API: Fix crash in check-in API (PRETIXEU-CT1)

.github/workflows/build.yml

@@ -24,7 +24,7 @@ jobs:
     name: Packaging
     strategy:
       matrix:
-        python-version: ["3.13"]
+        python-version: ["3.11"]
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}

.github/workflows/strings.yml

@@ -24,10 +24,10 @@ jobs:
     name: Check gettext syntax
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
@@ -49,10 +49,10 @@ jobs:
     name: Spellcheck
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip

.github/workflows/style.yml

@@ -24,10 +24,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
@@ -44,10 +44,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
@@ -64,10 +64,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - name: Install Dependencies
         run: pip3 install licenseheaders
       - name: Run licenseheaders

.github/workflows/tests.yml

@@ -23,15 +23,13 @@ jobs:
     name: Tests
     strategy:
       matrix:
-        python-version: ["3.11", "3.13", "3.14"]
+        python-version: ["3.10", "3.11", "3.13"]
         database: [sqlite, postgres]
         exclude:
           - database: sqlite
             python-version: "3.10"
           - database: sqlite
             python-version: "3.11"
-          - database: sqlite
-            python-version: "3.12"
     services:
       postgres:
         image: postgres:15
@@ -83,4 +81,4 @@ jobs:
           file: src/coverage.xml
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: false
-        if: matrix.database == 'postgres' && matrix.python-version == '3.13'
+        if: matrix.database == 'postgres' && matrix.python-version == '3.11'

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.13-trixie
+FROM python:3.11-bookworm
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \

doc/api/deviceauth.rst

@@ -197,11 +197,10 @@ Permissions & security profiles
 
 Device authentication is currently hardcoded to grant the following permissions:
 
-* Read event meta data and products etc.
-* Read and write orders
-* Read and write gift cards
-* Read and write reusable media
-* Read vouchers
+* View event meta data and products etc.
+* View orders
+* Change orders
+* Manage gift cards
 
 Devices cannot change events or products and cannot access vouchers.
 
@@ -209,6 +208,20 @@ Additionally, when creating a device through the user interface or API, a user c
 the device. These include an allow list of specific API calls that may be made by the device. pretix ships with security
 policies for official pretix apps like pretixSCAN and pretixPOS.
 
+Removing a device
+-----------------
+
+If you want implement a way to to deprovision a device in your software, you can call the ``revoke`` endpoint to
+invalidate your API key. There is no way to reverse this operation.
+
+.. sourcecode:: http
+
+   POST /api/v1/device/revoke HTTP/1.1
+   Host: pretix.eu
+   Authorization: Device 1kcsh572fonm3hawalrncam4l1gktr2rzx25a22l8g9hx108o9oi0rztpcvwnfnd
+
+This can also be done by the user through the web interface.
+
 Event selection
 ---------------
 

doc/api/resources/devices.rst

@@ -30,7 +30,7 @@ software_brand                        string                     Device software
 software_version                      string                     Device software version (read-only)
 created                               datetime                   Creation time
 initialized                           datetime                   Time of initialization (or ``null``)
-initialization_token                  string                     Token for initialization (field invisible without write permission)
+initialization_token                  string                     Token for initialization
 revoked                               boolean                    Whether this device no longer has access
 security_profile                      string                     The name of a supported security profile restricting API access
 ===================================== ========================== =======================================================

doc/api/resources/events.rst

@@ -65,6 +65,8 @@ Endpoints
 
    Returns a list of all events within a given organizer the authenticated user/token has access to.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -159,6 +161,8 @@ Endpoints
 
    Returns information on one event, identified by its slug.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -230,6 +234,8 @@ Endpoints
    Please note that events cannot be created as 'live' using this endpoint. Quotas and payment must be added to the
    event before sales can go live.
 
+   Permission required: "Can create events"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -332,6 +338,8 @@ Endpoints
    Please note that you can only copy from events under the same organizer this way. Use the ``clone_from`` parameter
    when creating a new event for this instead.
 
+   Permission required: "Can create events"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -425,6 +433,8 @@ Endpoints
 
    Updates an event
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -500,6 +510,8 @@ Endpoints
 
    Delete an event. Note that events with orders cannot be deleted to ensure data integrity.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -549,6 +561,8 @@ organizer level.
 
    Get current values of event settings.
 
+   Permission required: "Can change event settings" (Exception: with device auth, *some* settings can always be *read*.)
+
    **Example request**:
 
    .. sourcecode:: http
@@ -601,8 +615,6 @@ organizer level.
 
    Updates event settings. Note that ``PUT`` is not allowed here, only ``PATCH``.
 
-   Permission "Can change event settings" is always required. Some keys require additional permissions.
-
     .. warning::
 
        Settings can be stored at different levels in pretix. If a value is not set on event level, a default setting

doc/api/resources/orders.rst

@@ -117,8 +117,6 @@ cancellation_date                     datetime                   Time of order c
                                                                  reliable for orders that have been cancelled,
                                                                  reactivated and cancelled again.
 plugin_data                           object                     Additional data added by plugins.
-use_gift_cards                        list of strings            List of unique gift card secrets that are used to pay
-                                                                 for this order.
 ===================================== ========================== =======================================================
 
 
@@ -158,10 +156,6 @@ use_gift_cards                        list of strings            List of unique
 
    The ``tax_rounding_mode`` attribute has been added.
 
-.. versionchanged:: 2026.03
-
-   The ``use_gift_cards`` attribute has been added.
-
 .. _order-position-resource:
 
 Order position resource
@@ -993,6 +987,8 @@ Creating orders
 
        * does not support file upload questions
 
+       * does not support redeeming gift cards
+
        * does not support or validate memberships
 
 
@@ -1099,14 +1095,6 @@ Creating orders
      whether these emails are enabled for certain sales channels. If set to ``null``, behavior will be controlled by pretix'
      settings based on the sales channels (added in pretix 4.7). Defaults to ``false``.
      Used to be ``send_mail`` before pretix 3.14.
-   * ``use_gift_cards`` (optional) The provided gift cards will be used to pay for this order. They will be debited and
-     all the necessary payment records for these transactions will be created. The gift cards will be used in sequence to
-     pay for the order. Processing of the gift cards stops as soon as the order is payed for. All gift card transactions
-     are listed under ``payments`` in the response.
-     This option can only be used with orders that are in the pending state.
-     The ``use_gift_cards`` attribute can not be combined with ``payment_info`` and ``payment_provider`` fields. If the
-     order isn't completely paid after its creation with ``use_gift_cards``, then a subsequent request to the payment
-     endpoint is needed.
 
    If you want to use add-on products, you need to set the ``positionid`` fields of all positions manually
    to incrementing integers starting with ``1``. Then, you can reference one of these
@@ -1731,56 +1719,6 @@ List of all order positions
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
 
-.. http:get:: /api/v1/organizers/(organizer)/orderpositions/
-
-   Returns a list of all order positions within all events of a given organizer (with sufficient access permissions).
-
-   The supported query parameters and output format of this endpoint are almost identical to those of the list endpoint
-   within an event.
-   The only changes are that responses also contain the ``event`` attribute in each result and that the 'pdf_data'
-   parameter is not supported.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/orderpositions/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-      X-Page-Generated: 2017-12-01T10:00:00Z
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id:": 23442
-            "event": "sampleconf",
-            "order": "ABC12",
-            "positionid": 1,
-            "canceled": false,
-            "item": 1345,
-            ...
-          }
-        ]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-
-
 Fetching individual positions
 -----------------------------
 

doc/api/resources/organizers.rst

@@ -110,6 +110,8 @@ Endpoints
 
    Updates an organizer. Currently only the ``plugins`` field may be updated.
 
+   Permission required: "Can change organizer settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -170,6 +172,8 @@ information about the properties.
 
    Get current values of organizer settings.
 
+   Permission required: "Can change organizer settings"
+
    **Example request**:
 
    .. sourcecode:: http

doc/api/resources/reusablemedia.rst

@@ -154,7 +154,7 @@ Endpoints
 .. http:post:: /api/v1/organizers/(organizer)/reusablemedia/lookup/
 
    Look up a new reusable medium by its identifier. In some cases, this might lead to the automatic creation of a new
-   medium behind the scenes, therefore this endpoint requires write permissions.
+   medium behind the scenes.
 
    This endpoint, and this endpoint only, might return media from a different organizer if there is a cross-acceptance
    agreement. In this case, only linked gift cards will be returned, no order position or customer records,

doc/api/resources/subevents.rst

@@ -154,6 +154,8 @@ Endpoints
 
    Creates a new subevent.
 
+   Permission required: "Can create events"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -298,6 +300,8 @@ Endpoints
    provide all fields of the resource, other fields will be reset to default. With ``PATCH``, you only need to provide
    the fields that you want to change.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -369,6 +373,8 @@ Endpoints
 
    Delete a sub-event. Note that events with orders cannot be deleted to ensure data integrity.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http

doc/api/resources/teams.rst

@@ -24,58 +24,21 @@ all_events                            boolean                    Whether this te
 limit_events                          list                       List of event slugs this team has access to
 require_2fa                           boolean                    Whether members of this team are required to use
                                                                  two-factor authentication
-all_event_permissions                 bool                       Whether members of this team are granted all event-level
-                                                                 permissions, including future additions
-limit_event_permissions               list of strings            The event-level permissions team members are granted
-all_organizer_permissions             bool                       Whether members of this team are granted all organizer-level
-                                                                 permissions, including future additions
-all_organizer_permissions             list of strings            The organizer-level permissions team members are granted
-can_create_events                     boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_change_teams                      boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_change_organizer_settings         boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_manage_customers                  boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_manage_reusable_media             boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_manage_gift_cards                 boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_change_event_settings             boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_change_items                      boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_view_orders                       boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_change_orders                     boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_view_vouchers                     boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_change_vouchers                   boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_checkin_orders                    boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
+can_create_events                     boolean
+can_change_teams                      boolean
+can_change_organizer_settings         boolean
+can_manage_customers                  boolean
+can_manage_reusable_media             boolean
+can_manage_gift_cards                 boolean
+can_change_event_settings             boolean
+can_change_items                      boolean
+can_view_orders                       boolean
+can_change_orders                     boolean
+can_view_vouchers                     boolean
+can_change_vouchers                   boolean
+can_checkin_orders                    boolean
 ===================================== ========================== =======================================================
 
-Possible values for ``limit_organizer_permissions`` defined in the core pretix system (plugins might add more)::
-
-    organizer.events:create
-    organizer.settings.general:write
-    organizer.teams:write
-    organizer.seatingplans:write
-    organizer.giftcards:read
-    organizer.giftcards:write
-    organizer.customers:read
-    organizer.customers:write
-    organizer.reusablemedia:read
-    organizer.reusablemedia:write
-    organizer.devices:read
-    organizer.devices:write
-    organizer.outgoingmails:read
-
-Possible values for ``limit_event_permissions`` defined in the core pretix system (plugins might add more)::
-
-    event.settings.general:write
-    event.settings.payment:write
-    event.settings.tax:write
-    event.settings.invoicing:write
-    event.subevents:write
-    event.items:write
-    event.orders:read
-    event.orders:write
-    event.orders:checkin
-    event.vouchers:read
-    event.vouchers:write
-    event:cancel
-
 Team member resource
 --------------------
 
@@ -158,10 +121,6 @@ Team endpoints
             "all_events": true,
             "limit_events": [],
             "require_2fa": true,
-            "all_event_permissions": true,
-            "limit_event_permissions": [],
-            "all_organizer_permissions": true,
-            "limit_organizer_permissions": [],
             "can_create_events": true,
             ...
           }
@@ -200,10 +159,6 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": true,
-        "limit_organizer_permissions": [],
         "can_create_events": true,
         ...
       }
@@ -232,10 +187,7 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": true,
-        "limit_organizer_permissions": [],
+        "can_create_events": true,
         ...
       }
 
@@ -253,10 +205,6 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": true,
-        "limit_organizer_permissions": [],
         "can_create_events": true,
         ...
       }
@@ -284,8 +232,7 @@ Team endpoints
       Content-Length: 94
 
       {
-        "all_organizer_permissions": false,
-        "limit_organizer_permissions": ["organizer.events:create"]
+        "can_create_events": true
       }
 
    **Example response**:
@@ -302,10 +249,6 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": false,
-        "limit_organizer_permissions": ["organizer.events:create"],
         "can_create_events": true,
         ...
       }

doc/api/resources/webhooks.rst

@@ -60,9 +60,6 @@ The following values for ``action_types`` are valid with pretix core:
     * ``pretix.event.added``
     * ``pretix.event.changed``
     * ``pretix.event.deleted``
-    * ``pretix.giftcards.created``
-    * ``pretix.giftcards.modified``
-    * ``pretix.giftcards.transaction.*``
     * ``pretix.voucher.added``
     * ``pretix.voucher.changed``
     * ``pretix.voucher.deleted``

doc/development/api/customview.rst

@@ -55,12 +55,12 @@ your views:
     )
 
     class AdminView(EventPermissionRequiredMixin, View):
-        permission = 'event.orders:read'
+        permission = 'can_view_orders'
 
         ...
 
 
-    @event_permission_required('event.orders:read')
+    @event_permission_required('can_view_orders')
     def admin_view(request, organizer, event):
         ...
 
@@ -78,7 +78,7 @@ event-related views, there is also a signal that allows you to add the view to t
     @receiver(nav_event, dispatch_uid='friends_tickets_nav')
     def navbar_info(sender, request, **kwargs):
         url = resolve(request.path_info)
-        if not request.user.has_event_permission(request.organizer, request.event, 'event.vouchers:read'):
+        if not request.user.has_event_permission(request.organizer, request.event, 'can_change_vouchers'):
             return []
         return [{
             'label': _('My plugin view'),
@@ -118,7 +118,7 @@ for good integration. If you just want to display a form, you could do it like t
 
     class MySettingsView(EventSettingsViewMixin, EventSettingsFormView):
         model = Event
-        permission = 'event.settings.general:write'
+        permission = 'can_change_settings'
         form_class = MySettingsForm
         template_name = 'my_plugin/settings.html'
 
@@ -204,13 +204,13 @@ In case of ``orga_router`` and ``event_router``, permission checking is done for
 in the control panel. However, you need to make sure on your own only to return the correct subset of data! ``request
 .event`` and ``request.organizer`` are available as usual.
 
-To require a special permission like ``event.orders:read``, you do not need to inherit from a special ViewSet base
+To require a special permission like ``can_view_orders``, you do not need to inherit from a special ViewSet base
 class, you can just set the ``permission`` attribute on your viewset:
 
 .. code-block:: python
 
     class MyViewSet(ModelViewSet):
-        permission = 'event.orders:read'
+        permission = 'can_view_orders'
         ...
 
 If you want to check the permission only for some methods of your viewset, you have to do it yourself. Note here that
@@ -220,7 +220,7 @@ following:
 .. code-block:: python
 
     perm_holder = (request.auth if isinstance(request.auth, TeamAPIToken) else request.user)
-    if perm_holder.has_event_permission(request.event.organizer, request.event, 'event.orders:read'):
+    if perm_holder.has_event_permission(request.event.organizer, request.event, 'can_view_orders'):
         ...
 
 

doc/development/api/exporter.rst

@@ -80,24 +80,8 @@ The exporter class
 
    .. autoattribute:: category
 
-   .. autoattribute:: feature
-
    .. autoattribute:: export_form_fields
 
-   .. autoattribute:: repeatable_read
-
    .. automethod:: render
 
       This is an abstract method, you **must** override this!
-
-   .. automethod:: available_for_user
-
-   .. automethod:: get_required_event_permission
-
-On organizer level, by default exporters are expected to handle on a *set of events* and the system will automatically
-add a form field that allows the selection of events, limited to events the user has correct permissions for. If this
-does not fit your organizer, because it is not related to events, you should **also** inherit from the following class:
-
-.. class:: pretix.base.exporter.OrganizerLevelExportMixin
-
-   .. automethod:: get_required_organizer_permission

doc/development/api/general.rst

@@ -14,8 +14,7 @@ Core
    :members: periodic_task, event_live_issues, event_copy_data, email_filter, register_notification_types, notification,
       item_copy_data, register_sales_channel_types, register_global_settings, quota_availability, global_email_filter,
       register_ticket_secret_generators, gift_card_transaction_display,
-      register_text_placeholders, register_mail_placeholders, device_info_updated,
-      register_event_permission_groups, register_organizer_permission_groups
+      register_text_placeholders, register_mail_placeholders, device_info_updated
 
 Order events
 """"""""""""

doc/development/implementation/logging.rst

@@ -196,7 +196,7 @@ A simple implementation could look like this:
 .. code-block:: python
 
     class MyNotificationType(NotificationType):
-        required_permission = "event.orders:read"
+        required_permission = "can_view_orders"
         action_type = "pretix.event.order.paid"
         verbose_name = _("Order has been paid")
 

doc/development/implementation/permissions.rst

@@ -2,7 +2,7 @@ Permissions
 ===========
 
 pretix uses a fine-grained permission system to control who is allowed to control what parts of the system.
-The central concept here is the concept of *Teams*. You can read more on `configuring teams and permissions`_
+The central concept here is the concept of *Teams*. You can read more on `configuring teams and permissions <user-teams>`_
 and the :class:`pretix.base.models.Team` model in the respective parts of the documentation. The basic digest is:
 An organizer account can have any number of teams, and any number of users can be part of a team. A team can be
 assigned a set of permissions and connected to some or all of the events of the organizer.
@@ -25,8 +25,8 @@ permission level to access a view:
 
 
     class MyOrgaView(OrganizerPermissionRequiredMixin, View):
-        permission = 'organizer.settings.general:write'
-        # Only users with the permission ``organizer.settings.general:write`` on
+        permission = 'can_change_organizer_settings'
+        # Only users with the permission ``can_change_organizer_settings`` on
         # this organizer can access this
 
 
@@ -35,9 +35,9 @@ permission level to access a view:
         # Only users with *any* permission on this organizer can access this
 
 
-    @organizer_permission_required('organizer.settings.general:write')
+    @organizer_permission_required('can_change_organizer_settings')
     def my_orga_view(request, organizer, **kwargs):
-        # Only users with the permission ``organizer.settings.general:write`` on
+        # Only users with the permission ``can_change_organizer_settings`` on
         # this organizer can access this
 
 
@@ -56,8 +56,8 @@ Of course, the same is available on event level:
 
 
     class MyEventView(EventPermissionRequiredMixin, View):
-        permission = 'event.settings.general:write'
-        # Only users with the permission ``event.settings.general:write`` on
+        permission = 'can_change_event_settings'
+        # Only users with the permission ``can_change_event_settings`` on
         # this event can access this
 
 
@@ -65,16 +65,13 @@ Of course, the same is available on event level:
         permission = None
         # Only users with *any* permission on this event can access this
 
-    class MyThirdEventView(EventPermissionRequiredMixin, View):
-        permission = AnyPermissionOf('event.settings.payment:write', 'event.settings.general:write')
-        # Only users with at least one of the specified permissions on this event
-        # can access this
 
-    @event_permission_required('event.settings.general:write')
+    @event_permission_required('can_change_event_settings')
     def my_event_view(request, organizer, **kwargs):
-        # Only users with the permission ``event.settings.general:write`` on
+        # Only users with the permission ``can_change_event_settings`` on
         # this event can access this
 
+
     @event_permission_required()
     def my_other_event_view(request, organizer, **kwargs):
         # Only users with *any* permission on this event can access this
@@ -124,7 +121,7 @@ When creating your own ``viewset`` using Django REST framework, you just need to
 and pretix will check it automatically for you::
 
     class MyModelViewSet(viewsets.ReadOnlyModelViewSet):
-        permission = 'event.orders:read'
+        permission = 'can_view_orders'
 
 Checking permission in code
 ---------------------------
@@ -139,12 +136,12 @@ Return all users that are in any team that is connected to this event::
 
 Return all users that are in a team with a specific permission for this event::
 
-    >>> event.get_users_with_permission('event.orders:read')
+    >>> event.get_users_with_permission('can_change_event_settings')
     <QuerySet: …>
 
 Determine if a user has a certain permission for a specific event::
 
-    >>> user.has_event_permission(organizer, event, 'event.orders:read', request=request)
+    >>> user.has_event_permission(organizer, event, 'can_change_event_settings', request=request)
     True
 
 Determine if a user has any permission for a specific event::
@@ -156,27 +153,27 @@ In the two previous commands, the ``request`` argument is optional, but required
 
 The same method exists for organizer-level permissions::
 
-    >>> user.has_organizer_permission(organizer, 'event.orders:read', request=request)
+    >>> user.has_organizer_permission(organizer, 'can_change_event_settings', request=request)
     True
 
 Sometimes, it might be more useful to get the set of permissions at once::
 
     >>> user.get_event_permission_set(organizer, event)
-    {'event.settings.general:write', 'event.orders:read', 'event.orders:write'}
+    {'can_change_event_settings', 'can_view_orders', 'can_change_orders'}
 
     >>> user.get_organizer_permission_set(organizer, event)
-    {'organizer.settings.general:write', 'organizer.events:create'}
+    {'can_change_organizer_settings', 'can_create_events'}
 
 Within a view on the ``/control`` subpath, the results of these two methods are already available in the
 ``request.eventpermset`` and ``request.orgapermset`` properties. This makes it convenient to query them in templates::
 
-    {% if "event.orders:write" in request.eventpermset %}
+    {% if "can_change_orders" in request.eventpermset %}
         …
     {% endif %}
 
 You can also do the reverse to get any events a user has access to::
 
-    >>> user.get_events_with_permission('event.settings.general:write', request=request)
+    >>> user.get_events_with_permission('can_change_event_settings', request=request)
     <QuerySet: …>
 
     >>> user.get_events_with_any_permission(request=request)
@@ -198,53 +195,3 @@ staff mode is active. You can check if a user is in staff mode using their sessi
 Staff mode has a hard time limit and during staff mode, a middleware will log all requests made by that user. Later,
 the user is able to also save a message to comment on what they did in their administrative session. This feature is
 intended to help compliance with data protection rules as imposed e.g. by GDPR.
-
-Adding permissions
-------------------
-
-Plugins can add permissions through the ``register_event_permission_groups`` and ``register_organizer_permission_groups``.
-We recommend to use this only for very significant permissions, as the system will become less usable with too many
-permission levels, also because the team page will show all permission options, even those of disabled plugins.
-
-To register your permissions, you need to register a **permission group** (often representing an area of functionality
-or a key model). Below that group, there are **actions**, which represent the actual permissions. Permissions will be
-generated as ``<group_name>:<action>``. Then, you need to define **options** which are the valid combinations of the
-actions that should be possible to select for a team. This two-step mechanism exists to provide a better user experience
-and avoid useless combinations like "write but not read".
-
-Example::
-
-    @receiver(register_event_permission_groups)
-    def register_plugin_event_permissions(sender, **kwargs):
-        return [
-            PermissionGroup(
-                name="pretix_myplugin.resource",
-                label=_("Resources"),
-                actions=["read", "write"],
-                options=[
-                    PermissionOption(actions=tuple(), label=_("No access")),
-                    PermissionOption(actions=("read",), label=_("View")),
-                    PermissionOption(actions=("read", "write"), label=_("View and change")),
-                ],
-                help_text=_("Some help text")
-            ),
-        ]
-
-
-    @receiver(register_organizer_permission_groups)
-    def register_plugin_organizer_permissions(sender, **kwargs):
-        return [
-            PermissionGroup(
-                name="pretix_myplugin.resource",
-                label=_("Resources"),
-                actions=["read", "write"],
-                options=[
-                    PermissionOption(actions=tuple(), label=_("No access")),
-                    PermissionOption(actions=("read",), label=_("View")),
-                    PermissionOption(actions=("read", "write"), label=_("View and change")),
-                ],
-                help_text=_("Some help text")
-            ),
-        ]
-
-.. _configuring teams and permissions: https://docs.pretix.eu/guides/teams/

doc/requirements.rtd.txt

@@ -1,6 +1,6 @@
 sphinx==9.1.*
-sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=2.0.0
+sphinx-rtd-theme~=3.1.0rc2
+sphinxcontrib-httpdomain~=1.8.1
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2

doc/requirements.txt

@@ -1,7 +1,7 @@
 -e ../
 sphinx==9.1.*
-sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=2.0.0
+sphinx-rtd-theme~=3.1.0rc2
+sphinxcontrib-httpdomain~=1.8.1
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2

pyproject.toml

@@ -3,7 +3,7 @@ name = "pretix"
 dynamic = ["version"]
 description = "Reinventing presales, one ticket at a time"
 readme = "README.rst"
-requires-python = ">=3.11"
+requires-python = ">=3.10"
 license = {file = "LICENSE"}
 keywords = ["tickets", "web", "shop", "ecommerce"]
 authors = [
@@ -19,11 +19,10 @@ classifiers = [
   "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
   "Environment :: Web Environment",
   "License :: OSI Approved :: GNU Affero General Public License v3",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
   "Programming Language :: Python :: 3.11",
-  "Programming Language :: Python :: 3.12",
-  "Programming Language :: Python :: 3.13",
-  "Programming Language :: Python :: 3.14",
-  "Framework :: Django :: 5.2",
+  "Framework :: Django :: 4.2",
 ]
 
 dependencies = [
@@ -34,15 +33,15 @@ dependencies = [
   "celery==5.6.*",
   "chardet==5.2.*",
   "cryptography>=44.0.0",
-  "css-inline==0.20.*",
+  "css-inline==0.19.*",
   "defusedcsv>=1.1.0",
   "dnspython==2.*",
-  "Django[argon2]==5.2.*",
+  "Django[argon2]==4.2.*,>=4.2.26",
   "django-bootstrap3==26.1",
   "django-compressor==4.6.0",
   "django-countries==8.2.*",
   "django-filter==25.1",
-  "django-formset-js-improved==0.5.0.5",
+  "django-formset-js-improved==0.5.0.4",
   "django-formtools==2.5.1",
   "django-hierarkey==2.0.*,>=2.0.1",
   "django-hijack==3.7.*",
@@ -55,18 +54,18 @@ dependencies = [
   "django-phonenumber-field==8.4.*",
   "django-redis==6.0.*",
   "django-scopes==2.0.*",
-  "django-statici18n==2.7.*",
+  "django-statici18n==2.6.*",
   "djangorestframework==3.16.*",
   "dnspython==2.8.*",
   "drf_ujson2==1.7.*",
   "geoip2==5.*",
-  "importlib_metadata==9.*",  # Polyfill, we can probably drop this once we require Python 3.10+
+  "importlib_metadata==8.*",  # Polyfill, we can probably drop this once we require Python 3.10+
   "isoweek",
   "jsonschema",
   "kombu==5.6.*",
   "libsass==0.23.*",
   "lxml",
-  "markdown==3.10.2",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
+  "markdown==3.10",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
   # We can upgrade markdown again once django-bootstrap3 upgrades or once we drop Python 3.6 and 3.7
   "mt-940==4.30.*",
   "oauthlib==3.3.*",
@@ -74,14 +73,14 @@ dependencies = [
   "packaging",
   "paypalrestsdk==1.13.*",
   "paypal-checkout-serversdk==1.0.*",
-  "PyJWT==2.12.*",
+  "PyJWT==2.10.*",
   "phonenumberslite==9.0.*",
   "Pillow==12.1.*",
   "pretix-plugin-build",
-  "protobuf==7.34.*",
+  "protobuf==6.33.*",
   "psycopg2-binary",
   "pycountry",
-  "pycparser==3.0",
+  "pycparser==2.23",
   "pycryptodome==3.23.*",
   "pypdf==6.5.*",
   "python-bidi==0.6.*",  # Support for Arabic in reportlab
@@ -93,7 +92,7 @@ dependencies = [
   "redis==7.1.*",
   "reportlab==4.4.*",
   "requests==2.32.*",
-  "sentry-sdk==2.54.*",
+  "sentry-sdk==2.49.*",
   "sepaxml==2.7.*",
   "stripe==7.9.*",
   "text-unidecode==1.*",
@@ -111,10 +110,10 @@ dev = [
   "aiohttp==3.13.*",
   "coverage",
   "coveralls",
-  "fakeredis==2.34.*",
+  "fakeredis==2.33.*",
   "flake8==7.3.*",
   "freezegun",
-  "isort==8.0.*",
+  "isort==7.0.*",
   "pep8-naming==0.15.*",
   "potypo",
   "pytest-asyncio>=0.24",

src/pretix/__init__.py

@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2026.3.0.dev0"
+__version__ = "2025.11.0.dev0"

src/pretix/api/auth/permission.py

@@ -36,9 +36,7 @@ from rest_framework.permissions import SAFE_METHODS, BasePermission
 
 from pretix.api.models import OAuthAccessToken
 from pretix.base.models import Device, Event, User
-from pretix.base.models.auth import (
-    EventPermissionSet, OrganizerPermissionSet, SuperuserPermissionSet,
-)
+from pretix.base.models.auth import SuperuserPermissionSet
 from pretix.base.models.organizer import TeamAPIToken
 from pretix.helpers.security import (
     Session2FASetupRequired, SessionInvalid, SessionPasswordChangeRequired,
@@ -87,7 +85,7 @@ class EventPermission(BasePermission):
             if isinstance(perm_holder, User) and perm_holder.has_active_staff_session(request.session.session_key):
                 request.eventpermset = SuperuserPermissionSet()
             else:
-                request.eventpermset = EventPermissionSet(perm_holder.get_event_permission_set(request.organizer, request.event))
+                request.eventpermset = perm_holder.get_event_permission_set(request.organizer, request.event)
 
             if isinstance(required_permission, (list, tuple)):
                 if not any(p in request.eventpermset for p in required_permission):
@@ -102,7 +100,7 @@ class EventPermission(BasePermission):
             if isinstance(perm_holder, User) and perm_holder.has_active_staff_session(request.session.session_key):
                 request.orgapermset = SuperuserPermissionSet()
             else:
-                request.orgapermset = OrganizerPermissionSet(perm_holder.get_organizer_permission_set(request.organizer))
+                request.orgapermset = perm_holder.get_organizer_permission_set(request.organizer)
 
             if isinstance(required_permission, (list, tuple)):
                 if not any(p in request.eventpermset for p in required_permission):
@@ -126,12 +124,12 @@ class EventCRUDPermission(EventPermission):
     def has_permission(self, request, view):
         if not super(EventCRUDPermission, self).has_permission(request, view):
             return False
-        elif view.action == 'create' and 'organizer.events:create' not in request.orgapermset:
+        elif view.action == 'create' and 'can_create_events' not in request.orgapermset:
             return False
-        elif view.action == 'destroy' and 'event.settings.general:write' not in request.eventpermset:
+        elif view.action == 'destroy' and 'can_change_event_settings' not in request.eventpermset:
             return False
         elif view.action in ['update', 'partial_update'] \
-                and 'event.settings.general:write' not in request.eventpermset:
+                and 'can_change_event_settings' not in request.eventpermset:
             return False
 
         return True

src/pretix/api/serializers/event.py

@@ -300,7 +300,7 @@ class EventSerializer(SalesChannelMigrationMixin, I18nAwareModelSerializer):
     def ignored_meta_properties(self):
         perm_holder = (self.context['request'].auth if isinstance(self.context['request'].auth, (Device, TeamAPIToken))
                        else self.context['request'].user)
-        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'organizer.settings.general:write', request=self.context['request']):
+        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'can_change_organizer_settings', request=self.context['request']):
             return []
         return [k for k, p in self.meta_properties.items() if p.protected]
 
@@ -445,7 +445,7 @@ class CloneEventSerializer(EventSerializer):
         date_admission = validated_data.pop('date_admission', None)
         new_event = super().create({**validated_data, 'plugins': None})
 
-        event = self.context['event']
+        event = Event.objects.filter(slug=self.context['event'], organizer=self.context['organizer'].pk).first()
         new_event.copy_data_from(event, skip_meta_data='meta_data' in validated_data)
 
         if plugins is not None:
@@ -561,7 +561,7 @@ class SubEventSerializer(I18nAwareModelSerializer):
     def ignored_meta_properties(self):
         perm_holder = (self.context['request'].auth if isinstance(self.context['request'].auth, (Device, TeamAPIToken))
                        else self.context['request'].user)
-        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'organizer.settings.general:write', request=self.context['request']):
+        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'can_change_organizer_settings', request=self.context['request']):
             return []
         return [k for k, p in self.meta_properties.items() if p.protected]
 
@@ -707,10 +707,7 @@ class TaxRuleSerializer(CountryFieldMixin, I18nAwareModelSerializer):
 
 
 class EventSettingsSerializer(SettingsSerializer):
-    default_write_permission = 'event.settings.general:write'
     default_fields = [
-        # These are readable for all users with access to the events, therefore secrets stored in the settings store
-        # should not be included!
         'imprint_url',
         'checkout_email_helptext',
         'presale_has_ended_text',
@@ -809,7 +806,6 @@ class EventSettingsSerializer(SettingsSerializer):
         'invoice_reissue_after_modify',
         'invoice_include_free',
         'invoice_generate',
-        'invoice_generate_only_business',
         'invoice_period',
         'invoice_numbers_consecutive',
         'invoice_numbers_prefix',
@@ -1083,16 +1079,16 @@ class SeatSerializer(I18nAwareModelSerializer):
 
     def prefetch_expanded_data(self, items, request, expand_fields):
         if 'orderposition' in expand_fields:
-            if 'event.orders:read' not in request.eventpermset:
-                raise PermissionDenied('event.orders:read permission required for expand=orderposition')
+            if 'can_view_orders' not in request.eventpermset:
+                raise PermissionDenied('can_view_orders permission required for expand=orderposition')
             prefetch_by_id(items, OrderPosition.objects.prefetch_related('order'), 'orderposition_id', 'orderposition')
         if 'cartposition' in expand_fields:
-            if 'event.orders:read' not in request.eventpermset:
-                raise PermissionDenied('event.orders:read permission required for expand=cartposition')
+            if 'can_view_orders' not in request.eventpermset:
+                raise PermissionDenied('can_view_orders permission required for expand=cartposition')
             prefetch_by_id(items, CartPosition.objects, 'cartposition_id', 'cartposition')
         if 'voucher' in expand_fields:
-            if 'event.vouchers:read' not in request.eventpermset:
-                raise PermissionDenied('event.vouchers:read permission required for expand=voucher')
+            if 'can_view_vouchers' not in request.eventpermset:
+                raise PermissionDenied('can_view_vouchers permission required for expand=voucher')
             prefetch_by_id(items, Voucher.objects, 'voucher_id', 'voucher')
 
     def __init__(self, instance, *args, **kwargs):

src/pretix/api/serializers/exporters.py

@@ -27,9 +27,7 @@ from rest_framework.exceptions import ValidationError
 
 from pretix.api.serializers.forms import form_field_to_serializer_field
 from pretix.base.exporter import OrganizerLevelExportMixin
-from pretix.base.models import (
-    Event, ScheduledEventExport, ScheduledOrganizerExport,
-)
+from pretix.base.models import ScheduledEventExport, ScheduledOrganizerExport
 from pretix.base.timeframes import SerializerDateFrameField
 
 
@@ -56,29 +54,20 @@ class ExporterSerializer(serializers.Serializer):
 
 class JobRunSerializer(serializers.Serializer):
     def __init__(self, *args, **kwargs):
-        ex = self.ex = kwargs.pop('exporter')
+        ex = kwargs.pop('exporter')
+        events = kwargs.pop('events', None)
         super().__init__(*args, **kwargs)
-        if ex.is_multievent and not isinstance(ex, OrganizerLevelExportMixin):
-            self.fields["all_events"] = serializers.BooleanField(
-                required=False,
-            )
+        if events is not None and not isinstance(ex, OrganizerLevelExportMixin):
             self.fields["events"] = serializers.SlugRelatedField(
-                queryset=ex.events,
+                queryset=events,
                 required=False,
-                allow_empty=True,
+                allow_empty=False,
                 slug_field='slug',
                 many=True
             )
         for k, v in ex.export_form_fields.items():
             self.fields[k] = form_field_to_serializer_field(v)
 
-    def to_representation(self, instance):
-        # Translate between events as a list of slugs (API) and list of ints (database)
-        if self.ex.is_multievent and not isinstance(self.ex, OrganizerLevelExportMixin) and "events" in instance and isinstance(instance["events"], list):
-            instance["events"] = [e for e in self.ex.events.filter(pk__in=instance["events"])]
-        instance = super().to_representation(instance)
-        return instance
-
     def to_internal_value(self, data):
         if isinstance(data, QueryDict):
             data = data.copy()
@@ -106,14 +95,6 @@ class JobRunSerializer(serializers.Serializer):
                 data[fk] = f'{d_from.isoformat() if d_from else ""}/{d_to.isoformat() if d_to else ""}'
 
         data = super().to_internal_value(data)
-
-        # Translate between events as a list of slugs (API) and list of ints (database)
-        if self.ex.is_multievent and not isinstance(self.ex, OrganizerLevelExportMixin) and "events" in data and isinstance(data["events"], list):
-            if data["events"] and isinstance(data["events"][0], Event):
-                data["events"] = [e.pk for e in data["events"]]
-            elif data["events"] and isinstance(data["events"][0], str):
-                data["events"] = [e.pk for e in self.ex.events.filter(slug__in=data["events"]).only("pk")]
-
         return data
 
     def is_valid(self, raise_exception=False):
@@ -150,20 +131,13 @@ class ScheduledExportSerializer(serializers.ModelSerializer):
             exporter = self.context['exporters'].get(identifier)
             if exporter:
                 try:
-                    attrs["export_form_data"] = JobRunSerializer(exporter=exporter).to_internal_value(attrs["export_form_data"])
+                    JobRunSerializer(exporter=exporter).to_internal_value(attrs["export_form_data"])
                 except ValidationError as e:
                     raise ValidationError({"export_form_data": e.detail})
             else:
                 raise ValidationError({"export_identifier": ["Unknown exporter."]})
         return attrs
 
-    def to_representation(self, instance):
-        repr = super().to_representation(instance)
-        exporter = self.context['exporters'].get(instance.export_identifier)
-        if exporter:
-            repr["export_form_data"] = JobRunSerializer(exporter=exporter).to_representation(repr["export_form_data"])
-        return repr
-
     def validate_mail_additional_recipients(self, value):
         d = value.replace(' ', '')
         if len(d.split(',')) > 25:

src/pretix/api/serializers/forms.py

@@ -65,9 +65,8 @@ def form_field_to_serializer_field(field):
         if isinstance(field, m_from):
             return m_to(
                 required=field.required,
-                allow_null=not field.required and not isinstance(field, forms.BooleanField),
+                allow_null=not field.required,
                 validators=field.validators,
-                initial=field.initial,
                 **{kwarg: getattr(field, kwarg, None) for kwarg in m_kwargs}
             )
 

src/pretix/api/serializers/media.py

@@ -24,7 +24,7 @@ from decimal import Decimal
 
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
-from rest_framework.exceptions import PermissionDenied, ValidationError
+from rest_framework.exceptions import ValidationError
 
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.api.serializers.order import OrderPositionSerializer
@@ -66,9 +66,6 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
         super().__init__(*args, **kwargs)
 
         if 'linked_giftcard' in self.context['request'].query_params.getlist('expand'):
-            if not self.context["can_read_giftcards"]:
-                raise PermissionDenied("No permission to access gift card details.")
-
             self.fields['linked_giftcard'] = NestedGiftCardSerializer(read_only=True, context=self.context)
             if 'linked_giftcard.owner_ticket' in self.context['request'].query_params.getlist('expand'):
                 self.fields['linked_giftcard'].fields['owner_ticket'] = NestedOrderPositionSerializer(read_only=True, context=self.context)
@@ -80,8 +77,6 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
             )
 
         if 'linked_orderposition' in self.context['request'].query_params.getlist('expand'):
-            # No additional permission check performed, documented limitation of the permission system
-            # Would get to complex/unusable otherwise since the permission depends on the event
             self.fields['linked_orderposition'] = NestedOrderPositionSerializer(read_only=True)
         else:
             self.fields['linked_orderposition'] = serializers.PrimaryKeyRelatedField(
@@ -91,9 +86,6 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
             )
 
         if 'customer' in self.context['request'].query_params.getlist('expand'):
-            if not self.context["can_read_customers"]:
-                raise PermissionDenied("No permission to access customer details.")
-
             self.fields['customer'] = CustomerSerializer(read_only=True)
         else:
             self.fields['customer'] = serializers.SlugRelatedField(

src/pretix/api/serializers/order.py

@@ -19,7 +19,6 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-import json
 import logging
 import os
 from collections import Counter, defaultdict
@@ -53,7 +52,7 @@ from pretix.base.decimal import round_decimal
 from pretix.base.i18n import language
 from pretix.base.invoicing.transmission import get_transmission_types
 from pretix.base.models import (
-    CachedFile, Checkin, Customer, Device, GiftCard, Invoice, InvoiceAddress,
+    CachedFile, Checkin, Customer, Device, Invoice, InvoiceAddress,
     InvoiceLine, Item, ItemVariation, Order, OrderPosition, Question,
     QuestionAnswer, ReusableMedium, SalesChannel, Seat, SubEvent, TaxRule,
     Voucher,
@@ -62,7 +61,6 @@ from pretix.base.models.orders import (
     BlockedTicketSecret, CartPosition, OrderFee, OrderPayment, OrderRefund,
     PrintLog, RevokedTicketSecret, Transaction,
 )
-from pretix.base.payment import GiftCardPayment, PaymentException
 from pretix.base.pdf import get_images, get_variables
 from pretix.base.services.cart import error_messages
 from pretix.base.services.locking import LOCK_TRUST_WINDOW, lock_objects
@@ -193,7 +191,7 @@ class InvoiceAddressSerializer(I18nAwareModelSerializer):
                                     {"transmission_info": {r: "This field is required for the selected type of invoice transmission."}}
                                 )
                     break  # do not call else branch of for loop
-                elif t.is_exclusive(self.context["request"].event, data.get("country"), data.get("is_business")):
+                elif t.exclusive:
                     if t.is_available(self.context["request"].event, data.get("country"), data.get("is_business")):
                         raise ValidationError({
                             "transmission_type": "The transmission type '%s' must be used for this country or address type." % (
@@ -615,7 +613,7 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
             # /events/…/checkinlists/…/positions/
             # We're unable to check this on this level if we're on /checkinrpc/, in which case we rely on the view
             # layer to not set pdf_data=true in the first place.
-            request and hasattr(request, 'eventpermset') and 'event.orders:read' not in request.eventpermset
+            request and hasattr(request, 'eventpermset') and 'can_view_orders' not in request.eventpermset
         )
         if ('pdf_data' in self.context and not self.context['pdf_data']) or pdf_data_forbidden:
             self.fields.pop('pdf_data', None)
@@ -638,14 +636,6 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
         return entry
 
 
-class OrganizerOrderPositionSerializer(OrderPositionSerializer):
-    event = SlugRelatedField(slug_field='slug', read_only=True)
-
-    class Meta(OrderPositionSerializer.Meta):
-        fields = OrderPositionSerializer.Meta.fields + ('event',)
-        read_only_fields = OrderPositionSerializer.Meta.read_only_fields + ('event',)
-
-
 class RequireAttentionField(serializers.Field):
     def to_representation(self, instance: OrderPosition):
         return instance.require_checkin_attention
@@ -714,16 +704,6 @@ class CheckinListOrderPositionSerializer(OrderPositionSerializer):
         if 'answers.question' in self.context['expand']:
             self.fields['answers'].child.fields['question'] = QuestionSerializer(read_only=True)
 
-        if 'addons' in self.context['expand']:
-            # Experimental feature, undocumented on purpose for now in case we need to remove it again
-            # for performance reasons
-            subl = CheckinListOrderPositionSerializer(read_only=True, many=True, context={
-                **self.context,
-                'expand': [v for v in self.context['expand'] if v != 'addons'],
-                'pdf_data': False,
-            })
-            self.fields['addons'] = subl
-
 
 class OrderPaymentTypeField(serializers.Field):
     # TODO: Remove after pretix 2.2
@@ -1201,7 +1181,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
     )
     tax_rounding_mode = serializers.ChoiceField(choices=ROUNDING_MODES, allow_null=True, required=False,)
     locale = serializers.ChoiceField(choices=[], required=False, allow_null=True)
-    use_gift_cards = serializers.ListField(child=serializers.CharField(required=False), required=False)
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -1217,7 +1196,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         fields = ('code', 'status', 'testmode', 'email', 'phone', 'locale', 'payment_provider', 'fees', 'comment', 'sales_channel',
                   'invoice_address', 'positions', 'checkin_attention', 'checkin_text', 'payment_info', 'payment_date',
                   'consume_carts', 'force', 'send_email', 'simulate', 'customer', 'custom_followup_at',
-                  'require_approval', 'valid_if_pending', 'expires', 'api_meta', 'tax_rounding_mode', 'use_gift_cards')
+                  'require_approval', 'valid_if_pending', 'expires', 'api_meta', 'tax_rounding_mode')
 
     def validate_payment_provider(self, pp):
         if pp is None:
@@ -1226,18 +1205,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             raise ValidationError('The given payment provider is not known.')
         return pp
 
-    def validate_payment_info(self, info):
-        if info:
-            try:
-                obj = json.loads(info)
-            except ValueError:
-                raise ValidationError('payment_info must be valid JSON.')
-
-            if not isinstance(obj, dict):
-                # only objects are allowed
-                raise ValidationError('payment_info must be a JSON object.')
-        return info
-
     def validate_expires(self, expires):
         if expires < now():
             raise ValidationError('Expiration date must be in the future.')
@@ -1312,14 +1279,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         payment_date = validated_data.pop('payment_date', now())
         force = validated_data.pop('force', False)
         simulate = validated_data.pop('simulate', False)
-        gift_card_secrets = validated_data.pop('use_gift_cards') if 'use_gift_cards' in validated_data else []
-
-        if (payment_provider is not None or payment_info != '{}') and len(gift_card_secrets) > 0:
-            raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is not compatible with payment_provider or payment_info']})
-        if validated_data.get('status') != Order.STATUS_PENDING and len(gift_card_secrets) > 0:
-            raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is only supported for orders that are created as pending']})
-        if len(set(gift_card_secrets)) != len(gift_card_secrets):
-            raise ValidationError({"use_gift_cards": ['Multiple copies of the same gift card secret are not allowed']})
 
         if not validated_data.get("sales_channel"):
             validated_data["sales_channel"] = self.context['event'].organizer.sales_channels.get(identifier="web")
@@ -1642,7 +1601,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
                 order.sales_channel,
                 [
                     (cp.item_id, cp.subevent_id, cp.subevent.date_from if cp.subevent_id else None, cp.price,
-                     cp.addon_to, cp.is_bundled, pos._voucher_discount)
+                     bool(cp.addon_to), cp.is_bundled, pos._voucher_discount)
                     for cp in order_positions
                 ]
             )
@@ -1774,7 +1733,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             rounding_mode = self.context["event"].settings.tax_rounding
         changed = apply_rounding(
             rounding_mode,
-            ia,
             self.context["event"].currency,
             [*pos_map.values(), *fees]
         )
@@ -1804,45 +1762,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         if order.total != Decimal('0.00') and order.event.currency == "XXX":
             raise ValidationError('Paid products not supported without a valid currency.')
 
-        for gift_card_secret in gift_card_secrets:
-            try:
-                if order.status != Order.STATUS_PAID:
-                    gift_card_payment_provider = GiftCardPayment(event=order.event)
-
-                    gc = order.event.organizer.accepted_gift_cards.get(
-                        secret=gift_card_secret
-                    )
-
-                    payment = order.payments.create(
-                        amount=min(order.pending_sum, gc.value),
-                        provider=gift_card_payment_provider.identifier,
-                        info_data={
-                            'gift_card': gc.pk,
-                            'gift_card_secret': gc.secret,
-                            'retry': True
-                        },
-                        state=OrderPayment.PAYMENT_STATE_CREATED
-                    )
-                    gift_card_payment_provider.execute_payment(request=None, payment=payment, is_early_special_case=True)
-
-                    if order.pending_sum <= Decimal('0.00'):
-                        order.status = Order.STATUS_PAID
-
-            except PaymentException:
-                pass
-
-            except GiftCard.DoesNotExist as e:
-                payment = order.payments.create(
-                    amount=order.pending_sum,
-                    provider=GiftCardPayment.identifier,
-                    info_data={
-                        'gift_card_secret': gift_card_secret,
-                    },
-                    state=OrderPayment.PAYMENT_STATE_CREATED
-                )
-                payment.fail(info={**payment.info_data, 'error': str(e)},
-                             send_mail=False)
-
         if order.total == Decimal('0.00') and validated_data.get('status') != Order.STATUS_PAID and not validated_data.get('require_approval'):
             order.status = Order.STATUS_PAID
             order.save()

src/pretix/api/serializers/organizer.py

@@ -45,19 +45,12 @@ from pretix.base.models import (
     SalesChannel, SeatingPlan, Team, TeamAPIToken, TeamInvite, User,
 )
 from pretix.base.models.seating import SeatingPlanLayoutValidator
-from pretix.base.permissions import (
-    get_all_event_permission_groups, get_all_organizer_permission_groups,
-)
 from pretix.base.plugins import (
     PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID,
     PLUGIN_LEVEL_ORGANIZER,
 )
-from pretix.base.services.mail import mail
+from pretix.base.services.mail import SendMailException, mail
 from pretix.base.settings import validate_organizer_settings
-from pretix.helpers.permission_migration import (
-    OLD_TO_NEW_EVENT_COMPAT, OLD_TO_NEW_EVENT_MIGRATION,
-    OLD_TO_NEW_ORGANIZER_COMPAT, OLD_TO_NEW_ORGANIZER_MIGRATION,
-)
 from pretix.helpers.urls import build_absolute_uri as build_global_uri
 from pretix.multidomain.urlreverse import build_absolute_uri
 
@@ -313,128 +306,23 @@ class EventSlugField(serializers.SlugRelatedField):
         return self.context['organizer'].events.all()
 
 
-class PermissionMultipleChoiceField(serializers.MultipleChoiceField):
-    def to_internal_value(self, data):
-        return {
-            p: True for p in super().to_internal_value(data)
-        }
-
-    def to_representation(self, value):
-        return [p for p, v in value.items() if v]
-
-
 class TeamSerializer(serializers.ModelSerializer):
     limit_events = EventSlugField(slug_field='slug', many=True)
-    limit_event_permissions = PermissionMultipleChoiceField(choices=[], required=False, allow_null=False, allow_empty=True)
-    limit_organizer_permissions = PermissionMultipleChoiceField(choices=[], required=False, allow_null=False, allow_empty=True)
-
-    # Legacy fields, handled in to_representation and validate
-    can_change_event_settings = serializers.BooleanField(required=False, write_only=True)
-    can_change_items = serializers.BooleanField(required=False, write_only=True)
-    can_view_orders = serializers.BooleanField(required=False, write_only=True)
-    can_change_orders = serializers.BooleanField(required=False, write_only=True)
-    can_checkin_orders = serializers.BooleanField(required=False, write_only=True)
-    can_view_vouchers = serializers.BooleanField(required=False, write_only=True)
-    can_change_vouchers = serializers.BooleanField(required=False, write_only=True)
-    can_create_events = serializers.BooleanField(required=False, write_only=True)
-    can_change_organizer_settings = serializers.BooleanField(required=False, write_only=True)
-    can_change_teams = serializers.BooleanField(required=False, write_only=True)
-    can_manage_gift_cards = serializers.BooleanField(required=False, write_only=True)
-    can_manage_customers = serializers.BooleanField(required=False, write_only=True)
-    can_manage_reusable_media = serializers.BooleanField(required=False, write_only=True)
 
     class Meta:
         model = Team
         fields = (
-            'id', 'name', 'require_2fa', 'all_events', 'limit_events', 'all_event_permissions', 'limit_event_permissions',
-            'all_organizer_permissions', 'limit_organizer_permissions', 'can_change_event_settings',
-            'can_change_items', 'can_view_orders', 'can_change_orders', 'can_checkin_orders', 'can_view_vouchers',
-            'can_change_vouchers', 'can_create_events', 'can_change_organizer_settings', 'can_change_teams',
-            'can_manage_gift_cards', 'can_manage_customers', 'can_manage_reusable_media'
+            'id', 'name', 'require_2fa', 'all_events', 'limit_events', 'can_create_events', 'can_change_teams',
+            'can_change_organizer_settings', 'can_manage_gift_cards', 'can_change_event_settings',
+            'can_change_items', 'can_view_orders', 'can_change_orders', 'can_view_vouchers',
+            'can_change_vouchers', 'can_checkin_orders', 'can_manage_customers', 'can_manage_reusable_media'
         )
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-
-        event_perms_flattened = []
-        organizer_perms_flattened = []
-        for pg in get_all_event_permission_groups().values():
-            for action in pg.actions:
-                event_perms_flattened.append(f"{pg.name}:{action}")
-        for pg in get_all_organizer_permission_groups().values():
-            for action in pg.actions:
-                organizer_perms_flattened.append(f"{pg.name}:{action}")
-
-        self.fields['limit_event_permissions'].choices = [(p, p) for p in event_perms_flattened]
-        self.fields['limit_organizer_permissions'].choices = [(p, p) for p in organizer_perms_flattened]
-
-    def to_representation(self, instance):
-        r = super().to_representation(instance)
-        for old, new in OLD_TO_NEW_EVENT_COMPAT.items():
-            r[old] = instance.all_event_permissions or all(instance.limit_event_permissions.get(n) for n in new)
-        for old, new in OLD_TO_NEW_ORGANIZER_COMPAT.items():
-            r[old] = instance.all_organizer_permissions or all(instance.limit_organizer_permissions.get(n) for n in new)
-        return r
-
     def validate(self, data):
-        old_data_set = any(k.startswith("can_") for k in data)
-        new_data_set = any(k in data for k in [
-            "all_event_permissions", "limit_event_permissions", "all_organizer_permissions", "limit_organizer_permissions"
-        ])
-        if old_data_set and new_data_set:
-            raise ValidationError("You cannot set deprecated and current permission attributes at the same time.")
-
         full_data = self.to_internal_value(self.to_representation(self.instance)) if self.instance else {}
         full_data.update(data)
-
-        if new_data_set:
-            if full_data.get('limit_event_permissions') and full_data.get('all_event_permissions'):
-                raise ValidationError('Do not set both limit_event_permissions and all_event_permissions.')
-            if full_data.get('limit_organizer_permissions') and full_data.get('all_organizer_permissions'):
-                raise ValidationError('Do not set both limit_organizer_permissions and all_organizer_permissions.')
-
-        if old_data_set:
-            # Migrate with same logic as in migration 0297_pluggable_permissions
-            if all(full_data.get(k) is True for k in OLD_TO_NEW_EVENT_MIGRATION.keys() if k != "can_checkin_orders"):
-                data["all_event_permissions"] = True
-                data["limit_event_permissions"] = {}
-            else:
-                data["all_event_permissions"] = False
-                data["limit_event_permissions"] = {}
-                for k, v in OLD_TO_NEW_EVENT_MIGRATION.items():
-                    if full_data.get(k) is True:
-                        data["limit_event_permissions"].update({kk: True for kk in v})
-            if all(full_data.get(k) is True for k in OLD_TO_NEW_ORGANIZER_MIGRATION.keys() if k != "can_checkin_orders"):
-                data["all_organizer_permissions"] = True
-                data["limit_organizer_permissions"] = {}
-            else:
-                data["all_organizer_permissions"] = False
-                data["limit_organizer_permissions"] = {}
-                for k, v in OLD_TO_NEW_ORGANIZER_MIGRATION.items():
-                    if full_data.get(k) is True:
-                        data["limit_organizer_permissions"].update({kk: True for kk in v})
-
         if full_data.get('limit_events') and full_data.get('all_events'):
             raise ValidationError('Do not set both limit_events and all_events.')
-
-        full_data.update(data)
-        for pg in get_all_event_permission_groups().values():
-            requested = ",".join(sorted(
-                a for a in pg.actions if self.instance and full_data["limit_event_permissions"].get(f"{pg.name}:{a}")
-            ))
-            if requested not in (",".join(sorted(opt.actions)) for opt in pg.options):
-                possible = '\' or \''.join(','.join(opt.actions) for opt in pg.options)
-                raise ValidationError(f"For permission group {pg.name}, the valid combinations of actions are "
-                                      f"'{possible}' but you tried to set '{requested}'.")
-        for pg in get_all_organizer_permission_groups().values():
-            requested = ",".join(sorted(
-                a for a in pg.actions if self.instance and full_data["limit_organizer_permissions"].get(f"{pg.name}:{a}")
-            ))
-            if requested not in (",".join(sorted(opt.actions)) for opt in pg.options):
-                possible = '\' or \''.join(','.join(opt.actions) for opt in pg.options)
-                raise ValidationError(f"For permission group {pg.name}, the valid combinations of actions are "
-                                      f"'{possible}' but you tried to set '{requested}'.")
-
         return data
 
 
@@ -451,7 +339,7 @@ class DeviceSerializer(serializers.ModelSerializer):
     created = serializers.DateTimeField(read_only=True)
     revoked = serializers.BooleanField(read_only=True)
     initialized = serializers.DateTimeField(read_only=True)
-    initialization_token = serializers.CharField(read_only=True)
+    initialization_token = serializers.DateTimeField(read_only=True)
     security_profile = serializers.ChoiceField(choices=[], required=False, default="full")
 
     class Meta:
@@ -465,8 +353,6 @@ class DeviceSerializer(serializers.ModelSerializer):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.fields['security_profile'].choices = [(k, v.verbose_name) for k, v in get_all_security_profiles().items()]
-        if not self.context['can_see_tokens']:
-            del self.fields['initialization_token']
 
 
 class TeamInviteSerializer(serializers.ModelSerializer):
@@ -477,22 +363,24 @@ class TeamInviteSerializer(serializers.ModelSerializer):
         )
 
     def _send_invite(self, instance):
-        mail(
-            instance.email,
-            _('Account invitation'),
-            'pretixcontrol/email/invitation.txt',
-            {
-                'instance': settings.PRETIX_INSTANCE_NAME,
-                'user': self,
-                'organizer': self.context['organizer'].name,
-                'team': instance.team.name,
-                'url': build_global_uri('control:auth.invite', kwargs={
-                    'token': instance.token
-                })
-            },
-            event=None,
-            locale=get_language_without_region()  # TODO: expose?
-        )
+        try:
+            mail(
+                instance.email,
+                _('pretix account invitation'),
+                'pretixcontrol/email/invitation.txt',
+                {
+                    'user': self,
+                    'organizer': self.context['organizer'].name,
+                    'team': instance.team.name,
+                    'url': build_global_uri('control:auth.invite', kwargs={
+                        'token': instance.token
+                    })
+                },
+                event=None,
+                locale=get_language_without_region()  # TODO: expose?
+            )
+        except SendMailException:
+            pass  # Already logged
 
     def create(self, validated_data):
         if 'email' in validated_data:
@@ -551,14 +439,10 @@ class TeamMemberSerializer(serializers.ModelSerializer):
 
 
 class OrganizerSettingsSerializer(SettingsSerializer):
-    default_write_permission = 'organizer.settings.general:write'
     default_fields = [
-        # These are readable for all users with access to the events, therefore secrets stored in the settings store
-        # should not be included!
         'customer_accounts',
         'customer_accounts_native',
         'customer_accounts_link_by_email',
-        'customer_accounts_require_login_for_order_access',
         'invoice_regenerate_allowed',
         'contact_mail',
         'imprint_url',

src/pretix/api/serializers/settings.py

@@ -37,8 +37,6 @@ logger = logging.getLogger(__name__)
 class SettingsSerializer(serializers.Serializer):
     default_fields = []
     readonly_fields = []
-    default_write_permission = 'organizer.settings.general:write'
-    write_permission_required = {}
 
     def __init__(self, *args, **kwargs):
         self.changed_data = []
@@ -60,17 +58,9 @@ class SettingsSerializer(serializers.Serializer):
             f._label = str(form_kwargs.get('label', fname))
             f._help_text = str(form_kwargs.get('help_text'))
             f.parent = self
-
-            self.write_permission_required[fname] = DEFAULTS[fname].get('write_permission', self.default_write_permission)
-
             self.fields[fname] = f
 
     def validate(self, attrs):
-        for k in attrs.keys():
-            p = self.write_permission_required.get(k, self.default_write_permission)
-            if p not in self.context["permissions"]:
-                raise ValidationError({k: f"Setting this field requires permission {p}"})
-
         return {k: v for k, v in attrs.items() if k not in self.readonly_fields}
 
     def update(self, instance: HierarkeyProxy, validated_data):

src/pretix/api/urls.py

@@ -67,7 +67,6 @@ orga_router.register(r'invoices', order.InvoiceViewSet)
 orga_router.register(r'scheduled_exports', exporters.ScheduledOrganizerExportViewSet)
 orga_router.register(r'exporters', exporters.OrganizerExportersViewSet, basename='exporters')
 orga_router.register(r'transactions', order.OrganizerTransactionViewSet)
-orga_router.register(r'orderpositions', order.OrganizerOrderPositionViewSet, basename='orderpositions')
 
 team_router = routers.DefaultRouter()
 team_router.register(r'members', organizer.TeamMemberViewSet)
@@ -84,7 +83,7 @@ event_router.register(r'discounts', discount.DiscountViewSet)
 event_router.register(r'quotas', item.QuotaViewSet)
 event_router.register(r'vouchers', voucher.VoucherViewSet)
 event_router.register(r'orders', order.EventOrderViewSet)
-event_router.register(r'orderpositions', order.EventOrderPositionViewSet)
+event_router.register(r'orderpositions', order.OrderPositionViewSet)
 event_router.register(r'transactions', order.TransactionViewSet)
 event_router.register(r'invoices', order.InvoiceViewSet)
 event_router.register(r'revokedsecrets', order.RevokedSecretViewSet, basename='revokedsecrets')

src/pretix/api/views/cart.py

@@ -52,8 +52,8 @@ class CartPositionViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnly
     ordering = ('datetime',)
     ordering_fields = ('datetime', 'cart_id')
     lookup_field = 'id'
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return CartPosition.objects.filter(

src/pretix/api/views/checkin.py

@@ -67,7 +67,6 @@ from pretix.base.models import (
     Question, ReusableMedium, RevokedTicketSecret, TeamAPIToken,
 )
 from pretix.base.models.orders import PrintLog
-from pretix.base.permissions import AnyPermissionOf
 from pretix.base.services.checkin import (
     CheckInError, RequiredQuestionsError, SQLLogic, perform_checkin,
 )
@@ -119,11 +118,11 @@ class CheckinListViewSet(viewsets.ModelViewSet):
 
     def _get_permission_name(self, request):
         if request.path.endswith('/failed_checkins/'):
-            return 'event.orders:checkin', 'event.orders:write'
+            return 'can_checkin_orders', 'can_change_orders'
         elif request.method in SAFE_METHODS:
-            return 'event.orders:read', 'event.orders:checkin',
+            return 'can_view_orders', 'can_checkin_orders',
         else:
-            return 'event.settings.general:write'
+            return 'can_change_event_settings'
 
     def get_queryset(self):
         qs = self.request.event.checkin_lists.prefetch_related(
@@ -189,15 +188,11 @@ class CheckinListViewSet(viewsets.ModelViewSet):
         clist = self.get_object()
         if serializer.validated_data.get('nonce'):
             if kwargs.get('position'):
-                prev = kwargs['position'].all_checkins.filter(
-                    nonce=serializer.validated_data['nonce'],
-                    successful=False
-                ).first()
+                prev = kwargs['position'].all_checkins.filter(nonce=serializer.validated_data['nonce']).first()
             else:
                 prev = clist.checkins.filter(
                     nonce=serializer.validated_data['nonce'],
                     raw_barcode=serializer.validated_data['raw_barcode'],
-                    successful=False
                 ).first()
             if prev:
                 # Ignore because nonce is already handled
@@ -386,21 +381,15 @@ def _checkin_list_position_queryset(checkinlists, ignore_status=False, ignore_pr
 
     qs = qs.filter(reduce(operator.or_, lists_qs))
 
-    prefetch_related = [
-        Prefetch(
-            lookup='checkins',
-            queryset=Checkin.objects.filter(list_id__in=[cl.pk for cl in checkinlists]).select_related('device')
-        ),
-        Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
-        'answers', 'answers__options', 'answers__question',
-    ]
-    select_related = [
-        'item', 'variation', 'order', 'addon_to', 'order__invoice_address', 'order', 'seat'
-    ]
-
     if pdf_data:
         qs = qs.prefetch_related(
-            # Don't add to list, we don't want to propagate to addons
+            Prefetch(
+                lookup='checkins',
+                queryset=Checkin.objects.filter(list_id__in=[cl.pk for cl in checkinlists]).select_related('device')
+            ),
+            Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
+            'answers', 'answers__options', 'answers__question',
+            Prefetch('addons', OrderPosition.objects.select_related('item', 'variation')),
             Prefetch('order', Order.objects.select_related('invoice_address').prefetch_related(
                 Prefetch(
                     'event',
@@ -415,39 +404,32 @@ def _checkin_list_position_queryset(checkinlists, ignore_status=False, ignore_pr
                     )
                 )
             ))
+        ).select_related(
+            'item', 'variation', 'item__category', 'addon_to', 'order', 'order__invoice_address', 'seat'
         )
+    else:
+        qs = qs.prefetch_related(
+            Prefetch(
+                lookup='checkins',
+                queryset=Checkin.objects.filter(list_id__in=[cl.pk for cl in checkinlists]).select_related('device')
+            ),
+            Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
+            'answers', 'answers__options', 'answers__question',
+            Prefetch('addons', OrderPosition.objects.select_related('item', 'variation'))
+        ).select_related('item', 'variation', 'order', 'addon_to', 'order__invoice_address', 'order', 'seat')
 
     if expand and 'subevent' in expand:
-        prefetch_related += [
+        qs = qs.prefetch_related(
             'subevent', 'subevent__event', 'subevent__subeventitem_set', 'subevent__subeventitemvariation_set',
             'subevent__seat_category_mappings', 'subevent__meta_values'
-        ]
+        )
 
     if expand and 'item' in expand:
-        prefetch_related += [
-            'item', 'item__addons', 'item__bundles', 'item__meta_values',
-            'item__variations',
-        ]
-        select_related.append('item__tax_rule')
+        qs = qs.prefetch_related('item', 'item__addons', 'item__bundles', 'item__meta_values',
+                                 'item__variations').select_related('item__tax_rule')
 
     if expand and 'variation' in expand:
-        prefetch_related += [
-            'variation', 'variation__meta_values',
-        ]
-
-    if expand and 'addons' in expand:
-        prefetch_related += [
-            Prefetch('addons', OrderPosition.objects.prefetch_related(*prefetch_related).select_related(*select_related)),
-        ]
-    else:
-        prefetch_related += [
-            Prefetch('addons', OrderPosition.objects.select_related('item', 'variation'))
-        ]
-
-    if pdf_data:
-        select_related.remove("order")  # Don't need it twice on this queryset
-
-    qs = qs.prefetch_related(*prefetch_related).select_related(*select_related)
+        qs = qs.prefetch_related('variation', 'variation__meta_values')
 
     return qs
 
@@ -475,7 +457,7 @@ def _redeem_process(*, checkinlists, raw_barcode, answers_data, datetime, force,
             'event': op.order.event,
             'pdf_data': pdf_data and (
                 user if user and user.is_authenticated else auth
-            ).has_event_permission(request.organizer, event, 'event.orders:read', request),
+            ).has_event_permission(request.organizer, event, 'can_view_orders', request),
         }
 
     common_checkin_args = dict(
@@ -840,8 +822,8 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
     }
 
     filterset_class = CheckinOrderPositionFilter
-    permission = AnyPermissionOf('event.orders:read', 'event.orders:checkin')
-    write_permission = AnyPermissionOf('event.orders:write', 'event.orders:checkin')
+    permission = ('can_view_orders', 'can_checkin_orders')
+    write_permission = ('can_change_orders', 'can_checkin_orders')
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -872,7 +854,7 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
             expand=self.request.query_params.getlist('expand'),
         )
 
-        if 'pk' not in self.request.resolver_match.kwargs and 'event.orders:read' not in self.request.eventpermset \
+        if 'pk' not in self.request.resolver_match.kwargs and 'can_view_orders' not in self.request.eventpermset \
                 and len(self.request.query_params.get('search', '')) < 3:
             qs = qs.none()
 
@@ -921,9 +903,9 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
 class CheckinRPCRedeemView(views.APIView):
     def post(self, request, *args, **kwargs):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission(('event.orders:write', 'event.orders:checkin'))
+            events = self.request.auth.get_events_with_permission(('can_change_orders', 'can_checkin_orders'))
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission(('event.orders:write', 'event.orders:checkin'), self.request).filter(
+            events = self.request.user.get_events_with_permission(('can_change_orders', 'can_checkin_orders'), self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -991,9 +973,9 @@ class CheckinRPCSearchView(ListAPIView):
     @cached_property
     def lists(self):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission(('event.orders:read', 'event.orders:checkin'))
+            events = self.request.auth.get_events_with_permission(('can_view_orders', 'can_checkin_orders'))
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission(('event.orders:read', 'event.orders:checkin'), self.request).filter(
+            events = self.request.user.get_events_with_permission(('can_view_orders', 'can_checkin_orders'), self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -1010,9 +992,9 @@ class CheckinRPCSearchView(ListAPIView):
     @cached_property
     def has_full_access_permission(self):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission('event.orders:read')
+            events = self.request.auth.get_events_with_permission('can_view_orders')
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission('event.orders:read', self.request).filter(
+            events = self.request.user.get_events_with_permission('can_view_orders', self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -1039,9 +1021,9 @@ class CheckinRPCSearchView(ListAPIView):
 class CheckinRPCAnnulView(views.APIView):
     def post(self, request, *args, **kwargs):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission(('event.orders:write', 'event.orders:checkin'))
+            events = self.request.auth.get_events_with_permission(('can_change_orders', 'can_checkin_orders'))
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission(('event.orders:write', 'event.orders:checkin'), self.request).filter(
+            events = self.request.user.get_events_with_permission(('can_change_orders', 'can_checkin_orders'), self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -1119,7 +1101,7 @@ class CheckinViewSet(viewsets.ReadOnlyModelViewSet):
     filterset_class = CheckinFilter
     ordering = ('created', 'id')
     ordering_fields = ('created', 'datetime', 'id',)
-    permission = 'event.orders:read'
+    permission = 'can_view_orders'
 
     def get_queryset(self):
         qs = Checkin.all.filter().select_related(

src/pretix/api/views/discount.py

@@ -57,7 +57,7 @@ class DiscountViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.discounts.prefetch_related(

src/pretix/api/views/event.py

@@ -281,11 +281,6 @@ class EventViewSet(viewsets.ModelViewSet):
         new_event = serializer.save(organizer=self.request.organizer)
 
         if copy_from:
-            perm_holder = (self.request.auth if isinstance(self.request.auth, (Device, TeamAPIToken))
-                           else self.request.user)
-            if not copy_from.allow_copy_data(self.request.organizer, perm_holder):
-                raise PermissionDenied("Not sufficient permission on source event to copy")
-
             new_event.copy_data_from(copy_from, skip_meta_data='meta_data' in serializer.validated_data)
 
             if plugins is not None:
@@ -346,24 +341,15 @@ class CloneEventViewSet(viewsets.ModelViewSet):
     lookup_field = 'slug'
     lookup_url_kwarg = 'event'
     http_method_names = ['post']
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_create_events'
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        ctx['event'] = Event.objects.get(slug=self.kwargs['event'], organizer=self.request.organizer)
+        ctx['event'] = self.kwargs['event']
         ctx['organizer'] = self.request.organizer
         return ctx
 
     def perform_create(self, serializer):
-        # Weird edge case: Requires settings permission on the event (to read) but also on the organizer (two write)
-        perm_holder = (self.request.auth if isinstance(self.request.auth, (Device, TeamAPIToken))
-                       else self.request.user)
-        if not perm_holder.has_organizer_permission(self.request.organizer, "organizer.events:create", request=self.request):
-            raise PermissionDenied("No permission to create events")
-
-        if not serializer.context['event'].allow_copy_data(self.request.organizer, perm_holder):
-            raise PermissionDenied("Not sufficient permission on source event to copy")
-
         serializer.save(organizer=self.request.organizer)
 
         serializer.instance.log_action(
@@ -440,7 +426,7 @@ with scopes_disabled():
 class SubEventViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = SubEventSerializer
     queryset = SubEvent.objects.none()
-    write_permission = 'event.subevents:write'
+    write_permission = 'can_change_event_settings'
     filter_backends = (DjangoFilterBackend, TotalOrderingFilter)
     ordering = ('date_from',)
     ordering_fields = ('id', 'date_from', 'last_modified')
@@ -560,7 +546,7 @@ class SubEventViewSet(ConditionalListView, viewsets.ModelViewSet):
 class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = TaxRuleSerializer
     queryset = TaxRule.objects.none()
-    write_permission = 'event.settings.tax:write'
+    write_permission = 'can_change_event_settings'
 
     def get_queryset(self):
         return self.request.event.tax_rules.all()
@@ -603,7 +589,7 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
 class ItemMetaPropertiesViewSet(viewsets.ModelViewSet):
     serializer_class = ItemMetaPropertiesSerializer
     queryset = ItemMetaProperty.objects.none()
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_change_event_settings'
 
     def get_queryset(self):
         qs = self.request.event.item_meta_properties.all()
@@ -650,18 +636,19 @@ class ItemMetaPropertiesViewSet(viewsets.ModelViewSet):
 
 class EventSettingsView(views.APIView):
     permission = None
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_change_event_settings'
 
     def get(self, request, *args, **kwargs):
         if isinstance(request.auth, Device):
             s = DeviceEventSettingsSerializer(instance=request.event.settings, event=request.event, context={
-                'request': request, 'permissions': request.eventpermset
+                'request': request
+            })
+        elif 'can_change_event_settings' in request.eventpermset:
+            s = EventSettingsSerializer(instance=request.event.settings, event=request.event, context={
+                'request': request
             })
         else:
-            s = EventSettingsSerializer(instance=request.event.settings, event=request.event, context={
-                'request': request, 'permissions': request.eventpermset,
-            })
-
+            raise PermissionDenied()
         if 'explain' in request.GET:
             return Response({
                 fname: {
@@ -675,7 +662,7 @@ class EventSettingsView(views.APIView):
 
     def patch(self, request, *wargs, **kwargs):
         s = EventSettingsSerializer(instance=request.event.settings, data=request.data, partial=True,
-                                    event=request.event, context={'request': request, 'permissions': request.eventpermset})
+                                    event=request.event, context={'request': request})
         s.is_valid(raise_exception=True)
         with transaction.atomic():
             s.save()
@@ -687,7 +674,7 @@ class EventSettingsView(views.APIView):
                 )
         s = EventSettingsSerializer(
             instance=request.event.settings, event=request.event, context={
-                'request': request, 'permissions': request.eventpermset
+                'request': request
             })
         return Response(s.data)
 
@@ -714,7 +701,7 @@ class SeatFilter(FilterSet):
 class SeatViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = SeatSerializer
     queryset = Seat.objects.none()
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_change_event_settings'
     filter_backends = (DjangoFilterBackend, )
     filterset_class = SeatFilter
 

src/pretix/api/views/exporters.py

@@ -40,12 +40,12 @@ from pretix.api.serializers.exporters import (
 )
 from pretix.base.exporter import OrganizerLevelExportMixin
 from pretix.base.models import (
-    CachedFile, Device, ScheduledEventExport, ScheduledOrganizerExport,
+    CachedFile, Device, Event, ScheduledEventExport, ScheduledOrganizerExport,
     TeamAPIToken,
 )
-from pretix.base.models.organizer import TeamQuerySet
-from pretix.base.services.export import (
-    export, init_event_exporters, init_organizer_exporters, multiexport,
+from pretix.base.services.export import export, multiexport
+from pretix.base.signals import (
+    register_data_exporters, register_multievent_data_exporters,
 )
 from pretix.helpers.http import ChunkBasedFileResponse
 
@@ -111,7 +111,7 @@ class ExportersMixin:
     @action(detail=True, methods=['POST'])
     def run(self, *args, **kwargs):
         instance = self.get_object()
-        serializer = JobRunSerializer(exporter=instance, data=self.request.data)
+        serializer = JobRunSerializer(exporter=instance, data=self.request.data, **self.get_serializer_kwargs())
         serializer.is_valid(raise_exception=True)
 
         cf = CachedFile(web_download=True)
@@ -136,34 +136,27 @@ class ExportersMixin:
 
 
 class EventExportersViewSet(ExportersMixin, viewsets.ViewSet):
-    permission = None
+    permission = 'can_view_orders'
+
+    def get_serializer_kwargs(self):
+        return {}
 
     @cached_property
     def exporters(self):
-        raw_exporters = list(init_event_exporters(
-            event=self.request.event,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
         exporters = []
+        responses = register_data_exporters.send(self.request.event)
+        raw_exporters = [response(self.request.event, self.request.organizer) for r, response in responses if response]
+        raw_exporters = [
+            ex for ex in raw_exporters
+            if ex.available_for_user(self.request.user if self.request.user and self.request.user.is_authenticated else None)
+        ]
         for ex in sorted(raw_exporters, key=lambda ex: str(ex.verbose_name)):
             ex._serializer = JobRunSerializer(exporter=ex)
             exporters.append(ex)
         return exporters
 
     def do_export(self, cf, instance, data):
-        return export.apply_async(args=(
-            self.request.event.id,
-        ), kwargs={
-            'user': self.request.user.pk if self.request.user and self.request.user.is_authenticated else None,
-            'token': self.request.auth.pk if isinstance(self.request.auth, TeamAPIToken) else None,
-            'device': self.request.auth.pk if isinstance(self.request.auth, Device) else None,
-            'fileid': str(cf.id),
-            'provider': instance.identifier,
-            'form_data': data,
-        })
+        return export.apply_async(args=(self.request.event.id, str(cf.id), instance.identifier, data))
 
 
 class OrganizerExportersViewSet(ExportersMixin, viewsets.ViewSet):
@@ -171,23 +164,47 @@ class OrganizerExportersViewSet(ExportersMixin, viewsets.ViewSet):
 
     @cached_property
     def exporters(self):
-        raw_exporters = list(init_organizer_exporters(
-            organizer=self.request.organizer,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
         exporters = []
+        if isinstance(self.request.auth, (Device, TeamAPIToken)):
+            perm_holder = self.request.auth
+        else:
+            perm_holder = self.request.user
+        events = perm_holder.get_events_with_permission('can_view_orders', request=self.request).filter(
+            organizer=self.request.organizer
+        )
+        responses = register_multievent_data_exporters.send(self.request.organizer)
+        raw_exporters = [
+            response(Event.objects.none() if issubclass(response, OrganizerLevelExportMixin) else events, self.request.organizer)
+            for r, response in responses
+            if response
+        ]
+        raw_exporters = [
+            ex for ex in raw_exporters
+            if (
+                not isinstance(ex, OrganizerLevelExportMixin) or
+                perm_holder.has_organizer_permission(self.request.organizer, ex.organizer_required_permission, self.request)
+            ) and ex.available_for_user(self.request.user if self.request.user and self.request.user.is_authenticated else None)
+        ]
         for ex in sorted(raw_exporters, key=lambda ex: str(ex.verbose_name)):
-            ex._serializer = JobRunSerializer(exporter=ex)
+            ex._serializer = JobRunSerializer(exporter=ex, events=events)
             exporters.append(ex)
         return exporters
 
+    def get_serializer_kwargs(self):
+        if isinstance(self.request.auth, (Device, TeamAPIToken)):
+            perm_holder = self.request.auth
+        else:
+            perm_holder = self.request.user
+        return {
+            'events': perm_holder.get_events_with_permission('can_view_orders', request=self.request).filter(
+                organizer=self.request.organizer
+            )
+        }
+
     def do_export(self, cf, instance, data):
         return multiexport.apply_async(kwargs={
             'organizer': self.request.organizer.id,
-            'user': self.request.user.id if self.request.user and self.request.user.is_authenticated else None,
+            'user': self.request.user.id if self.request.user.is_authenticated else None,
             'token': self.request.auth.pk if isinstance(self.request.auth, TeamAPIToken) else None,
             'device': self.request.auth.pk if isinstance(self.request.auth, Device) else None,
             'fileid': str(cf.id),
@@ -205,11 +222,11 @@ class ScheduledExportersViewSet(viewsets.ModelViewSet):
 class ScheduledEventExportViewSet(ScheduledExportersViewSet):
     serializer_class = ScheduledEventExportSerializer
     queryset = ScheduledEventExport.objects.none()
-    permission = None
+    permission = 'can_view_orders'
 
     def get_queryset(self):
         perm_holder = self.request.auth if isinstance(self.request.auth, (TeamAPIToken, Device)) else self.request.user
-        if not perm_holder.has_event_permission(self.request.organizer, self.request.event, 'event.settings.general:write',
+        if not perm_holder.has_event_permission(self.request.organizer, self.request.event, 'can_change_event_settings',
                                                 request=self.request):
             if self.request.user.is_authenticated:
                 qs = self.request.event.scheduled_exports.filter(owner=self.request.user)
@@ -241,28 +258,11 @@ class ScheduledEventExportViewSet(ScheduledExportersViewSet):
 
     @cached_property
     def exporters(self):
-        exporters = list(init_event_exporters(
-            event=self.request.event,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
+        responses = register_data_exporters.send(self.request.event)
+        exporters = [response(self.request.event, self.request.organizer) for r, response in responses if response]
         return {e.identifier: e for e in exporters}
 
     def perform_update(self, serializer):
-        if not self.request.user.is_authenticated or self.request.user != serializer.instance.owner:
-            # This is to prevent a possible privilege escalation where user A creates a scheduled export and
-            # user B has settings permission (= they can see the export configuration), but not enough permission
-            # to run the export themselves. Without this check, user B could modify the export and add themselves
-            # as a recipient. Thereby, user B would gain access to data they can't have.
-            exporter = self.exporters.get(serializer.instance.export_identifier)
-            if not exporter:
-                raise PermissionDenied("No access to exporter.")
-            perm_holder = self.request.auth if isinstance(self.request.auth, (TeamAPIToken, Device)) else self.request.user
-            if not perm_holder.has_event_permission(self.request.organizer, self.request.event, exporter.get_required_event_permission()):
-                raise PermissionDenied("No permission to edit exports you could not run.")
-
         serializer.save(event=self.request.event)
         serializer.instance.compute_next_run()
         serializer.instance.error_counter = 0
@@ -291,7 +291,7 @@ class ScheduledOrganizerExportViewSet(ScheduledExportersViewSet):
 
     def get_queryset(self):
         perm_holder = self.request.auth if isinstance(self.request.auth, (TeamAPIToken, Device)) else self.request.user
-        if not perm_holder.has_organizer_permission(self.request.organizer, 'organizer.settings.general:write',
+        if not perm_holder.has_organizer_permission(self.request.organizer, 'can_change_organizer_settings',
                                                     request=self.request):
             if self.request.user.is_authenticated:
                 qs = self.request.organizer.scheduled_exports.filter(owner=self.request.user)
@@ -321,55 +321,26 @@ class ScheduledOrganizerExportViewSet(ScheduledExportersViewSet):
         ctx['exporters'] = self.exporters
         return ctx
 
+    @cached_property
+    def events(self):
+        if isinstance(self.request.auth, (TeamAPIToken, Device)):
+            return self.request.auth.get_events_with_permission('can_view_orders')
+        elif self.request.user.is_authenticated:
+            return self.request.user.get_events_with_permission('can_view_orders', self.request).filter(
+                organizer=self.request.organizer
+            )
+
     @cached_property
     def exporters(self):
-        exporters = list(init_organizer_exporters(
-            organizer=self.request.organizer,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
+        responses = register_multievent_data_exporters.send(self.request.organizer)
+        exporters = [
+            response(Event.objects.none() if issubclass(response, OrganizerLevelExportMixin) else self.events,
+                     self.request.organizer)
+            for r, response in responses if response
+        ]
         return {e.identifier: e for e in exporters}
 
     def perform_update(self, serializer):
-        if not self.request.user.is_authenticated or self.request.user != serializer.instance.owner:
-            # This is to prevent a possible privilege escalation where user A creates a scheduled export and
-            # user B has settings permission (= they can see the export configuration), but not enough permission
-            # to run the export themselves. Without this check, user B could modify the export and add themselves
-            # as a recipient. Thereby, user B would gain access to data they can't have.
-            exporter = self.exporters.get(serializer.instance.export_identifier)
-            if not exporter:
-                raise PermissionDenied("No access to exporter.")
-            perm_holder = (self.request.auth if isinstance(self.request.auth, (Device, TeamAPIToken))
-                           else self.request.user)
-            if isinstance(exporter, OrganizerLevelExportMixin):
-                if not perm_holder.has_organizer_permission(
-                        self.request.organizer, exporter.get_required_organizer_permission(), request=self.request,
-                ):
-                    raise PermissionDenied("No permission to edit exports you could not run.")
-            else:
-                if serializer.instance.export_form_data.get("all_events", False):
-                    if isinstance(self.request.auth, Device):
-                        if not self.request.auth.all_events:
-                            raise PermissionDenied("No permission to edit exports you could not run.")
-                    elif isinstance(self.request.auth, TeamAPIToken):
-                        if not self.request.auth.team.all_events:
-                            raise PermissionDenied("No permission to edit exports you could not run.")
-                    elif self.request.user.is_authenticated:
-                        if not self.request.user.teams.filter(
-                                TeamQuerySet.event_permission_q(exporter.get_required_event_permission()),
-                                all_events=True,
-                        ).exists():
-                            raise PermissionDenied("No permission to edit exports you could not run.")
-                else:
-                    events_selected = serializer.instance.export_form_data.get("events", [])
-                    events_permission = set(perm_holder.get_events_with_permission(
-                        exporter.get_required_event_permission(), request=self.request
-                    ).values_list("pk", flat=True))
-                    if not all(e in events_permission for e in events_selected):
-                        raise PermissionDenied("No permission to edit exports you could not run.")
-
         serializer.save(organizer=self.request.organizer)
         serializer.instance.compute_next_run()
         serializer.instance.error_counter = 0

src/pretix/api/views/item.py

@@ -99,14 +99,14 @@ class ItemViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering = ('position', 'id')
     filterset_class = ItemFilter
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.items.select_related('tax_rule').prefetch_related(
             'variations', 'addons', 'bundles', 'meta_values', 'meta_values__property',
             'variations__meta_values', 'variations__meta_values__property',
             'require_membership_types', 'variations__require_membership_types',
-            'limit_sales_channels', 'variations__limit_sales_channels', 'program_times'
+            'limit_sales_channels', 'variations__limit_sales_channels',
         ).all()
 
     def perform_create(self, serializer):
@@ -163,7 +163,7 @@ class ItemVariationViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -234,7 +234,7 @@ class ItemBundleViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id',)
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -286,7 +286,7 @@ class ItemProgramTimeViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id',)
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -339,7 +339,7 @@ class ItemAddOnViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -398,7 +398,7 @@ class ItemCategoryViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.categories.all()
@@ -453,7 +453,7 @@ class QuestionViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.questions.prefetch_related('options').all()
@@ -497,7 +497,7 @@ class QuestionOptionViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         q = get_object_or_404(Question, pk=self.kwargs['question'], event=self.request.event)
@@ -564,7 +564,7 @@ class QuotaViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'size')
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.quotas.select_related('subevent').prefetch_related('items', 'variations').all()

src/pretix/api/views/media.py

@@ -62,8 +62,8 @@ with scopes_disabled():
 class ReusableMediaViewSet(viewsets.ModelViewSet):
     serializer_class = ReusableMediaSerializer
     queryset = ReusableMedium.objects.none()
-    permission = 'organizer.reusablemedia:read'
-    write_permission = 'organizer.reusablemedia:write'
+    permission = 'can_manage_reusable_media'
+    write_permission = 'can_manage_reusable_media'
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('-updated', '-id')
     ordering_fields = ('created', 'updated', 'identifier', 'type', 'id')
@@ -95,8 +95,6 @@ class ReusableMediaViewSet(viewsets.ModelViewSet):
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
         ctx['organizer'] = self.request.organizer
-        ctx['can_read_giftcards'] = 'organizer.giftcards:read' in self.request.orgapermset
-        ctx['can_read_customers'] = 'organizer.customers:read' in self.request.orgapermset
         return ctx
 
     @transaction.atomic()

src/pretix/api/views/order.py

@@ -57,10 +57,9 @@ from pretix.api.serializers.order import (
     BlockedTicketSecretSerializer, InvoiceSerializer, OrderCreateSerializer,
     OrderPaymentCreateSerializer, OrderPaymentSerializer,
     OrderPositionSerializer, OrderRefundCreateSerializer,
-    OrderRefundSerializer, OrderSerializer, OrganizerOrderPositionSerializer,
-    OrganizerTransactionSerializer, PriceCalcSerializer, PrintLogSerializer,
-    RevokedTicketSecretSerializer, SimulatedOrderSerializer,
-    TransactionSerializer,
+    OrderRefundSerializer, OrderSerializer, OrganizerTransactionSerializer,
+    PriceCalcSerializer, PrintLogSerializer, RevokedTicketSecretSerializer,
+    SimulatedOrderSerializer, TransactionSerializer,
 )
 from pretix.api.serializers.orderchange import (
     BlockNameSerializer, OrderChangeOperationSerializer,
@@ -91,6 +90,7 @@ from pretix.base.services.invoices import (
     generate_cancellation, generate_invoice, invoice_pdf, invoice_qualified,
     regenerate_invoice, transmit_invoice,
 )
+from pretix.base.services.mail import SendMailException
 from pretix.base.services.orders import (
     OrderChangeManager, OrderError, _order_placed_email,
     _order_placed_email_attendee, approve_order, cancel_order, deny_order,
@@ -317,7 +317,7 @@ class OrderViewSetMixin:
 
 class OrganizerOrderViewSet(OrderViewSetMixin, viewsets.ReadOnlyModelViewSet):
     def get_base_queryset(self):
-        perm = "event.orders:read" if self.request.method in SAFE_METHODS else "event.orders:write"
+        perm = "can_view_orders" if self.request.method in SAFE_METHODS else "can_change_orders"
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
             return Order.objects.filter(
                 event__organizer=self.request.organizer,
@@ -338,8 +338,8 @@ class OrganizerOrderViewSet(OrderViewSetMixin, viewsets.ReadOnlyModelViewSet):
 
 
 class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -439,6 +439,8 @@ class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
                 return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
             except PaymentException as e:
                 return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            except SendMailException:
+                pass
 
             return self.retrieve(request, [], **kwargs)
         return Response(
@@ -632,7 +634,10 @@ class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
         order = self.get_object()
         if not order.email:
             return Response({'detail': 'There is no email address associated with this order.'}, status=status.HTTP_400_BAD_REQUEST)
-        order.resend_link(user=self.request.user, auth=self.request.auth)
+        try:
+            order.resend_link(user=self.request.user, auth=self.request.auth)
+        except SendMailException:
+            return Response({'detail': _('There was an error sending the mail. Please try again later.')}, status=status.HTTP_503_SERVICE_UNAVAILABLE)
 
         return Response(
             status=status.HTTP_204_NO_CONTENT
@@ -1066,12 +1071,15 @@ with scopes_disabled():
             }
 
 
-class OrderPositionViewSetMixin:
+class OrderPositionViewSet(viewsets.ModelViewSet):
+    serializer_class = OrderPositionSerializer
     queryset = OrderPosition.all.none()
     filter_backends = (DjangoFilterBackend, RichOrderingFilter)
     ordering = ('order__datetime', 'positionid')
     ordering_fields = ('order__code', 'order__datetime', 'positionid', 'attendee_name', 'order__status',)
     filterset_class = OrderPositionFilter
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
     ordering_custom = {
         'attendee_name': {
             '_order': F('display_name').asc(nulls_first=True),
@@ -1085,7 +1093,8 @@ class OrderPositionViewSetMixin:
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        ctx['pdf_data'] = False
+        ctx['event'] = self.request.event
+        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
         ctx['check_quotas'] = self.request.query_params.get('check_quotas', 'true').lower() == 'true'
         return ctx
 
@@ -1094,8 +1103,9 @@ class OrderPositionViewSetMixin:
             qs = OrderPosition.all
         else:
             qs = OrderPosition.objects
-        qs = qs.filter(order__event__organizer=self.request.organizer)
-        if self.request.query_params.get('pdf_data', 'false').lower() == 'true' and getattr(self.request, 'event', None):
+
+        qs = qs.filter(order__event=self.request.event)
+        if self.request.query_params.get('pdf_data', 'false').lower() == 'true':
             prefetch_related_objects([self.request.organizer], 'meta_properties')
             prefetch_related_objects(
                 [self.request.event],
@@ -1150,9 +1160,9 @@ class OrderPositionViewSetMixin:
             qs = qs.prefetch_related(
                 Prefetch('checkins', queryset=Checkin.objects.select_related("device")),
                 Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
-                'answers', 'answers__options', 'answers__question', 'order__event', 'order__event__organizer'
+                'answers', 'answers__options', 'answers__question',
             ).select_related(
-                'item', 'order', 'seat'
+                'item', 'order', 'order__event', 'order__event__organizer', 'seat'
             )
         return qs
 
@@ -1164,49 +1174,6 @@ class OrderPositionViewSetMixin:
                 return prov
         raise NotFound('Unknown output provider.')
 
-
-class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
-    serializer_class = OrganizerOrderPositionSerializer
-    permission = None
-    write_permission = None
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-
-        perm = "event.orders:read" if self.request.method in SAFE_METHODS else "event.orders:write"
-
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            auth_obj = self.request.auth
-        elif self.request.user.is_authenticated:
-            auth_obj = self.request.user
-        else:
-            raise PermissionDenied("Unknown authentication scheme")
-
-        qs = qs.filter(
-            order__event__in=auth_obj.get_events_with_permission(perm, request=self.request).filter(
-                organizer=self.request.organizer
-            )
-        )
-
-        return qs
-
-
-class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet):
-    serializer_class = OrderPositionSerializer
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
-
-    def get_serializer_context(self):
-        ctx = super().get_serializer_context()
-        ctx['event'] = self.request.event
-        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
-        return ctx
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-        qs = qs.filter(order__event=self.request.event)
-        return qs
-
     @action(detail=True, methods=['POST'], url_name='price_calc')
     def price_calc(self, request, *args, **kwargs):
         """
@@ -1613,8 +1580,8 @@ class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet
 class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderPaymentSerializer
     queryset = OrderPayment.objects.none()
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
     lookup_field = 'local_id'
 
     def get_serializer_context(self):
@@ -1649,6 +1616,8 @@ class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
                     )
                 except Quota.QuotaExceededException:
                     pass
+                except SendMailException:
+                    pass
 
             serializer = OrderPaymentSerializer(r, context=serializer.context)
 
@@ -1686,6 +1655,8 @@ class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
             return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
         except PaymentException as e:
             return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        except SendMailException:
+            pass
         return self.retrieve(request, [], **kwargs)
 
     @action(detail=True, methods=['POST'])
@@ -1786,8 +1757,8 @@ class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
 class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderRefundSerializer
     queryset = OrderRefund.objects.none()
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
     lookup_field = 'local_id'
 
     def get_queryset(self):
@@ -1944,18 +1915,13 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
     ordering = ('nr',)
     ordering_fields = ('nr', 'date')
     filterset_class = InvoiceFilter
+    permission = 'can_view_orders'
     lookup_url_kwarg = 'number'
     lookup_field = 'nr'
-
-    def _get_permission_name(self, request):
-        if 'event' in request.resolver_match.kwargs:
-            if request.method not in SAFE_METHODS:
-                return "event.orders:write"
-            return "event.orders:read"
-        return None  # org-level is handled by event__in check
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
-        perm = "event.orders:read" if self.request.method in SAFE_METHODS else "event.orders:write"
+        perm = "can_view_orders" if self.request.method in SAFE_METHODS else "can_change_orders"
         if getattr(self.request, 'event', None):
             qs = self.request.event.invoices
         elif isinstance(self.request.auth, (TeamAPIToken, Device)):
@@ -2065,7 +2031,7 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
         else:
             order = Order.objects.select_for_update(of=OF_SELF).get(pk=inv.order_id)
             c = generate_cancellation(inv)
-            if invoice_qualified(order):
+            if inv.order.status != Order.STATUS_CANCELED:
                 inv = generate_invoice(order)
             else:
                 inv = c
@@ -2096,8 +2062,8 @@ class RevokedSecretViewSet(viewsets.ReadOnlyModelViewSet):
     ordering = ('-created',)
     ordering_fields = ('created', 'secret')
     filterset_class = RevokedSecretFilter
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return RevokedTicketSecret.objects.filter(event=self.request.event)
@@ -2118,8 +2084,8 @@ class BlockedSecretViewSet(viewsets.ReadOnlyModelViewSet):
     filter_backends = (DjangoFilterBackend, TotalOrderingFilter)
     ordering = ('-updated', '-pk')
     filterset_class = BlockedSecretFilter
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return BlockedTicketSecret.objects.filter(event=self.request.event)
@@ -2154,7 +2120,7 @@ class TransactionViewSet(viewsets.ReadOnlyModelViewSet):
     ordering = ('datetime', 'pk')
     ordering_fields = ('datetime', 'created', 'id',)
     filterset_class = TransactionFilter
-    permission = 'event.orders:read'
+    permission = 'can_view_orders'
 
     def get_queryset(self):
         return Transaction.objects.filter(order__event=self.request.event).select_related("order")
@@ -2171,11 +2137,11 @@ class OrganizerTransactionViewSet(TransactionViewSet):
 
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
             qs = qs.filter(
-                order__event__in=self.request.auth.get_events_with_permission("event.orders:read"),
+                order__event__in=self.request.auth.get_events_with_permission("can_view_orders"),
             )
         elif self.request.user.is_authenticated:
             qs = qs.filter(
-                order__event__in=self.request.user.get_events_with_permission("event.orders:read", request=self.request)
+                order__event__in=self.request.user.get_events_with_permission("can_view_orders", request=self.request)
             )
         else:
             raise PermissionDenied("Unknown authentication scheme")

src/pretix/api/views/organizer.py

@@ -70,7 +70,7 @@ class OrganizerViewSet(mixins.UpdateModelMixin, viewsets.ReadOnlyModelViewSet):
     filter_backends = (TotalOrderingFilter,)
     ordering = ('slug',)
     ordering_fields = ('name', 'slug')
-    write_permission = "organizer.settings.general:write"
+    write_permission = "can_change_organizer_settings"
 
     def get_queryset(self):
         if self.request.user.is_authenticated:
@@ -154,8 +154,8 @@ class OrganizerViewSet(mixins.UpdateModelMixin, viewsets.ReadOnlyModelViewSet):
 class SeatingPlanViewSet(viewsets.ModelViewSet):
     serializer_class = SeatingPlanSerializer
     queryset = SeatingPlan.objects.none()
-    permission = None
-    write_permission = 'organizer.seatingplans:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
 
     def get_queryset(self):
         return self.request.organizer.seating_plans.order_by('name')
@@ -221,8 +221,8 @@ with scopes_disabled():
 class GiftCardViewSet(viewsets.ModelViewSet):
     serializer_class = GiftCardSerializer
     queryset = GiftCard.objects.none()
-    permission = 'organizer.giftcards:read'
-    write_permission = 'organizer.giftcards:write'
+    permission = 'can_manage_gift_cards'
+    write_permission = 'can_manage_gift_cards'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = GiftCardFilter
 
@@ -249,24 +249,12 @@ class GiftCardViewSet(viewsets.ModelViewSet):
     def perform_create(self, serializer):
         value = serializer.validated_data.pop('value')
         inst = serializer.save(issuer=self.request.organizer)
-        inst.log_action(
-            action='pretix.giftcards.created',
-            user=self.request.user,
-            auth=self.request.auth,
-        )
         inst.transactions.create(value=value, acceptor=self.request.organizer)
         inst.log_action(
-            action='pretix.giftcards.transaction.manual',
+            'pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data=merge_dicts(
-                self.request.data,
-                {
-                    'id': inst.pk,
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
-                }
-            )
+            data=merge_dicts(self.request.data, {'id': inst.pk})
         )
 
     @transaction.atomic()
@@ -281,7 +269,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             inst = serializer.save(secret=serializer.instance.secret, currency=serializer.instance.currency,
                                    testmode=serializer.instance.testmode)
             inst.log_action(
-                action='pretix.giftcards.modified',
+                'pretix.giftcards.modified',
                 user=self.request.user,
                 auth=self.request.auth,
                 data=self.request.data,
@@ -294,14 +282,10 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             diff = value - old_value
             inst.transactions.create(value=diff, acceptor=self.request.organizer)
             inst.log_action(
-                action='pretix.giftcards.transaction.manual',
+                'pretix.giftcards.transaction.manual',
                 user=self.request.user,
                 auth=self.request.auth,
-                data={
-                    'value': diff,
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
-                }
+                data={'value': diff}
             )
 
         return inst
@@ -325,15 +309,10 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             }, status=status.HTTP_409_CONFLICT)
         gc.transactions.create(value=value, text=text, info=info, acceptor=self.request.organizer)
         gc.log_action(
-            action='pretix.giftcards.transaction.manual',
+            'pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data={
-                'value': value,
-                'text': text,
-                'acceptor_id': self.request.organizer.id,
-                'acceptor_slug': self.request.organizer.slug
-            }
+            data={'value': value, 'text': text}
         )
         return Response(GiftCardSerializer(gc, context=self.get_serializer_context()).data, status=status.HTTP_200_OK)
 
@@ -344,8 +323,8 @@ class GiftCardViewSet(viewsets.ModelViewSet):
 class GiftCardTransactionViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = GiftCardTransactionSerializer
     queryset = GiftCardTransaction.objects.none()
-    permission = 'organizer.giftcards:read'
-    write_permission = 'organizer.giftcards:write'
+    permission = 'can_manage_gift_cards'
+    write_permission = 'can_manage_gift_cards'
 
     @cached_property
     def giftcard(self):
@@ -362,8 +341,8 @@ class GiftCardTransactionViewSet(viewsets.ReadOnlyModelViewSet):
 class TeamViewSet(viewsets.ModelViewSet):
     serializer_class = TeamSerializer
     queryset = Team.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     def get_queryset(self):
         return self.request.organizer.teams.order_by('pk')
@@ -402,8 +381,8 @@ class TeamViewSet(viewsets.ModelViewSet):
 class TeamMemberViewSet(DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = TeamMemberSerializer
     queryset = User.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     @cached_property
     def team(self):
@@ -431,8 +410,8 @@ class TeamMemberViewSet(DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
 class TeamInviteViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = TeamInviteSerializer
     queryset = TeamInvite.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     @cached_property
     def team(self):
@@ -468,8 +447,8 @@ class TeamInviteViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyMo
 class TeamAPITokenViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = TeamAPITokenSerializer
     queryset = TeamAPIToken.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     @cached_property
     def team(self):
@@ -532,8 +511,8 @@ class DeviceViewSet(mixins.CreateModelMixin,
                     GenericViewSet):
     serializer_class = DeviceSerializer
     queryset = Device.objects.none()
-    permission = 'organizer.devices:read'
-    write_permission = 'organizer.devices:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
     lookup_field = 'device_id'
 
     def get_queryset(self):
@@ -542,9 +521,6 @@ class DeviceViewSet(mixins.CreateModelMixin,
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
         ctx['organizer'] = self.request.organizer
-        ctx['can_see_tokens'] = (
-            self.request.user if self.request.user and self.request.user.is_authenticated else self.request.auth
-        ).has_organizer_permission(self.request.organizer, 'organizer.devices:write', request=self.request)
         return ctx
 
     @transaction.atomic()
@@ -571,11 +547,11 @@ class DeviceViewSet(mixins.CreateModelMixin,
 
 class OrganizerSettingsView(views.APIView):
     permission = None
-    write_permission = 'organizer.settings.general:write'
+    write_permission = 'can_change_organizer_settings'
 
     def get(self, request, *args, **kwargs):
         s = OrganizerSettingsSerializer(instance=request.organizer.settings, organizer=request.organizer, context={
-            'request': request, 'permissions': request.orgapermset
+            'request': request
         })
         if 'explain' in request.GET:
             return Response({
@@ -592,7 +568,7 @@ class OrganizerSettingsView(views.APIView):
         s = OrganizerSettingsSerializer(
             instance=request.organizer.settings, data=request.data, partial=True,
             organizer=request.organizer, context={
-                'request': request, 'permissions': request.orgapermset
+                'request': request
             }
         )
         s.is_valid(raise_exception=True)
@@ -604,7 +580,7 @@ class OrganizerSettingsView(views.APIView):
                 }
             )
         s = OrganizerSettingsSerializer(instance=request.organizer.settings, organizer=request.organizer, context={
-            'request': request, 'permissions': request.orgapermset
+            'request': request
         })
         return Response(s.data)
 
@@ -621,8 +597,7 @@ with scopes_disabled():
 class CustomerViewSet(viewsets.ModelViewSet):
     serializer_class = CustomerSerializer
     queryset = Customer.objects.none()
-    permission = 'organizer.customers:read'
-    write_permission = 'organizer.customers:write'
+    permission = 'can_manage_customers'
     lookup_field = 'identifier'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = CustomerFilter
@@ -682,7 +657,7 @@ class CustomerViewSet(viewsets.ModelViewSet):
 class MembershipTypeViewSet(viewsets.ModelViewSet):
     serializer_class = MembershipTypeSerializer
     queryset = MembershipType.objects.none()
-    permission = 'organizer.settings.general:write'
+    permission = 'can_change_organizer_settings'
 
     def get_queryset(self):
         qs = self.request.organizer.membership_types.all()
@@ -739,8 +714,7 @@ with scopes_disabled():
 class MembershipViewSet(viewsets.ModelViewSet):
     serializer_class = MembershipSerializer
     queryset = Membership.objects.none()
-    permission = 'organizer.customers:read'
-    write_permission = 'organizer.customers:write'
+    permission = 'can_manage_customers'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = MembershipFilter
 
@@ -790,8 +764,8 @@ with scopes_disabled():
 class SalesChannelViewSet(viewsets.ModelViewSet):
     serializer_class = SalesChannelSerializer
     queryset = SalesChannel.objects.none()
-    permission = 'organizer.settings.general:write'
-    write_permission = 'organizer.settings.general:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = SalesChannelFilter
     lookup_field = 'identifier'

src/pretix/api/views/shredders.py

@@ -204,7 +204,7 @@ class ShreddersMixin:
 
 
 class EventShreddersViewSet(ShreddersMixin, viewsets.ViewSet):
-    permission = 'event.orders:write'
+    permission = 'can_change_orders'
 
     def get_serializer_kwargs(self):
         return {}

src/pretix/api/views/voucher.py

@@ -62,8 +62,8 @@ class VoucherViewSet(viewsets.ModelViewSet):
     ordering = ('id',)
     ordering_fields = ('id', 'code', 'max_usages', 'valid_until', 'value')
     filterset_class = VoucherFilter
-    permission = 'event.vouchers:read'
-    write_permission = 'event.vouchers:write'
+    permission = 'can_view_vouchers'
+    write_permission = 'can_change_vouchers'
 
     @scopes_disabled()  # we have an event check here, and we can save some performance on subqueries
     def get_queryset(self):

src/pretix/api/views/waitinglist.py

@@ -51,8 +51,8 @@ class WaitingListViewSet(viewsets.ModelViewSet):
     ordering = ('created', 'pk',)
     ordering_fields = ('id', 'created', 'email', 'item')
     filterset_class = WaitingListFilter
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return self.request.event.waitinglistentries.all()

src/pretix/api/views/webhooks.py

@@ -35,8 +35,8 @@ class WebhookFilter(FilterSet):
 class WebHookViewSet(viewsets.ModelViewSet):
     serializer_class = WebHookSerializer
     queryset = WebHook.objects.none()
-    permission = 'organizer.settings.general:write'
-    write_permission = 'organizer.settings.general:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = WebhookFilter
 

src/pretix/api/webhooks.py

@@ -174,38 +174,6 @@ class ParametrizedEventWebhookEvent(ParametrizedWebhookEvent):
         }
 
 
-class ParametrizedGiftcardWebhookEvent(ParametrizedWebhookEvent):
-    def build_payload(self, logentry: LogEntry):
-        giftcard = logentry.content_object
-        if not giftcard:
-            return None
-
-        return {
-            'notification_id': logentry.pk,
-            'issuer_id': logentry.organizer_id,
-            'issuer_slug': logentry.organizer.slug,
-            'giftcard': giftcard.pk,
-            'action': logentry.action_type,
-        }
-
-
-class ParametrizedGiftcardTransactionWebhookEvent(ParametrizedWebhookEvent):
-    def build_payload(self, logentry: LogEntry):
-        giftcard = logentry.content_object
-        if not giftcard:
-            return None
-
-        return {
-            'notification_id': logentry.pk,
-            'issuer_id': logentry.organizer_id,
-            'issuer_slug': logentry.organizer.slug,
-            'acceptor_id': logentry.parsed_data.get('acceptor_id'),
-            'acceptor_slug': logentry.parsed_data.get('acceptor_slug'),
-            'giftcard': giftcard.pk,
-            'action': logentry.action_type,
-        }
-
-
 class ParametrizedVoucherWebhookEvent(ParametrizedWebhookEvent):
 
     def build_payload(self, logentry: LogEntry):
@@ -465,18 +433,6 @@ def register_default_webhook_events(sender, **kwargs):
             'pretix.customer.anonymized',
             _('Customer account anonymized'),
         ),
-        ParametrizedGiftcardWebhookEvent(
-            'pretix.giftcards.created',
-            _('Gift card added'),
-        ),
-        ParametrizedGiftcardWebhookEvent(
-            'pretix.giftcards.modified',
-            _('Gift card modified'),
-        ),
-        ParametrizedGiftcardTransactionWebhookEvent(
-            'pretix.giftcards.transaction.*',
-            _('Gift card used in transaction'),
-        )
     )
 
 

src/pretix/base/auth.py

@@ -224,7 +224,7 @@ class HistoryPasswordValidator:
         ).delete()
 
 
-def has_event_access_permission(request, permission='event.settings.general:write'):
+def has_event_access_permission(request, permission='can_change_event_settings'):
     return (
         request.user.is_authenticated and
         request.user.has_event_permission(request.organizer, request.event, permission, request=request)

src/pretix/base/datasync/datasync.py

@@ -216,10 +216,7 @@ class OutboundSyncProvider:
 
             try:
                 mapped_objects = self.sync_order(sq.order)
-                actions_taken = [res and res.sync_info.get("action", "") for res_list in mapped_objects.values() for res in res_list]
-                should_write_logentry = any(action not in (None, "nothing_to_do") for action in actions_taken)
-                logger.info('Synced order %s to %s, actions: %r, log: %r', sq.order.code, sq.sync_provider, actions_taken, should_write_logentry)
-                if should_write_logentry:
+                if not all(all(not res or res.sync_info.get("action", "") == "nothing_to_do" for res in res_list) for res_list in mapped_objects.values()):
                     sq.order.log_action("pretix.event.order.data_sync.success", {
                         "provider": self.identifier,
                         "objects": {
@@ -240,7 +237,7 @@ class OutboundSyncProvider:
                     sq.set_sync_error("exceeded", e.messages, e.full_message)
                 else:
                     logger.info(
-                        f"Could not sync order {sq.order.code} to {sq.sync_provider} "
+                        f"Could not sync order {sq.order.code} to {type(self).__name__} "
                         f"(transient error, attempt #{sq.failed_attempts}, next {sq.not_before})",
                         exc_info=True,
                     )

src/pretix/base/email.py

@@ -39,7 +39,7 @@ from pretix.base.templatetags.rich_text import (
     DEFAULT_CALLBACKS, EMAIL_RE, URL_RE, abslink_callback,
     markdown_compile_email, truelink_callback,
 )
-from pretix.helpers.format import FormattedString, SafeFormatter, format_map
+from pretix.helpers.format import SafeFormatter, format_map
 
 from pretix.base.services.placeholders import (  # noqa
     get_available_placeholders, PlaceholderContext
@@ -141,7 +141,6 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
         return markdown_compile_email(plaintext, context=context)
 
     def render(self, plain_body: str, plain_signature: str, subject: str, order, position, context) -> str:
-        apply_format_map = not isinstance(plain_body, FormattedString)
         body_md = self.compile_markdown(plain_body, context)
         if context:
             linker = bleach.Linker(
@@ -150,13 +149,12 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
                 callbacks=DEFAULT_CALLBACKS + [truelink_callback, abslink_callback],
                 parse_email=True
             )
-            if apply_format_map:
-                body_md = format_map(
-                    body_md,
-                    context=context,
-                    mode=SafeFormatter.MODE_RICH_TO_HTML,
-                    linkifier=linker
-                )
+            body_md = format_map(
+                body_md,
+                context=context,
+                mode=SafeFormatter.MODE_RICH_TO_HTML,
+                linkifier=linker
+            )
         htmlctx = {
             'site': settings.PRETIX_INSTANCE_NAME,
             'site_url': settings.SITE_URL,

src/pretix/base/exporter.py

@@ -73,9 +73,6 @@ class BaseExporter:
             self.events = Event.objects.filter(pk=event.pk)
             self.timezone = event.timezone
 
-        if hasattr(self, 'organizer_required_permission'):
-            raise TypeError("Deprecated attribute organizer_required_permission no longer supported.")
-
     def __str__(self):
         return self.identifier
 
@@ -179,30 +176,15 @@ class BaseExporter:
         """
         return True
 
-    @classmethod
-    def get_required_event_permission(cls) -> str:
-        """
-        The permission level required to use this exporter for events. For multi-event-exports, this will be used
-        to limit the selection of events. Will be ignored if the ``OrganizerLevelExportMixin`` mixin is used.
-        The default implementation returns ``"event.orders:read"``.
-        """
-        return 'event.orders:read'
-
 
 class OrganizerLevelExportMixin:
-    @classmethod
-    def get_required_event_permission(cls):
-        raise TypeError("required_event_permission may not be called on OrganizerLevelExportMixin")
-
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
+    @property
+    def organizer_required_permission(self) -> str:
         """
-        The permission level required to use this exporter. Must be set for organizer-level exports. Set to `None` to
-        allow everyone with any access to the organizer.
-
-        ``get_required_event_permission`` will be ignored on this class.
+        The permission level required to use this exporter. Only useful for organizer-level exports,
+        not for event-level exports.
         """
-        raise NotImplementedError()
+        return 'can_view_orders'
 
 
 class ListExporter(BaseExporter):

src/pretix/base/exporters/customers.py

@@ -47,13 +47,10 @@ from ..signals import register_multievent_data_exporters
 class CustomerListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'customerlist'
     verbose_name = gettext_lazy('Customer accounts')
+    organizer_required_permission = 'can_manage_customers'
     category = pgettext_lazy('export_category', 'Customer accounts')
     description = gettext_lazy('Download a spreadsheet of all currently registered customer accounts.')
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return 'organizer.customers:write'
-
     @property
     def additional_form_fields(self):
         return OrderedDict(

src/pretix/base/exporters/orderlist.py

@@ -39,8 +39,8 @@ from zoneinfo import ZoneInfo
 from django import forms
 from django.conf import settings
 from django.db.models import (
-    Case, CharField, Count, DateTimeField, Exists, F, IntegerField, Max, Min,
-    OuterRef, Q, Subquery, Sum, When,
+    Case, CharField, Count, DateTimeField, F, IntegerField, Max, Min, OuterRef,
+    Q, Subquery, Sum, When,
 )
 from django.db.models.functions import Coalesce
 from django.dispatch import receiver
@@ -144,18 +144,6 @@ class OrderListExporter(MultiSheetListExporter):
         d = OrderedDict(d)
         if not self.is_multievent and not self.event.has_subevents:
             del d['event_date_range']
-        if not self.is_multievent:
-            d["items"] = forms.ModelMultipleChoiceField(
-                label=_("Products"),
-                queryset=self.event.items.all(),
-                widget=forms.CheckboxSelectMultiple(
-                    attrs={"class": "scrolling-multiple-choice"}
-                ),
-                help_text=_("If none are selected, all products are included. Orders are included if they contain "
-                            "at least one position of this product. The order totals etc. still include all products "
-                            "contained in the order."),
-                required=False,
-            )
         return d
 
     def _get_all_payment_methods(self, qs):
@@ -261,17 +249,9 @@ class OrderListExporter(MultiSheetListExporter):
             pcnt=Subquery(s, output_field=IntegerField())
         ).select_related('invoice_address', 'customer')
 
-        if form_data.get('items'):
-            qs = qs.filter(
-                Exists(OrderPosition.all.filter(
-                    order=OuterRef('pk'),
-                    item__in=form_data["items"]
-                ))
-            )
-
         qs = self._date_filter(qs, form_data, rel='')
 
-        if form_data.get('paid_only'):
+        if form_data['paid_only']:
             qs = qs.filter(status=Order.STATUS_PAID)
         return qs
 
@@ -315,9 +295,8 @@ class OrderListExporter(MultiSheetListExporter):
             for id, vn in payment_methods:
                 headers.append(_('Paid by {method}').format(method=vn))
 
-        if self.event_object_cache:
-            # get meta_data labels from first cached event if any
-            headers += next(iter(self.event_object_cache.values())).meta_data.keys()
+        # get meta_data labels from first cached event
+        headers += next(iter(self.event_object_cache.values())).meta_data.keys()
         yield headers
 
         full_fee_sum_cache = {
@@ -385,7 +364,7 @@ class OrderListExporter(MultiSheetListExporter):
                     order.invoice_address.city,
                     order.invoice_address.country if order.invoice_address.country else
                     order.invoice_address.country_old,
-                    order.invoice_address.state_for_address,
+                    order.invoice_address.state,
                     order.invoice_address.custom_field,
                     order.invoice_address.vat_id,
                 ]
@@ -458,17 +437,9 @@ class OrderListExporter(MultiSheetListExporter):
         ).annotate(
             payment_providers=Subquery(p_providers, output_field=CharField()),
         ).select_related('order', 'order__invoice_address', 'order__customer', 'tax_rule')
-        if form_data.get('paid_only'):
+        if form_data['paid_only']:
             qs = qs.filter(order__status=Order.STATUS_PAID, canceled=False)
 
-        if form_data.get('items'):
-            qs = qs.filter(
-                Exists(OrderPosition.all.filter(
-                    order=OuterRef('order'),
-                    item__in=form_data["items"]
-                ))
-            )
-
         qs = self._date_filter(qs, form_data, rel='order__')
         return qs
 
@@ -504,9 +475,8 @@ class OrderListExporter(MultiSheetListExporter):
         headers.append(_('External customer ID'))
         headers.append(_('Payment providers'))
 
-        if self.event_object_cache:
-            # get meta_data labels from first cached event if any
-            headers += next(iter(self.event_object_cache.values())).meta_data.keys()
+        # get meta_data labels from first cached event
+        headers += next(iter(self.event_object_cache.values())).meta_data.keys()
         yield headers
 
         yield self.ProgressSetTotal(total=qs.count())
@@ -545,7 +515,7 @@ class OrderListExporter(MultiSheetListExporter):
                     order.invoice_address.city,
                     order.invoice_address.country if order.invoice_address.country else
                     order.invoice_address.country_old,
-                    order.invoice_address.state_for_address,
+                    order.invoice_address.state,
                     order.invoice_address.vat_id,
                 ]
             except InvoiceAddress.DoesNotExist:
@@ -562,14 +532,9 @@ class OrderListExporter(MultiSheetListExporter):
         qs = OrderPosition.all.filter(
             order__event__in=self.events,
         )
-        if form_data.get('paid_only'):
+        if form_data['paid_only']:
             qs = qs.filter(order__status=Order.STATUS_PAID, canceled=False)
 
-        if form_data.get('items'):
-            qs = qs.filter(
-                item__in=form_data["items"]
-            )
-
         qs = self._date_filter(qs, form_data, rel='order__')
         return qs
 
@@ -652,8 +617,6 @@ class OrderListExporter(MultiSheetListExporter):
             _('Country'),
             pgettext('address', 'State'),
             _('Voucher'),
-            _('Voucher budget usage'),
-            _('Voucher tag'),
             _('Pseudonymization ID'),
             _('Ticket secret'),
             _('Seat ID'),
@@ -709,9 +672,9 @@ class OrderListExporter(MultiSheetListExporter):
             _('Position order link')
         ]
 
+        # get meta_data labels from first cached event
+        meta_data_labels = next(iter(self.event_object_cache.values())).meta_data.keys()
         if has_subevents:
-            # get meta_data labels from first cached event
-            meta_data_labels = next(iter(self.event_object_cache.values())).meta_data.keys()
             headers += meta_data_labels
         yield headers
 
@@ -769,10 +732,8 @@ class OrderListExporter(MultiSheetListExporter):
                     op.zipcode or '',
                     op.city or '',
                     op.country if op.country else '',
-                    op.state_for_address or '',
+                    op.state or '',
                     op.voucher.code if op.voucher else '',
-                    op.voucher_budget_use if op.voucher_budget_use else '',
-                    op.voucher.tag if op.voucher else '',
                     op.pseudonymization_id,
                     op.secret,
                 ]
@@ -836,7 +797,7 @@ class OrderListExporter(MultiSheetListExporter):
                         order.invoice_address.city,
                         order.invoice_address.country if order.invoice_address.country else
                         order.invoice_address.country_old,
-                        order.invoice_address.state_for_address,
+                        order.invoice_address.state,
                         order.invoice_address.vat_id,
                     ]
                 except InvoiceAddress.DoesNotExist:
@@ -1239,14 +1200,11 @@ class QuotaListExporter(ListExporter):
 class GiftcardTransactionListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'giftcardtransactionlist'
     verbose_name = gettext_lazy('Gift card transactions')
+    organizer_required_permission = 'can_manage_gift_cards'
     category = pgettext_lazy('export_category', 'Gift cards')
     description = gettext_lazy('Download a spreadsheet of all gift card transactions.')
     repeatable_read = False
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return 'organizer.giftcards:read'
-
     @property
     def additional_form_fields(self):
         d = [
@@ -1349,13 +1307,10 @@ class GiftcardRedemptionListExporter(ListExporter):
 class GiftcardListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'giftcardlist'
     verbose_name = gettext_lazy('Gift cards')
+    organizer_required_permission = 'can_manage_gift_cards'
     category = pgettext_lazy('export_category', 'Gift cards')
     description = gettext_lazy('Download a spreadsheet of all gift cards including their current value.')
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return 'organizer.giftcards:read'
-
     @property
     def additional_form_fields(self):
         return OrderedDict(

src/pretix/base/exporters/reusablemedia.py

@@ -36,10 +36,6 @@ class ReusableMediaExporter(OrganizerLevelExportMixin, ListExporter):
     description = _('Download a spread sheet with the data of all reusable medias on your account.')
     repeatable_read = False
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return "organizer.reusablemedia:read"
-
     def iterate_list(self, form_data):
         media = ReusableMedium.objects.filter(
             organizer=self.organizer,

src/pretix/base/forms/questions.py

@@ -45,6 +45,7 @@ import pycountry
 from django import forms
 from django.conf import settings
 from django.contrib import messages
+from django.contrib.gis.geoip2 import GeoIP2
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.core.validators import (
@@ -101,7 +102,6 @@ from pretix.helpers.countries import (
 from pretix.helpers.escapejson import escapejson_attr
 from pretix.helpers.http import get_client_ip
 from pretix.helpers.i18n import get_format_without_seconds
-from pretix.helpers.security import get_geoip
 from pretix.presale.signals import question_form_fields
 
 logger = logging.getLogger(__name__)
@@ -393,7 +393,7 @@ class WrappedPhoneNumberPrefixWidget(PhoneNumberPrefixWidget):
 
 def guess_country_from_request(request, event):
     if settings.HAS_GEOIP:
-        g = get_geoip()
+        g = GeoIP2()
         try:
             res = g.country(get_client_ip(request))
             if res['country_code'] and len(res['country_code']) == 2:
@@ -890,18 +890,18 @@ class BaseQuestionsForm(forms.Form):
                 if not help_text:
                     if q.valid_date_min and q.valid_date_max:
                         help_text = format_lazy(
-                            _('Please enter a date between {min} and {max}.'),
+                            'Please enter a date between {min} and {max}.',
                             min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                             max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                         )
                     elif q.valid_date_min:
                         help_text = format_lazy(
-                            _('Please enter a date no earlier than {min}.'),
+                            'Please enter a date no earlier than {min}.',
                             min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                         )
                     elif q.valid_date_max:
                         help_text = format_lazy(
-                            _('Please enter a date no later than {max}.'),
+                            'Please enter a date no later than {max}.',
                             max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                         )
                 if initial and initial.answer:
@@ -939,18 +939,18 @@ class BaseQuestionsForm(forms.Form):
                 if not help_text:
                     if q.valid_datetime_min and q.valid_datetime_max:
                         help_text = format_lazy(
-                            _('Please enter a date and time between {min} and {max}.'),
+                            'Please enter a date and time between {min} and {max}.',
                             min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                             max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                         )
                     elif q.valid_datetime_min:
                         help_text = format_lazy(
-                            _('Please enter a date and time no earlier than {min}.'),
+                            'Please enter a date and time no earlier than {min}.',
                             min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                         )
                     elif q.valid_datetime_max:
                         help_text = format_lazy(
-                            _('Please enter a date and time no later than {max}.'),
+                            'Please enter a date and time no later than {max}.',
                             max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                         )
 
@@ -1415,10 +1415,9 @@ class BaseInvoiceAddressForm(forms.ModelForm):
                     if not data.get(r):
                         raise ValidationError({r: _("This field is required for the selected type of invoice transmission.")})
 
-                transmission_type.validate_invoice_address_data(data)
                 self.instance.transmission_type = transmission_type.identifier
                 self.instance.transmission_info = transmission_type.form_data_to_transmission_info(data)
-            elif transmission_type.is_exclusive(self.event, data.get("country"), data.get("is_business")):
+            elif transmission_type.exclusive:
                 if transmission_type.is_available(self.event, data.get("country"), data.get("is_business")):
                     raise ValidationError({
                         "transmission_type": "The transmission type '%s' must be used for this country or address type." % (

src/pretix/base/forms/widgets.py

@@ -42,8 +42,6 @@ from django.utils.html import escape
 from django.utils.timezone import get_current_timezone, now
 from django.utils.translation import gettext_lazy as _
 
-from pretix.helpers.format import PlainHtmlAlternativeString
-
 
 def replace_arabic_numbers(inp):
     if not isinstance(inp, str):
@@ -63,18 +61,11 @@ def replace_arabic_numbers(inp):
     return inp.translate(table)
 
 
-def format_placeholder_help_text(placeholder_name, sample_value):
-    if isinstance(sample_value, PlainHtmlAlternativeString):
-        sample_value = sample_value.plain
-    title = (_("Sample: %s") % sample_value) if sample_value else ""
-    return ('<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(title), escape(placeholder_name)))
-
-
 def format_placeholders_help_text(placeholders, event=None):
     placeholders = [(k, v.render_sample(event) if event else v) for k, v in placeholders.items()]
     placeholders.sort(key=lambda x: x[0])
     phs = [
-        format_placeholder_help_text(k, v)
+        '<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(_("Sample: %s") % v) if v else "", escape(k))
         for k, v in placeholders
     ]
     return _('Available placeholders: {list}').format(

src/pretix/base/i18n.py

@@ -34,13 +34,14 @@
 
 from contextlib import contextmanager
 
-from asgiref.local import Local
 from babel import localedata
 from django.conf import settings
 from django.utils import translation
 from django.utils.formats import date_format, number_format
 from django.utils.translation import gettext
 
+from pretix.base.templatetags.money import money_filter
+
 from i18nfield.fields import (  # noqa
     I18nCharField, I18nTextarea, I18nTextField, I18nTextInput,
 )
@@ -50,9 +51,6 @@ from i18nfield.strings import LazyI18nString  # noqa
 from i18nfield.utils import I18nJSONEncoder  # noqa
 
 
-_active_region = Local()
-
-
 class LazyDate:
     def __init__(self, value):
         self.value = value
@@ -88,8 +86,6 @@ class LazyCurrencyNumber:
         return self.__str__()
 
     def __str__(self):
-        from pretix.base.templatetags.money import money_filter
-
         return money_filter(self.value, self.currency)
 
 
@@ -109,41 +105,14 @@ ALLOWED_LANGUAGES = dict(settings.LANGUAGES)
 
 
 def get_babel_locale():
-    # Babel, and therefore also django-phonenumberfield, do not support our custom locales such das de_Informal
-    # Also, this returns best-effort region information for number formatting etc
-    current_language = translation.get_language()
-    current_region = getattr(_active_region, "value", None)
-
-    # Babel only accepts locales that exist on the system. We try combinations in the following order:
-    # language-languageversion-region
-    # language-region
-    # language-languageversion
-    # language
-    # fallback to system default
-    # fallback to english
-
-    try_locales = []
-    if current_language:
-        if "-" in current_language:
-            lng_parts = current_language.split("-")
-            if current_region:
-                try_locales.append(f"{lng_parts[0]}_{lng_parts[1].title()}_{current_region.upper()}")
-                try_locales.append(f"{lng_parts[0]}_{current_region.upper()}")
-            try_locales.append(f"{lng_parts[0]}_{lng_parts[1].upper()}")
-            try_locales.append(f"{lng_parts[0]}_{lng_parts[1].title()}")
-            try_locales.append(f"{lng_parts[0]}")
-        else:
-            if current_region:
-                try_locales.append(f"{current_language}_{current_region.upper()}")
-            try_locales.append(f"{current_language}")
-
-    try_locales.append(settings.LANGUAGE_CODE)
-
-    for locale in try_locales:
-        if localedata.exists(locale):
-            return localedata.normalize_locale(locale)
-
-    return "en"
+    babel_locale = 'en'
+    # Babel, and therefore django-phonenumberfield, do not support our custom locales such das de_Informal
+    if translation.get_language():
+        if localedata.exists(translation.get_language()):
+            babel_locale = translation.get_language()
+        elif localedata.exists(translation.get_language()[:2]):
+            babel_locale = translation.get_language()[:2]
+    return babel_locale
 
 
 def get_language_without_region(lng=None):
@@ -163,10 +132,6 @@ def get_language_without_region(lng=None):
     return lng
 
 
-def set_region(region):
-    _active_region.value = region
-
-
 @contextmanager
 def language(lng, region=None):
     """
@@ -178,18 +143,15 @@ def language(lng, region=None):
     formatting. If you pass a ``lng`` that already contains a region, e.g. ``pt-br``, the ``region``
     attribute will be ignored.
     """
-    lng_before = translation.get_language()
-    region_before = getattr(_active_region, "value", None)
+    _lng = translation.get_language()
     lng = lng or settings.LANGUAGE_CODE
     if '-' not in lng and region:
         lng += '-' + region.lower()
     translation.activate(lng)
-    _active_region.value = region
     try:
         yield
     finally:
-        translation.activate(lng_before)
-        _active_region.value = region_before
+        translation.activate(_lng)
 
 
 class LazyLocaleException(Exception):

src/pretix/base/invoicing/email.py

@@ -33,7 +33,8 @@ from pretix.base.invoicing.transmission import (
     transmission_types,
 )
 from pretix.base.models import Invoice, InvoiceAddress
-from pretix.base.services.mail import mail
+from pretix.base.services.mail import SendMailException, mail, render_mail
+from pretix.helpers.format import format_map
 
 
 @transmission_types.new()
@@ -132,26 +133,41 @@ class EmailTransmissionProvider(TransmissionProvider):
             template = invoice.order.event.settings.get('mail_text_order_invoice', as_type=LazyI18nString)
             subject = invoice.order.event.settings.get('mail_subject_order_invoice', as_type=LazyI18nString)
 
-            # Do not set to completed because that is done by the email sending task
-            outgoing_mail = mail(
-                [recipient],
-                subject,
-                template,
-                context=context,
-                event=invoice.order.event,
-                locale=invoice.order.locale,
-                order=invoice.order,
-                invoices=[invoice],
-                attach_tickets=False,
-                auto_email=True,
-                attach_ical=False,
-                plain_text_only=True,
-                no_order_links=True,
-            )
-            if outgoing_mail:
+            try:
+                # Do not set to completed because that is done by the email sending task
+                subject = format_map(subject, context)
+                email_content = render_mail(template, context)
+                mail(
+                    [recipient],
+                    subject,
+                    template,
+                    context=context,
+                    event=invoice.order.event,
+                    locale=invoice.order.locale,
+                    order=invoice.order,
+                    invoices=[invoice],
+                    attach_tickets=False,
+                    auto_email=True,
+                    attach_ical=False,
+                    plain_text_only=True,
+                    no_order_links=True,
+                )
+            except SendMailException:
+                raise
+            else:
                 invoice.order.log_action(
                     'pretix.event.order.email.invoice',
                     user=None,
                     auth=None,
-                    data=outgoing_mail.log_data()
+                    data={
+                        'subject': subject,
+                        'message': email_content,
+                        'position': None,
+                        'recipient': recipient,
+                        'invoices': [invoice.pk],
+                        'attach_tickets': False,
+                        'attach_ical': False,
+                        'attach_other_files': [],
+                        'attach_cached_files': [],
+                    }
                 )

src/pretix/base/invoicing/national.py

@@ -36,11 +36,9 @@ class ItalianSdITransmissionType(TransmissionType):
     identifier = "it_sdi"
     verbose_name = pgettext_lazy("italian_invoice", "Italian Exchange System (SdI)")
     public_name = pgettext_lazy("italian_invoice", "Exchange System (SdI)")
+    exclusive = True
     enforce_transmission = True
 
-    def is_exclusive(self, event, country: Country, is_business: bool) -> bool:
-        return str(country) == "IT"
-
     def is_available(self, event, country: Country, is_business: bool):
         return str(country) == "IT" and super().is_available(event, country, is_business)
 

src/pretix/base/invoicing/pdf.py

@@ -148,10 +148,6 @@ class NumberedCanvas(Canvas):
         self.restoreState()
 
 
-class InvoiceNotReadyException(Exception):
-    pass
-
-
 class BaseInvoiceRenderer:
     """
     This is the base class for all invoice renderers.

src/pretix/base/invoicing/peppol.py

@@ -64,7 +64,7 @@ class PeppolIdValidator:
         "0020": "[0-9]{9}",
         "0201": "[0-9a-zA-Z]{6}",
         "0204": "[0-9]{2,12}(-[0-9A-Z]{0,30})?-[0-9]{2}",
-        "0208": "[01][0-9]{9}",
+        "0208": "0[0-9]{9}",
         "0209": ".*",
         "0210": "[A-Z0-9]+",
         "0211": "IT[0-9]{11}",
@@ -179,12 +179,6 @@ class PeppolTransmissionType(TransmissionType):
     def is_available(self, event, country: Country, is_business: bool):
         return is_business and super().is_available(event, country, is_business)
 
-    def is_exclusive(self, event, country: Country, is_business: bool) -> bool:
-        if is_business and str(country) == "BE" and event and event.settings.invoice_address_from_country == "BE":
-            # Peppol is required to be used for intra-Belgian B2B invoices
-            return True
-        return False
-
     @property
     def invoice_address_form_fields(self) -> dict:
         return {
@@ -204,12 +198,6 @@ class PeppolTransmissionType(TransmissionType):
         }
         return base | {"transmission_peppol_participant_id"}
 
-    def validate_invoice_address_data(self, address_data: dict):
-        # Special case Belgium: If a Belgian business ID is used as Peppol ID, it should match the VAT ID
-        if address_data.get("transmission_peppol_participant_id").startswith("0208:") and address_data.get("vat_id"):
-            if address_data["vat_id"].removeprefix("BE") != address_data["transmission_peppol_participant_id"].removeprefix("0208:"):
-                raise ValidationError({"transmission_peppol_participant_id": _("The Peppol participant ID does not match your VAT ID.")})
-
     def pdf_watermark(self) -> str:
         return pgettext("peppol_invoice", "Visual copy")
 

src/pretix/base/invoicing/transmission.py

@@ -21,10 +21,9 @@
 #
 from typing import Optional
 
-from django.utils.translation import gettext_lazy as _
 from django_countries.fields import Country
 
-from pretix.base.models import Invoice
+from pretix.base.models import Invoice, InvoiceAddress
 from pretix.base.signals import EventPluginRegistry, Registry
 
 
@@ -59,6 +58,15 @@ class TransmissionType:
         """
         return 100
 
+    @property
+    def exclusive(self) -> bool:
+        """
+        If a transmission type is exclusive, no other type can be chosen if this type is
+        available. Use e.g. if a certain transmission type is legally required in a certain
+        jurisdiction.
+        """
+        return False
+
     @property
     def enforce_transmission(self) -> bool:
         """
@@ -74,22 +82,13 @@ class TransmissionType:
             for provider, _ in providers
         )
 
-    def is_exclusive(self, event, country: Country, is_business: bool) -> bool:
-        """
-        If a transmission type is exclusive, no other type can be chosen if this type is
-        available. Use e.g. if a certain transmission type is legally required in a certain
-        jurisdiction. Event can be None in organizer-level contexts. Exclusiveness has no effect if
-        the type is not available.
-        """
-        return False
-
     def invoice_address_form_fields_required(self, country: Country, is_business: bool):
         return set()
 
     def invoice_address_form_fields_visible(self, country: Country, is_business: bool) -> set:
         return set(self.invoice_address_form_fields.keys())
 
-    def validate_invoice_address_data(self, address_data: dict):
+    def validate_address(self, ia: InvoiceAddress):
         pass
 
     @property
@@ -107,22 +106,6 @@ class TransmissionType:
     def transmission_info_to_form_data(self, transmission_info: dict) -> dict:
         return transmission_info
 
-    def describe_info(self, transmission_info: dict, country: Country, is_business: bool):
-        form_data = self.transmission_info_to_form_data(transmission_info)
-        data = []
-        visible_field_keys = self.invoice_address_form_fields_visible(country, is_business)
-        for k, f in self.invoice_address_form_fields.items():
-            if k not in visible_field_keys:
-                continue
-            v = form_data.get(k)
-            if v is True:
-                v = _("Yes")
-            elif v is False:
-                v = _("No")
-            if v:
-                data.append((f.label, v))
-        return data
-
     def pdf_watermark(self) -> Optional[str]:
         """
         Return a watermark that should be rendered across the PDF file.

src/pretix/base/management/commands/makemigrations.py

@@ -36,9 +36,8 @@ from django.core.management.commands.makemigrations import Command as Parent
 
 from ._migrations import monkeypatch_migrations
 
+monkeypatch_migrations()
+
 
 class Command(Parent):
-
-    def handle(self, *args, **kwargs):
-        monkeypatch_migrations()
-        return super().handle(*args, **kwargs)
+    pass

src/pretix/base/management/commands/runperiodic.py

@@ -64,7 +64,7 @@ class Command(BaseCommand):
         if not periodic_task.receivers or periodic_task.sender_receivers_cache.get(self) is NO_RECEIVERS:
             return
 
-        for receiver in periodic_task._live_receivers(self)[0]:
+        for receiver in periodic_task._live_receivers(self):
             name = f'{receiver.__module__}.{receiver.__name__}'
             if options['list_tasks']:
                 print(name)

src/pretix/base/metrics.py

@@ -294,28 +294,14 @@ def metric_values():
         channel = app.broker_connection().channel()
         if hasattr(channel, 'client') and channel.client is not None:
             client = channel.client
-            priority_steps = settings.CELERY_BROKER_TRANSPORT_OPTIONS.get("priority_steps", [0])
-            sep = settings.CELERY_BROKER_TRANSPORT_OPTIONS.get("sep", ":")
-
             for q in settings.CELERY_TASK_QUEUES:
-                queue_lengths = []
-                queue_delays = []
-                for prio in priority_steps:
-                    if prio:
-                        qname = f"{q.name}{sep}{prio}"
-                    else:
-                        qname = q.name
-                    queue_length = client.llen(qname)
-                    queue_lengths.append(queue_length)
-                    oldest_queue_item = client.lindex(qname, -1)
-                    if oldest_queue_item:
-                        ldata = json.loads(oldest_queue_item)
-                        oldest_item_age = time.time() - ldata.get('created', 0)
-                        queue_delays.append(oldest_item_age)
-
-                metrics['pretix_celery_tasks_queued_count']['{queue="%s"}' % q.name] = sum(queue_lengths)
-                if queue_delays:
-                    metrics['pretix_celery_tasks_queued_age_seconds']['{queue="%s"}' % q.name] = max(queue_delays)
+                llen = client.llen(q.name)
+                lfirst = client.lindex(q.name, -1)
+                metrics['pretix_celery_tasks_queued_count']['{queue="%s"}' % q.name] = llen
+                if lfirst:
+                    ldata = json.loads(lfirst)
+                    dt = time.time() - ldata.get('created', 0)
+                    metrics['pretix_celery_tasks_queued_age_seconds']['{queue="%s"}' % q.name] = dt
                 else:
                     metrics['pretix_celery_tasks_queued_age_seconds']['{queue="%s"}' % q.name] = 0
 

src/pretix/base/middleware.py

@@ -35,7 +35,7 @@ from django.utils.translation.trans_real import (
     parse_accept_lang_header,
 )
 
-from pretix.base.i18n import get_language_without_region, set_region
+from pretix.base.i18n import get_language_without_region
 from pretix.base.settings import global_settings_object
 from pretix.multidomain.urlreverse import (
     get_event_domain, get_organizer_domain,
@@ -92,14 +92,10 @@ class LocaleMiddleware(MiddlewareMixin):
                 )
                 if '-' not in language and settings_holder.settings.region:
                     language += '-' + settings_holder.settings.region
-                if settings_holder.settings.region:
-                    set_region(settings_holder.settings.region)
         else:
             gs = global_settings_object(request)
             if '-' not in language and gs.settings.region:
                 language += '-' + gs.settings.region
-            if gs.settings.region:
-                set_region(gs.settings.region)
 
         translation.activate(language)
         request.LANGUAGE_CODE = get_language_without_region()

src/pretix/base/migrations/0234_total_ordering.py

@@ -41,20 +41,16 @@ class Migration(migrations.Migration):
             name='datetime',
             field=models.DateTimeField(),
         ),
-        migrations.AddIndex(
-            'logentry',
-            models.Index(fields=('datetime', 'id'), name="pretixbase__datetim_b1fe5a_idx"),
+        migrations.AlterIndexTogether(
+            name='logentry',
+            index_together={('datetime', 'id')},
         ),
-        migrations.AddIndex(
-            'order',
-            models.Index(fields=["datetime", "id"], name="pretixbase__datetim_66aff0_idx"),
+        migrations.AlterIndexTogether(
+            name='order',
+            index_together={('datetime', 'id'), ('last_modified', 'id')},
         ),
-        migrations.AddIndex(
-            'order',
-            models.Index(fields=["last_modified", "id"], name="pretixbase__last_mo_4ebf8b_idx"),
-        ),
-        migrations.AddIndex(
-            'transaction',
-            models.Index(fields=('datetime', 'id'), name="pretixbase__datetim_b20405_idx"),
+        migrations.AlterIndexTogether(
+            name='transaction',
+            index_together={('datetime', 'id')},
         ),
     ]

src/pretix/base/migrations/0236_reusable_media.py

@@ -61,10 +61,7 @@ class Migration(migrations.Migration):
             options={
                 'ordering': ('identifier', 'type', 'organizer'),
                 'unique_together': {('identifier', 'type', 'organizer')},
-                'indexes': [
-                    models.Index(fields=('identifier', 'type', 'organizer'), name='reusable_medium_organizer_index'),
-                    models.Index(fields=('updated', 'id'), name="pretixbase__updated_093277_idx")
-                ],
+                'index_together': {('identifier', 'type', 'organizer'), ('updated', 'id')},
             },
             bases=(models.Model, pretix.base.models.base.LoggingMixin),
         ),

src/pretix/base/migrations/0246_bigint.py

@@ -9,6 +9,31 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.RenameIndex(
+            model_name="logentry",
+            new_name="pretixbase__datetim_b1fe5a_idx",
+            old_fields=("datetime", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="order",
+            new_name="pretixbase__datetim_66aff0_idx",
+            old_fields=("datetime", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="order",
+            new_name="pretixbase__last_mo_4ebf8b_idx",
+            old_fields=("last_modified", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="reusablemedium",
+            new_name="pretixbase__updated_093277_idx",
+            old_fields=("updated", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="transaction",
+            new_name="pretixbase__datetim_b20405_idx",
+            old_fields=("datetime", "id"),
+        ),
         migrations.AlterField(
             model_name="attendeeprofile",
             name="id",

src/pretix/base/migrations/0260_alter_reusablemedium_index_together.py

@@ -1,6 +1,6 @@
 # Generated by Django 4.2.10 on 2024-04-02 15:16
 
-from django.db import migrations, models
+from django.db import migrations
 
 
 class Migration(migrations.Migration):
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
-        migrations.RemoveIndex(
-            "reusablemedium",
-            'reusable_medium_organizer_index',
+        migrations.AlterIndexTogether(
+            name="reusablemedium",
+            index_together=set(),
         ),
     ]

src/pretix/base/migrations/0297_outgoingmail.py

@@ -1,120 +0,0 @@
-# Generated by Django 4.2.26 on 2026-01-22 13:44
-import uuid
-
-import django.db.models.deletion
-from django.conf import settings
-from django.db import migrations, models
-
-import pretix.base.models.mail
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("pretixbase", "0296_invoice_invoice_from_state"),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="OutgoingMail",
-            fields=[
-                (
-                    "id",
-                    models.BigAutoField(
-                        auto_created=True, primary_key=True, serialize=False
-                    ),
-                ),
-                ("guid", models.UUIDField(db_index=True, default=uuid.uuid4)),
-                ("status", models.CharField(default="queued", max_length=200)),
-                ("created", models.DateTimeField(auto_now_add=True)),
-                ("sent", models.DateTimeField(blank=True, null=True)),
-                ("inflight_since", models.DateTimeField(blank=True, null=True)),
-                ("retry_after", models.DateTimeField(blank=True, null=True)),
-                ("error", models.TextField(null=True)),
-                ("error_detail", models.TextField(null=True)),
-                ("sensitive", models.BooleanField(default=False)),
-                ("subject", models.TextField()),
-                ("body_plain", models.TextField()),
-                ("body_html", models.TextField(null=True)),
-                ("sender", models.CharField(max_length=500)),
-                ("headers", models.JSONField(default=dict)),
-                ("to", models.JSONField(default=list)),
-                ("cc", models.JSONField(default=list)),
-                ("bcc", models.JSONField(default=list)),
-                ("recipient_count", models.IntegerField()),
-                ("should_attach_tickets", models.BooleanField(default=False)),
-                ("should_attach_ical", models.BooleanField(default=False)),
-                ("should_attach_other_files", models.JSONField(default=list)),
-                ("actual_attachments", models.JSONField(default=list)),
-                (
-                    "customer",
-                    models.ForeignKey(
-                        null=True,
-                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
-                        related_name="outgoing_mails",
-                        to="pretixbase.customer",
-                    ),
-                ),
-                (
-                    "event",
-                    models.ForeignKey(
-                        null=True,
-                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
-                        related_name="outgoing_mails",
-                        to="pretixbase.event",
-                    ),
-                ),
-                (
-                    "order",
-                    models.ForeignKey(
-                        null=True,
-                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
-                        related_name="outgoing_mails",
-                        to="pretixbase.order",
-                    ),
-                ),
-                (
-                    "orderposition",
-                    models.ForeignKey(
-                        null=True,
-                        on_delete=pretix.base.models.mail.CASCADE_IF_QUEUED,
-                        related_name="outgoing_mails",
-                        to="pretixbase.orderposition",
-                    ),
-                ),
-                (
-                    "organizer",
-                    models.ForeignKey(
-                        null=True,
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="outgoing_mails",
-                        to="pretixbase.organizer",
-                    ),
-                ),
-                (
-                    "should_attach_cached_files",
-                    models.ManyToManyField(
-                        related_name="outgoing_mails", to="pretixbase.cachedfile"
-                    ),
-                ),
-                (
-                    "should_attach_invoices",
-                    models.ManyToManyField(
-                        related_name="outgoing_mails", to="pretixbase.invoice"
-                    ),
-                ),
-                (
-                    "user",
-                    models.ForeignKey(
-                        null=True,
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="outgoing_mails",
-                        to=settings.AUTH_USER_MODEL,
-                    ),
-                ),
-            ],
-            options={
-                "ordering": ("-created",),
-            },
-        ),
-    ]

src/pretix/base/migrations/0298_pluggable_permissions.py

@@ -1,137 +0,0 @@
-from django.db import migrations, models
-
-from pretix.helpers.permission_migration import (
-    OLD_TO_NEW_EVENT_MIGRATION, OLD_TO_NEW_ORGANIZER_MIGRATION,
-)
-
-
-def migrate_teams_forward(apps, schema_editor):
-    Team = apps.get_model("pretixbase", "Team")
-
-    for team in Team.objects.iterator():
-        if all(getattr(team, k) for k in OLD_TO_NEW_EVENT_MIGRATION.keys() if k != "can_checkin_orders"):
-            team.all_event_permissions = True
-            team.limit_event_permissions = {}
-        else:
-            team.all_event_permissions = False
-            for k, v in OLD_TO_NEW_EVENT_MIGRATION.items():
-                if getattr(team, k):
-                    team.limit_event_permissions.update({kk: True for kk in v})
-
-            # Prevent combinations that were possible previously but no longer make sense
-            if team.limit_event_permissions.get("event.orders:checkin") and team.limit_event_permissions.get("event.orders:write"):
-                team.limit_event_permissions.pop("event.orders:checkin")
-            if team.limit_event_permissions.get("event.orders:write") and not team.limit_event_permissions.get("event.orders:read"):
-                team.limit_event_permissions.pop("event.orders:write")
-            if team.limit_event_permissions.get("event.vouchers:write") and not team.limit_event_permissions.get("event.vouchers:read"):
-                team.limit_event_permissions.pop("event.vouchers:write")
-
-        if all(getattr(team, k) for k in OLD_TO_NEW_ORGANIZER_MIGRATION.keys()):
-            team.all_organizer_permissions = True
-            team.limit_organizer_permissions = {}
-        else:
-            team.all_organizer_permissions = False
-            for k, v in OLD_TO_NEW_ORGANIZER_MIGRATION.items():
-                if getattr(team, k):
-                    team.limit_organizer_permissions.update({kk: True for kk in v})
-
-        team.save(update_fields=[
-            "all_event_permissions", "limit_event_permissions", "all_organizer_permissions", "limit_organizer_permissions"
-        ])
-
-
-def migrate_teams_backward(apps, schema_editor):
-    Team = apps.get_model("pretixbase", "Team")
-
-    for team in Team.objects.iterator():
-        for k, v in OLD_TO_NEW_EVENT_MIGRATION.items():
-            setattr(team, k, team.all_event_permissions or all(team.limit_event_permissions.get(kk) for kk in v))
-        for k, v in OLD_TO_NEW_ORGANIZER_MIGRATION.items():
-            setattr(team, k, team.all_organizer_permissions or all(team.limit_organizer_permissions.get(kk) for kk in v))
-        team.save()
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("pretixbase", "0297_outgoingmail"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="team",
-            name="all_event_permissions",
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AddField(
-            model_name="team",
-            name="all_organizer_permissions",
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AddField(
-            model_name="team",
-            name="limit_event_permissions",
-            field=models.JSONField(default=dict),
-        ),
-        migrations.AddField(
-            model_name="team",
-            name="limit_organizer_permissions",
-            field=models.JSONField(default=dict),
-        ),
-        migrations.RunPython(
-            migrate_teams_forward,
-            migrate_teams_backward,
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_event_settings",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_items",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_orders",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_organizer_settings",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_teams",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_vouchers",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_checkin_orders",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_create_events",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_manage_customers",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_manage_gift_cards",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_manage_reusable_media",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_view_orders",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_view_vouchers",
-        ),
-    ]

src/pretix/base/modelimport_vouchers.py

@@ -132,7 +132,7 @@ class AllowIgnoreQuotaColumn(BooleanColumnMixin, ImportColumn):
 
 class PriceModeColumn(ImportColumn):
     identifier = 'price_mode'
-    verbose_name = gettext_lazy('Price effect')
+    verbose_name = gettext_lazy('Price mode')
     default_value = None
     initial = 'static:none'
 
@@ -147,7 +147,7 @@ class PriceModeColumn(ImportColumn):
         elif value in reverse:
             return reverse[value]
         else:
-            raise ValidationError(_("Could not parse {value} as a price effect, use one of {options}.").format(
+            raise ValidationError(_("Could not parse {value} as a price mode, use one of {options}.").format(
                 value=value, options=', '.join(d.keys())
             ))
 
@@ -162,7 +162,7 @@ class ValueColumn(DecimalColumnMixin, ImportColumn):
     def clean(self, value, previous_values):
         value = super().clean(value, previous_values)
         if value and previous_values.get("price_mode") == "none":
-            raise ValidationError(_("It is pointless to set a value without a price effect."))
+            raise ValidationError(_("It is pointless to set a value without a price mode."))
         return value
 
     def assign(self, value, obj: Voucher, **kwargs):

src/pretix/base/models/__init__.py

@@ -41,7 +41,6 @@ from .items import (
     itempicture_upload_to,
 )
 from .log import LogEntry
-from .mail import OutgoingMail
 from .media import ReusableMedium
 from .memberships import Membership, MembershipType
 from .notifications import NotificationSetting

src/pretix/base/models/auth.py

@@ -49,7 +49,6 @@ from django.core.exceptions import BadRequest, PermissionDenied
 from django.db import IntegrityError, models, transaction
 from django.db.models import Q
 from django.utils.crypto import get_random_string, salted_hmac
-from django.utils.functional import cached_property
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django_otp.models import Device
@@ -213,28 +212,6 @@ class SuperuserPermissionSet:
         return True
 
 
-class EventPermissionSet(set):
-    def __contains__(self, item):
-        from pretix.base.permissions import assert_valid_event_permission
-
-        if super().__contains__(item):
-            return True
-
-        assert_valid_event_permission(item, allow_tuple=False)
-        return False
-
-
-class OrganizerPermissionSet(set):
-    def __contains__(self, item):
-        from pretix.base.permissions import assert_valid_organizer_permission
-
-        if super().__contains__(item):
-            return True
-
-        assert_valid_organizer_permission(item, allow_tuple=False)
-        return False
-
-
 class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
     """
     This is the user model used by pretix for authentication.
@@ -357,25 +334,27 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
             return self.email
 
     def send_security_notice(self, messages, email=None):
-        from pretix.base.services.mail import mail
+        from pretix.base.services.mail import SendMailException, mail
 
-        with language(self.locale):
-            msg = '- ' + '\n- '.join(str(m) for m in messages)
+        try:
+            with language(self.locale):
+                msg = '- ' + '\n- '.join(str(m) for m in messages)
 
-        mail(
-            email or self.email,
-            _('Account information changed'),
-            'pretixcontrol/email/security_notice.txt',
-            {
-                'user': self,
-                'messages': msg,
-                'url': build_absolute_uri('control:user.settings'),
-                'instance': settings.PRETIX_INSTANCE_NAME,
-            },
-            event=None,
-            user=self,
-            locale=self.locale
-        )
+            mail(
+                email or self.email,
+                _('Account information changed'),
+                'pretixcontrol/email/security_notice.txt',
+                {
+                    'user': self,
+                    'messages': msg,
+                    'url': build_absolute_uri('control:user.settings')
+                },
+                event=None,
+                user=self,
+                locale=self.locale
+            )
+        except SendMailException:
+            pass  # Already logged
 
     def send_confirmation_code(self, session, reason, email=None, state=None):
         """
@@ -415,7 +394,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
                 'user': self,
                 'reason': msg,
                 'code': code,
-                'instance': settings.PRETIX_INSTANCE_NAME,
             },
             event=None,
             user=self,
@@ -455,7 +433,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         mail(
             self.email, _('Password recovery'), 'pretixcontrol/email/forgot.txt',
             {
-                'instance': settings.PRETIX_INSTANCE_NAME,
                 'user': self,
                 'url': (build_absolute_uri('control:auth.forgot.recover')
                         + '?id=%d&token=%s' % (self.id, default_token_generator.make_token(self)))
@@ -495,7 +472,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: set
         """
         teams = self._get_teams_for_event(organizer, event)
-        sets = [t.event_permission_set() for t in teams]
+        sets = [t.permission_set() for t in teams]
         if sets:
             return set.union(*sets)
         else:
@@ -509,7 +486,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: set
         """
         teams = self._get_teams_for_organizer(organizer)
-        sets = [t.organizer_permission_set() for t in teams]
+        sets = [t.permission_set() for t in teams]
         if sets:
             return set.union(*sets)
         else:
@@ -524,7 +501,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
 
         :param organizer: The organizer of the event
         :param event: The event to check
-        :param perm_name: The permission, e.g. ``event.orders:read``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: The current request (optional)
         :param session_key: The current session key (optional)
         :return: bool
@@ -536,8 +513,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         if teams:
             self._teamcache['e{}'.format(event.pk)] = teams
             if isinstance(perm_name, (tuple, list)):
-                return any([any(team.has_event_permission(p) for team in teams) for p in perm_name])
-            if not perm_name or any([team.has_event_permission(perm_name) for team in teams]):
+                return any([any(team.has_permission(p) for team in teams) for p in perm_name])
+            if not perm_name or any([team.has_permission(perm_name) for team in teams]):
                 return True
         return False
 
@@ -547,7 +524,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         to the organizer ``organizer``.
 
         :param organizer: The organizer to check
-        :param perm_name: The permission, e.g. ``organizer.events:create``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: The current request (optional). Required to detect staff sessions properly.
         :return: bool
         """
@@ -556,8 +533,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         teams = self._get_teams_for_organizer(organizer)
         if teams:
             if isinstance(perm_name, (tuple, list)):
-                return any([any(team.has_organizer_permission(p) for team in teams) for p in perm_name])
-            if not perm_name or any([team.has_organizer_permission(perm_name) for team in teams]):
+                return any([any(team.has_permission(p) for team in teams) for p in perm_name])
+            if not perm_name or any([team.has_permission(perm_name) for team in teams]):
                 return True
         return False
 
@@ -588,15 +565,14 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: Iterable of Events
         """
         from .event import Event
-        from .organizer import TeamQuerySet
 
         if request and self.has_active_staff_session(request.session.session_key):
             return Event.objects.all()
 
         if isinstance(permission, (tuple, list)):
-            q = reduce(operator.or_, [TeamQuerySet.event_permission_q(p) for p in permission])
+            q = reduce(operator.or_, [Q(**{p: True}) for p in permission])
         else:
-            q = TeamQuerySet.event_permission_q(permission)
+            q = Q(**{permission: True})
 
         return Event.objects.filter(
             Q(organizer_id__in=self.teams.filter(q, all_events=True).values_list('organizer', flat=True))
@@ -629,13 +605,14 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: Iterable of Organizers
         """
         from .event import Organizer
-        from .organizer import TeamQuerySet
 
         if request and self.has_active_staff_session(request.session.session_key):
             return Organizer.objects.all()
 
+        kwargs = {permission: True}
+
         return Organizer.objects.filter(
-            id__in=self.teams.filter(TeamQuerySet.organizer_permission_q(permission)).values_list('organizer', flat=True)
+            id__in=self.teams.filter(**kwargs).values_list('organizer', flat=True)
         )
 
     def has_active_staff_session(self, session_key=None):
@@ -690,11 +667,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         self.session_token = generate_session_token()
         self.save(update_fields=['session_token'])
 
-    @cached_property
-    @scopes_disabled()
-    def is_in_any_teams(self):
-        return self.teams.exists()
-
 
 class UserKnownLoginSource(models.Model):
     user = models.ForeignKey('User', on_delete=models.CASCADE, related_name="known_login_sources")

src/pretix/base/models/base.py

@@ -130,8 +130,6 @@ class LoggingMixin:
             organizer_id = self.event.organizer_id
         elif hasattr(self, 'organizer_id'):
             organizer_id = self.organizer_id
-        elif hasattr(self, 'issuer_id'):
-            organizer_id = self.issuer_id
 
         if user and not user.is_authenticated:
             user = None

src/pretix/base/models/customers.py

@@ -40,7 +40,6 @@ from i18nfield.fields import I18nCharField
 from phonenumber_field.modelfields import PhoneNumberField
 
 from pretix.base.banlist import banned
-from pretix.base.i18n import language
 from pretix.base.models.base import LoggedModel
 from pretix.base.models.fields import MultiStringField
 from pretix.base.models.giftcards import GiftCardTransaction
@@ -165,28 +164,6 @@ class Customer(LoggedModel):
         self.attendee_profiles.all().delete()
         self.invoice_addresses.all().delete()
 
-    def send_security_notice(self, message, email=None):
-        from pretix.base.services.mail import SendMailException, mail
-        from pretix.multidomain.urlreverse import build_absolute_uri
-
-        try:
-            with language(self.locale):
-                mail(
-                    email or self.email,
-                    self.organizer.settings.mail_subject_customer_security_notice,
-                    self.organizer.settings.mail_text_customer_security_notice,
-                    {
-                        **self.get_email_context(),
-                        'message': str(message),
-                        'url': build_absolute_uri(self.organizer, 'presale:organizer.customer.index')
-                    },
-                    customer=self,
-                    organizer=self.organizer,
-                    locale=self.locale
-                )
-        except SendMailException:
-            pass  # Already logged
-
     @scopes_disabled()
     def assign_identifier(self):
         charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ23456789')
@@ -316,7 +293,6 @@ class Customer(LoggedModel):
             locale=self.locale,
             customer=self,
             organizer=self.organizer,
-            sensitive=True,
         )
 
     def usable_gift_cards(self, used_cards=[]):
@@ -373,7 +349,7 @@ class AttendeeProfile(models.Model):
     def state_name(self):
         sd = pycountry.subdivisions.get(code='{}-{}'.format(self.country, self.state))
         if sd:
-            return _(sd.name)
+            return sd.name
         return self.state
 
     @property

src/pretix/base/models/datasync.py

@@ -86,7 +86,7 @@ class OrderSyncQueue(models.Model):
 
     def set_sync_error(self, failure_mode, messages, full_message):
         logger.exception(
-            f"Could not sync order {self.order.code} to {self.sync_provider} ({failure_mode})"
+            f"Could not sync order {self.order.code} to {type(self).__name__} ({failure_mode})"
         )
         self.order.log_action(f"pretix.event.order.data_sync.failed.{failure_mode}", {
             "provider": self.sync_provider,

src/pretix/base/models/devices.py

@@ -29,9 +29,6 @@ from django.utils.translation import gettext_lazy as _
 from django_scopes import ScopedManager, scopes_disabled
 
 from pretix.base.models import LoggedModel
-from pretix.base.permissions import (
-    AnyPermissionOf, assert_valid_event_permission,
-)
 
 
 @scopes_disabled()
@@ -192,19 +189,13 @@ class Device(LoggedModel):
                 kwargs['update_fields'] = {'device_id'}.union(kwargs['update_fields'])
         super().save(*args, **kwargs)
 
-    def _event_permission_set(self) -> set:
+    def permission_set(self) -> set:
         return {
-            'event.orders:read',
-            'event.orders:write',
-            'event.vouchers:read',
-        }
-
-    def _organizer_permission_set(self) -> set:
-        return {
-            'organizer.giftcards:read',
-            'organizer.giftcards:write',
-            'organizer.reusablemedia:read',
-            'organizer.reusablemedia:write',
+            'can_view_orders',
+            'can_change_orders',
+            'can_view_vouchers',
+            'can_manage_gift_cards',
+            'can_manage_reusable_media',
         }
 
     def get_event_permission_set(self, organizer, event) -> set:
@@ -218,7 +209,7 @@ class Device(LoggedModel):
         has_event_access = (self.all_events and organizer == self.organizer) or (
             event in self.limit_events.all()
         )
-        return self._event_permission_set() if has_event_access else set()
+        return self.permission_set() if has_event_access else set()
 
     def get_organizer_permission_set(self, organizer) -> set:
         """
@@ -227,7 +218,7 @@ class Device(LoggedModel):
         :param organizer: The organizer of the event
         :return: set of permissions
         """
-        return self._organizer_permission_set() if self.organizer == organizer else set()
+        return self.permission_set() if self.organizer == organizer else set()
 
     def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
         """
@@ -236,7 +227,7 @@ class Device(LoggedModel):
 
         :param organizer: The organizer of the event
         :param event: The event to check
-        :param perm_name: The permission, e.g. ``event.orders:read``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
@@ -244,8 +235,8 @@ class Device(LoggedModel):
             event in self.limit_events.all()
         )
         if isinstance(perm_name, (tuple, list)):
-            return has_event_access and any(p in self._event_permission_set() for p in perm_name)
-        return has_event_access and (not perm_name or perm_name in self._event_permission_set())
+            return has_event_access and any(p in self.permission_set() for p in perm_name)
+        return has_event_access and (not perm_name or perm_name in self.permission_set())
 
     def has_organizer_permission(self, organizer, perm_name=None, request=None):
         """
@@ -253,13 +244,13 @@ class Device(LoggedModel):
         to the organizer ``organizer``.
 
         :param organizer: The organizer to check
-        :param perm_name: The permission, e.g. ``organizer.events:create``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
         if isinstance(perm_name, (tuple, list)):
-            return organizer == self.organizer and any(p in self._organizer_permission_set() for p in perm_name)
-        return organizer == self.organizer and (not perm_name or perm_name in self._organizer_permission_set())
+            return organizer == self.organizer and any(p in self.permission_set() for p in perm_name)
+        return organizer == self.organizer and (not perm_name or perm_name in self.permission_set())
 
     def get_events_with_any_permission(self):
         """
@@ -279,10 +270,9 @@ class Device(LoggedModel):
         :param request: Ignored, for compatibility with User model
         :return: Iterable of Events
         """
-        assert_valid_event_permission(permission)
         if (
-            isinstance(permission, (AnyPermissionOf, list, tuple)) and any(p in self._event_permission_set() for p in permission)
-        ) or (isinstance(permission, str) and permission in self._event_permission_set()):
+                isinstance(permission, (list, tuple)) and any(p in self.permission_set() for p in permission)
+        ) or (isinstance(permission, str) and permission in self.permission_set()):
             return self.get_events_with_any_permission()
         else:
             return self.organizer.events.none()

src/pretix/base/models/discount.py

@@ -37,7 +37,7 @@ from pretix.base.decimal import round_decimal
 from pretix.base.models.base import LoggedModel
 
 PositionInfo = namedtuple('PositionInfo',
-                          ['item_id', 'subevent_id', 'subevent_date_from', 'line_price_gross', 'addon_to',
+                          ['item_id', 'subevent_id', 'subevent_date_from', 'line_price_gross', 'is_addon_to',
                            'voucher_discount'])
 
 
@@ -279,42 +279,6 @@ class Discount(LoggedModel):
             for idx in condition_idx_group:
                 collect_potential_discounts[idx] = [(self, inf, -1, subevent_id)]
 
-    def _addon_idx(self, positions, idx):
-        """
-        If we have the following cart:
-
-        - Main product
-          - 10x Addon product 5€
-        - Main product
-          - 10x Addon product 5€
-
-        And we have a discount rule that grants "every 10th product is free", people tend to expect
-
-        - Main product
-          - 9x Addon product 5€
-          - 1x Addon product free
-        - Main product
-          - 9x Addon product 5€
-          - 1x Addon product free
-
-        And get confused if they get
-
-        - Main product
-          - 8x Addon product 5€
-          - 2x Addon product free
-        - Main product
-          - 10x Addon product 5€
-
-        Even if the result is the same. Therefore, we sort positions in the cart not only by price, but also by their
-        relative index within their addon group. This is only a heuristic and there are *still* scenarios where the more
-        unexpected version happens, e.g. if prices are different. We need to accept this as long as discounts work on
-        cart level and not on addon-group level, but this simple sorting reduces the number of support issues by making
-        the weird case less likely.
-        """
-        if not positions[idx].addon_to:
-            return 0
-        return len([1 for i, p in positions.items() if i < idx and p.addon_to == positions[idx].addon_to])
-
     def _apply_min_count(self, positions, condition_idx_group, benefit_idx_group, result, collect_potential_discounts, subevent_id):
         if len(condition_idx_group) < self.condition_min_count:
             return
@@ -324,8 +288,8 @@ class Discount(LoggedModel):
 
         if self.benefit_only_apply_to_cheapest_n_matches:
             # sort by line_price
-            condition_idx_group = sorted(condition_idx_group, key=lambda idx: (positions[idx].line_price_gross, self._addon_idx(positions, idx), -idx))
-            benefit_idx_group = sorted(benefit_idx_group, key=lambda idx: (positions[idx].line_price_gross, self._addon_idx(positions, idx), -idx))
+            condition_idx_group = sorted(condition_idx_group, key=lambda idx: (positions[idx].line_price_gross, -idx))
+            benefit_idx_group = sorted(benefit_idx_group, key=lambda idx: (positions[idx].line_price_gross, -idx))
 
             # Prevent over-consuming of items, i.e. if our discount is "buy 2, get 1 free", we only
             # want to match multiples of 3
@@ -470,7 +434,7 @@ class Discount(LoggedModel):
             for idx, p in positions.items():
                 subevent_to_idx[p.subevent_id].append(idx)
             for v in subevent_to_idx.values():
-                v.sort(key=lambda idx: (positions[idx].line_price_gross, self._addon_idx(positions, idx)))
+                v.sort(key=lambda idx: positions[idx].line_price_gross)
             subevent_order = sorted(list(subevent_to_idx.keys()), key=lambda s: len(subevent_to_idx[s]), reverse=True)
 
             # Build groups of exactly condition_min_count distinct subevents
@@ -494,7 +458,7 @@ class Discount(LoggedModel):
 
                 # Sort the list by prices, then pick one. For "buy 2 get 1 free" we apply a "pick 1 from the start
                 # and 2 from the end" scheme to optimize price distribution among groups
-                candidates = sorted(candidates, key=lambda idx: (positions[idx].line_price_gross, self._addon_idx(positions, idx)))
+                candidates = sorted(candidates, key=lambda idx: positions[idx].line_price_gross)
                 if len(current_group) < (self.benefit_only_apply_to_cheapest_n_matches or 0):
                     candidate = candidates[0]
                 else:

src/pretix/base/models/event.py

@@ -843,33 +843,6 @@ class Event(EventMixin, LoggedModel):
             time(hour=23, minute=59, second=59)
         ), tz)
 
-    def allow_copy_data(self, new_organizer, auth) -> bool:
-        """
-        Returns whether it is allowed to copy the event to the target organizer. Auth can be TeamAPIToken or User.
-        """
-        from ..permissions import get_all_event_permissions
-        from .auth import User
-
-        if self.organizer == new_organizer:
-            # Copying in the same organizer is always okay with any read access, we just need to ensure it does not
-            # grant more permissions than I had before, but that is handled by the view logic
-            return auth.has_event_permission(self.organizer, self, None)
-
-        if isinstance(auth, User):
-            # Cross-organizer copying requires almost full permission of source to prevent settings extraction
-            required_permissions = get_all_event_permissions() - {
-                # We do not require these, as this data is not copied
-                "event.orders:read", "event.orders:write", "event.vouchers:read", "event.vouchers:write",
-                "event.subevents:write",
-            }
-            given_permission = auth.get_event_permission_set(self.organizer, self)
-            return all(p in given_permission for p in required_permissions if ":" in p)
-
-        else:
-            # Tokens or devices can never copy between organizers, as they are organizer-bound. Kept for future
-            # compatibility and easier calling
-            return False
-
     def copy_data_from(self, other, skip_meta_data=False):
         from ..signals import event_copy_data
         from . import (
@@ -1413,13 +1386,14 @@ class Event(EventMixin, LoggedModel):
         from .auth import User
 
         if permission:
-            qs = Team.objects.with_event_permission(permission)
+            kwargs = {permission: True}
         else:
-            qs = Team.objects.all()
+            kwargs = {}
 
-        team_with_perm = qs.filter(
+        team_with_perm = Team.objects.filter(
             members__pk=OuterRef('pk'),
             organizer=self.organizer,
+            **kwargs
         ).filter(
             Q(all_events=True) | Q(limit_events__pk=self.pk)
         )

src/pretix/base/models/items.py

@@ -594,11 +594,10 @@ class Item(LoggedModel):
         on_delete=models.SET_NULL,
         verbose_name=_("Only show after sellout of"),
         help_text=_("If you select a product here, this product will only be shown when that product is "
-                    "no longer available. This will happen either because the other product has sold out or because "
-                    "the time is outside of the sales window for the other product. If combined with the option "
-                    "to hide sold-out products, this allows you to swap out products for more expensive ones once "
-                    "the cheaper option is sold out. There might be a short period in which both products are visible "
-                    "while all tickets of the referenced product are reserved, but not yet sold.")
+                    "sold out. If combined with the option to hide sold-out products, this allows you to "
+                    "swap out products for more expensive ones once the cheaper option is sold out. There might "
+                    "be a short period in which both products are visible while all tickets of the referenced "
+                    "product are reserved, but not yet sold.")
     )
     hidden_if_item_available_mode = models.CharField(
         choices=UNAVAIL_MODES,

src/pretix/base/models/log.py

@@ -88,7 +88,7 @@ class LogEntry(models.Model):
 
     class Meta:
         ordering = ('-datetime', '-id')
-        indexes = [models.Index(fields=["datetime", "id"], name="pretixbase__datetim_b1fe5a_idx")]
+        indexes = [models.Index(fields=["datetime", "id"])]
 
     def display(self):
         from pretix.base.logentrytype_registry import log_entry_types
@@ -141,9 +141,8 @@ class LogEntry(models.Model):
 
         log_entry_type, meta = log_entry_types.get(action_type=self.action_type)
         if log_entry_type:
-            sender = self.event if self.event else self.organizer
             link_info = log_entry_type.get_object_link_info(self)
-            if is_app_active(sender, meta['plugin']):
+            if is_app_active(self.event, meta['plugin']):
                 return make_link(link_info, log_entry_type.object_link_wrapper)
             else:
                 return make_link(link_info, log_entry_type.object_link_wrapper, is_active=False,

src/pretix/base/models/mail.py

@@ -1,239 +0,0 @@
-#
-# This file is part of pretix (Community Edition).
-#
-# Copyright (C) 2014-2020  Raphael Michel and contributors
-# Copyright (C) 2020-today pretix GmbH and contributors
-#
-# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
-# Public License as published by the Free Software Foundation in version 3 of the License.
-#
-# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
-# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
-# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
-# this file, see <https://pretix.eu/about/en/license>.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
-# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
-# details.
-#
-# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
-# <https://www.gnu.org/licenses/>.
-#
-import uuid
-
-from django.core.mail import get_connection
-from django.db import models
-from django.utils.translation import gettext_lazy as _
-from django_scopes import scope, scopes_disabled
-
-
-def CASCADE_IF_QUEUED(collector, field, sub_objs, using):
-    # If the email is still queued and the thing it is related to vanishes, the email can vanish as well
-    cascade_objs = [
-        o for o in sub_objs if o.status == OutgoingMail.STATUS_QUEUED
-    ]
-    if cascade_objs:
-        models.CASCADE(collector, field, cascade_objs, using)
-
-    # In all other cases, set to NULL to keep the email on record
-    models.SET_NULL(collector, field, [o for o in sub_objs if o not in cascade_objs], using)
-
-
-class OutgoingMail(models.Model):
-    STATUS_QUEUED = "queued"
-    STATUS_WITHHELD = "withheld"
-    STATUS_INFLIGHT = "inflight"
-    STATUS_AWAITING_RETRY = "awaiting_retry"
-    STATUS_FAILED = "failed"
-    STATUS_SENT = "sent"
-    STATUS_BOUNCED = "bounced"
-    STATUS_ABORTED = "aborted"
-    STATUS_CHOICES = (
-        (STATUS_QUEUED, _("queued")),
-        (STATUS_INFLIGHT, _("being sent")),
-        (STATUS_AWAITING_RETRY, _("awaiting retry")),
-        (STATUS_WITHHELD, _("withheld")),  # for plugin use
-        (STATUS_FAILED, _("failed")),
-        (STATUS_ABORTED, _("aborted")),
-        (STATUS_SENT, _("sent")),
-        (STATUS_BOUNCED, _("bounced")),  # for plugin use
-    )
-    STATUS_LIST_ABORTABLE = {
-        STATUS_QUEUED,
-        STATUS_WITHHELD,
-        STATUS_AWAITING_RETRY,
-    }
-    STATUS_LIST_RETRYABLE = {
-        STATUS_FAILED,
-        STATUS_WITHHELD,
-    }
-
-    # The GUID is a globally unique ID for the email added to a header of the email for later tracing
-    # in bug reports etc. We could theoretically also use this as a basis for the Message-ID header, but
-    # we currently don't since we are unsure if some intermediary SMTP servers have opinions on setting
-    # their own Message-ID headers.
-    guid = models.UUIDField(db_index=True, default=uuid.uuid4)
-
-    status = models.CharField(max_length=200, choices=STATUS_CHOICES, default=STATUS_QUEUED)
-    created = models.DateTimeField(auto_now_add=True)
-
-    # sent will be the time the email was sent or the email failed
-    sent = models.DateTimeField(null=True, blank=True)
-
-    inflight_since = models.DateTimeField(null=True, blank=True)
-    retry_after = models.DateTimeField(null=True, blank=True)
-
-    error = models.TextField(null=True, blank=True)
-    error_detail = models.TextField(null=True, blank=True)
-
-    # There is a conflict here between the different purposes of the model. As a system administrator,
-    # one wants *all* emails to be persisted as long as possible to debug issues. This means that if
-    # e.g. the event or order is deleted, we want SET_NULL behavior. However, in that case, the email
-    # would be an "orphan" forever and there's no way to remove the personal information.
-    # We try to find a middle-ground with the following behaviour:
-    # - The email is always deleted if the entire organizer or user is deleted
-    # - The email is always deleted if it has not yet been sent
-    # - The email is kept in all other cases
-    # This is only an acceptable trade-off since emails are stored for a short period only, and because
-    # orders and customers are never deleted during normal operation. If we ever make this a long-term
-    # storage / email archive, we'd need to find another way to make sure personal information is removed
-    # if personal information of orders etc is removed.
-    organizer = models.ForeignKey(
-        'pretixbase.Organizer',
-        on_delete=models.CASCADE,
-        related_name='outgoing_mails',
-        null=True, blank=True,
-    )
-    event = models.ForeignKey(
-        'pretixbase.Event',
-        on_delete=CASCADE_IF_QUEUED,
-        related_name='outgoing_mails',
-        null=True, blank=True,
-    )
-    order = models.ForeignKey(
-        'pretixbase.Order',
-        on_delete=CASCADE_IF_QUEUED,
-        related_name='outgoing_mails',
-        null=True, blank=True,
-    )
-    orderposition = models.ForeignKey(
-        'pretixbase.OrderPosition',
-        on_delete=CASCADE_IF_QUEUED,
-        related_name='outgoing_mails',
-        null=True, blank=True,
-    )
-    customer = models.ForeignKey(
-        'pretixbase.Customer',
-        on_delete=CASCADE_IF_QUEUED,
-        related_name='outgoing_mails',
-        null=True, blank=True,
-    )
-    user = models.ForeignKey(
-        'pretixbase.User',
-        on_delete=models.CASCADE,
-        related_name='outgoing_mails',
-        null=True, blank=True,
-    )
-
-    sensitive = models.BooleanField(default=False)
-    subject = models.TextField()
-    body_plain = models.TextField()
-    body_html = models.TextField(null=True)
-    sender = models.CharField(max_length=500)
-    headers = models.JSONField(default=dict)
-    to = models.JSONField(default=list)
-    cc = models.JSONField(default=list)
-    bcc = models.JSONField(default=list)
-    recipient_count = models.IntegerField()
-
-    # We don't store the actual invoices, tickets or calendar invites, so if the email is re-sent at a later time, a
-    # newer version of the files might be used. We accept that risk to save on storage and also because the new
-    # version might actually be more useful.
-    should_attach_invoices = models.ManyToManyField(
-        'pretixbase.Invoice',
-        related_name='outgoing_mails'
-    )
-    should_attach_tickets = models.BooleanField(default=False)
-    should_attach_ical = models.BooleanField(default=False)
-
-    # clean_cached_files makes sure not to delete these as long as the email is in a retryable state
-    should_attach_cached_files = models.ManyToManyField(
-        'pretixbase.CachedFile',
-        related_name='outgoing_mails',
-    )
-
-    # This is used to send files stored in settings. In most cases, these aren't short-lived and should still be there
-    # if the email is sent. Otherwise, they will be skipped. We accept that risk.
-    should_attach_other_files = models.JSONField(default=list)
-
-    # [{name, type size}] of the attachments we actually setn
-    actual_attachments = models.JSONField(default=list)
-
-    class Meta:
-        ordering = ('-created',)
-
-    def get_mail_backend(self):
-        if self.event:
-            return self.event.get_mail_backend()
-        elif self.organizer:
-            return self.organizer.get_mail_backend()
-        else:
-            return get_connection(fail_silently=False)
-
-    def scope_manager(self):
-        if self.organizer:
-            return scope(organizer=self.organizer)  # noqa
-        else:
-            return scopes_disabled()  # noqa
-
-    @property
-    def is_failed(self):
-        return self.status in (
-            OutgoingMail.STATUS_FAILED,
-            OutgoingMail.STATUS_AWAITING_RETRY,
-            OutgoingMail.STATUS_BOUNCED,
-        )
-
-    def save(self, *args, **kwargs):
-        if self.orderposition_id and not self.order_id:
-            self.order = self.orderposition.order
-        if self.order_id and not self.event_id:
-            self.event = self.order.event
-        if self.event_id and not self.organizer_id:
-            self.organizer = self.event.organizer
-        if self.customer_id and not self.organizer_id:
-            self.organizer = self.customer.organizer
-        self.recipient_count = len(self.to) + len(self.cc) + len(self.bcc)
-        super().save(*args, **kwargs)
-
-    def log_parameters(self):
-        if self.order:
-            error_log_action_type = 'pretix.event.order.email.error'
-            log_target = self.order
-        elif self.customer:
-            error_log_action_type = 'pretix.customer.email.error'
-            log_target = self.customer
-        elif self.user:
-            error_log_action_type = 'pretix.user.email.error'
-            log_target = self.user
-        else:
-            error_log_action_type = 'pretix.email.error'
-            log_target = None
-        return log_target, error_log_action_type
-
-    def log_data(self):
-        return {
-            "subject": self.subject,
-            "message": self.body_plain,
-            "to": self.to,
-            "cc": self.cc,
-            "bcc": self.bcc,
-
-            "invoices": [i.pk for i in self.should_attach_invoices.all()],
-            "attach_tickets": self.should_attach_tickets,
-            "attach_ical": self.should_attach_ical,
-            "attach_other_files": self.should_attach_other_files,
-            "attach_cached_files": [cf.filename for cf in self.should_attach_cached_files.all()],
-
-            "position": self.orderposition.positionid if self.orderposition else None,
-        }

src/pretix/base/models/media.py

@@ -122,7 +122,7 @@ class ReusableMedium(LoggedModel):
     class Meta:
         unique_together = (("identifier", "type", "organizer"),)
         indexes = [
-            models.Index(fields=("updated", "id"), name="pretixbase__updated_093277_idx"),
+            models.Index(fields=("updated", "id")),
         ]
         ordering = "identifier", "type", "organizer"
 

src/pretix/base/models/orders.py

@@ -87,6 +87,7 @@ from pretix.base.timemachine import time_machine_now
 
 from ...helpers import OF_SELF
 from ...helpers.countries import CachedCountries, FastCountryField
+from ...helpers.format import format_map
 from ...helpers.names import build_name
 from ...testutils.middleware import debugflags_var
 from ._transactions import (
@@ -336,8 +337,8 @@ class Order(LockModel, LoggedModel):
         verbose_name_plural = _("Orders")
         ordering = ("-datetime", "-pk")
         indexes = [
-            models.Index(fields=["datetime", "id"], name="pretixbase__datetim_66aff0_idx"),
-            models.Index(fields=["last_modified", "id"], name="pretixbase__last_mo_4ebf8b_idx"),
+            models.Index(fields=["datetime", "id"]),
+            models.Index(fields=["last_modified", "id"]),
         ]
         constraints = [
             models.UniqueConstraint(fields=["organizer", "code"], name="order_organizer_code_uniq"),
@@ -1166,7 +1167,9 @@ class Order(LockModel, LoggedModel):
                          only be attached for this position and child positions, the link will only point to the
                          position and the attendee email will be used if available.
         """
-        from pretix.base.services.mail import mail
+        from pretix.base.services.mail import (
+            SendMailException, mail, render_mail,
+        )
 
         if not self.email and not (position and position.attendee_email):
             return
@@ -1176,19 +1179,34 @@ class Order(LockModel, LoggedModel):
             if position and position.attendee_email:
                 recipient = position.attendee_email
 
-            outgoing_mail = mail(
-                recipient, subject, template, context,
-                self.event, self.locale, self, headers=headers, sender=sender,
-                invoices=invoices, attach_tickets=attach_tickets,
-                position=position, auto_email=auto_email, attach_ical=attach_ical,
-                attach_other_files=attach_other_files, attach_cached_files=attach_cached_files,
-            )
-            if outgoing_mail:
+            try:
+                email_content = render_mail(template, context)
+                subject = format_map(subject, context)
+                mail(
+                    recipient, subject, template, context,
+                    self.event, self.locale, self, headers=headers, sender=sender,
+                    invoices=invoices, attach_tickets=attach_tickets,
+                    position=position, auto_email=auto_email, attach_ical=attach_ical,
+                    attach_other_files=attach_other_files, attach_cached_files=attach_cached_files,
+                )
+            except SendMailException:
+                raise
+            else:
                 self.log_action(
                     log_entry_type,
                     user=user,
                     auth=auth,
-                    data=outgoing_mail.log_data(),
+                    data={
+                        'subject': subject,
+                        'message': email_content,
+                        'position': position.positionid if position else None,
+                        'recipient': recipient,
+                        'invoices': [i.pk for i in invoices] if invoices else [],
+                        'attach_tickets': attach_tickets,
+                        'attach_ical': attach_ical,
+                        'attach_other_files': attach_other_files,
+                        'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
+                    }
                 )
 
     def resend_link(self, user=None, auth=None):
@@ -1657,7 +1675,7 @@ class AbstractPosition(RoundingCorrectionMixin, models.Model):
     def state_name(self):
         sd = pycountry.subdivisions.get(code='{}-{}'.format(self.country, self.state))
         if sd:
-            return _(sd.name)
+            return sd.name
         return self.state
 
     @property
@@ -2006,30 +2024,40 @@ class OrderPayment(models.Model):
             transmit_invoice.apply_async(args=(self.order.event_id, invoice.pk, False))
 
     def _send_paid_mail_attendee(self, position, user):
+        from pretix.base.services.mail import SendMailException
+
         with language(self.order.locale, self.order.event.settings.region):
             email_template = self.order.event.settings.mail_text_order_paid_attendee
             email_subject = self.order.event.settings.mail_subject_order_paid_attendee
             email_context = get_email_context(event=self.order.event, order=self.order, position=position)
-            position.send_mail(
-                email_subject, email_template, email_context,
-                'pretix.event.order.email.order_paid', user,
-                invoices=[],
-                attach_tickets=True,
-                attach_ical=self.order.event.settings.mail_attach_ical
-            )
+            try:
+                position.send_mail(
+                    email_subject, email_template, email_context,
+                    'pretix.event.order.email.order_paid', user,
+                    invoices=[],
+                    attach_tickets=True,
+                    attach_ical=self.order.event.settings.mail_attach_ical
+                )
+            except SendMailException:
+                logger.exception('Order paid email could not be sent')
 
     def _send_paid_mail(self, invoice, user, mail_text):
+        from pretix.base.services.mail import SendMailException
+
         with language(self.order.locale, self.order.event.settings.region):
             email_template = self.order.event.settings.mail_text_order_paid
             email_subject = self.order.event.settings.mail_subject_order_paid
             email_context = get_email_context(event=self.order.event, order=self.order, payment_info=mail_text)
-            self.order.send_mail(
-                email_subject, email_template, email_context,
-                'pretix.event.order.email.order_paid', user,
-                invoices=[invoice] if invoice else [],
-                attach_tickets=True,
-                attach_ical=self.order.event.settings.mail_attach_ical
-            )
+            try:
+                self.order.send_mail(
+                    email_subject, email_template, email_context,
+                    'pretix.event.order.email.order_paid', user,
+                    invoices=[invoice] if invoice else [],
+                    attach_tickets=True,
+                    attach_ical=self.order.event.settings.mail_attach_ical
+                )
+            except SendMailException:
+                logger.exception('Order paid email could not be sent')
 
     @property
     def refunded_amount(self):
@@ -2887,28 +2915,44 @@ class OrderPosition(AbstractPosition):
         :param attach_tickets: Attach tickets of this order, if they are existing and ready to download
         :param attach_ical: Attach relevant ICS files
         """
-        from pretix.base.services.mail import mail
+        from pretix.base.services.mail import (
+            SendMailException, mail, render_mail,
+        )
 
         if not self.attendee_email:
             return
 
         with language(self.order.locale, self.order.event.settings.region):
             recipient = self.attendee_email
-            outgoing_mail = mail(
-                recipient, subject, template, context,
-                self.event, self.order.locale, order=self.order, headers=headers, sender=sender,
-                position=self,
-                invoices=invoices,
-                attach_tickets=attach_tickets,
-                attach_ical=attach_ical,
-                attach_other_files=attach_other_files,
-            )
-            if outgoing_mail:
+            try:
+                email_content = render_mail(template, context)
+                subject = format_map(subject, context)
+                mail(
+                    recipient, subject, template, context,
+                    self.event, self.order.locale, order=self.order, headers=headers, sender=sender,
+                    position=self,
+                    invoices=invoices,
+                    attach_tickets=attach_tickets,
+                    attach_ical=attach_ical,
+                    attach_other_files=attach_other_files,
+                )
+            except SendMailException:
+                raise
+            else:
                 self.order.log_action(
                     log_entry_type,
                     user=user,
                     auth=auth,
-                    data=outgoing_mail.log_data(),
+                    data={
+                        'subject': subject,
+                        'message': email_content,
+                        'recipient': recipient,
+                        'invoices': [i.pk for i in invoices] if invoices else [],
+                        'attach_tickets': attach_tickets,
+                        'attach_ical': attach_ical,
+                        'attach_other_files': attach_other_files,
+                        'attach_cached_files': [],
+                    }
                 )
 
     def resend_link(self, user=None, auth=None):
@@ -3080,7 +3124,7 @@ class Transaction(models.Model):
     class Meta:
         ordering = 'datetime', 'pk'
         indexes = [
-            models.Index(fields=['datetime', 'id'], name="pretixbase__datetim_b20405_idx")
+            models.Index(fields=['datetime', 'id'])
         ]
 
     def save(self, *args, **kwargs):
@@ -3436,7 +3480,7 @@ class InvoiceAddress(models.Model):
     def state_name(self):
         sd = pycountry.subdivisions.get(code='{}-{}'.format(self.country, self.state))
         if sd:
-            return _(sd.name)
+            return sd.name
         return self.state
 
     @property
@@ -3485,10 +3529,18 @@ class InvoiceAddress(models.Model):
     def describe_transmission(self):
         from pretix.base.invoicing.transmission import transmission_types
         data = []
+
         t, __ = transmission_types.get(identifier=self.transmission_type)
         data.append((_("Transmission type"), t.public_name))
-        if self.transmission_info:
-            data += t.describe_info(self.transmission_info, self.country, self.is_business)
+        form_data = t.transmission_info_to_form_data(self.transmission_info or {})
+        for k, f in t.invoice_address_form_fields.items():
+            v = form_data.get(k)
+            if v is True:
+                v = _("Yes")
+            elif v is False:
+                v = _("No")
+            if v:
+                data.append((f.label, v))
         return data
 
 

src/pretix/base/models/organizer.py

@@ -31,10 +31,9 @@
 # Unless required by applicable law or agreed to in writing, software distributed under the Apache License 2.0 is
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations under the License.
-import operator
+
 import string
 from datetime import date, datetime, time
-from functools import reduce
 
 import pytz_deprecation_shim
 from django.conf import settings
@@ -54,10 +53,6 @@ from i18nfield.strings import LazyI18nString
 from pretix.base.models.base import LoggedModel
 from pretix.base.validators import OrganizerSlugBanlistValidator
 
-from ...helpers.permission_migration import (
-    OLD_TO_NEW_EVENT_COMPAT, OLD_TO_NEW_ORGANIZER_COMPAT,
-    LegacyPermissionProperty,
-)
 from ..settings import settings_hierarkey
 from .auth import User
 
@@ -314,38 +309,6 @@ def generate_api_token():
     return get_random_string(length=64, allowed_chars=string.ascii_lowercase + string.digits)
 
 
-class TeamQuerySet(models.QuerySet):
-    @classmethod
-    def event_permission_q(cls, perm_name):
-        from ..permissions import assert_valid_event_permission
-
-        if perm_name.startswith('can_') and perm_name in OLD_TO_NEW_EVENT_COMPAT:  # legacy
-            return reduce(operator.and_, [cls.event_permission_q(p) for p in OLD_TO_NEW_EVENT_COMPAT[perm_name]])
-        assert_valid_event_permission(perm_name, allow_legacy=False)
-        return (
-            Q(all_event_permissions=True) |
-            Q(**{f'limit_event_permissions__{perm_name}': True})
-        )
-
-    @classmethod
-    def organizer_permission_q(cls, perm_name):
-        from ..permissions import assert_valid_organizer_permission
-
-        if perm_name.startswith('can_') and perm_name in OLD_TO_NEW_ORGANIZER_COMPAT:  # legacy
-            return reduce(operator.and_, [cls.organizer_permission_q(p) for p in OLD_TO_NEW_ORGANIZER_COMPAT[perm_name]])
-        assert_valid_organizer_permission(perm_name, allow_legacy=False)
-        return (
-            Q(all_organizer_permissions=True) |
-            Q(**{f'limit_organizer_permissions__{perm_name}': True})
-        )
-
-    def with_event_permission(self, perm_name):
-        return self.filter(self.event_permission_q(perm_name))
-
-    def with_organizer_permission(self, perm_name):
-        return self.filter(self.organizer_permission_q(perm_name))
-
-
 class Team(LoggedModel):
     """
     A team is a collection of people given certain access rights to one or more events of an organizer.
@@ -358,10 +321,36 @@ class Team(LoggedModel):
     :param all_events: Whether this team has access to all events of this organizer
     :type all_events: bool
     :param limit_events: A set of events this team has access to. Irrelevant if ``all_events`` is ``True``.
+    :param can_create_events: Whether or not the members can create new events with this organizer account.
+    :type can_create_events: bool
+    :param can_change_teams: If ``True``, the members can change the teams of this organizer account.
+    :type can_change_teams: bool
+    :param can_manage_customers: If ``True``, the members can view and change organizer-level customer accounts.
+    :type can_manage_customers: bool
+    :param can_manage_reusable_media: If ``True``, the members can view and change organizer-level reusable media.
+    :type can_manage_reusable_media: bool
+    :param can_change_organizer_settings: If ``True``, the members can change the settings of this organizer account.
+    :type can_change_organizer_settings: bool
+    :param can_change_event_settings: If ``True``, the members can change the settings of the associated events.
+    :type can_change_event_settings: bool
+    :param can_change_items: If ``True``, the members can change and add items and related objects for the associated events.
+    :type can_change_items: bool
+    :param can_view_orders: If ``True``, the members can inspect details of all orders of the associated events.
+    :type can_view_orders: bool
+    :param can_change_orders: If ``True``, the members can change details of orders of the associated events.
+    :type can_change_orders: bool
+    :param can_checkin_orders: If ``True``, the members can perform check-in related actions.
+    :type can_checkin_orders: bool
+    :param can_view_vouchers: If ``True``, the members can inspect details of all vouchers of the associated events.
+    :type can_view_vouchers: bool
+    :param can_change_vouchers: If ``True``, the members can change and create vouchers for the associated events.
+    :type can_change_vouchers: bool
     """
     organizer = models.ForeignKey(Organizer, related_name="teams", on_delete=models.CASCADE)
     name = models.CharField(max_length=190, verbose_name=_("Team name"))
     members = models.ManyToManyField(User, related_name="teams", verbose_name=_("Team members"))
+    all_events = models.BooleanField(default=False, verbose_name=_("All events (including newly created ones)"))
+    limit_events = models.ManyToManyField('Event', verbose_name=_("Limit to events"), blank=True)
     require_2fa = models.BooleanField(
         default=False, verbose_name=_("Require all members of this team to use two-factor authentication"),
         help_text=_("If you turn this on, all members of the team will be required to either set up two-factor "
@@ -369,33 +358,62 @@ class Team(LoggedModel):
                     "all users.")
     )
 
-    # Scope
-    all_events = models.BooleanField(default=False, verbose_name=_("All events (including newly created ones)"))
-    limit_events = models.ManyToManyField('Event', verbose_name=_("Limit to events"), blank=True)
-
-    # Permissions
-    # We store them as {key: True} instead of [key] because otherwise not all lookups we need are supported on SQLite
-    all_event_permissions = models.BooleanField(default=False, verbose_name=_("All event permissions"))
-    limit_event_permissions = models.JSONField(default=dict, verbose_name=_("Event permissions"))
-    all_organizer_permissions = models.BooleanField(default=False, verbose_name=_("All organizer permissions"))
-    limit_organizer_permissions = models.JSONField(default=dict, verbose_name=_("Organizer permissions"))
-
-    # Legacy lookups for plugin compatibility
-    can_change_event_settings = LegacyPermissionProperty()
-    can_change_items = LegacyPermissionProperty()
-    can_view_orders = LegacyPermissionProperty()
-    can_change_orders = LegacyPermissionProperty()
-    can_checkin_orders = LegacyPermissionProperty()
-    can_view_vouchers = LegacyPermissionProperty()
-    can_change_vouchers = LegacyPermissionProperty()
-    can_create_events = LegacyPermissionProperty()
-    can_change_organizer_settings = LegacyPermissionProperty()
-    can_change_teams = LegacyPermissionProperty()
-    can_manage_gift_cards = LegacyPermissionProperty()
-    can_manage_customers = LegacyPermissionProperty()
-    can_manage_reusable_media = LegacyPermissionProperty()
-
-    objects = TeamQuerySet.as_manager()
+    can_create_events = models.BooleanField(
+        default=False,
+        verbose_name=_("Can create events"),
+    )
+    can_change_teams = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change teams and permissions"),
+    )
+    can_change_organizer_settings = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change organizer settings"),
+        help_text=_('Someone with this setting can get access to most data of all of your events, i.e. via privacy '
+                    'reports, so be careful who you add to this team!')
+    )
+    can_manage_customers = models.BooleanField(
+        default=False,
+        verbose_name=_("Can manage customer accounts")
+    )
+    can_manage_reusable_media = models.BooleanField(
+        default=False,
+        verbose_name=_("Can manage reusable media")
+    )
+    can_manage_gift_cards = models.BooleanField(
+        default=False,
+        verbose_name=_("Can manage gift cards")
+    )
+    can_change_event_settings = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change event settings")
+    )
+    can_change_items = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change product settings")
+    )
+    can_view_orders = models.BooleanField(
+        default=False,
+        verbose_name=_("Can view orders")
+    )
+    can_change_orders = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change orders")
+    )
+    can_checkin_orders = models.BooleanField(
+        default=False,
+        verbose_name=_("Can perform check-ins"),
+        help_text=_('This includes searching for attendees, which can be used to obtain personal information about '
+                    'attendees. Users with "can change orders" can also perform check-ins.')
+    )
+    can_view_vouchers = models.BooleanField(
+        default=False,
+        verbose_name=_("Can view vouchers")
+    )
+    can_change_vouchers = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change vouchers")
+    )
 
     def __str__(self) -> str:
         return _("%(name)s on %(object)s") % {
@@ -403,62 +421,21 @@ class Team(LoggedModel):
             'object': str(self.organizer),
         }
 
-    def event_permission_set(self, include_legacy=True) -> set:
-        from ..permissions import get_all_event_permission_groups
-
-        result = set()
-        for pg in get_all_event_permission_groups().values():
-            for action in pg.actions:
-                if self.all_event_permissions or self.limit_event_permissions.get(f"{pg.name}:{action}"):
-                    result.add(f"{pg.name}:{action}")
-
-        if include_legacy:
-            # Add legacy permissions as well for plugin compatibility
-            for k, v in OLD_TO_NEW_EVENT_COMPAT.items():
-                if self.all_event_permissions or all(self.limit_event_permissions.get(kk) for kk in v):
-                    result.add(k)
-
-            if "can_change_event_settings" in result:
-                result.add("can_change_settings")
-
-        return result
-
-    def organizer_permission_set(self, include_legacy=True) -> set:
-        from ..permissions import get_all_organizer_permission_groups
-
-        result = set()
-        for pg in get_all_organizer_permission_groups().values():
-            for action in pg.actions:
-                if self.all_organizer_permissions or self.limit_organizer_permissions.get(f"{pg.name}:{action}"):
-                    result.add(f"{pg.name}:{action}")
-
-        if include_legacy:
-            # Add legacy permissions as well for plugin compatibility
-            for k, v in OLD_TO_NEW_ORGANIZER_COMPAT.items():
-                if self.all_organizer_permissions or all(self.limit_organizer_permissions.get(kk) for kk in v):
-                    result.add(k)
-
-        return result
+    def permission_set(self) -> set:
+        attribs = dir(self)
+        return {
+            a for a in attribs if a.startswith('can_') and self.has_permission(a)
+        }
 
     @property
-    def can_change_settings(self):  # Legacy compatibility
+    def can_change_settings(self):  # Legacy compatiblilty
         return self.can_change_event_settings
 
-    def has_event_permission(self, perm_name):
-        from ..permissions import assert_valid_event_permission
-
-        if perm_name.startswith('can_') and hasattr(self, perm_name):  # legacy
+    def has_permission(self, perm_name):
+        try:
             return getattr(self, perm_name)
-        assert_valid_event_permission(perm_name, allow_legacy=False)
-        return self.all_event_permissions or self.limit_event_permissions.get(perm_name, False)
-
-    def has_organizer_permission(self, perm_name):
-        from ..permissions import assert_valid_organizer_permission
-
-        if perm_name.startswith('can_') and hasattr(self, perm_name):  # legacy
-            return getattr(self, perm_name)
-        assert_valid_organizer_permission(perm_name, allow_legacy=False)
-        return self.all_organizer_permissions or self.limit_organizer_permissions.get(perm_name, False)
+        except AttributeError:
+            raise ValueError('Invalid required permission: %s' % perm_name)
 
     def permission_for_event(self, event):
         if self.all_events:
@@ -470,19 +447,6 @@ class Team(LoggedModel):
     def active_tokens(self):
         return self.tokens.filter(active=True)
 
-    def save(self, **kwargs):
-        if not isinstance(self.limit_event_permissions, dict):
-            raise TypeError("Permissions must be a dictionary")
-        if not isinstance(self.limit_organizer_permissions, dict):
-            raise TypeError("Permissions must be a dictionary")
-        for k in self.limit_event_permissions.values():
-            if k is not True:
-                raise TypeError("Permissions must only contain True values")
-        for k in self.limit_organizer_permissions.values():
-            if k is not True:
-                raise TypeError("Permissions must only contain True values")
-        return super().save(**kwargs)
-
     class Meta:
         verbose_name = _("Team")
         verbose_name_plural = _("Teams")
@@ -539,7 +503,7 @@ class TeamAPIToken(models.Model):
         has_event_access = (self.team.all_events and organizer == self.team.organizer) or (
             event in self.team.limit_events.all()
         )
-        return self.team.event_permission_set() if has_event_access else set()
+        return self.team.permission_set() if has_event_access else set()
 
     def get_organizer_permission_set(self, organizer) -> set:
         """
@@ -548,7 +512,7 @@ class TeamAPIToken(models.Model):
         :param organizer: The organizer of the event
         :return: set of permissions
         """
-        return self.team.organizer_permission_set() if self.team.organizer == organizer else set()
+        return self.team.permission_set() if self.team.organizer == organizer else set()
 
     def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
         """
@@ -557,7 +521,7 @@ class TeamAPIToken(models.Model):
 
         :param organizer: The organizer of the event
         :param event: The event to check
-        :param perm_name: The permission, e.g. ``event.orders:read``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
@@ -565,8 +529,8 @@ class TeamAPIToken(models.Model):
             event in self.team.limit_events.all()
         )
         if isinstance(perm_name, (tuple, list)):
-            return has_event_access and any(self.team.has_event_permission(p) for p in perm_name)
-        return has_event_access and (not perm_name or self.team.has_event_permission(perm_name))
+            return has_event_access and any(self.team.has_permission(p) for p in perm_name)
+        return has_event_access and (not perm_name or self.team.has_permission(perm_name))
 
     def has_organizer_permission(self, organizer, perm_name=None, request=None):
         """
@@ -574,13 +538,13 @@ class TeamAPIToken(models.Model):
         to the organizer ``organizer``.
 
         :param organizer: The organizer to check
-        :param perm_name: The permission, e.g. ``organizer.events:create``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
         if isinstance(perm_name, (tuple, list)):
-            return organizer == self.team.organizer and any(self.team.has_organizer_permission(p) for p in perm_name)
-        return organizer == self.team.organizer and (not perm_name or self.team.has_organizer_permission(perm_name))
+            return organizer == self.team.organizer and any(self.team.has_permission(p) for p in perm_name)
+        return organizer == self.team.organizer and (not perm_name or self.team.has_permission(perm_name))
 
     def get_events_with_any_permission(self):
         """
@@ -600,11 +564,9 @@ class TeamAPIToken(models.Model):
         :param request: Ignored, for compatibility with User model
         :return: Iterable of Events
         """
-        from pretix.base.permissions import AnyPermissionOf
-
         if (
-            isinstance(permission, (AnyPermissionOf, list, tuple)) and any(self.team.has_event_permission(p) for p in permission)
-        ) or (isinstance(permission, str) and self.team.has_event_permission(permission)):
+                isinstance(permission, (list, tuple)) and any(getattr(self.team, p, False) for p in permission)
+        ) or (isinstance(permission, str) and getattr(self.team, permission, False)):
             return self.get_events_with_any_permission()
         else:
             return self.team.organizer.events.none()

src/pretix/base/models/vouchers.py

@@ -239,7 +239,7 @@ class Voucher(LoggedModel):
         )
     )
     price_mode = models.CharField(
-        verbose_name=_("Price effect"),
+        verbose_name=_("Price mode"),
         max_length=100,
         choices=PRICE_MODES,
         default='none'

src/pretix/base/models/waitinglist.py

@@ -34,9 +34,9 @@ from phonenumber_field.modelfields import PhoneNumberField
 from pretix.base.email import get_email_context
 from pretix.base.i18n import language
 from pretix.base.models import User, Voucher
-from pretix.base.services.mail import mail
-from pretix.helpers import OF_SELF
+from pretix.base.services.mail import SendMailException, mail, render_mail
 
+from ...helpers.format import format_map
 from ...helpers.names import build_name
 from .base import LoggedModel
 from .event import Event, SubEvent
@@ -158,7 +158,6 @@ class WaitingListEntry(LoggedModel):
         if availability[1] is None or availability[1] < 1:
             raise WaitingListException(_('This product is currently not available.'))
 
-        event = self.event
         ev = self.subevent or self.event
         if ev.seat_category_mappings.filter(product=self.item).exists():
             # Generally, we advertise the waiting list to be based on quotas only. This makes it dangerous
@@ -180,56 +179,50 @@ class WaitingListEntry(LoggedModel):
                 block_quota=True,
                 item_id=self.item_id,
                 subevent_id=self.subevent_id,
-                waitinglistentries__isnull=False,
-                seat__isnull=True
+                waitinglistentries__isnull=False
             ).aggregate(free=Sum(F('max_usages') - F('redeemed')))['free'] or 0
             free_seats = num_free_seats_for_product - num_valid_vouchers_for_product
-            if free_seats < 1:
+            if not free_seats:
                 raise WaitingListException(_('No seat with this product is currently available.'))
 
+        if self.voucher:
+            raise WaitingListException(_('A voucher has already been sent to this person.'))
         if '@' not in self.email:
             raise WaitingListException(_('This entry is anonymized and can no longer be used.'))
 
         with transaction.atomic():
-            locked_wle = WaitingListEntry.objects.select_for_update(of=OF_SELF).get(pk=self.pk)
-            locked_wle.event = event
-            if locked_wle.voucher:
-                raise WaitingListException(_('A voucher has already been sent to this person.'))
-            e = locked_wle.email
-            if locked_wle.name:
-                e += ' / ' + locked_wle.name
+            e = self.email
+            if self.name:
+                e += ' / ' + self.name
             v = Voucher.objects.create(
-                event=locked_wle.event,
+                event=self.event,
                 max_usages=1,
-                valid_until=now() + timedelta(hours=locked_wle.event.settings.waiting_list_hours),
-                item=locked_wle.item,
-                variation=locked_wle.variation,
+                valid_until=now() + timedelta(hours=self.event.settings.waiting_list_hours),
+                item=self.item,
+                variation=self.variation,
                 tag='waiting-list',
                 comment=_('Automatically created from waiting list entry for {email}').format(
                     email=e
                 ),
                 block_quota=True,
-                subevent=locked_wle.subevent,
+                subevent=self.subevent,
             )
             v.log_action('pretix.voucher.added', {
-                'item': locked_wle.item.pk,
-                'variation': locked_wle.variation.pk if locked_wle.variation else None,
+                'item': self.item.pk,
+                'variation': self.variation.pk if self.variation else None,
                 'tag': 'waiting-list',
                 'block_quota': True,
                 'valid_until': v.valid_until.isoformat(),
                 'max_usages': 1,
-                'subevent': locked_wle.subevent.pk if locked_wle.subevent else None,
+                'subevent': self.subevent.pk if self.subevent else None,
                 'source': 'waitinglist',
             }, user=user, auth=auth)
             v.log_action('pretix.voucher.added.waitinglist', {
-                'email': locked_wle.email,
-                'waitinglistentry': locked_wle.pk,
+                'email': self.email,
+                'waitinglistentry': self.pk,
             }, user=user, auth=auth)
-            locked_wle.voucher = v
-            locked_wle.save()
-
-        self.refresh_from_db()
-        self.event = event
+            self.voucher = v
+            self.save()
 
         with language(self.locale, self.event.settings.region):
             self.send_mail(
@@ -272,22 +265,33 @@ class WaitingListEntry(LoggedModel):
         with language(self.locale, self.event.settings.region):
             recipient = self.email
 
-            outgoing_mail = mail(
-                recipient, subject, template, context,
-                self.event,
-                self.locale,
-                headers=headers,
-                sender=sender,
-                auto_email=auto_email,
-                attach_other_files=attach_other_files,
-                attach_cached_files=attach_cached_files,
-            )
-            if outgoing_mail:
+            try:
+                email_content = render_mail(template, context)
+                subject = format_map(subject, context)
+                mail(
+                    recipient, subject, template, context,
+                    self.event,
+                    self.locale,
+                    headers=headers,
+                    sender=sender,
+                    auto_email=auto_email,
+                    attach_other_files=attach_other_files,
+                    attach_cached_files=attach_cached_files,
+                )
+            except SendMailException:
+                raise
+            else:
                 self.log_action(
                     log_entry_type,
                     user=user,
                     auth=auth,
-                    data=outgoing_mail.log_data(),
+                    data={
+                        'subject': subject,
+                        'message': email_content,
+                        'recipient': recipient,
+                        'attach_other_files': attach_other_files,
+                        'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
+                    }
                 )
 
     @staticmethod

src/pretix/base/notifications.py

@@ -151,7 +151,7 @@ def get_all_notification_types(event=None):
 
 
 class ParametrizedOrderNotificationType(NotificationType):
-    required_permission = "event.orders:read"
+    required_permission = "can_view_orders"
 
     def __init__(self, event, action_type, verbose_name, title):
         self._action_type = action_type

src/pretix/base/payment.py

@@ -1231,8 +1231,8 @@ class ManualPayment(BasePaymentProvider):
     def is_allowed(self, request: HttpRequest, total: Decimal=None):
         return 'pretix.plugins.manualpayment' in self.event.plugins and super().is_allowed(request, total)
 
-    def order_change_allowed(self, order: Order, request=None):
-        return 'pretix.plugins.manualpayment' in self.event.plugins and super().order_change_allowed(order, request)
+    def order_change_allowed(self, order: Order):
+        return 'pretix.plugins.manualpayment' in self.event.plugins and super().order_change_allowed(order)
 
     @property
     def public_name(self):
@@ -1295,7 +1295,6 @@ class ManualPayment(BasePaymentProvider):
 
     def format_map(self, order, payment):
         return {
-            # Possible placeholder injection, we should make sure to never include user-controlled variables here
             'order': order.code,
             'amount': payment.amount,
             'currency': self.event.currency,
@@ -1526,26 +1525,16 @@ class GiftCardPayment(BasePaymentProvider):
     def payment_control_render(self, request, payment) -> str:
         from .models import GiftCard
 
-        if any(key in payment.info_data for key in ('gift_card', 'error')):
+        if 'gift_card' in payment.info_data:
+            gc = GiftCard.objects.get(pk=payment.info_data.get('gift_card'))
             template = get_template('pretixcontrol/giftcards/payment.html')
+
             ctx = {
                 'request': request,
                 'event': self.event,
-                **({'error': payment.info_data[
-                    'error']} if 'error' in payment.info_data else {}),
-                **({'gift_card_secret': payment.info_data[
-                    'gift_card_secret']} if 'gift_card_secret' in payment.info_data else {})
+                'gc': gc,
             }
-
-            try:
-                gc = GiftCard.objects.get(pk=payment.info_data.get('gift_card'))
-                ctx = {
-                    'gc': gc,
-                }
-            except GiftCard.DoesNotExist:
-                pass
-            finally:
-                return template.render(ctx)
+            return template.render(ctx)
 
     def payment_control_render_short(self, payment: OrderPayment) -> str:
         d = payment.info_data
@@ -1560,16 +1549,12 @@ class GiftCardPayment(BasePaymentProvider):
         try:
             gc = GiftCard.objects.get(pk=payment.info_data.get('gift_card'))
         except GiftCard.DoesNotExist:
-            return {
-                **({'error': payment.info_data[
-                    'error']} if 'error' in payment.info_data else {})
-            }
+            return {}
         return {
             'gift_card': {
                 'id': gc.pk,
                 'secret': gc.secret,
-                'organizer': gc.issuer.slug,
-                ** ({'error': payment.info_data['error']} if 'error' in payment.info_data else {})
+                'organizer': gc.issuer.slug
             }
         }
 
@@ -1641,8 +1626,6 @@ class GiftCardPayment(BasePaymentProvider):
                     raise PaymentException(_("This gift card does not support this currency."))
                 if not gc.accepted_by(self.event.organizer):
                     raise PaymentException(_("This gift card is not accepted by this event organizer."))
-                if gc.value <= Decimal("0.00"):
-                    raise PaymentException(_("All credit on this gift card has been used."))
                 if payment.amount > gc.value:
                     raise PaymentException(_("This gift card was used in the meantime. Please try again."))
                 if gc.testmode and not payment.order.testmode:
@@ -1663,16 +1646,8 @@ class GiftCardPayment(BasePaymentProvider):
                     'transaction_id': trans.pk,
                 }
                 payment.confirm(send_mail=not is_early_special_case, generate_invoice=not is_early_special_case)
-                gc.log_action(
-                    action='pretix.giftcards.transaction.payment',
-                    data={
-                        'value': trans.value,
-                        'acceptor_id': self.event.organizer.id,
-                        'acceptor_slug': self.event.organizer.slug
-                    }
-                )
         except PaymentException as e:
-            payment.fail(info={**payment.info_data, 'error': str(e)}, send_mail=not is_early_special_case)
+            payment.fail(info={'error': str(e)})
             raise e
 
     def payment_is_valid_session(self, request: HttpRequest) -> bool:
@@ -1695,15 +1670,6 @@ class GiftCardPayment(BasePaymentProvider):
             'transaction_id': trans.pk,
         }
         refund.done()
-        gc.log_action(
-            action='pretix.giftcards.transaction.refund',
-            data={
-                'value': refund.amount,
-                'acceptor_id': self.event.organizer.id,
-                'acceptor_slug': self.event.organizer.slug,
-                'text': refund.comment,
-            }
-        )
 
 
 @receiver(register_payment_providers, dispatch_uid="payment_free")

src/pretix/base/permissions.py

@@ -1,334 +0,0 @@
-#
-# This file is part of pretix (Community Edition).
-#
-# Copyright (C) 2014-2020  Raphael Michel and contributors
-# Copyright (C) 2020-today pretix GmbH and contributors
-#
-# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
-# Public License as published by the Free Software Foundation in version 3 of the License.
-#
-# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
-# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
-# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
-# this file, see <https://pretix.eu/about/en/license>.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
-# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
-# details.
-#
-# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
-# <https://www.gnu.org/licenses/>.
-#
-import functools
-import logging
-import warnings
-from collections import OrderedDict
-from typing import Callable, Dict, List, NamedTuple, Set, Tuple
-
-from django.apps import apps
-from django.dispatch import receiver
-from django.utils.functional import Promise
-from django.utils.translation import gettext_lazy as _, pgettext_lazy
-
-from pretix.base.signals import (
-    register_event_permission_groups, register_organizer_permission_groups,
-)
-
-logger = logging.getLogger(__name__)
-
-
-def cache_until_change(input_value: Callable):
-    def decorator(func):
-        old_input_value = None
-        cached_result = None
-
-        @functools.wraps(func)
-        def wrapper():
-            nonlocal cached_result, old_input_value
-            if cached_result is None or old_input_value != input_value():
-                cached_result = func()
-                old_input_value = input_value()
-            return cached_result
-        return wrapper
-    return decorator
-
-
-class PermissionOption(NamedTuple):
-    actions: Tuple[str, ...]
-    label: str | Promise
-    help_text: str | Promise = None
-
-
-class PermissionGroup(NamedTuple):
-    name: str
-    label: str | Promise
-    actions: List[str]
-    options: List[PermissionOption]
-    help_text: str | Promise = None
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_event_permission_groups() -> Dict[str, PermissionGroup]:
-    types = OrderedDict()
-    for recv, ret in register_event_permission_groups.send(None):
-        if isinstance(ret, (list, tuple)):
-            for r in ret:
-                types[r.name] = r
-        else:
-            types[ret.name] = ret
-    return types
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_organizer_permission_groups() -> Dict[str, PermissionGroup]:
-    types = OrderedDict()
-    for recv, ret in register_organizer_permission_groups.send(None):
-        if isinstance(ret, (list, tuple)):
-            for r in ret:
-                types[r.name] = r
-        else:
-            types[ret.name] = ret
-    return types
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_event_permissions() -> Set[str]:
-    from pretix.helpers.permission_migration import OLD_TO_NEW_EVENT_COMPAT
-
-    res = set(OLD_TO_NEW_EVENT_COMPAT.keys())
-    for pg in get_all_event_permission_groups().values():
-        for a in pg.actions:
-            res.add(f"{pg.name}:{a}")
-    return res
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_organizer_permissions() -> Set[str]:
-    from pretix.helpers.permission_migration import OLD_TO_NEW_ORGANIZER_COMPAT
-
-    res = set(OLD_TO_NEW_ORGANIZER_COMPAT.keys())
-    for pg in get_all_organizer_permission_groups().values():
-        for a in pg.actions:
-            res.add(f"{pg.name}:{a}")
-
-    return res
-
-
-def assert_valid_event_permission(permission, allow_legacy=True, allow_tuple=True):
-    if not apps.ready:
-        # can't really check yet
-        return
-    if allow_legacy and permission == "can_change_settings":
-        permission = "can_change_event_settings"
-    if permission is None:
-        return
-    if isinstance(permission, (AnyPermissionOf, list, tuple)) and allow_tuple:
-        for p in permission:
-            assert_valid_event_permission(p)
-        return
-    if not allow_legacy and ':' not in permission:
-        raise ValueError(f"Not allowed to use legacy permission '{permission}'")
-    all_permissions = get_all_event_permissions()
-    if permission not in all_permissions:
-        # Warning *and* exception because warning is silently caught when used in if statements in Django templates
-        warnings.warn(f"Use of undefined permission '{permission}'")
-        raise Exception(f"Undefined permission '{permission}'")
-
-
-def assert_valid_organizer_permission(permission, allow_legacy=True, allow_tuple=True):
-    if not apps.ready:
-        # can't really check yet
-        return
-    if permission is None:
-        return
-    if isinstance(permission, (AnyPermissionOf, list, tuple)) and allow_tuple:
-        for p in permission:
-            assert_valid_organizer_permission(p)
-        return
-    if not allow_legacy and ':' not in permission:
-        raise ValueError(f"Not allowed to use legacy permission '{permission}'")
-    all_permissions = get_all_organizer_permissions()
-    if permission not in all_permissions:
-        # Warning *and* exception because warning is silently caught when used in if statements in Django templates
-        warnings.warn(f"Use of undefined permission '{permission}'")
-        raise Exception(f"Undefined permission '{permission}'")
-
-
-class AnyPermissionOf(list):
-    def __init__(self, *items):
-        super().__init__(items)
-
-
-OPTS_ALL_READ = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "View")),
-    PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change")),
-]
-OPTS_ALL_READ_SETTINGS_API = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "View"),
-                     help_text=_("API only")),
-    PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change")),
-]
-OPTS_ALL_READ_SETTINGS_PARENT = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "View"),
-                     help_text=_("Menu item will only show up if the user has permission for general settings.")),
-    PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change")),
-]
-OPTS_READ_WRITE = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-    PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View")),
-    PermissionOption(actions=("read", "write"), label=pgettext_lazy("permission_level", "View and change")),
-]
-
-
-@receiver(register_event_permission_groups, dispatch_uid="base_register_default_event_permissions")
-def register_default_event_permissions(sender, **kwargs):
-    return [
-        PermissionGroup(
-            name="event.settings.general",
-            label=_("General settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_API,
-            help_text=_(
-                "This includes access to all settings not listed explicitly below, including plugin settings."
-            ),
-        ),
-        PermissionGroup(
-            name="event.settings.payment",
-            label=_("Payment settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_PARENT,
-        ),
-        PermissionGroup(
-            name="event.settings.tax",
-            label=_("Tax settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_PARENT,
-        ),
-        PermissionGroup(
-            name="event.settings.invoicing",
-            label=_("Invoicing settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_PARENT,
-        ),
-        PermissionGroup(
-            name="event.subevents",
-            label=_("Event series dates"),
-            actions=["write"],
-            options=OPTS_ALL_READ,
-        ),
-        PermissionGroup(
-            name="event.items",
-            label=_("Products, quotas and questions"),
-            actions=["write"],
-            options=OPTS_ALL_READ,
-            help_text=_("Also includes related objects like categories or discounts."),
-        ),
-        PermissionGroup(
-            name="event.orders",
-            label=_("Orders"),
-            actions=["read", "write", "checkin"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("checkin",), label=pgettext_lazy("permission_level", "Only check-in")),
-                PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View all")),
-                PermissionOption(actions=("read", "checkin"), label=pgettext_lazy("permission_level", "View all and check-in")),
-                PermissionOption(actions=("read", "write"), label=pgettext_lazy("permission_level", "View all and change"),
-                                 help_text=_("Includes the ability to cancel and refund individual orders.")),
-            ],
-            help_text=_("Also includes related objects like the waiting list."),
-        ),
-        PermissionGroup(
-            name="event.vouchers",
-            label=_("Vouchers"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="event",
-            label=_("Full event or date cancellation"),
-            actions=["cancel"],
-            options=[
-                # If we ever add more actions, we need a new UI idea here
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "Not allowed")),
-                PermissionOption(actions=("cancel",), label=pgettext_lazy("permission_level", "Allowed")),
-            ],
-            help_text="",
-        ),
-    ]
-
-
-@receiver(register_organizer_permission_groups, dispatch_uid="base_register_default_organizer_permissions")
-def register_default_organizer_permissions(sender, **kwargs):
-    return [
-        PermissionGroup(
-            name="organizer.events",
-            label=_("Events"),
-            actions=["create"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "Access existing events")),
-                PermissionOption(actions=("create",), label=pgettext_lazy("permission_level", "Access existing and create new events")),
-            ],
-            help_text=_("The level of access to events is determined in detail by the settings below."),
-        ),
-        PermissionGroup(
-            name="organizer.settings.general",
-            label=_("Settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_API,
-            help_text=_("This includes access to all organizer-level functionality not listed explicitly below, including plugin settings."),
-        ),
-        PermissionGroup(
-            name="organizer.teams",
-            label=_("Teams"),
-            actions=["write"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change"),
-                                 help_text=_("Includes the ability to give someone (including oneself) additional permissions.")),
-            ],
-        ),
-        PermissionGroup(
-            name="organizer.giftcards",
-            label=_("Gift cards"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="organizer.customers",
-            label=_("Customers"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="organizer.reusablemedia",
-            label=_("Reusable media"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="organizer.devices",
-            label=_("Devices"),
-            actions=["read", "write"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View")),
-                PermissionOption(actions=("read", "write"), label=pgettext_lazy("permission_level", "View and change"),
-                                 help_text=_("Includes the ability to give access to events and data oneself does not have access to.")),
-            ],
-        ),
-        PermissionGroup(
-            name="organizer.seatingplans",
-            label=_("Seating plans"),
-            actions=["write"],
-            options=OPTS_ALL_READ,
-        ),
-        PermissionGroup(
-            name="organizer.outgoingmails",
-            label=_("Outgoing emails"),
-            actions=["read"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View")),
-            ],
-        ),
-    ]

src/pretix/base/plugins.py

@@ -65,7 +65,7 @@ def get_all_plugins(*, event=None, organizer=None) -> List[type]:
             if app.name in settings.PRETIX_PLUGINS_EXCLUDE:
                 continue
 
-            level = getattr(meta, "level", PLUGIN_LEVEL_EVENT)
+            level = getattr(app, "level", PLUGIN_LEVEL_EVENT)
             if level == PLUGIN_LEVEL_EVENT:
                 if event and hasattr(app, 'is_available'):
                     if not app.is_available(event):

src/pretix/base/services/cancelevent.py

@@ -36,7 +36,7 @@ from pretix.base.models import (
     SubEvent, TaxRule, User, WaitingListEntry,
 )
 from pretix.base.services.locking import LockTimeoutException
-from pretix.base.services.mail import mail
+from pretix.base.services.mail import SendMailException, mail
 from pretix.base.services.orders import (
     OrderChangeManager, OrderError, _cancel_order, _try_auto_refund,
 )
@@ -45,6 +45,7 @@ from pretix.base.services.tax import split_fee_for_taxes
 from pretix.base.templatetags.money import money_filter
 from pretix.celery_app import app
 from pretix.helpers import OF_SELF
+from pretix.helpers.format import format_map
 
 logger = logging.getLogger(__name__)
 
@@ -52,14 +53,17 @@ logger = logging.getLogger(__name__)
 def _send_wle_mail(wle: WaitingListEntry, subject: LazyI18nString, message: LazyI18nString, subevent: SubEvent):
     with language(wle.locale, wle.event.settings.region):
         email_context = get_email_context(event_or_subevent=subevent or wle.event, event=wle.event)
-        mail(
-            wle.email,
-            str(subject),
-            message,
-            email_context,
-            wle.event,
-            locale=wle.locale
-        )
+        try:
+            mail(
+                wle.email,
+                format_map(subject, email_context),
+                message,
+                email_context,
+                wle.event,
+                locale=wle.locale
+            )
+        except SendMailException:
+            logger.exception('Waiting list canceled email could not be sent')
 
 
 def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, subevent: SubEvent,
@@ -72,28 +76,36 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s
 
         email_context = get_email_context(event_or_subevent=subevent or order.event, refund_amount=refund_amount,
                                           order=order, position_or_address=ia, event=order.event)
-        order.send_mail(
-            subject, message, email_context,
-            'pretix.event.order.email.event_canceled',
-            user,
-        )
+        real_subject = format_map(subject, email_context)
+        try:
+            order.send_mail(
+                real_subject, message, email_context,
+                'pretix.event.order.email.event_canceled',
+                user,
+            )
+        except SendMailException:
+            logger.exception('Order canceled email could not be sent')
 
         for p in positions:
             if subevent and p.subevent_id != subevent.id:
                 continue
 
             if p.addon_to_id is None and p.attendee_email and p.attendee_email != order.email:
+                real_subject = format_map(subject, email_context)
                 email_context = get_email_context(event_or_subevent=p.subevent or order.event,
                                                   event=order.event,
                                                   refund_amount=refund_amount,
                                                   position_or_address=p,
                                                   order=order, position=p)
-                order.send_mail(
-                    subject, message, email_context,
-                    'pretix.event.order.email.event_canceled',
-                    position=p,
-                    user=user
-                )
+                try:
+                    order.send_mail(
+                        real_subject, message, email_context,
+                        'pretix.event.order.email.event_canceled',
+                        position=p,
+                        user=user
+                    )
+                except SendMailException:
+                    logger.exception('Order canceled email could not be sent to attendee')
 
 
 @app.task(base=ProfiledEventTask, bind=True, max_retries=5, default_retry_delay=1, throws=(OrderError,))

src/pretix/base/services/cart.py

@@ -334,8 +334,7 @@ def _check_position_constraints(
         raise CartPositionError(error_messages['voucher_invalid_subevent'])
 
     # Voucher expired
-    # (checked using real_now_dt as vouchers influence quota calculations)
-    if voucher and voucher.valid_until and voucher.valid_until < real_now_dt:
+    if voucher and voucher.valid_until and voucher.valid_until < time_machine_now_dt:
         raise CartPositionError(error_messages['voucher_expired'])
 
     # Subevent has been disabled
@@ -1529,7 +1528,7 @@ class CartManager:
             self._sales_channel.identifier,
             [
                 (cp.item_id, cp.subevent_id, cp.subevent.date_from if cp.subevent_id else None, cp.line_price_gross,
-                 cp.addon_to, cp.is_bundled, cp.listed_price - cp.price_after_voucher)
+                 bool(cp.addon_to), cp.is_bundled, cp.listed_price - cp.price_after_voucher)
                 for cp in positions
             ]
         )
@@ -1640,7 +1639,7 @@ def get_fees(event, request, _total_ignored_=None, invoice_address=None, payment
         if fee.tax_rule and not fee.tax_rule.pk:
             fee.tax_rule = None  # TODO: deprecate
 
-    apply_rounding(event.settings.tax_rounding, invoice_address, event.currency, [*positions, *fees])
+    apply_rounding(event.settings.tax_rounding, event.currency, [*positions, *fees])
     total = sum([c.price for c in positions]) + sum([f.value for f in fees])
 
     if total != 0 and payments:
@@ -1680,7 +1679,7 @@ def get_fees(event, request, _total_ignored_=None, invoice_address=None, payment
                 fees.append(pf)
 
                 # Re-apply rounding as grand total has changed
-                apply_rounding(event.settings.tax_rounding, invoice_address, event.currency, [*positions, *fees])
+                apply_rounding(event.settings.tax_rounding, event.currency, [*positions, *fees])
                 total = sum([c.price for c in positions]) + sum([f.value for f in fees])
 
                 # Re-calculate to_pay as grand total has changed

src/pretix/base/services/cleanup.py

@@ -23,12 +23,11 @@ from datetime import timedelta
 
 from django.conf import settings
 from django.core.management import call_command
-from django.db.models import Exists, OuterRef
 from django.dispatch import receiver
 from django.utils.timezone import now
 from django_scopes import scopes_disabled
 
-from pretix.base.models import CachedCombinedTicket, CachedTicket, OutgoingMail
+from pretix.base.models import CachedCombinedTicket, CachedTicket
 from pretix.base.models.customers import CustomerSSOGrant
 
 from ..models import CachedFile, CartPosition, InvoiceAddress
@@ -50,18 +49,7 @@ def clean_cart_positions(sender, **kwargs):
 @receiver(signal=periodic_task)
 @scopes_disabled()
 def clean_cached_files(sender, **kwargs):
-    has_queued_email = Exists(
-        OutgoingMail.objects.filter(
-            should_attach_cached_files__pk=OuterRef("pk"),
-            status__in=(
-                OutgoingMail.STATUS_QUEUED,
-                OutgoingMail.STATUS_INFLIGHT,
-                OutgoingMail.STATUS_AWAITING_RETRY,
-                OutgoingMail.STATUS_FAILED,
-            ),
-        )
-    )
-    for cf in CachedFile.objects.filter(expires__isnull=False, expires__lt=now()).exclude(has_queued_email):
+    for cf in CachedFile.objects.filter(expires__isnull=False, expires__lt=now()):
         cf.delete()
 
 

src/pretix/base/services/cross_selling.py

@@ -121,7 +121,7 @@ class CrossSellingService:
             self.sales_channel,
             [
                 (cp.item_id, cp.subevent_id, cp.subevent.date_from if cp.subevent_id else None, cp.line_price_gross,
-                 cp.addon_to, cp.is_bundled,
+                 bool(cp.addon_to), cp.is_bundled,
                  cp.listed_price - cp.price_after_voucher)
                 for cp in self.cartpositions
             ],

src/pretix/base/services/export.py

@@ -34,7 +34,7 @@ from django_scopes import scopes_disabled
 from i18nfield.strings import LazyI18nString
 
 from pretix.base.email import get_email_context
-from pretix.base.exporter import BaseExporter, OrganizerLevelExportMixin
+from pretix.base.exporter import OrganizerLevelExportMixin
 from pretix.base.i18n import LazyLocaleException, language
 from pretix.base.models import (
     CachedFile, Device, Event, Organizer, ScheduledEventExport, TeamAPIToken,
@@ -64,15 +64,7 @@ class ExportEmptyError(ExportError):
 
 
 @app.task(base=ProfiledEventTask, throws=(ExportError, ExportEmptyError), bind=True)
-def export(self, event: Event, user: User, device: int, token: int, fileid: str, provider: str,
-           form_data: Dict[str, Any], staff_session=False) -> None:
-    if user:
-        user = User.objects.get(pk=user)
-    if device:
-        device = Device.objects.get(pk=device)
-    if token:
-        device = TeamAPIToken.objects.get(pk=token)
-
+def export(self, event: Event, fileid: str, provider: str, form_data: Dict[str, Any]) -> None:
     def set_progress(val):
         if not self.request.called_directly:
             self.update_state(
@@ -80,38 +72,30 @@ def export(self, event: Event, user: User, device: int, token: int, fileid: str,
                 meta={'value': val}
             )
 
-    ex = init_event_exporter(
-        identifier=provider,
-        event=event,
-        user=user,
-        token=token,
-        device=device,
-        staff_session=staff_session,
-        progress_callback=set_progress,
-    )
-    if not ex:
-        raise ExportError(
-            gettext('Export not found or you do not have sufficient permission to perform this export.')
-        )
-
     file = CachedFile.objects.get(id=fileid)
     with language(event.settings.locale, event.settings.region), override(event.settings.timezone):
-        if ex.repeatable_read:
-            with repeatable_reads_transaction():
-                d = ex.render(form_data)
-        else:
-            d = ex.render(form_data)
+        responses = register_data_exporters.send(event)
+        for recv, response in responses:
+            if not response:
+                continue
+            ex = response(event, event.organizer, set_progress)
+            if ex.identifier == provider:
+                if ex.repeatable_read:
+                    with repeatable_reads_transaction():
+                        d = ex.render(form_data)
+                else:
+                    d = ex.render(form_data)
 
-        if d is None:
-            raise ExportError(
-                gettext('Your export did not contain any data.')
-            )
-        file.filename, file.type, data = d
+                if d is None:
+                    raise ExportError(
+                        gettext('Your export did not contain any data.')
+                    )
+                file.filename, file.type, data = d
 
-        close_old_connections()  # This task can run very long, we might need a new DB connection
+                close_old_connections()  # This task can run very long, we might need a new DB connection
 
-        f = ContentFile(data)
-        file.file.save(cachedfile_name(file, file.filename), f)
+                f = ContentFile(data)
+                file.file.save(cachedfile_name(file, file.filename), f)
     return str(file.pk)
 
 
@@ -121,7 +105,10 @@ def multiexport(self, organizer: Organizer, user: User, device: int, token: int,
     if device:
         device = Device.objects.get(pk=device)
     if token:
-        token = TeamAPIToken.objects.get(pk=token)
+        device = TeamAPIToken.objects.get(pk=token)
+    allowed_events = (device or token or user).get_events_with_permission('can_view_orders')
+    if user and staff_session:
+        allowed_events = organizer.events.all()
 
     def set_progress(val):
         if not self.request.called_directly:
@@ -131,35 +118,12 @@ def multiexport(self, organizer: Organizer, user: User, device: int, token: int,
             )
 
     file = CachedFile.objects.get(id=fileid)
-
-    event_qs = organizer.events.all()
-    if form_data.get('events') is not None and not form_data.get('all_events'):
-        if form_data['events'] and isinstance(form_data['events'][0], str):  # legacy API-created schedules
-            event_qs = event_qs.filter(slug__in=form_data.get('events'))
-        else:
-            event_qs = event_qs.filter(pk__in=form_data.get('events'))
-
-    ex = init_organizer_exporter(
-        identifier=provider,
-        organizer=organizer,
-        user=user,
-        token=token,
-        device=device,
-        staff_session=staff_session,
-        progress_callback=set_progress,
-        event_qs=event_qs,
-    )
-    if not ex:
-        raise ExportError(
-            gettext('Export not found or you do not have sufficient permission to perform this export.')
-        )
-
     if user:
         locale = user.locale
         timezone = user.timezone
         region = None  # todo: add to user?
     else:
-        e = ex.events.first()
+        e = allowed_events.first()
         if e:
             locale = e.settings.locale
             timezone = e.settings.timezone
@@ -169,138 +133,45 @@ def multiexport(self, organizer: Organizer, user: User, device: int, token: int,
             timezone = organizer.settings.timezone or settings.TIME_ZONE
             region = organizer.settings.region
     with language(locale, region), override(timezone):
-        if ex.repeatable_read:
-            with repeatable_reads_transaction():
-                d = ex.render(form_data)
+        if form_data.get('events') is not None and not form_data.get('all_events'):
+            if isinstance(form_data['events'][0], str):
+                events = allowed_events.filter(slug__in=form_data.get('events'), organizer=organizer)
+            else:
+                events = allowed_events.filter(pk__in=form_data.get('events'), organizer=organizer)
         else:
-            d = ex.render(form_data)
-        if d is None:
-            raise ExportError(
-                gettext('Your export did not contain any data.')
-            )
-        file.filename, file.type, data = d
+            events = allowed_events.filter(organizer=organizer)
+        responses = register_multievent_data_exporters.send(organizer)
 
-        close_old_connections()  # This task can run very long, we might need a new DB connection
-
-        f = ContentFile(data)
-        file.file.save(cachedfile_name(file, file.filename), f)
-    return str(file.pk)
-
-
-def init_event_exporter(identifier, **kwargs):
-    for ex in init_event_exporters(**kwargs):
-        if ex.identifier == identifier:
-            return ex
-    return None
-
-
-def init_event_exporters(event, user=None, token=None, device=None, request=None, staff_session=False, **kwargs):
-    if not user and not token and not device:
-        raise ValueError("No auth source given.")
-    perm_holder = device or token or user
-
-    responses = register_data_exporters.send(event)
-    for r, response in responses:
-        if not response:
-            continue
-
-        if issubclass(response, OrganizerLevelExportMixin):
-            raise TypeError("Cannot user organizer-level exporter on event level")
-
-        permission_name = response.get_required_event_permission()
-        if not perm_holder.has_event_permission(event.organizer, event, permission_name, request) and not staff_session:
-            continue
-
-        exporter: BaseExporter = response(event=event, organizer=event.organizer, **kwargs)
-
-        if not exporter.available_for_user(user if user and user.is_authenticated else None):
-            continue
-
-        yield exporter
-
-
-def init_organizer_exporter(identifier, **kwargs):
-    for ex in init_organizer_exporters(**kwargs):
-        if ex.identifier == identifier:
-            return ex
-    return None
-
-
-def init_organizer_exporters(
-    organizer, user=None, token=None, device=None, request=None, staff_session=False, event_qs=None, **kwargs
-):
-    if not user and not token and not device:
-        raise ValueError("No auth source given.")
-    perm_holder = device or token or user
-
-    _event_list_cache = {}
-    _has_permission_on_any_team_cache = {}
-    _team_cache = None
-
-    responses = register_multievent_data_exporters.send(organizer)
-    for r, response in responses:
-        if not response:
-            continue
-
-        if issubclass(response, OrganizerLevelExportMixin):
-            exporter: BaseExporter = response(event=Event.objects.none(), organizer=organizer, **kwargs)
-
-            try:
-                if not perm_holder.has_organizer_permission(organizer, response.get_required_organizer_permission(), request) and not staff_session:
-                    continue
-            except NotImplementedError:
-                logger.error(f"Not showing export {response} because get_required_organizer_permission() is not implemented.")
+        for recv, response in responses:
+            if not response:
                 continue
-
-        else:
-            permission_name = response.get_required_event_permission()
-
-            if permission_name not in _event_list_cache:
-                if staff_session:
-                    events = event_qs.all() if event_qs else organizer.events.all()
-                elif event_qs is not None:
-                    events = event_qs.filter(
-                        pk__in=perm_holder.get_events_with_permission(
-                            permission_name, request=request
-                        ).filter(
-                            organizer=organizer
-                        ).values("id")
+            ex = response(events, organizer, set_progress)
+            if ex.identifier == provider:
+                if (
+                    isinstance(ex, OrganizerLevelExportMixin) and
+                    not staff_session and
+                    not (device or token or user).has_organizer_permission(organizer, ex.organizer_required_permission)
+                ):
+                    raise ExportError(
+                        gettext('You do not have sufficient permission to perform this export.')
                     )
+
+                if ex.repeatable_read:
+                    with repeatable_reads_transaction():
+                        d = ex.render(form_data)
                 else:
-                    events = perm_holder.get_events_with_permission(
-                        permission_name, request=request
-                    ).filter(
-                        organizer=organizer
+                    d = ex.render(form_data)
+                if d is None:
+                    raise ExportError(
+                        gettext('Your export did not contain any data.')
                     )
+                file.filename, file.type, data = d
 
-                _event_list_cache[permission_name] = events
+                close_old_connections()  # This task can run very long, we might need a new DB connection
 
-            if permission_name not in _has_permission_on_any_team_cache:
-                # Check if the user has this event permission on any teams they are part of to decide whether to show
-                # the export at all.
-                # This is different from _event_list_cache[permission_name].exists() for the case of an organizer with
-                # zero events in total, or a team with zero events. In these cases, we still want people to be able
-                # to see waht exports they'll get once they have events.
-                if user:
-                    if _team_cache is None:
-                        _team_cache = list(user.teams.filter(organizer=organizer))
-                    _has_permission_on_any_team_cache[permission_name] = staff_session or any(
-                        t.has_event_permission(permission_name) for t in _team_cache
-                    )
-                elif token:
-                    _has_permission_on_any_team_cache[permission_name] = token.team.has_event_permission(permission_name)
-                elif device:
-                    _has_permission_on_any_team_cache[permission_name] = device.has_event_permission(permission_name)
-
-            if not _has_permission_on_any_team_cache[permission_name] and not staff_session:
-                continue
-
-            exporter: BaseExporter = response(event=_event_list_cache[permission_name], organizer=organizer, **kwargs)
-
-        if not exporter.available_for_user(user if user and user.is_authenticated else None):
-            continue
-
-        yield exporter
+                f = ContentFile(data)
+                file.file.save(cachedfile_name(file, file.filename), f)
+    return str(file.pk)
 
 
 def _run_scheduled_export(schedule, context: Union[Event, Organizer], exporter, config_url, retry_func, has_permission):
@@ -346,7 +217,7 @@ def _run_scheduled_export(schedule, context: Union[Event, Organizer], exporter,
 
         try:
             if not exporter:
-                raise ExportError("Export type not found or permission denied.")
+                raise ExportError("Export type not found.")
             if exporter.repeatable_read:
                 with repeatable_reads_transaction():
                     d = exporter.render(schedule.export_form_data)
@@ -420,20 +291,31 @@ def _run_scheduled_export(schedule, context: Union[Event, Organizer], exporter,
 def scheduled_organizer_export(self, organizer: Organizer, schedule: int) -> None:
     schedule = organizer.scheduled_exports.get(pk=schedule)
 
-    event_qs = organizer.events.all()
+    allowed_events = schedule.owner.get_events_with_permission('can_view_orders')
     if schedule.export_form_data.get('events') is not None and not schedule.export_form_data.get('all_events'):
         if isinstance(schedule.export_form_data['events'][0], str):
-            event_qs = event_qs.filter(slug__in=schedule.export_form_data.get('events'))
+            events = allowed_events.filter(slug__in=schedule.export_form_data.get('events'), organizer=organizer)
         else:
-            event_qs = event_qs.filter(pk__in=schedule.export_form_data.get('events'))
+            events = allowed_events.filter(pk__in=schedule.export_form_data.get('events'), organizer=organizer)
+    else:
+        events = allowed_events.filter(organizer=organizer)
+
+    responses = register_multievent_data_exporters.send(organizer)
+    exporter = None
+    for recv, response in responses:
+        if not response:
+            continue
+        ex = response(events, organizer)
+        if ex.identifier == schedule.export_identifier:
+            exporter = ex
+            break
 
-    exporter = init_organizer_exporter(
-        identifier=schedule.export_identifier,
-        organizer=organizer,
-        user=schedule.owner,
-        event_qs=event_qs,
-    )
     has_permission = schedule.owner.is_active
+    if isinstance(exporter, OrganizerLevelExportMixin):
+        if not schedule.owner.has_organizer_permission(organizer, exporter.organizer_required_permission):
+            has_permission = False
+    if exporter and not exporter.available_for_user(schedule.owner):
+        has_permission = False
 
     _run_scheduled_export(
         schedule,
@@ -454,12 +336,17 @@ def scheduled_organizer_export(self, organizer: Organizer, schedule: int) -> Non
 def scheduled_event_export(self, event: Event, schedule: int) -> None:
     schedule = event.scheduled_exports.get(pk=schedule)
 
-    exporter = init_event_exporter(
-        identifier=schedule.export_identifier,
-        event=event,
-        user=schedule.owner,
-    )
-    has_permission = schedule.owner.is_active
+    responses = register_data_exporters.send(event)
+    exporter = None
+    for recv, response in responses:
+        if not response:
+            continue
+        ex = response(event, event.organizer)
+        if ex.identifier == schedule.export_identifier:
+            exporter = ex
+            break
+
+    has_permission = schedule.owner.is_active and schedule.owner.has_event_permission(event.organizer, event, 'can_view_orders')
 
     _run_scheduled_export(
         schedule,

src/pretix/base/services/invoices.py

@@ -51,7 +51,6 @@ from django_scopes import scope, scopes_disabled
 from i18nfield.strings import LazyI18nString
 
 from pretix.base.i18n import language
-from pretix.base.invoicing.pdf import InvoiceNotReadyException
 from pretix.base.invoicing.transmission import (
     get_transmission_types, transmission_providers,
 )
@@ -505,7 +504,7 @@ def generate_invoice(order: Order, trigger_pdf=True):
     return invoice
 
 
-@app.task(base=TransactionAwareTask, throws=(InvoiceNotReadyException,))
+@app.task(base=TransactionAwareTask)
 def invoice_pdf_task(invoice: int):
     with scopes_disabled():
         i = Invoice.objects.get(pk=invoice)
@@ -522,20 +521,9 @@ def invoice_pdf_task(invoice: int):
 
 
 def invoice_qualified(order: Order):
-    if order.total == Decimal('0.00'):
+    if order.total == Decimal('0.00') or order.require_approval or \
+            order.sales_channel.identifier not in order.event.settings.get('invoice_generate_sales_channels'):
         return False
-    if order.require_approval:
-        return False
-    if order.sales_channel.identifier not in order.event.settings.invoice_generate_sales_channels:
-        return False
-    if order.status in (Order.STATUS_CANCELED, Order.STATUS_EXPIRED):
-        return False
-    if order.event.settings.invoice_generate_only_business:
-        try:
-            ia = order.invoice_address
-            return ia.is_business
-        except InvoiceAddress.DoesNotExist:
-            return False
     return True
 
 

src/pretix/base/services/notifications.py

@@ -19,8 +19,6 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-import uuid
-
 import css_inline
 from django.conf import settings
 from django.template.loader import get_template
@@ -28,9 +26,7 @@ from django.utils.timezone import override
 from django_scopes import scope, scopes_disabled
 
 from pretix.base.i18n import language
-from pretix.base.models import (
-    LogEntry, NotificationSetting, OutgoingMail, User,
-)
+from pretix.base.models import LogEntry, NotificationSetting, User
 from pretix.base.notifications import Notification, get_all_notification_types
 from pretix.base.services.mail import mail_send_task
 from pretix.base.services.tasks import ProfiledTask, TransactionAwareTask
@@ -157,26 +153,16 @@ def send_notification_mail(notification: Notification, user: User):
     tpl_plain = get_template('pretixbase/email/notification.txt')
     body_plain = tpl_plain.render(ctx)
 
-    guid = uuid.uuid4()
-    m = OutgoingMail.objects.create(
-        guid=guid,
-        user=user,
-        to=[user.email],
-        subject='[{}] {}: {}'.format(
+    mail_send_task.apply_async(kwargs={
+        'to': [user.email],
+        'subject': '[{}] {}: {}'.format(
             settings.PRETIX_INSTANCE_NAME,
             notification.event.settings.mail_prefix or notification.event.slug.upper(),
             notification.title
         ),
-        body_plain=body_plain,
-        body_html=body_html,
-        sender=settings.MAIL_FROM_NOTIFICATIONS,
-        headers={
-            'X-Auto-Response-Suppress': 'OOF, NRN, AutoReply, RN',
-            'Auto-Submitted': 'auto-generated',
-            'X-Mailer': 'pretix',
-            'X-PX-Correlation': str(guid),
-        },
-    )
-    mail_send_task.apply_async(kwargs={
-        'outgoing_mail': m.pk,
+        'body': body_plain,
+        'html': body_html,
+        'sender': settings.MAIL_FROM_NOTIFICATIONS,
+        'headers': {},
+        'user': user.pk
     })