* setup vite and integrate fully with django
- vite starts with `python manage.py runserver`
- add templatetags to simply load vite hmr and entry points
- add eslint (recheck rules)
- enable non-strict ts
* better syntax for cors header setting
* migrate checkin rules editor to vue3
- move constants to a module
- move reading from and writing to non-vue html to django interop module
- switch to composition api and script setup sfc with pug
- use optional chaining operators a lot to simplify code
* migrate webcheckin plugin to vite+vue3
- migrate vue sfcs to script setup and pug
- move fetch calls into a api.ts module
- move common formatting and i18n strings into module
* fix migration error
* first draft migrating widget to vue3/vite
* first couple widget e2e tests
courtesy of claude
most of the tests don't work yet
* test file is not actually used
* drop widget_ prefix from e2e test fixtures
* add test for complete widget journey for simple event
* switch timezone in e2e tests to Europe/Berlin
* make dates in e2e tests relative
* migrate widget bugfix #5886
* start testing event series widget
* working vite widget setup for prod (untested), local dev (with or without dev server) and pytests, with flags for running the old version or the vite version
* simplify e2e test iframe check
* less flaky e2e tests
* top level await in iife build mode is not supported, so let's do import.meta.glob instead (we just need the build step not to see await, the code doesn't actually ever get loaded because it's DEV only)
* fix inconsistencies from automatic migration
* Allow gradual rollout of new vite-based widget by adding urls to an allowlist that gets checked against the "Origin" http header of request fetching the widget js
* add e2e tests for widget button, testing empty cart, adding specific items, and subevents
* remove janky claude testts again
* resolve migration TODOs: properly refocus parent on navigations
* use `npm run dev:control` for the vite dev server for admin components
* upgrade npm dependencies
* fix js linter errors
* fix python linter errors
* build all control vue components
* add new js config files to check-manifest ignore
* working prod build
acutal serving of built assets not tested yet
* fix templatetag paths to match what's in the vite mantifest
* add missing quotes around 'unsafe-eval' cors value
* remove now unused old vue2 tooling
* try fixing e2e test ci
* fix flake8 error
* check if vite build artefacts are in the wheel
* add license headers
* remove dom manipilation code necessary for `div.pretix-widget-compat` to work. No longer needed for vue3
* remove superfluous `createElement` calls
They might have been there because of IE, which is no longer relevant
* make widget dev mode parametizable through query params and document the usage and those params
* fix rst syntax
* remove migration todos file
Co-authored-by: luelista <mira@teamwiki.de>
* rearrange dockerfile commands for smaller image, thanks @luelista
* Update .gitignore, adding .vite
Co-authored-by: luelista <mira@teamwiki.de>
* add eslint CI
* make vue dev work in plugins
* fix docker build
* rebuild vite setup to support static prod plugins and dynamic hmr plugin development
* use toml for vite plugin config instead of standalone json file
* Add widget changes from #6047, #6149
* Allow buttons to reuse cart (Z#23226853)
* Always keep cart of buttons with items set
* widget: handle cart if not same-site (#6149)
---------
Co-authored-by: luelista <mira@teamwiki.de>
Co-authored-by: Kara Engelhardt <engelhardt@pretix.eu>
Sets SameSite for cookie if page is secure, so cookie can be read even if not same-site. Also stores cart-id in vue state, so correct cart is used even if cookies to not work
* Data model draft
* Refactor query and assignment usages of old permissions
* Backend UI
* API serializer
* Big string replace
* Docs, tests and fixes for teams api
* Update docs for device auth
* Eliminate old names
* Make tests pass
* Use new permissions, remove inconsistencies
* Add test for translations
* Show plugin permissions
* Add permission for seating plans
* Fix plugin activation
* Fix failing test
* Refactor to permission groups
* Update doc/api/resources/devices.rst
Co-authored-by: luelista <weller@rami.io>
* Update doc/api/resources/events.rst
Co-authored-by: luelista <weller@rami.io>
* Update src/pretix/api/serializers/organizer.py
Co-authored-by: luelista <weller@rami.io>
* Fix typo
* Fix python version compat
* Replacement after rebase
* Add proper permission handling for exports
* Docs for exporters
* Runtime linting of permission names
* Fix typos
* Show export page even without orders permission
* More legacy compat
* Do not strongly validate before plugins are loaded
* Rebase migration
* Add permission for outgoing mails
* Review notes
* Update doc/api/resources/teams.rst
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Clean up logic around exporters
* Review and failures
* Fix migration leading to forbidden combination
* Handle permissions on event copying
* Remove print-statements
* Make test clearer
* Review feedback
* Add AnyPermissionOf
* migration safety
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Include nix development enviornment
* Obfuscate contact email addresses in shop HTML and deanonymize via JavaScript
This change addresses #1907: "hide contact e-mail address in source code
of a shop".
- Contact email addresses rendered in public-facing templates are now
obfuscated in the HTML source (e.g., replacing "@" with "[at]" and "."
with "[dot]").
- A new JavaScript file is included in the relevant templates to
automatically rewrite and restore the email address for users after the
page loads.
- This approach helps protect email addresses from basic harvesting bots
and reduces spam, while keeping them accessible and user-friendly for
human visitors.
- The obfuscation and deanonymization logic is only applied to web
templates, not to emails sent via pretix.
This implementation follows the recommendations discussed in #1907,
using a standardized, maintainable approach that’s compatible with
pretix's asset pipeline and template structure.
* Undo nix development environment for merge into main
* convert complete mailto-link to HTML entities
* remove gitignore noise
* Update .gitignore
* fix gitignore noise
* Update .gitignore
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Order changes: Do not allow to double-book add-ons
* tests
* Update src/pretix/presale/templates/pretixpresale/event/fragment_addon_choice.html
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update pretix logo to new version
* Make favicon transparent
* Update src/pretix/static/pretixcontrol/scss/main.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Update src/pretix/static/pretixcontrol/scss/main.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Product list: Show number of items currently in cart
* Apply suggestions from code review
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Add display property
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Event cancellation: Add safety and security checks
When cancelling an event, a large sum of money might be refunded
instantly. This PR adds safety features around this by
- doing a dry-run first that shows a preview of the expected refund sum
- sending a confirmation mode via email for any automatic refunds of more than 100 currency units
- keeping a more detailed log of the settings this was executed with
* Update src/pretix/control/views/orders.py
Co-authored-by: luelista <weller@rami.io>
---------
Co-authored-by: luelista <weller@rami.io>
* Remove explicitly specified width for formset-forms
With that style, all formset rows were a fix pixels less wide than surrounding content
* Set select2 width to 100% so they adapt when browser window is resized
