* Add option to restrict anonymous access to order URLs
By default, users who place orders while logged in can still access
their order URLs without authentication. This raises potential
security risks, particularly if order confirmation emails are
forwarded.
This commit introduces an organiser-level setting to disable anonymous
access for such orders. When enabled, unauthenticated attempts to access
URLs starting with `/order/`, which are intended for the customer, are
redirected to the login page. Upon successful authentication, the user
is redirected back to the original order URL.
It is important to note that this change does not impact routes intended
for attendees (e.g., `/ticket/*`), which remain accessible without
authentication.
* Change name of setting for future clarity
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Update message wording
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Eliminate database query
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Rename feature flag to fix breaking tests
* Refactor order access verification code into `OrderDetailsMixin`
* Add test for logged-in customer accessing another customer's order
* Refactor order access conditions to remove nesting
* Handle case where customer is not yet verified
* Add additional information to help message
* Fix multidomain issue
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Merge order/position variants into single tests
* Add docstring explaining return type of `order` property
* Apply suggestion from @raphaelm
* Fix indentation
---------
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
Co-authored-by: Raphael Michel <michel@rami.io>
* Fix not allowing program times on event series (API/copy)
* Return 400 when reading endpoint in event series
* add docs program times not available on event series
* fix isort
* Add program times for items
* Fix frontend date validation
* Add ical data for program times [wip]
* Improve ical data for program times
* Remove duplicate code and add comments
* Adjust migration
* Remove program times form for event series
* Add pdf placeholder [wip]
* Improve explanation text with suggestion
Co-authored-by: Raphael Michel <michel@pretix.eu>
* Fix import sorting
* Improve ical generation
* Improve ical entry description
* Fix migration
* Add copyability for program times fot items and events
* Update migration
* Add API endpoints/functions, fix isort
* Improve variable name
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Remove todo comment
* Add documentation, Change endpoint name
* Change related name
* Remove unnecessary code block
* Add program times to item API
* Fix imports
* Add log text
* Use daterange helper
* Add and update API tests
* Add another API test
* Add program times to cloning tests
* Update query count because of program times query
* Invalidate cached tickets on program time changes
* Reduce invalidation calls
* Update migration after rebase
* Apply improvements to invalidation from review
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* remove unneccessary attr=item param
* remove unnecessary kwargs for formset_factory
* fix local var name being overwritten in for-loop
* fix empty formset being saved
* Use subevent if available
* make code less verbose
* remove double event-label in ical desc
* fix unnecessary var re-assign
* fix ev vs p.subevent
---------
Co-authored-by: Raphael Michel <michel@pretix.eu>
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Allow to round taxes on order-level
* Rename get_cart_total
* Persist rounding mode with order
* Add general docs
* Order creation API
* Update fee algorithm
* Rounding on payment method change
* Round when splitting order
* Fix failing tests
* Add settings page
* Add tests
* Replace algorithm
* Add test case for currency rounding
* Improve order change
* Update flowchart
* Update discount logic (more hypothetical, we don't store rounding on cart positions atm)
* Rename internal method
* Fix typo
* Update help text
* Apply suggestions from code review
Co-authored-by: luelista <weller@rami.io>
* Order rounding refactor (#5571)
* Add RoundingCorrectionMixin providing before-rounding-values as properties
* Use gross_price_before_rounding in more places
* Update doc/development/algorithms/pricing.rst
Co-authored-by: Martin Gross <gross@rami.io>
* Allow to override on perform_order
* Rebase migration
* Fix event cancellation
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Martin Gross <gross@rami.io>
* datasync: add immediate parameter to enqueue_order
* interactive argument for order_placed signal
The ``interactive`` argument specifies whether the order was
placed interactively, by a customer (as opposed to via a bulk
import or the REST API).
* use bulk=True instead of interactive=False to mark bulk imports
* Flexible invoice transmission
* UI work
* Add peppol and output
* API support
* Profile integration
* Simplify form for individuals
* Remove sent_to_customer usage
* more steps
* Revert "Bank transfer: Allow to send the invoice direclty to the accounting department (#2975)"
This reverts commit cea6c340be.
* minor fixes
* Fixes after rebase
* update stati
* Backend view
* Transmit and show status
* status, retransmission
* API retransmission
* More fields
* API docs
* Plugin docs
* Update migration
* Add missing license headers
* Remove dead code, fix current tests
* Run isort
* Update regex
* Rebase migration
* Fix migration
* Add tests, fix bugs
* Rebase migration
* Apply suggestion from @luelista
Co-authored-by: luelista <weller@rami.io>
* Apply suggestion from @luelista
Co-authored-by: luelista <weller@rami.io>
* Apply suggestion from @luelista
Co-authored-by: luelista <weller@rami.io>
* Apply suggestion from @luelista
Co-authored-by: luelista <weller@rami.io>
* Apply suggestion from @luelista
Co-authored-by: luelista <weller@rami.io>
* Make migration reversible
* Add TransmissionType.enforce_transmission
* Fix registries API usage after rebase
* Remove code I forgot to delete
* Update transmission status display depending on type
* Add testmode_supported
* Update src/pretix/static/pretixbase/js/addressform.js
Co-authored-by: luelista <weller@rami.io>
* Update src/pretix/static/pretixbase/js/addressform.js
Co-authored-by: luelista <weller@rami.io>
* Update src/pretix/static/pretixbase/js/addressform.js
Co-authored-by: luelista <weller@rami.io>
* New mechanism for non-required invoice forms
* Update src/pretix/base/invoicing/transmission.py
Co-authored-by: luelista <weller@rami.io>
* Declare testmode_supported for email
* Make transmission_email_other an implementation detail
* Fix failing tests and add new ones
* Update src/pretix/base/services/invoices.py
Co-authored-by: luelista <weller@rami.io>
* Add emails to email history
* Fix comma error
* More generic default email text
* Cleanup
* Remove "email invoices" button and refine logic
* Rebase migration
* Fix edge case
---------
Co-authored-by: luelista <weller@rami.io>
* Webhooks: Add vouchers (Z#23203072)
This also requires more consistent usage of webhook types to avoid
vouchers not being known to the external system.
* Update src/pretix/api/webhooks.py
Co-authored-by: luelista <weller@rami.io>
* Fix shredder test
---------
Co-authored-by: luelista <weller@rami.io>
* Orders API: Add check_quotas to orders/change and PATCH/POST orderpositions query params
* Refs #5323: Checkstyle fix
Forgot tu run fkale8 after implementing unit tests oops
* Refs #5323: Fix unit tests and fix of the previous ones
* Refs #5323: PR review
* Allow to add declaration of accessibility
* add fallback for empty accessibility_title
* unify label format (not "Title for")
* move title to top and set helptext before text
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Add event date fields, add preliminary range check
* Remove function, use filtered queryset for subevent id limit
* Improve and fix date range check
* Add formfields
* Add tests
* Improve tests
* Add new fields to API and documentation
* Add migration
* Change description according to suggestion
* Change discount apply signature, remove unnecessary query
* Rename new fields, simplify range check
* Rename fields in template
* Apply suggestions from code review
Co-authored-by: Raphael Michel <michel@rami.io>
---------
Co-authored-by: Raphael Michel <michel@rami.io>
* API: Allow to add a fee to an order (#4806)
* Fix example in docs
* Consistent order of examples
* Add create_fees to example
* docs: None -> null
* docs: update fee_type options
---------
Co-authored-by: Mira Weller <weller@rami.io>
