* Data model draft
* Refactor query and assignment usages of old permissions
* Backend UI
* API serializer
* Big string replace
* Docs, tests and fixes for teams api
* Update docs for device auth
* Eliminate old names
* Make tests pass
* Use new permissions, remove inconsistencies
* Add test for translations
* Show plugin permissions
* Add permission for seating plans
* Fix plugin activation
* Fix failing test
* Refactor to permission groups
* Update doc/api/resources/devices.rst
Co-authored-by: luelista <weller@rami.io>
* Update doc/api/resources/events.rst
Co-authored-by: luelista <weller@rami.io>
* Update src/pretix/api/serializers/organizer.py
Co-authored-by: luelista <weller@rami.io>
* Fix typo
* Fix python version compat
* Replacement after rebase
* Add proper permission handling for exports
* Docs for exporters
* Runtime linting of permission names
* Fix typos
* Show export page even without orders permission
* More legacy compat
* Do not strongly validate before plugins are loaded
* Rebase migration
* Add permission for outgoing mails
* Review notes
* Update doc/api/resources/teams.rst
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Clean up logic around exporters
* Review and failures
* Fix migration leading to forbidden combination
* Handle permissions on event copying
* Remove print-statements
* Make test clearer
* Review feedback
* Add AnyPermissionOf
* migration safety
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Include nix development enviornment
* Obfuscate contact email addresses in shop HTML and deanonymize via JavaScript
This change addresses #1907: "hide contact e-mail address in source code
of a shop".
- Contact email addresses rendered in public-facing templates are now
obfuscated in the HTML source (e.g., replacing "@" with "[at]" and "."
with "[dot]").
- A new JavaScript file is included in the relevant templates to
automatically rewrite and restore the email address for users after the
page loads.
- This approach helps protect email addresses from basic harvesting bots
and reduces spam, while keeping them accessible and user-friendly for
human visitors.
- The obfuscation and deanonymization logic is only applied to web
templates, not to emails sent via pretix.
This implementation follows the recommendations discussed in #1907,
using a standardized, maintainable approach that’s compatible with
pretix's asset pipeline and template structure.
* Undo nix development environment for merge into main
* convert complete mailto-link to HTML entities
* remove gitignore noise
* Update .gitignore
* fix gitignore noise
* Update .gitignore
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Order changes: Do not allow to double-book add-ons
* tests
* Update src/pretix/presale/templates/pretixpresale/event/fragment_addon_choice.html
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update pretix logo to new version
* Make favicon transparent
* Update src/pretix/static/pretixcontrol/scss/main.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Update src/pretix/static/pretixcontrol/scss/main.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Product list: Show number of items currently in cart
* Apply suggestions from code review
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Add display property
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Event cancellation: Add safety and security checks
When cancelling an event, a large sum of money might be refunded
instantly. This PR adds safety features around this by
- doing a dry-run first that shows a preview of the expected refund sum
- sending a confirmation mode via email for any automatic refunds of more than 100 currency units
- keeping a more detailed log of the settings this was executed with
* Update src/pretix/control/views/orders.py
Co-authored-by: luelista <weller@rami.io>
---------
Co-authored-by: luelista <weller@rami.io>
* Remove explicitly specified width for formset-forms
With that style, all formset rows were a fix pixels less wide than surrounding content
* Set select2 width to 100% so they adapt when browser window is resized
* Fix waitingDialog being shown on browser history back
* Revert "Fix waitingDialog being shown on browser history back"
This reverts commit 1f56d97c69.
* Use pageshow-event as suggested by luelista
