@@ -93,8 +91,7 @@ Endpoints
             "quota": null,
             "tag": "testvoucher",
             "comment": "",
-            "seat": null,
-            "subevent": null,
+            "subevent": null
           }
         ]
       }
@@ -160,7 +157,6 @@ Endpoints
         "quota": null,
         "tag": "testvoucher",
         "comment": "",
-        "seat": null,
         "subevent": null
       }
 
@@ -224,7 +220,6 @@ Endpoints
         "quota": null,
         "tag": "testvoucher",
         "comment": "",
-        "seat": null,
         "subevent": null
       }
 
@@ -352,7 +347,6 @@ Endpoints
         "quota": null,
         "tag": "testvoucher",
         "comment": "",
-        "seat": null,
         "subevent": null
       }
 

doc/api/resources/waitinglist.rst

@@ -13,10 +13,7 @@ Field                                 Type                       Description
 ===================================== ========================== =======================================================
 id                                    integer                    Internal ID of the waiting list entry
 created                               datetime                   Creation date of the waiting list entry
-name                                  string                     Name of the user on the waiting list (or ``null``)
-name_parts                            object of strings          Decomposition of name of the user (or ``null``)
 email                                 string                     Email address of the user on the waiting list
-phone                                 string                     Phone number of the user on the waiting list (or ``null``)
 voucher                               integer                    Internal ID of the voucher sent to this user. If
                                                                  this field is set, the user has been sent a voucher
                                                                  and is no longer waiting. If it is ``null``, the

doc/api/resources/webhooks.rst

@@ -31,10 +31,8 @@ action_types                          list of strings            A list of actio
 The following values for ``action_types`` are valid with pretix core:
 
     * ``pretix.event.order.placed``
-    * ``pretix.event.order.placed.require_approval``
     * ``pretix.event.order.paid``
     * ``pretix.event.order.canceled``
-    * ``pretix.event.order.reactivated``
     * ``pretix.event.order.expired``
     * ``pretix.event.order.modified``
     * ``pretix.event.order.contact.changed``
@@ -44,12 +42,6 @@ The following values for ``action_types`` are valid with pretix core:
     * ``pretix.event.order.denied``
     * ``pretix.event.checkin``
     * ``pretix.event.checkin.reverted``
-    * ``pretix.event.added``
-    * ``pretix.event.changed``
-    * ``pretix.event.deleted``
-    * ``pretix.subevent.added``
-    * ``pretix.subevent.changed``
-    * ``pretix.subevent.deleted``
 
 Installed plugins might register more valid values.
 
@@ -145,7 +137,7 @@ Endpoints
       POST /api/v1/organizers/bigevents/webhooks/ HTTP/1.1
       Host: pretix.eu
       Accept: application/json, text/javascript
-      Content-Type: application/json
+      Content: application/json
 
       {
         "enabled": true,

doc/api/webhooks.rst

@@ -70,9 +70,6 @@ and ``checkin_list``.
              only include the minimum amount of data necessary for you to fetch the changed objects from our
              :ref:`rest-api` in an authenticated way.
 
-.. warning:: In very rare cases, you could receive the same webhook notification twice. We try to avoid it, but we
-             prefer it over missing a notification.
-
 If you want to further prevent others from accessing your webhook URL, you can also use `Basic authentication`_ and
 supply the URL to us in the format of ``https://username:password@domain.com/path/``.
 We recommend that you use HTTPS for your webhook URL and might require it in the future. If HTTPS is used, we require

doc/conf.py

@@ -52,7 +52,6 @@ extensions = [
     'sphinx.ext.coverage',
     'sphinxcontrib.httpdomain',
     'sphinxcontrib.images',
-    'sphinxemoji.sphinxemoji',
 ]
 if HAS_PYENCHANT:
     extensions.append('sphinxcontrib.spelling')

doc/contents.rst

@@ -1,13 +0,0 @@
-Table of contents
-=================
-
-.. toctree::
-   :maxdepth: 3
-
-   user/index
-   admin/index
-   api/index
-   development/index
-   plugins/index
-   license/faq
-

doc/development/api/auth.rst

@@ -1,70 +0,0 @@
-.. highlight:: python
-   :linenothreshold: 5
-
-Pluggable authentication backends
-=================================
-
-Plugins can supply additional authentication backends. This is mainly useful in self-hosted installations
-and allows you to use company-wide login mechanisms such as LDAP or OAuth for accessing pretix' backend.
-
-Every authentication backend contains an implementation of the interface defined in ``pretix.base.auth.BaseAuthBackend``
-(see below). Note that pretix authentication backends work differently than plain Django authentication backends.
-Basically, three pre-defined flows are supported:
-
-* Authentication mechanisms that rely on a **set of input parameters**, e.g. a username and a password. These can be
-  implemented by supplying the ``login_form_fields`` property and a ``form_authenticate`` method.
-
-* Authentication mechanisms that rely on **external sessions**, e.g. a cookie or a proxy HTTP header. These can be
-  implemented by supplying a ``request_authenticate`` method.
-
-* Authentication mechanisms that rely on **redirection**, e.g. to an OAuth provider. These can be implemented by
-  supplying a ``authentication_url`` method and implementing a custom return view.
-
-Authentication backends are *not* collected through a signal. Instead, they must explicitly be set through the
-``auth_backends`` directive in the ``pretix.cfg`` :ref:`configuration file <config>`.
-
-In each of these methods (``form_authenticate``, ``request_authenticate`` or your custom view) you are supposed to
-either get an existing :py:class:`pretix.base.models.User` object from the database or create a new one. There are a
-few rules you need to follow:
-
-* You **MUST** only return users with the ``auth_backend`` attribute set to the ``identifier`` value of your backend.
-
-* You **MUST** create new users with the ``auth_backend`` attribute set to the ``identifier`` value of your backend.
-
-* Every user object **MUST** have an email address. Email addresses are globally unique. If the email address is
-  already registered to a user who signs in through a different backend, you **SHOULD** refuse the login.
-
-The backend interface
----------------------
-
-.. class:: pretix.base.auth.BaseAuthBackend
-
-   The central object of each backend is the subclass of ``BaseAuthBackend``.
-
-   .. autoattribute:: identifier
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: verbose_name
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: login_form_fields
-
-   .. autoattribute:: visible
-
-   .. automethod:: form_authenticate
-
-   .. automethod:: request_authenticate
-
-   .. automethod:: authentication_url
-
-Logging users in
-----------------
-
-If you return a user from ``form_authenticate`` or ``request_authenticate``, the system will handle everything else
-for you correctly. However, if you use a redirection method and build a custom view to verify the login, we strongly
-recommend that you use the following utility method to correctly set session values and enforce two-factor
-authentication (if activated):
-
-.. autofunction:: pretix.control.views.auth.process_login

doc/development/api/customview.rst

@@ -14,9 +14,7 @@ Control panel views
 -------------------
 
 If you want to add a custom view to the control area of an event, just register an URL in your
-``urls.py`` that lives in the ``/control/`` subpath:
-
-.. code-block:: python
+``urls.py`` that lives in the ``/control/`` subpath::
 
     from django.conf.urls import url
 
@@ -46,9 +44,7 @@ If only the ``organizer`` parameter is present, it will be ensured that:
 * The user has permission to access view the current organizer
 
 If you want to require specific permission types, we provide you with a decorator or a mixin for
-your views:
-
-.. code-block:: python
+your views::
 
     from pretix.control.permissions import (
         event_permission_required, EventPermissionRequiredMixin
@@ -65,13 +61,12 @@ your views:
         ...
 
 Similarly, there is ``organizer_permission_required`` and ``OrganizerPermissionRequiredMixin``. In case of
-event-related views, there is also a signal that allows you to add the view to the event navigation like this:
+event-related views, there is also a signal that allows you to add the view to the event navigation like this::
 
-.. code-block:: python
 
     from django.urls import resolve, reverse
     from django.dispatch import receiver
-    from django.utils.translation import gettext_lazy as _
+    from django.utils.translation import ugettext_lazy as _
     from pretix.control.signals import nav_event
 
 
@@ -95,9 +90,7 @@ Event settings view
 -------------------
 
 A special case of a control panel view is a view hooked into the event settings page. For this case, there is a
-special navigation signal:
-
-.. code-block:: python
+special navigation signal::
 
     @receiver(nav_event_settings, dispatch_uid='friends_tickets_nav_settings')
     def navbar_settings(sender, request, **kwargs):
@@ -112,9 +105,7 @@ special navigation signal:
         }]
 
 Also, your view should inherit from ``EventSettingsViewMixin`` and your template from ``pretixcontrol/event/settings_base.html``
-for good integration. If you just want to display a form, you could do it like the following:
-
-.. code-block:: python
+for good integration. If you just want to display a form, you could do it like the following::
 
     class MySettingsView(EventSettingsViewMixin, EventSettingsFormView):
         model = Event
@@ -156,9 +147,7 @@ Including a custom view into the participant-facing frontend is a little bit dif
 no path prefix like ``control/``.
 
 First, define your URL in your ``urls.py``, but this time in the ``event_patterns`` section and wrapped by
-``event_url``:
-
-.. code-block:: python
+``event_url``::
 
     from pretix.multidomain import event_url
 
@@ -193,9 +182,8 @@ standard Django request handling: There are `ViewSets`_ to group related views i
 automatically build URL configurations from them.
 
 To integrate a custom viewset with pretix' REST API, you can just register with one of our routers within the
-``urls.py`` module of your plugin:
+``urls.py`` module of your plugin::
 
-.. code-block:: python
 
     from pretix.api.urls import event_router, router, orga_router
 
@@ -212,9 +200,7 @@ in the control panel. However, you need to make sure on your own only to return
 .event`` and ``request.organizer`` are available as usual.
 
 To require a special permission like ``can_view_orders``, you do not need to inherit from a special ViewSet base
-class, you can just set the ``permission`` attribute on your viewset:
-
-.. code-block:: python
+class, you can just set the ``permission`` attribute on your viewset::
 
     class MyViewSet(ModelViewSet):
         permission = 'can_view_orders'
@@ -222,9 +208,8 @@ class, you can just set the ``permission`` attribute on your viewset:
 
 If you want to check the permission only for some methods of your viewset, you have to do it yourself. Note here that
 API authentications can be done via user sessions or API tokens and you should therefore check something like the
-following:
+following::
 
-.. code-block:: python
 
     perm_holder = (request.auth if isinstance(request.auth, TeamAPIToken) else request.user)
     if perm_holder.has_event_permission(request.event.organizer, request.event, 'can_view_orders'):

doc/development/api/email.rst

@@ -15,9 +15,7 @@ Output registration
 The email HTML renderer API does not make a lot of usage from signals, however, it
 does use a signal to get a list of all available email renderers. Your plugin
 should listen for this signal and return the subclass of ``pretix.base.email.BaseHTMLMailRenderer``
-that we'll provide in this plugin:
-
-.. code-block:: python
+that we'll provide in this plugin::
 
     from django.dispatch import receiver
 
@@ -74,9 +72,7 @@ class ``TemplateBasedMailRenderer`` that you can re-use to perform the following
 * Call `inlinestyler`_ to convert all ``<style>`` style sheets to inline ``style=""``
   attributes for better compatibility
 
-To use it, you just need to implement some variables:
-
-.. code-block:: python
+To use it, you just need to implement some variables::
 
     class ClassicMailRenderer(TemplateBasedMailRenderer):
         verbose_name = _('pretix default')
@@ -105,12 +101,9 @@ The template is passed the following context variables:
    The ``Event`` object
 
 ``signature`` (optional, only if configured)
-   The signature with event organizer contact details as markdown (render with ``{{ signature|safe }}``)
+   The body as markdown (render with ``{{ signature|safe }}``)
 
 ``order`` (optional, only if applicable)
    The ``Order`` object
 
-``position`` (optional, only if applicable)
-   The ``OrderPosition`` object
-
 .. _inlinestyler: https://pypi.org/project/inlinestyler/

doc/development/api/exporter.rst

@@ -17,9 +17,7 @@ Exporter registration
 The exporter API does not make a lot of usage from signals, however, it does use a signal to get a list of
 all available exporters. Your plugin should listen for this signal and return the subclass of
 ``pretix.base.exporter.BaseExporter``
-that we'll provide in this plugin:
-
-.. code-block:: python
+that we'll provide in this plugin::
 
     from django.dispatch import receiver
 
@@ -31,24 +29,6 @@ that we'll provide in this plugin:
         from .exporter import MyExporter
         return MyExporter
 
-Some exporters might also prove to be useful, when provided on an organizer-level. In order to declare your
-exporter as capable of providing exports spanning multiple events, your plugin should listen for this signal
-and return the subclass of ``pretix.base.exporter.BaseExporter`` that we'll provide in this plugin:
-
-.. code-block:: python
-
-    from django.dispatch import receiver
-
-    from pretix.base.signals import register_multievent_data_exporters
-
-
-    @receiver(register_multievent_data_exporters, dispatch_uid="multieventexporter_myexporter")
-    def register_multievent_data_exporter(sender, **kwargs):
-        from .exporter import MyExporter
-        return MyExporter
-
-If your exporter supports both event-level and multi-event level exports, you will need to listen for both
-signals.
 
 The exporter class
 ------------------

doc/development/api/general.rst

@@ -12,8 +12,7 @@ Core
 
 .. automodule:: pretix.base.signals
    :members: periodic_task, event_live_issues, event_copy_data, email_filter, register_notification_types,
-      item_copy_data, register_sales_channels, register_global_settings, quota_availability, global_email_filter,
-      register_ticket_secret_generators
+      item_copy_data, register_sales_channels, register_global_settings
 
 Order events
 """"""""""""
@@ -21,24 +20,13 @@ Order events
 There are multiple signals that will be sent out in the ordering cycle:
 
 .. automodule:: pretix.base.signals
-   :members: validate_cart, validate_cart_addons, validate_order, order_fee_calculation, order_paid, order_placed, order_canceled, order_reactivated, order_expired, order_modified, order_changed, order_approved, order_denied, order_fee_type_name, allow_ticket_download, order_split, order_gracefully_delete, invoice_line_text
-
-Check-ins
-"""""""""
-
-.. automodule:: pretix.base.signals
-   :members: checkin_created
-
+   :members: validate_cart, validate_order, order_fee_calculation, order_paid, order_placed, order_canceled, order_expired, order_modified, order_changed, order_approved, order_denied, order_fee_type_name, allow_ticket_download
 
 Frontend
 --------
 
 .. automodule:: pretix.presale.signals
-   :members: html_head, html_footer, footer_link, global_footer_link, front_page_top, front_page_bottom, front_page_bottom_widget, fee_calculation_for_cart, contact_form_fields, question_form_fields, contact_form_fields_overrides, question_form_fields_overrides, checkout_confirm_messages, checkout_confirm_page_content, checkout_all_optional, html_page_header, sass_preamble, sass_postamble, render_seating_plan, checkout_flow_steps, position_info, position_info_top, item_description, global_html_head, global_html_footer, global_html_page_header
-
-
-.. automodule:: pretix.presale.signals
-   :members: order_info, order_info_top, order_meta_from_request
+   :members: html_head, html_footer, footer_link, front_page_top, front_page_bottom, fee_calculation_for_cart, contact_form_fields, question_form_fields, checkout_confirm_messages, checkout_confirm_page_content, checkout_all_optional, html_page_header, sass_preamble, sass_postamble, checkout_flow_steps, order_info, order_meta_from_request, position_info
 
 Request flow
 """"""""""""
@@ -57,8 +45,8 @@ Backend
 
 .. automodule:: pretix.control.signals
    :members: nav_event, html_head, html_page_start, quota_detail_html, nav_topbar, nav_global, nav_organizer, nav_event_settings,
-             order_info, event_settings_widget, oauth_application_registered, order_position_buttons, subevent_forms,
-             item_formsets, order_search_filter_q, order_search_forms
+             order_info, event_settings_widget, oauth_application_registered, order_position_buttons, nav_item
+
 
 .. automodule:: pretix.base.signals
    :members: logentry_display, logentry_object_link, requiredaction_display, timeline_events
@@ -67,25 +55,22 @@ Vouchers
 """"""""
 
 .. automodule:: pretix.control.signals
-   :members: item_forms, voucher_form_class, voucher_form_html, voucher_form_validation
+   :members: item_forms
+
+Vouchers
+""""""""
+
+.. automodule:: pretix.control.signals
+   :members: voucher_form_class, voucher_form_html, voucher_form_validation
 
 Dashboards
 """"""""""
 
 .. automodule:: pretix.control.signals
-   :members: event_dashboard_widgets, user_dashboard_widgets, event_dashboard_top
+   :members: event_dashboard_widgets, user_dashboard_widgets
 
 Ticket designs
 """"""""""""""
 
 .. automodule:: pretix.base.signals
-   :members: layout_text_variables, layout_image_variables
-
-.. automodule:: pretix.plugins.ticketoutputpdf.signals
-   :members: override_layout
-
-API
----
-
-.. automodule:: pretix.base.signals
-   :members: validate_event_settings, api_event_settings_fields
+   :members: layout_text_variables

doc/development/api/import.rst

@@ -1,112 +0,0 @@
-.. highlight:: python
-   :linenothreshold: 5
-
-.. _`importcol`:
-
-Extending the order import process
-==================================
-
-It's possible through the backend to import orders into pretix, for example from a legacy ticketing system. If your
-plugins defines additional data structures around orders, it might be useful to make it possible to import them as well.
-
-Import process
---------------
-
-Here's a short description of pretix' import process to show you where the system will need to interact with your plugin.
-You can find more detailed descriptions of the attributes and methods further below.
-
-1. The user uploads a CSV file. The system tries to parse the CSV file and understand its column headers.
-
-2. A preview of the file is shown to the user and the user is asked to assign the various different input parameters to
-   columns of the file or static values. For example, the user either needs to manually select a product or specify a
-   column that contains a product. For this purpose, a select field is rendered for every possible input column,
-   allowing the user to choose between a default/empty value (defined by your ``default_value``/``default_label``)
-   attributes, the columns of the uploaded file, or a static value (defined by your ``static_choices`` method).
-
-3. The user submits its assignment and the system uses the ``resolve`` method of all columns to get the raw value for
-   all columns.
-
-4. The system uses the ``clean`` method of all columns to verify that all input fields are valid and transformed to the
-   correct data type.
-
-5. The system prepares internal model objects (``Order`` etc) and uses the ``assign`` method of all columns to assign
-   these objects with actual values.
-
-6. The system saves all of these model objects to the database in a database transaction. Plugins can create additional
-   objects in this stage through their ``save`` method.
-
-Column registration
--------------------
-
-The import API does not make a lot of usage from signals, however, it
-does use a signal to get a list of all available import columns. Your plugin
-should listen for this signal and return the subclass of ``pretix.base.orderimport.ImportColumn``
-that we'll provide in this plugin:
-
-.. sourcecode:: python
-
-    from django.dispatch import receiver
-
-    from pretix.base.signals import order_import_columns
-
-
-    @receiver(order_import_columns, dispatch_uid="custom_columns")
-    def register_column(sender, **kwargs):
-        return [
-            EmailColumn(sender),
-        ]
-
-The column class API
---------------------
-
-.. class:: pretix.base.orderimport.ImportColumn
-
-   The central object of each import extension is the subclass of ``ImportColumn``.
-
-   .. py:attribute:: ImportColumn.event
-
-      The default constructor sets this property to the event we are currently
-      working for.
-
-   .. autoattribute:: identifier
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: verbose_name
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: default_value
-
-   .. autoattribute:: default_label
-
-   .. autoattribute:: initial
-
-   .. automethod:: static_choices
-
-   .. automethod:: resolve
-
-   .. automethod:: clean
-
-   .. automethod:: assign
-
-   .. automethod:: save
-
-Example
--------
-
-For example, the import column responsible for assigning email addresses looks like this:
-
-.. sourcecode:: python
-
-   class EmailColumn(ImportColumn):
-       identifier = 'email'
-       verbose_name = _('E-mail address')
-
-       def clean(self, value, previous_values):
-           if value:
-               EmailValidator()(value)
-           return value
-
-       def assign(self, value, order, position, invoice_address, **kwargs):
-           order.email = value

doc/development/api/index.rst

@@ -12,11 +12,8 @@ Contents:
    payment
    payment_2.0
    email
-   placeholder
    invoice
    shredder
-   import
    customview
-   auth
    general
    quality

doc/development/api/invoice.rst

@@ -15,9 +15,7 @@ Output registration
 The invoice renderer API does not make a lot of usage from signals, however, it
 does use a signal to get a list of all available invoice renderers. Your plugin
 should listen for this signal and return the subclass of ``pretix.base.invoice.BaseInvoiceRenderer``
-that we'll provide in this plugin:
-
-.. code-block:: python
+that we'll provide in this plugin::
 
     from django.dispatch import receiver
 

doc/development/api/payment.rst

@@ -19,9 +19,7 @@ Provider registration
 The payment provider API does not make a lot of usage from signals, however, it
 does use a signal to get a list of all available payment providers. Your plugin
 should listen for this signal and return the subclass of ``pretix.base.payment.BasePaymentProvider``
-that the plugin will provide:
-
-.. code-block:: python
+that the plugin will provide::
 
     from django.dispatch import receiver
 
@@ -64,8 +62,6 @@ The provider class
 
    .. autoattribute:: is_enabled
 
-   .. autoattribute:: priority
-
    .. autoattribute:: settings_form_fields
 
    .. automethod:: settings_form_clean
@@ -106,38 +102,20 @@ The provider class
 
    .. automethod:: payment_control_render
 
-   .. automethod:: payment_control_render_short
-
    .. automethod:: payment_refund_supported
 
    .. automethod:: payment_partial_refund_supported
 
-   .. automethod:: payment_presale_render
-
    .. automethod:: execute_refund
 
-   .. automethod:: refund_control_render
-
-   .. automethod:: new_refund_control_form_render
-
-   .. automethod:: new_refund_control_form_process
-
-   .. automethod:: api_payment_details
-
-   .. automethod:: matching_id
-
    .. automethod:: shred_payment_info
 
-   .. automethod:: cancel_payment
-
    .. autoattribute:: is_implicit
 
    .. autoattribute:: is_meta
 
    .. autoattribute:: test_mode_message
 
-   .. autoattribute:: requires_invoice_immediately
-
 
 Additional views
 ----------------
@@ -150,9 +128,7 @@ it is necessary to introduce additional views. One example is the PayPal
 provider. It redirects the user to a PayPal website in the
 :py:meth:`BasePaymentProvider.checkout_prepare` step of the checkout process
 and provides PayPal with a URL to redirect back to. This URL points to a
-view which looks roughly like this:
-
-.. code-block:: python
+view which looks roughly like this::
 
     @login_required
     def success(request):

doc/development/api/placeholder.rst

@@ -1,83 +0,0 @@
-.. highlight:: python
-   :linenothreshold: 5
-
-Writing an e-mail placeholder plugin
-====================================
-
-An email placeholder is a dynamic value that pretix users can use in their email templates.
-
-Please read :ref:`Creating a plugin <pluginsetup>` first, if you haven't already.
-
-Placeholder registration
-------------------------
-
-The placeholder API does not make a lot of usage from signals, however, it
-does use a signal to get a list of all available email placeholders. Your plugin
-should listen for this signal and return an instance of a subclass of ``pretix.base.email.BaseMailTextPlaceholder``:
-
-.. code-block:: python
-
-    from django.dispatch import receiver
-
-    from pretix.base.signals import register_mail_placeholders
-
-
-    @receiver(register_mail_placeholders, dispatch_uid="placeholder_custom")
-    def register_mail_renderers(sender, **kwargs):
-        from .email import MyPlaceholderClass
-        return MyPlaceholder()
-
-
-Context mechanism
------------------
-
-Emails are sent in different "contexts" within pretix. For example, many emails are sent in the
-the context of an order, but some are not, such as the notification of a waiting list voucher.
-
-Not all placeholders make sense in every email, and placeholders usually depend some parameters
-themselves, such as the ``Order`` object. Therefore, placeholders are expected to explicitly declare
-what values they depend on and they will only be available in an email if all those dependencies are
-met. Currently, placeholders can depend on the following context parameters:
-
-* ``event``
-* ``order``
-* ``position``
-* ``waiting_list_entry``
-* ``invoice_address``
-* ``payment``
-
-There are a few more that are only to be used internally but not by plugins.
-
-The placeholder class
----------------------
-
-.. class:: pretix.base.email.BaseMailTextPlaceholder
-
-   .. autoattribute:: identifier
-
-      This is an abstract attribute, you **must** override this!
-
-   .. autoattribute:: required_context
-
-      This is an abstract attribute, you **must** override this!
-
-   .. automethod:: render
-
-      This is an abstract method, you **must** implement this!
-
-   .. automethod:: render_sample
-
-      This is an abstract method, you **must** implement this!
-
-Helper class for simple placeholders
-------------------------------------
-
-pretix ships with a helper class that makes it easy to provide placeholders based on simple
-functions:
-
-.. code-block:: python
-
-     placeholder = SimpleFunctionalMailTextPlaceholder(
-         'code', ['order'], lambda order: order.code, sample='F8VVL'
-     )
-

doc/development/api/plugins.rst

@@ -46,24 +46,19 @@ name               string               The human-readable name of your plugin
 author             string               Your name
 version            string               A human-readable version code of your plugin
 description        string               A more verbose description of what your plugin does.
-category           string               Category of a plugin. Either one of ``"FEATURE"``, ``"PAYMENT"``,
-                                        ``"INTEGRATION"``, ``"CUSTOMIZATION"``, ``"FORMAT"``, or ``"API"``,
-                                        or any other string.
 visible            boolean (optional)   ``True`` by default, can hide a plugin so it cannot be normally activated.
 restricted         boolean (optional)   ``False`` by default, restricts a plugin such that it can only be enabled
                                         for an event by system administrators / superusers.
 compatibility      string               Specifier for compatible pretix versions.
 ================== ==================== ===========================================================
 
-A working example would be:
-
-.. code-block:: python
+A working example would be::
 
     try:
         from pretix.base.plugins import PluginConfig
     except ImportError:
         raise RuntimeError("Please use pretix 2.7 or above to run this plugin!")
-    from django.utils.translation import gettext_lazy as _
+    from django.utils.translation import ugettext_lazy as _
 
 
     class PaypalApp(PluginConfig):
@@ -74,7 +69,6 @@ A working example would be:
             name = _("PayPal")
             author = _("the pretix team")
             version = '1.0.0'
-            category = 'PAYMENT
             visible = True
             restricted = False
             description = _("This plugin allows you to receive payments via PayPal")
@@ -83,7 +77,7 @@ A working example would be:
 
     default_app_config = 'pretix_paypal.PaypalApp'
 
-The ``AppConfig`` class may implement a property ``compatibility_errors``, that checks
+The ``AppConfig`` class may implement a property ``compatiblity_errors``, that checks
 whether the pretix installation meets all requirements of the plugin. If so,
 it should contain ``None`` or an empty list, otherwise a list of strings containing
 human-readable error messages. We recommend using the ``django.utils.functional.cached_property``
@@ -98,9 +92,7 @@ Plugin registration
 
 Somehow, pretix needs to know that your plugin exists at all. For this purpose, we
 make use of the `entry point`_ feature of setuptools. To register a plugin that lives
-in a separate python package, your ``setup.py`` should contain something like this:
-
-.. code-block:: python
+in a separate python package, your ``setup.py`` should contain something like this::
 
     setup(
         args...,
@@ -122,9 +114,7 @@ The various components of pretix define a number of signals which your plugin ca
 listen for. We will go into the details of the different signals in the following
 pages. We suggest that you put your signal receivers into a ``signals`` submodule
 of your plugin. You should extend your ``AppConfig`` (see above) by the following
-method to make your receivers available:
-
-.. code-block:: python
+method to make your receivers available::
 
     class PaypalApp(AppConfig):
         …
@@ -133,9 +123,7 @@ method to make your receivers available:
             from . import signals  # NOQA
 
 You can optionally specify code that is executed when your plugin is activated for an event
-in the ``installed`` method:
-
-.. code-block:: python
+in the ``installed`` method::
 
     class PaypalApp(AppConfig):
         …
@@ -144,7 +132,7 @@ in the ``installed`` method:
             pass  # Your code here
 
 
-Note that ``installed`` will *not* be called if the plugin is indirectly activated for an event
+Note that ``installed`` will *not* be called if the plugin in indirectly activated for an event
 because the event is created with settings copied from another event.
 
 Views
@@ -159,8 +147,8 @@ your Django app label.
    with checking that the calling user is logged in, has appropriate permissions,
    etc. We plan on providing native support for this in a later version.
 
-.. _Django app: https://docs.djangoproject.com/en/3.0/ref/applications/
-.. _signal dispatcher: https://docs.djangoproject.com/en/3.0/topics/signals/
-.. _namespace packages: https://legacy.python.org/dev/peps/pep-0420/
+.. _Django app: https://docs.djangoproject.com/en/1.7/ref/applications/
+.. _signal dispatcher: https://docs.djangoproject.com/en/1.7/topics/signals/
+.. _namespace packages: http://legacy.python.org/dev/peps/pep-0420/
 .. _entry point: https://setuptools.readthedocs.io/en/latest/pkg_resources.html#locating-plugins
 .. _cookiecutter: https://cookiecutter.readthedocs.io/en/latest/

doc/development/api/shredder.rst

@@ -35,9 +35,9 @@ The shredder class
 
 .. class:: pretix.base.shredder.BaseDataShredder
 
-   The central object of each data shredder is the subclass of ``BaseDataShredder``.
+   The central object of each invoice renderer is the subclass of ``BaseInvoiceRenderer``.
 
-   .. py:attribute:: BaseDataShredder.event
+   .. py:attribute:: BaseInvoiceRenderer.event
 
       The default constructor sets this property to the event we are currently
       working for.
@@ -74,7 +74,7 @@ looks like this:
 
         def generate_files(self) -> List[Tuple[str, str, str]]:
             yield 'invoice-addresses.json', 'application/json', json.dumps({
-                ia.order.code: InvoiceAddressSerializer(ia).data
+                ia.order.code: InvoiceAdddressSerializer(ia).data
                 for ia in InvoiceAddress.objects.filter(order__event=self.event)
             }, indent=4)
 

doc/development/api/ticketoutput.rst

@@ -17,9 +17,7 @@ Output registration
 The ticket output API does not make a lot of usage from signals, however, it
 does use a signal to get a list of all available ticket outputs. Your plugin
 should listen for this signal and return the subclass of ``pretix.base.ticketoutput.BaseTicketOutput``
-that we'll provide in this plugin:
-
-.. code-block:: python
+that we'll provide in this plugin::
 
     from django.dispatch import receiver
 
@@ -71,13 +69,3 @@ The output class
    .. automethod:: generate_order
 
    .. autoattribute:: download_button_text
-
-   .. autoattribute:: download_button_icon
-
-   .. autoattribute:: multi_download_button_text
-
-   .. autoattribute:: long_download_button_text
-
-   .. autoattribute:: preview_allowed
-
-   .. autoattribute:: javascript_required

doc/development/concepts.rst

@@ -82,15 +82,11 @@ Orders
 ^^^^^^
 
 If a customer completes the checkout process, an **Order** will be created containing all the entered information.
-An order can be in one of currently six states that are listed in the diagram below:
+An order can be in one of currently four states that are listed in the diagram below:
 
 .. image:: /images/order_states.png
 
-The dotted lines represent status changes that usually do not happen as part of the regular process, but can be
-performed manually in the admin backend.
-
-For historical reasons, there are only four valid values of the ``status`` field, and the two additional states are
-represented differently:
+There are additional "fake" states that are displayed like states but not represented as states in the system:
 
 * An order is considered **canceled (with paid fee)** if it is in **paid** status but does not include any non-cancelled positions.
 

doc/development/contribution/style.rst

@@ -7,7 +7,7 @@ Coding style and quality
   for more information. Use four spaces for indentation.
 
 * We sort our imports by a certain schema, but you don't have to do this by hand. Again, ``setup.cfg`` contains
-  some definitions that allow the command ``isort <directory>`` to automatically sort the imports in your source
+  some definitions that allow the command ``isort -rc <directory>`` to automatically sort the imports in your source
   files.
 
 * For templates and models, please take a look at the `Django Coding Style`_. We like Django's `class-based views`_ and
@@ -18,7 +18,7 @@ Coding style and quality
 * We expect all new code to come with proper tests. When writing new tests, please write them using `pytest-style`_
   test functions and raw ``assert`` statements. Use `fixtures`_ to prevent repetitive code. Some old parts of pretix'
   test suite are in the style of Python's unit test module. If you extend those files, you might continue in this style,
-  but please use ``pytest`` style for any new test files.
+  but please use pytest style for any new test files.
 
 * Please keep the first line of your commit messages short. When referencing an issue, please phrase it like
   ``Fix #123 -- Problems with order creation`` or ``Refs #123 -- Fix this part of that bug``.

doc/development/implementation/background.rst

@@ -12,9 +12,7 @@ Implementing a task
 -------------------
 
 A common pattern for implementing asynchronous tasks can be seen a lot in ``pretix.base.services``
-and looks like this:
-
-.. code-block:: python
+and looks like this::
 
     from pretix.celery_app import app
 
@@ -36,15 +34,13 @@ If your user needs to wait for the response of the asynchronous task, there are
 that will probably move to ``pretix.base`` at some point. They consist of the view mixin ``AsyncAction`` that allows
 you to easily write a view that kicks off and waits for an asynchronous task. ``AsyncAction`` will determine whether
 to run the task asynchronously or not and will do some magic to look nice for users with and without JavaScript support.
-A usage example taken directly from the code is:
-
-.. code-block:: python
+A usage example taken directly from the code is::
 
     class OrderCancelDo(EventViewMixin, OrderDetailMixin, AsyncAction, View):
         """
         A view that executes a task asynchronously. A POST request will kick off the
         task into the background or run it in the foreground if celery is not installed.
-        In the former case, subsequent GET calls can be used to determine the current
+        In the former case, subsequent GET calls can be used to determinine the current
         status of the task.
         """
 
@@ -83,9 +79,7 @@ A usage example taken directly from the code is:
             return super().get_error_message(exception)
 
 On the client side, this can be used by simply adding a ``data-asynctask`` attribute to an HTML form. This will enable
-AJAX sending of the form and display a loading indicator:
-
-.. code-block:: html
+AJAX sending of the form and display a loading indicator::
 
     <form method="post" data-asynctask
           action="{% eventurl request.event "presale:event.order.cancel.do" … %}">

doc/development/implementation/i18n.rst

@@ -27,9 +27,7 @@ numbers and dates, ``LazyDate`` and ``LazyNumber``. There also is a ``LazyLocale
 exceptions with gettext-localized exception messages.
 
 Last, but definitely not least, we have the ``language`` context manager (``pretix.base.i18n.language``) that allows
-you to execute a piece of code with a different locale:
-
-.. code-block:: python
+you to execute a piece of code with a different locale::
 
     with language('de'):
         render_mail_template()

doc/development/implementation/logging.rst

@@ -16,9 +16,7 @@ We recommend all relevant models to inherit from ``LoggedModel`` as it simplifie
 .. autoclass:: pretix.base.models.LoggedModel
    :members: log_action, all_logentries
 
-To actually log an action, you can just call the ``log_action`` method on your object:
-
-.. code-block:: python
+To actually log an action, you can just call the ``log_action`` method on your object::
 
    order.log_action('pretix.event.order.canceled', user=user, data={})
 
@@ -31,9 +29,7 @@ Logging form actions
 """"""""""""""""""""
 
 A very common use case is to log the changes to a model that have been done in a ``ModelForm``. In this case,
-we generally use a custom ``form_valid`` method on our ``FormView`` that looks like this:
-
-.. code-block:: python
+we generally use a custom ``form_valid`` method on our ``FormView`` that looks like this::
 
     @transaction.atomic
     def form_valid(self, form):
@@ -44,9 +40,7 @@ we generally use a custom ``form_valid`` method on our ``FormView`` that looks l
         messages.success(self.request, _('Your changes have been saved.'))
         return super().form_valid(form)
 
-It gets a little bit more complicated if your form allows file uploads:
-
-.. code-block:: python
+It gets a little bit more complicated if your form allows file uploads::
 
     @transaction.atomic
     def form_valid(self, form):
@@ -73,11 +67,9 @@ following ready-to-include template::
 
 We now need a way to translate the action codes like ``pretix.event.changed`` into human-readable
 strings. The :py:attr:`pretix.base.signals.logentry_display` signals allows you to do so. A simple
-implementation could look like:
+implementation could look like::
 
-.. code-block:: python
-
-    from django.utils.translation import gettext as _
+    from django.utils.translation import ugettext as _
     from pretix.base.signals import logentry_display
 
     @receiver(signal=logentry_display)
@@ -96,9 +88,7 @@ Sending notifications
 
 If you think that the logged information might be important or urgent enough to send out a notification to interested
 organizers. In this case, you should listen for the :py:attr:`pretix.base.signals.register_notification_types` signal
-to register a notification type:
-
-.. code-block:: python
+to register a notification type::
 
     @receiver(register_notification_types)
     def register_my_notification_types(sender, **kwargs):
@@ -113,9 +103,7 @@ You should subclass the base ``NotificationType`` class and implement all its me
 .. autoclass:: pretix.base.notifications.NotificationType
    :members: action_type, verbose_name, required_permission, build_notification
 
-A simple implementation could look like this:
-
-.. code-block:: python
+A simple implementation could look like this::
 
     class MyNotificationType(NotificationType):
         required_permission = "can_view_orders"
@@ -155,9 +143,7 @@ Logging technical information
 -----------------------------
 
 If you just want to log technical information to a log file on disk that does not need to be parsed
-and displayed later, you can just use Python's ``logging`` module:
-
-.. code-block:: python
+and displayed later, you can just use Python's ``logging`` module::
 
    import logging
 
@@ -165,9 +151,7 @@ and displayed later, you can just use Python's ``logging`` module:
 
    logger.info('Startup complete.')
 
-This is also very useful to provide debugging information when an exception occurs:
-
-.. code-block:: python
+This is also very useful to provide debugging information when an exception occurs::
 
    try:
       foo()

doc/development/implementation/permissions.rst

@@ -15,9 +15,7 @@ Requiring permissions for a view
 --------------------------------
 
 pretix provides a number of useful mixins and decorators that allow you to specify that a user needs a certain
-permission level to access a view:
-
-.. code-block:: python
+permission level to access a view::
 
     from pretix.control.permissions import (
         OrganizerPermissionRequiredMixin, organizer_permission_required
@@ -46,9 +44,7 @@ permission level to access a view:
         # Only users with *any* permission on this organizer can access this
 
 
-Of course, the same is available on event level:
-
-.. code-block:: python
+Of course, the same is available on event level::
 
     from pretix.control.permissions import (
         EventPermissionRequiredMixin, event_permission_required
@@ -77,9 +73,7 @@ Of course, the same is available on event level:
         # Only users with *any* permission on this event can access this
 
 You can also require that this view is only accessible by system administrators with an active "admin session"
-(see below for what this means):
-
-.. code-block:: python
+(see below for what this means)::
 
     from pretix.control.permissions import (
         AdministratorPermissionRequiredMixin, administrator_permission_required
@@ -95,9 +89,7 @@ You can also require that this view is only accessible by system administrators
         # ...
 
 In rare cases it might also be useful to expose a feature only to people who have a staff account but do not
-necessarily have an active admin session:
-
-.. code-block:: python
+necessarily have an active admin session::
 
     from pretix.control.permissions import (
         StaffMemberRequiredMixin, staff_member_required

doc/development/implementation/settings.rst

@@ -39,9 +39,7 @@ subclass that also adds support for internationalized fields:
 
 .. autoclass:: pretix.base.forms.SettingsForm
 
-You can simply use it like this:
-
-.. code-block:: python
+You can simply use it like this::
 
    class EventSettingsForm(SettingsForm):
        show_date_to = forms.BooleanField(
@@ -58,9 +56,7 @@ You can simply use it like this:
 Defaults in plugins
 -------------------
 
-Plugins can add custom hardcoded defaults in the following way:
-
-.. code-block:: python
+Plugins can add custom hardcoded defaults in the following way::
 
     from pretix.base.settings import settings_hierarkey
 

doc/development/setup.rst

@@ -65,11 +65,9 @@ Then, create the local database::
     python manage.py migrate
 
 A first user with username ``admin@localhost`` and password ``admin`` will be automatically
-created.
+created. If you want to generate more test data, run::
 
-You will also need to install a few JavaScript dependencies::
-
-    make npminstall
+    python make_testdata.py
 
 If you want to see pretix in a different language than English, you have to compile our language
 files::
@@ -85,7 +83,8 @@ To run the local development webserver, execute::
 and head to http://localhost:8000/
 
 As we did not implement an overall front page yet, you need to go directly to
-http://localhost:8000/control/ for the admin view.
+http://localhost:8000/control/ for the admin view or, if you imported the test
+data as suggested above, to the event page at http://localhost:8000/bigevents/2019/
 
 .. note:: If you want the development server to listen on a different interface or
           port (for example because you develop on `pretixdroid`_), you can check
@@ -102,7 +101,7 @@ pull request nevertheless and ask us for help, we are happy to assist you.
 Execute the following commands to check for code style errors::
 
     flake8 .
-    isort -c .
+    isort -c -rc .
     python manage.py check
 
 Execute the following command to run pretix' test suite (might take a couple of minutes)::
@@ -121,11 +120,11 @@ for example, to check for any errors in any staged files when committing::
     export GIT_WORK_TREE=../
     export GIT_DIR=../.git
     source ../env/bin/activate  # Adjust to however you activate your virtual environment
-    for file in $(git diff --cached --name-only | grep -E '\.py$' | grep -Ev "migrations|mt940\.py|pretix/settings\.py|make_testdata\.py|testutils/settings\.py|tests/settings\.py|pretix/base/models/__init__\.py|.*_pb2\.py")
+    for file in $(git diff --cached --name-only | grep -E '\.py$' | grep -Ev "migrations|mt940\.py|pretix/settings\.py|make_testdata\.py|testutils/settings\.py|tests/settings\.py|pretix/base/models/__init__\.py")
     do
       echo $file
       git show ":$file" | flake8 - --stdin-display-name="$file" || exit 1 # we only want to lint the staged changes, not any un-staged changes
-      git show ":$file" | isort -c - | grep ERROR && exit 1 || true
+      git show ":$file" | isort -df --check-only - | grep ERROR && exit 1 || true
     done
 
 

doc/images/order_objects.puml

@@ -1,34 +0,0 @@
-@startuml
-
-participant User
-collections "OrderPayment\nOrderRefund" as P
-collections "Order\nOrderPosition" as O
-collections "Invoice\nInvoiceLine" as I
-
-User -> O: Order placed (€100)
-rnote over O #6DD96D: Order A1B2C\nstatus = **n**\ntotal = €100
-O -> P: Payment created
-O -> I: Invoice created\n(can also happen later)
-rnote over I #6DD96D: Invoice 00001\n€100
-rnote over P #6DD96D: OrderPayment A1B2C-P-1\nstate = **created**
-P -> User: Payment details (web, email)
-User -> P: Payment performed
-rnote over P #EFF46B: OrderPayment A1B2C-P-1\nstate = **confirmed**
-P -> O: Order marked as paid
-rnote over O #EFF46B: Order A1B2C\nstatus = **p**\ntotal = €100
-User -> O: Data change (e.g. invoice address)
-O -> I: Invoice reissued
-rnote over I #6DD96D: Invoice 00002\n€-100
-rnote over I #6DD96D: Invoice 00003\n€100
-rnote over O #EFF46B: Order A1B2C\nstatus = **p**\ntotal = €100
-User -> O: Order canceled
-rnote over O #EFF46B: Order A1B2C\nstatus = **c**
-O -> I: Invoice canceled
-rnote over I #6DD96D: Invoice 00004\n€-100
-O -> P: Refund started
-rnote over P #6DD96D: OrderRefund\nA1B2C-R-1\nstate = **created**
-P -> User: Money sent
-rnote over P #EFF46B: OrderRefund\nA1B2C-R-1\nstate = **done**
-
-@enduml
-

doc/images/order_states.puml

@@ -1,39 +1,19 @@
 @startuml
 
-state "Approval Pending" as AP
-state "Canceled (with paid fee)" as CP
-AP: status = "n"
-AP: require_approval = true
-Pending: status = "n"
-Pending: require_approval = false
-Pending: Tickets reserved: yes
-Expired: status = "e"
-Expired: Tickets reserved: no
-Paid: status = "p"
-Paid: count(positions | !canceled) > 0
-Paid: Tickets reserved: yes
-CP: status = "p"
-CP: count(positions | !canceled) = 0
-Canceled: status = "c"
-Canceled: Tickets reserved: no
+Pending: Order is expecting payment\nOrder reduces quotas
+Expired: Payment period is over\nOrder does not affect quotas
+Paid: Order was successful\nOrder reduces quotas
+Canceled: Order has been canceled\nOrder does not affect quotas
 
-
-[*] -> Pending: order placed\ntotal > 0
-[*] -> Paid: order placed\ntotal = 0
-[*] -> AP: order placed\napproval required
-Pending --> Paid: order paid
-Pending --> Expired: after payment\ndeadline
-Expired --> Paid: order paid\n(only if quota left)
-Expired -[dashed]-> Canceled
-Expired -[dashed]-> Pending: order extended
-Paid --> Canceled: order canceled
-Pending --> Canceled: order canceled
-Paid -[dashed]-> Pending: refund
-AP --> Pending: order approved
-AP --> Canceled: order denied
-Paid --> CP: order canceled\n(with cancellation fee)
-Canceled -[dashed]-> Pending: order reactivated
-Canceled -[dashed]-> Paid: order reactivated
-CP -[dashed]-> Canceled: fee canceled
+[*] --> Pending: customer\nplaces order
+Pending --> Paid: successful payment
+Pending --> Expired: automatically\nor manually\non admin action
+Expired --> Paid: if payment is received\nonly if quota left
+Expired --> Canceled
+Expired --> Pending: manually\non admin action
+Paid --> Canceled: manually on\nadmin action\nor if an external\npayment provider\nnotifies about a\npayment refund
+Pending --> Canceled: on admin or\ncustomer action
+Paid -> Pending: manually on admin action
+[*] --> Paid: customer\nplaces free order
 
 @enduml

doc/index.rst

@@ -1 +1,12 @@
-.. include:: contents.rst
+Table of contents
+=================
+
+.. toctree::
+   :maxdepth: 3
+
+   user/index
+   admin/index
+   api/index
+   development/index
+   plugins/index
+

doc/license/faq.rst

@@ -1,177 +0,0 @@
-.. spelling::
-
-   AGPL
-   AGPLv3
-   GPL
-   LGPL
-   Apache
-   BSD
-   MIT
-   CLA
-   django
-   i18nfields
-   hierarkey
-   rami.io
-   rami
-   io
-   GmbH
-
-License FAQ
-===========
-
-.. warning::
-
-   This FAQ tries to explain in simpler terms what the license of the pretix open source project does and does not
-   allow. It is based on our interpretation of the license and is not legal advice. The contents of this page are not
-   legally binding, only the original text of the license in the `license file`_ is legally binding.
-
-How is pretix licensed?
------------------------
-
-pretix follows the popular dual licensing model. It is available under the `GNU Affero General Public License 3`_ (AGPL)
-plus some additional terms, as well as under a proprietary license ("pretix Enterprise license") on request.
-
-How can it be AGPL if there are additional terms?
--------------------------------------------------
-
-Even though it is fairly unknown, the AGPL's section 7 is titled "Additional Terms" and outlines specific conditions
-under which additional terms can be imposed on an AGPL-licensed work. In our case, we add three additional terms.
-
-The first additional term for pretix is an additional **permission**. It allows you to do something that the AGPL would
-generally not allow. As it doesn't restrict your freedoms granted by AGPL, if you don't like it, you can ignore it, and
-if you distribute pretix further, you can remove it.
-
-The second and third additional term for pretix are additional terms that restrict or specify other provisions of the
-license. AGPL specifically requires that these terms can only restrict or specify very specific things and we believe
-our additional terms are in compliance with that and are thus valid and may not be removed.
-
-Why did you choose this license model?
---------------------------------------
-
-pretix was born in the open source community and we're deeply committed to building the best open source ticketing
-solution in the world. It is important to us that pretix is available with a comprehensive feature set under term that
-are compatible with the `Open Source Definition`_. This enables event organizers from all industries and regions
-to have access to a self-hosted, privacy-friendly and secure option to host their events.
-
-However, developing and maintaining pretix is a lot of work. Between 2014 and 2021, we've received external
-contributions from more than 150 individuals. Not counting translations over 90 % of the development was
-done by staff engineers of rami.io GmbH, the company that started pretix. While we're very happy to receive many more
-contributions in the future, we also want to ensure that we continue to be able to pay people working on pretix
-full-time.
-
-We believe our model creates a good balance between ensuring pretix is available freely as well as protecting our
-business interests. Unlike licenses chosen by other projects recently, such as the Server-Side Public License, our
-choice does not restrict using pretix for any possible use case, it just sets a few rules that you have to play by
-if you do.
-
-What do I need to do if I use pretix unmodified?
-------------------------------------------------
-
-If you use pretix without any modifications or plugins, you can use it for whatever you want, as long as you keep
-all copyright notices (including the link to pretix at the bottom of the site) intact.
-
-You are also allowed to make copies of the unmodified source code and distribute them to others as long as you keep
-all copyright and license information intact.
-
-If you install **plugins**, you must follow the same terms as when using a **modified** version (see below).
-
-What do I need to do if I modify pretix?
-----------------------------------------
-
-If you want to modify pretix, you have the right to do so. However, you need to follow the following rules:
-
-* If you **run it for your own events** (events run by you or your company as well as companies from the same
-  corporate groups) our additional permission allows you to do so **without needing to share your source code
-  modifications** as long as you keep the link to pretix at the bottom of the site intact.
-
-* If you **run it for others**, for example as part of a Software-as-a-Service offering or a managed hosting service
-  you **must** make the source code **including all your modifications and all installed plugins** available under the
-  same license as pretix to every visitor of your site. You need to do so in a prominent place such as a link at the bottom of the
-  site. You also **must** keep the existing link intact.
-  You **may not** add additional restrictions on the result as a whole. You **may** add additional permissions, but
-  only on the parts you added. You **must** make clear which changes you made and you must not give the impression that
-  your modified version is an official version of pretix.
-
-* If you **distribute** the modified version, for example as a source code or software package, you **must** license it
-  under the AGPL license with the same additional terms. You **may not** add additional restrictions on the result as a
-  whole. You **may** add additional permissions, but only on the parts you added. You **must** make clear which changes
-  you made and you must not give the impression that your modified version is an official version of pretix.
-
-Does the AGPL copyleft mechanism extend to plugins?
----------------------------------------------------
-
-Yes. pretix plugins are tightly integrated with pretix, so when running pretix together with a plugin in the same
-environment they form a `combined work`_ and the copyleft mechanism of AGPL applies.
-
-Can I create proprietary or secret plugins?
--------------------------------------------
-
-Yes, you can create a proprietary or secret plugin, but it may only ever be **used** in an environment that is covered
-by the additional permission from our license. As soon as the plugin is installed in an installation that is not covered
-by our additional permission (e.g. when it is used in a SaaS environment) or covered by an active pretix Enterprise
-license it **must** be released to the visitors of the site under the same license as pretix (like a modified version
-of pretix).
-
-What licenses can plugins use?
-------------------------------
-
-Technically, you can distribute a plugin under any free or proprietary license as long as it is distributed separately.
-However, once it is either **distributed together with pretix or used in an environment not covered by our
-additional permission** or an active pretix Enterprise license, you **must** release it to all recipients of the
-distribution or all visitors of your site under the same license as pretix (like a modified version of pretix).
-
-If you release a plugin publicly, it is therefore most practical to use a license that is `compatible to AGPL`_.
-This includes most open source licenses such as AGPL, GPL, Apache, 3-clause BSD or MIT.
-
-Note however that when you license a plugin with pure AGPL, it will be incompatible with our additional permission.
-Therefore, if you want to use an AGPL-licensed plugin, you'll need to publish the source code of **all** your plugins
-under AGPL terms **even if you only use it for your own events**. A plugin would add its `own additional permission`_
-to its license to allow combining it with pretix for this use case.
-
-To make things less complicated, if you want to distribute a plugin freely, we therefore recommend distributing the
-plugin under **Apache License 2.0**, like we do for most plugins we distribute as open source.
-
-What do I need to do if I want to contribute my changes back?
--------------------------------------------------------------
-
-In order to retain the possibility for us to offer pretix in a dual licensing model, we unfortunately need you to sign
-a Contributor License Agreement (CLA) that gives us permission to use your contribution in all present and future
-distributions of pretix. We know the bureaucracy sucks. Sorry.
-
-What if I want to re-use a minor part of pretix in my project?
---------------------------------------------------------------
-
-This is the main part we dislike about AGPL: If you see a specific thing in pretix that you'd like to use in another
-project, you'll need to distribute your other project under AGPL terms as well which is often not practical.
-
-In this case, feel free to get in touch with us! We're happy to grant you special permission or pull the component
-out into a separately, permissively licensed repository. We already did that with `django-hierarkey`_ and
-`django-i18nfield`_ which have previously been parts of pretix.
-
-What can I use the name "pretix" for?
--------------------------------------
-
-The name pretix is a registered trademark by rami.io GmbH.
-
-* You **may** use it to **indicate copyright**, such as in the "powered by pretix" or "based on pretix" line, or when
-  indicating that a distribution is based on pretix.
-
-* You **may** use it to **indicate compatibility**, for example you are allowed to name your plugin "<name> for pretix"
-  or you may state that an external service is compatible with pretix.
-
-* You **may not** give the impression that your modified version, plugin or compatible service is official or authorized
-  by rami.io GmbH or pretix unless we specifically allowed you to do so.
-
-* You **may not** use it to name your modified version of pretix. End-users must be able to easily identify whether
-  a version of pretix is distributed by us.
-
-* You **may not** use any variations of the name, such as "MyPretix".
-
-.. _license file: https://github.com/pretix/pretix/blob/master/LICENSE
-.. _GNU Affero General Public License 3: https://www.gnu.org/licenses/agpl-3.0.en.html
-.. _compatible to AGPL: https://www.gnu.org/licenses/license-list.en.html#GPLCompatibleLicenses
-.. _Open Source Definition: https://opensource.org/osd
-.. _combined work: https://www.gnu.org/licenses/gpl-faq.html#GPLPlugins
-.. _own additional permission: https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
-.. _django-hierarkey: https://github.com/raphaelm/django-hierarkey
-.. _django-i18nfield: https://github.com/raphaelm/django-i18nfield

doc/plugins/badges.rst

@@ -22,6 +22,10 @@ item_assignments                      list of objects            Products this l
 └ item                                integer                    Item ID
 ===================================== ========================== =======================================================
 
+.. versionchanged:: 1.16
+
+   This resource has been added.
+
 
 Endpoints
 ---------

doc/plugins/banktransfer.rst

@@ -34,8 +34,6 @@ transactions                          list of objects            Transactions in
 ├ payer                               string                     Payment source
 ├ reference                           string                     Payment reference
 ├ amount                              string                     Payment amount
-├ iban                                string                     Payment IBAN
-├ bic                                 string                     Payment BIC
 ├ date                                string                     Payment date (in **user-inputted** format)
 ├ order                               string                     Associated order code (or ``null``)
 └ comment                             string                     Internal comment
@@ -85,8 +83,6 @@ Endpoints
                 "date": "26.06.2017",
                 "payer": "John Doe",
                 "order": null,
-                "iban": "",
-                "bic": "",
                 "checksum": "5de03a601644dfa63420dacfd285565f8375a8f2",
                 "reference": "GUTSCHRIFT\r\nSAMPLECONF-NAB12 EREF: SAMPLECONF-NAB12\r\nIBAN: DE1234556…",
                 "state": "nomatch",
@@ -136,8 +132,6 @@ Endpoints
             "comment": "",
             "date": "26.06.2017",
             "payer": "John Doe",
-            "iban": "",
-            "bic": "",
             "order": null,
             "checksum": "5de03a601644dfa63420dacfd285565f8375a8f2",
             "reference": "GUTSCHRIFT\r\nSAMPLECONF-NAB12 EREF: SAMPLECONF-NAB12\r\nIBAN: DE1234556…",