* Allow to combine language variant with region (fixes#3947, Z#23220951)
This only affects babel-based formatting (currently: currencies and phone numbers),
**not** Django-based formatting (currently: date and time formats).
* Remove tests where I don'T actually know whats right
* Fix lookup order
* Add option to restrict anonymous access to order URLs
By default, users who place orders while logged in can still access
their order URLs without authentication. This raises potential
security risks, particularly if order confirmation emails are
forwarded.
This commit introduces an organiser-level setting to disable anonymous
access for such orders. When enabled, unauthenticated attempts to access
URLs starting with `/order/`, which are intended for the customer, are
redirected to the login page. Upon successful authentication, the user
is redirected back to the original order URL.
It is important to note that this change does not impact routes intended
for attendees (e.g., `/ticket/*`), which remain accessible without
authentication.
* Change name of setting for future clarity
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Update message wording
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Eliminate database query
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Rename feature flag to fix breaking tests
* Refactor order access verification code into `OrderDetailsMixin`
* Add test for logged-in customer accessing another customer's order
* Refactor order access conditions to remove nesting
* Handle case where customer is not yet verified
* Add additional information to help message
* Fix multidomain issue
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
* Merge order/position variants into single tests
* Add docstring explaining return type of `order` property
* Apply suggestion from @raphaelm
* Fix indentation
---------
Co-authored-by: Raphael Michel <mail@raphaelmichel.de>
Co-authored-by: Raphael Michel <michel@rami.io>
* Product list: Show number of items currently in cart
* Apply suggestions from code review
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Add display property
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Allow to round taxes on order-level
* Rename get_cart_total
* Persist rounding mode with order
* Add general docs
* Order creation API
* Update fee algorithm
* Rounding on payment method change
* Round when splitting order
* Fix failing tests
* Add settings page
* Add tests
* Replace algorithm
* Add test case for currency rounding
* Improve order change
* Update flowchart
* Update discount logic (more hypothetical, we don't store rounding on cart positions atm)
* Rename internal method
* Fix typo
* Update help text
* Apply suggestions from code review
Co-authored-by: luelista <weller@rami.io>
* Order rounding refactor (#5571)
* Add RoundingCorrectionMixin providing before-rounding-values as properties
* Use gross_price_before_rounding in more places
* Update doc/development/algorithms/pricing.rst
Co-authored-by: Martin Gross <gross@rami.io>
* Allow to override on perform_order
* Rebase migration
* Fix event cancellation
---------
Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Martin Gross <gross@rami.io>
* Widget: deprecate v1 and redirect to v2
* Make redirect permanent
* remove v1 files
* do not redirect, just serve version_min
* add version-comment to delivered css/js-file
* fix tests
* Add support for versioning widget.js
* add versionable css
* add version deprecation + redirect
* use dynamic template_path instead of dynamic css_path
* remove dummy code from widget.v1.scss
* fix typo
* [A11y] fix input border & focus style (#5149)
* [A11y] fix input border & focus style
* Fix double semi-colon
* [A11y] make collapse-indicator a button (#5150)
* Fix source order for cart-exists-message (#5152)
* [A11y] underline links (#5151)
* [A11y] Move modal-dialogs to HTMLDialogElement (#5147)
* [A11y] move widget/iframe to html-dialog
* make lightbox a dialog
* move error-alert to dialog
* re-add crossorigin
* fix esc-handling and move animation to icon to enable focusing the button
* fix code-style issues
* block canceling loading iframe
* Escape/cancel blocking fix for Chrome
* add round focus-outline when dialog is loading
* Widget v2: change voucher-link to hash-based link (#5161)
* Fix variants toggle-button being submit-button
* Widget v2: make single-item-select button and always show custom-spinners (#5165)
* Widget v2: make single-item-select=button default
* remove native-spinners and single_item_select
* Stop suggesting old parameter
---------
Co-authored-by: Raphael Michel <michel@rami.io>
* Widget v2: add filter button to events metadata-filter (#5162)
* Widget v2: do not underline events in list and calendar (#5163)
* Fix checkbox button missing border radius (#5158)
* Widget v2: turn add-to-cart-button into resume-button if cart-exists and no items selected (#5160)
* Widget v2: make cart-alert live=polite
* Add resume-button if cart-exists and no items selected
* fix error handling with new-tab and later returning to old window
* Fix cart-message button being full height
* fix amount_selected recalc
* Fix broken v-model
* fix merge
* Widget v2: Remove link from variation-product title (#5159)
* Remove link from variation-product, focus associated input
* open variations onclick on product-title
* clickable elements should be focussable and interactive, so better remove click-handler on product-title
* Widget v2: Fix calendar events color contrast (#5164)
* Widget v2: Fix calendar events color contrast
* fix status-bubbles in list-view
* fix color in mobile
* add striped-background to calendar and week
* improve display of calendar for super small screens
* Fix meta-filter legend not being screen-reader accessible
* update version_default to 2
Co-authored-by: Raphael Michel <michel@rami.io>
---------
Co-authored-by: Raphael Michel <michel@rami.io>
* Allow to add declaration of accessibility
* add fallback for empty accessibility_title
* unify label format (not "Title for")
* move title to top and set helptext before text
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* async_task: deduplicate response handling code
* extend cart without full page reload
* update dialog markup
* fix error response from CartExtend
* refactor asynctask, make sure waitingDialog.show() re-initializes dialog contents
* add cart expiry notification
* add aria references to other dialogs
* improve error handling
* fix error if max_extend=None
* different message for expiring soon and expired carts
* refactor dialog css
* add classes to further dialog elements
* switch extend-cart-dialog and loadingmodal to <dialog>
* Backport simple_block_tag from Django 5.2
* Use simple_block_tag for {% dialog %} tag
* add alertdialog role
* Update src/pretix/static/pretixbase/scss/_dialogs.scss
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* fix mobile dialog styles not being overwritten
* asynctask dialog: prevent close by escape on chrome
* remove dynamic aria-live from #cart-deadline
dynamic aria-live is generally not well supported and as we have the dialog now anyways, we can remove it
* move continue-button to right
* Update src/pretix/static/pretixpresale/js/ui/cart.js
Co-authored-by: Richard Schreiber <schreiber@rami.io>
* Fix CSS for old-style dialog
* fix heading display/level
* align dialogs at the top as they originally were
* fix </div> from merge-conflict
* fix missing grow for dialog-content
* improve cart-extend-button ui
* do not show cart-extend-dialog onload
* improve message if 0 minutes
* do not save messae in session if ajax_dont_redirect
* add ajax_dont_redirect to async_task_check_url
* improve draw_deadline to only update #cart-deadline if necessary
* add renew-confirmation-message
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
Co-authored-by: Raphael Michel <michel@rami.io>
* Pass widget_data to new tab even if 3rd-party cookies are disabled (Z#23176995)
* Perform cookie check earlier
* Deduplicate redirect code
* Don't forget the subevent id
* We still need to pass thru the widget_data parameter
because for an empty cart, take_cart_id will do nothing.
* pass through "consent" as GET-param as well
---------
Co-authored-by: Richard Schreiber <schreiber@rami.io>
