Product categories can now be marked as "cross-selling categories", causing them to
appear in the add-on checkout step as additional recommendations, depending on
their cross-selling visibility (always, only if certain products are already in the cart, or
only if they qualify for a discount according to discount rules).
---------
Co-authored-by: Raphael Michel <michel@rami.io>
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Authentication: Support for fallback secret keys in get_session_auth_hash
* Update src/pretix/presale/utils.py
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
Improve product list UI (allow move between categories, more useful columns and links)
and hide "move up/down" arrows in lists by default if drag-drop is available
- use hmac.compare_digest for all secret comparisons
- use salted_hmac with sha256 instead of plain sha1 for hashed secrets
- move secret handling into helper functions
Allows organizers to test their shop as if it were a different date and time.
Implemented using a time_machine_now() function which is used instead of regular now(), which can overlay the real date time with a value from a ContextVar, assigned from a session value in EventMiddleware.
For more information, see doc/development/implementation/timemachine.rst
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
Co-authored-by: Raphael Michel <michel@rami.io>
* Allow attendees to modify their data
* Allow attendees to change ticket information
* Update src/pretix/control/templates/pretixcontrol/event/settings.html
Co-authored-by: Mira <weller@rami.io>
* Update src/pretix/presale/views/order.py
Co-authored-by: Mira <weller@rami.io>
* Update src/pretix/base/services/placeholders.py
Co-authored-by: Mira <weller@rami.io>
* Tests fix
* Fix test
---------
Co-authored-by: Mira <weller@rami.io>
* Prevent transferring files from priv/ to pub/ on event clone
* Also detect file names with node prefix
* Only transfer files in explicitly declared file fields
* Update django-hierarkey
* Add note to documentation about the new behaviour
* Add new test case for discounts:
Two discounts:
- "For every 1 item1, you get three item2 for 10 % off."
- "For every 1 item1, you get five item3 for 10 % off."
Cart: 2x item1, 2x item2, 6x item3
Expected result: 2x item1 full price, 2x item2 discounted, 5x item3 discounted, 1x item3 full price
* Fix discount calculation bug
* Update src/pretix/base/models/discount.py
Co-authored-by: Raphael Michel <michel@rami.io>
* Update src/pretix/base/models/discount.py
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Raphael Michel <michel@rami.io>
Co-authored-by: Richard Schreiber <schreiber@rami.io>
This was a bug that took days to find. The story goes like this: A cart
is created with four positions that each include four bundled positions.
A discount is applied, changing the price of *one* of the four top-level
positions to a reduced value. The list of position IDs gets passed to
`perform_order()`, which later passes it on to `transform_cart_positions()`.
`transform_cart_positions()`, however, receives the positions in an order
that has the first-level product *after* the bundled products that
belong to it. Therefore, it can't properly assign the parent-child
relationship between the positions.
The main reason is that cart positions are processed in "database order"
in a number of places, i.e. we make `SELECT` queries without an explicit
`ORDER BY` statement, leading the database to respond in unspecified
order. This is the case for `get_cart()` and hence for `CartMixin.positions`,
and hence for the list of position IDs that is passed to `perform_order()`
and hence for the order in which discounts are processed.
Therefore, if this "databse order" of the cart positions changes, the
discount compuation in `_check_positions()` might make a different choice
of *which* cart position should receive the discount than the CartManager
originally did. That's not nice, but most customers would not even
notice that a different one of their four (otherwise identical) tickets
is now discounted than the cart originally showed.
This leads to `_check_positions()` changing the price on two of the
cart positions. However, it only changes the price on the copy of
the CartPosition object that is directly part of the positions array,
while the `addon_to` attribute of its bundled positions contain a
*different* representation of the same cart position, that is not
refreshed to have the updated price now in the database.
This causes the `CartPosition.sort_key` of the bundled products to be
significantly different from the one of their parent products, which can
cause `transform_cart_positions()` to try to insert them before their
respective parent product, which is how the bug leads to the nasty end
result.
Now, I'm still not sure why this has happened *now* for the first time,
but I suspect it *might* even have something to do with our operations
team tuning our autovacuum parameters on our production installation,
which might make it *more likely* that newly created cart positions are
arbitrarily stored on PostgreSQL disk pages in a different order than
they were inserted than before.
This commit now fixes the bug now in two ways, each of which would be
sufficient to fix it for now, but together they make it hopefully more
stable in the future:
- `perform_order` no longer respects the order of the position IDs it
gets passed in, but instead uses the order last displayed in the cart.
Additionally, both `CartManager` and `_check_positions()` now sort
positions by their `pk` value before applying discounts to ensure
consistent choice of which position is discounted (using `sort_key`
here does not make much sense since it includes sorting by price,
which is about to change).
- `_check_positions()` makes sure that after its completion, only one
copy of the same `CartPosition` is in use that has the current price.
Additionally, this commit makes sure `sort_key` cache is cleared after
e.g. a price change.
It was hard to write a regression test, since "database order" is, by
definition, unreliable, but I tried my best.
* Generalize import process from orders to more models
* Add voucher import
* Model import: Guess assignments of based on column headers
* Fix lock_seats being pointless
* Update docs
* Update doc/development/api/import.rst
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Update src/pretix/base/modelimport_vouchers.py
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Enforce uniqueness of order codes and ticket secrets
* Fix test cases which created orders with identical codes
---------
Co-authored-by: Mira Weller <weller@rami.io>
* Memberships: Prefer valid_from over event date for .is_valid()
* Fix tests
* Add parameter description
* Use reasonable default for requested_valid_from if membership starts in the future
* Set datetimepicker viewDate to closest allowed date
* Keep current value on going back to QuestionsStep
* Fix min_date/max_date in SplitDateTimePickerWidget
* Remove unused import
* Update src/pretix/base/models/memberships.py
Co-authored-by: Mira <weller@rami.io>
* Respect variations
---------
Co-authored-by: Mira Weller <weller@rami.io>
* Treat partially paid expired orders as overpaid orders (Z#23147757)
* Use is_overpaid from annotate_overpayments in OrderFilterForm
* Revert change to pending sum
* Show warning on order page
---------
Co-authored-by: Mira Weller <weller@rami.io>
