Devex: Fix vite devserver capturing stdin

Pass DEVNULL as stdin to vite, otherwise the vite devserver captures parts of stdin, making things like pasting during debugging impossible

pyproject.toml

@@ -30,7 +30,7 @@ dependencies = [
   "arabic-reshaper==3.0.1",  # Support for Arabic in reportlab
   "babel",
   "BeautifulSoup4==4.14.*",
-  "bleach==6.3.*",
+  "bleach==6.4.*",
   "celery==5.6.*",
   "chardet==5.2.*",
   "cryptography>=48.0.0",

src/pretix/api/views/checkin.py

@@ -788,7 +788,10 @@ def _redeem_process(*, checkinlists, raw_barcode, answers_data, datetime, force,
             if str(q.pk) in answers_data:
                 try:
                     if q.type == Question.TYPE_FILE:
-                        given_answers[q] = _handle_file_upload(answers_data[str(q.pk)], user, auth)
+                        if answers_data[str(q.pk)]:
+                            given_answers[q] = _handle_file_upload(answers_data[str(q.pk)], user, auth)
+                        else:
+                            given_answers[q] = None
                     else:
                         given_answers[q] = q.clean_answer(answers_data[str(q.pk)])
                 except (ValidationError, BaseValidationError):

src/pretix/base/exporters/customers.py

@@ -40,12 +40,11 @@ from django.utils.translation import gettext as _, gettext_lazy, pgettext_lazy
 
 from pretix.base.settings import PERSON_NAME_SCHEMES
 
-from ..exporter import MultiSheetListExporter, OrganizerLevelExportMixin
-from ..models import Membership
+from ..exporter import ListExporter, OrganizerLevelExportMixin
 from ..signals import register_multievent_data_exporters
 
 
-class CustomerListExporter(OrganizerLevelExportMixin, MultiSheetListExporter):
+class CustomerListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'customerlist'
     verbose_name = gettext_lazy('Customer accounts')
     category = pgettext_lazy('export_category', 'Customer accounts')
@@ -55,20 +54,13 @@ class CustomerListExporter(OrganizerLevelExportMixin, MultiSheetListExporter):
     def get_required_organizer_permission(cls) -> str:
         return 'organizer.customers:write'
 
-    @property
-    def sheets(self):
-        return (
-            ('customers', _('Customers')),
-            ('memberships', _('Memberships')),
-        )
-
     @property
     def additional_form_fields(self):
         return OrderedDict(
             []
         )
 
-    def iterate_customers(self, form_data):
+    def iterate_list(self, form_data):
         qs = self.organizer.customers.prefetch_related('provider')
 
         headers = [
@@ -117,52 +109,6 @@ class CustomerListExporter(OrganizerLevelExportMixin, MultiSheetListExporter):
             ]
             yield row
 
-    def iterate_memberships(self, form_data):
-        qs = Membership.objects.filter(
-            customer__organizer=self.organizer
-        ).prefetch_related('membership_type').select_related('customer', 'granted_in', 'granted_in__order')
-
-        headers = [
-            _('Customer ID'),
-            _('External identifier'),
-            _('Email'),
-            _('Test mode'),
-            _('Canceled'),
-            _('Membership type'),
-            _('Purchase ticket'),
-            _('Start date'),
-            _('Start time'),
-            _('End date'),
-            _('End time'),
-            _('Name'),
-        ]
-        name_scheme = PERSON_NAME_SCHEMES[self.organizer.settings.name_scheme]
-        if name_scheme and len(name_scheme['fields']) > 1:
-            for k, label, w in name_scheme['fields']:
-                headers.append(_('Name') + ': ' + str(label))
-        yield headers
-
-        tz = get_current_timezone()
-        for obj in qs:
-            row = [
-                obj.customer.identifier,
-                obj.customer.external_identifier,
-                obj.customer.email or '',
-                _('Yes') if obj.testmode else _('No'),
-                _('Yes') if obj.canceled else _('No'),
-                str(obj.membership_type.name),
-                f'{obj.granted_in.order.code}-{obj.granted_in.positionid}' if obj.granted_in else None,
-                obj.date_start.astimezone(tz).strftime('%Y-%m-%d'),
-                obj.date_start.astimezone(tz).strftime('%H:%M'),
-                obj.date_end.astimezone(tz).strftime('%Y-%m-%d'),
-                obj.date_end.astimezone(tz).strftime('%H:%M'),
-                obj.attendee_name or '',
-            ]
-            if name_scheme and len(name_scheme['fields']) > 1:
-                for k, label, w in name_scheme['fields']:
-                    row.append(obj.attendee_name_parts.get(k, ''))
-            yield row
-
     def get_filename(self):
         return '{}_customers'.format(self.organizer.slug)
 

src/pretix/base/exporters/reusablemedia.py

@@ -64,7 +64,13 @@ class ReusableMediaExporter(OrganizerLevelExportMixin, ListExporter):
         yield headers
         yield self.ProgressSetTotal(total=media.count())
 
+        can_read_giftcards = self.permission_holder.has_organizer_permission(self.organizer, 'organizer.giftcards:read')
+
         for medium in media.iterator(chunk_size=1000):
+            giftcard_secret = medium.linked_giftcard.secret if medium.linked_giftcard_id else ''
+            if giftcard_secret and not can_read_giftcards:
+                giftcard_secret = giftcard_secret[:3] + "…"
+
             yield [
                 medium.type,
                 medium.identifier,
@@ -72,7 +78,7 @@ class ReusableMediaExporter(OrganizerLevelExportMixin, ListExporter):
                 date_format(medium.expires, 'SHORT_DATETIME_FORMAT') if medium.expires else '',
                 medium.customer.identifier if medium.customer_id else '',
                 ', '.join([f"{op.order.code}-{op.positionid}" for op in medium.linked_orderpositions.all()]),
-                medium.linked_giftcard.secret if medium.linked_giftcard_id else '',
+                giftcard_secret,
                 medium.notes,
             ]
 

src/pretix/base/management/commands/runserver.py

@@ -44,7 +44,8 @@ class Command(Parent):
             # Start the vite server in the background
             vite_server = subprocess.Popen(
                 ["npm", "run", "dev:control"],
-                cwd=Path(__file__).parent.parent.parent.parent.parent
+                cwd=Path(__file__).parent.parent.parent.parent.parent,
+                stdin=subprocess.DEVNULL
             )
 
             def cleanup():

src/pretix/control/views/checkin.py

@@ -401,13 +401,14 @@ class CheckinListUpdate(EventPermissionRequiredMixin, UpdateView):
                 {
                     'id': i.pk,
                     'name': str(i),
+                    'active': i.active,
                     'variations': [
                         {
                             'id': v.pk,
                             'name': str(v.value)
                         } for v in i.variations.all()
                     ]
-                } for i in self.request.event.items.filter(active=True).prefetch_related('variations')
+                } for i in self.request.event.items.prefetch_related('variations')
             ],
             **super().get_context_data(),
         }

src/pretix/presale/views/widget.py

@@ -128,6 +128,9 @@ def _use_vite(request):
     origin = request.META.get('HTTP_ORIGIN', '')
     gs = GlobalSettingsObject()
     vite_origins = gs.settings.get('widget_vite_origins', as_type=str, default='')
+    if vite_origins and not origin:
+        referer = request.META.get('HTTP_REFERER', '')
+        origin = '/'.join(referer.split('/', 3)[:3])
     if origin and vite_origins:
         origins_list = [o.strip() for o in vite_origins.strip().splitlines() if o.strip()]
         return origin in origins_list

src/pretix/static/pretixcontrol/js/ui/checkinrules/App.vue

@@ -1,6 +1,6 @@
 <script setup lang="ts">
 import { computed } from 'vue'
-import { rules as rawRules, items, allProducts, limitProducts } from './django-interop'
+import { rules as rawRules, allItems, activeItems, allProducts, limitProducts } from './django-interop'
 import { convertToDNF } from './jsonlogic-boolalg'
 
 import RulesEditor from './checkin-rules-editor.vue'
@@ -53,7 +53,7 @@ const missingItems = computed(() => {
 	}
 
 	let missing = []
-	for (const item of items.value) {
+	for (const item of activeItems.value) {
 		if (productsSeen[item.id]) continue
 		if (!allProducts.value && !limitProducts.value.includes(item.id)) continue
 		if (item.variations.length > 0) {
@@ -87,7 +87,7 @@ const missingItems = computed(() => {
 
 		//- Tab panes
 		.tab-content
-			#rules-edit.tab-pane.active(v-if="items", role="tabpanel")
+			#rules-edit.tab-pane.active(v-if="allItems", role="tabpanel")
 				RulesEditor
 			#rules-viz.tab-pane(role="tabpanel")
 				RulesVisualization

src/pretix/static/pretixcontrol/js/ui/checkinrules/django-interop.ts

@@ -26,11 +26,13 @@ watch(rules, (newVal) => {
 	rulesInput.value = JSON.stringify(newVal)
 }, { deep: true })
 
-export const items = ref<any[]>([])
+export const activeItems = ref<any[]>([])
+export const allItems = ref<any[]>([])
 
 const itemsEl = document.querySelector('#items')
 if (itemsEl?.textContent) {
-	items.value = JSON.parse(itemsEl.textContent || '[]')
+	allItems.value = JSON.parse(itemsEl.textContent || '[]')
+	activeItems.value = allItems.value.filter(item => item.active)
 
 	function checkForInvalidIds (validProducts: Record<string, string>, validVariations: Record<string, string>, rule: any) {
 		if (rule['and']) {
@@ -57,8 +59,8 @@ if (itemsEl?.textContent) {
 	}
 
 	checkForInvalidIds(
-		Object.fromEntries(items.value.map(p => [p.id, p.name])),
-		Object.fromEntries(items.value.flatMap(p => p.variations?.map(v => [v.id, p.name + ' – ' + v.name]) ?? [])),
+		Object.fromEntries(allItems.value.map(p => [p.id, p.name])),
+		Object.fromEntries(allItems.value.flatMap(p => p.variations?.map(v => [v.id, p.name + ' – ' + v.name]) ?? [])),
 		rules.value
 	)
 }

src/tests/api/test_checkin.py

@@ -1098,6 +1098,27 @@ def test_question_upload(token_client, organizer, clist, event, order, question)
         assert order.positions.first().answers.get(question=question[0]).file
 
 
+@pytest.mark.django_db
+def test_question_upload_optional(token_client, organizer, clist, event, order, question):
+    with scopes_disabled():
+        p = order.positions.first()
+    question[0].type = 'F'
+    question[0].required = False
+    question[0].save()
+
+    resp = _redeem(token_client, organizer, clist, p.pk, {})
+    assert resp.status_code == 400
+    assert resp.data['status'] == 'incomplete'
+    with scopes_disabled():
+        assert resp.data['questions'] == [QuestionSerializer(question[0]).data]
+
+    resp = _redeem(token_client, organizer, clist, p.pk, {'answers': {question[0].pk: ""}})
+    assert resp.status_code == 201
+    assert resp.data['status'] == 'ok'
+    with scopes_disabled():
+        assert not order.positions.first().answers.filter(question=question[0]).exists()
+
+
 @pytest.mark.django_db
 def test_store_failed(token_client, organizer, clist, event, order):
     with scopes_disabled():