* add edit view for waitinglist entry
* add test and fix behaviour when name isn't asked for
* fix linting
* add testcases for new edit view
* fix test
* fix linting
* add search to the waitinglist view
* repair settings check
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* make name and phone field optional by removing them
* remove item and variation fields from form
rather set those values during clean
* change label from "Item and Variation" to "Product"
* include only products with an enabled waitinglist in the product field
* combine edit.html and transfer.html
* change transfer to edit
* add tests
* code style
* Update src/pretix/control/forms/waitinglist.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/forms/waitinglist.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/urls.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/templates/pretixcontrol/waitinglist/edit.html
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/templates/pretixcontrol/waitinglist/index.html
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/views/waitinglist.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/views/waitinglist.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Update src/pretix/control/views/waitinglist.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* remove validations
* remove validations
* replace widget
* implement small review items
* add better assertions
* add test for the different edit form variations
* add queryset to prefetch only active ItemVariations
* add queryset to prefetch only active ItemVariations
* propper use of WrappedPhoneNumberPrefixWidget
* cleanup
* add validation tests
* small review changes
* handle products with only inactive variations
* styling
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* reduce default RecentAuthenticationRequiredMixin timeout to 15 min
* never cache pages with RecentAuthenticationRequiredMixin
* show emergency codes only once after generating
* Tax rounding: Allow to apply only for B2B (Z#23220106)
Most effective in combination with #5807
* Update src/pretix/base/settings.py
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* Send security notification when recovery code is used or created by admin
"Where to store recovery codes" is one of these problems there is no
right answer to, so many people store them in a less-than-optimal place.
If that's the reality we live in, this PR adds at least a little
security so one notices when they get used :)
* Add sentence
* Invoices: Allow issuing invoices only to businesses
In situations where every invoice has a significant accounting cost and
consumers usually do not need invoices, this can save a lot of money or
effort.
* Improve backend UI if not qualified for invoice
This error message mostly occurs when working in admin mode and this
change allows our support team to still see what the form looks like to
guide users through, even if they can't save.
* Add option to restrict anonymous access to order URLs
By default, users who place orders while logged in can still access
their order URLs without authentication. This raises potential
security risks, particularly if order confirmation emails are
forwarded.
This commit introduces an organiser-level setting to disable anonymous
access for such orders. When enabled, unauthenticated attempts to access
URLs starting with `/order/`, which are intended for the customer, are
redirected to the login page. Upon successful authentication, the user
is redirected back to the original order URL.
It is important to note that this change does not impact routes intended
for attendees (e.g., `/ticket/*`), which remain accessible without
authentication.
* Change name of setting for future clarity
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Update message wording
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Eliminate database query
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Rename feature flag to fix breaking tests
* Refactor order access verification code into `OrderDetailsMixin`
* Add test for logged-in customer accessing another customer's order
* Refactor order access conditions to remove nesting
* Handle case where customer is not yet verified
* Add additional information to help message
* Fix multidomain issue
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Merge order/position variants into single tests
* Add docstring explaining return type of `order` property
* Apply suggestion from @raphaelm
* Fix indentation
---------
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
Co-authored-by: Raphael Michel <michel@rami.io>
* Add more log entry types to the org-level logs page
all_logentries() limits the QuerySet to LogEntrys whose content object
is an Organizer.
This change expands that to get any LogEntry linked to the current
Organization. It removes those that are linked directly to an Event,
since they are already served by the event-level logs page.
* Check active plugins with either Event or Organizer
* replace manual form with QuestionFilterForm
* move form to form/item.py
* filter using a dateFrameField
* rename QuestionFilterForm to QuestionAnswerFilterForm
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* pass existing `opqs` into `filter_qs`
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* clean up filters
* fix view errors
* add labels
* display validation failures on field/label
* fix linting issues
* adjust datetime comparisons from lte to lt & gte to gt
* Change filter-form layout similar to order-filter-form
* improve label texts
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* use order constants
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* use Order Constants in Form where possible
* Change phrasing from Subevent to Date
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* include product variations in products filter
* repair time zone comparisons
* fix linting
* move filter form to form/filter.py
* remove references to timezone.utc
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* remove manual class statements
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* removes unnecessary check
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
* fix datetime comparison
* Add full stop to error message to match style
* unify var-names and code-indent
---------
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Update pretix logo to new version
* Make favicon transparent
* Update src/pretix/static/pretixcontrol/scss/main.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Update src/pretix/static/pretixcontrol/scss/main.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Auto-verify user email addresses on accepting invites
* Update src/pretix/control/views/auth.py
Co-authored-by: Richard Schreiber <schreiber@rami.io>
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
