Fix mail headers being None

.github/workflows/build.yml

@@ -24,7 +24,7 @@ jobs:
     name: Packaging
     strategy:
       matrix:
-        python-version: ["3.13"]
+        python-version: ["3.11"]
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}

.github/workflows/strings.yml

@@ -24,10 +24,10 @@ jobs:
     name: Check gettext syntax
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
@@ -49,10 +49,10 @@ jobs:
     name: Spellcheck
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip

.github/workflows/style.yml

@@ -24,10 +24,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
@@ -44,10 +44,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - uses: actions/cache@v4
         with:
           path: ~/.cache/pip
@@ -64,10 +64,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python 3.13
+      - name: Set up Python 3.11
         uses: actions/setup-python@v5
         with:
-          python-version: 3.13
+          python-version: 3.11
       - name: Install Dependencies
         run: pip3 install licenseheaders
       - name: Run licenseheaders

.github/workflows/tests.yml

@@ -23,15 +23,13 @@ jobs:
     name: Tests
     strategy:
       matrix:
-        python-version: ["3.11", "3.13", "3.14"]
+        python-version: ["3.10", "3.11", "3.13"]
         database: [sqlite, postgres]
         exclude:
           - database: sqlite
             python-version: "3.10"
           - database: sqlite
             python-version: "3.11"
-          - database: sqlite
-            python-version: "3.12"
     services:
       postgres:
         image: postgres:15
@@ -83,4 +81,4 @@ jobs:
           file: src/coverage.xml
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: false
-        if: matrix.database == 'postgres' && matrix.python-version == '3.13'
+        if: matrix.database == 'postgres' && matrix.python-version == '3.11'

doc/api/deviceauth.rst

@@ -197,11 +197,10 @@ Permissions & security profiles
 
 Device authentication is currently hardcoded to grant the following permissions:
 
-* Read event meta data and products etc.
-* Read and write orders
-* Read and write gift cards
-* Read and write reusable media
-* Read vouchers
+* View event meta data and products etc.
+* View orders
+* Change orders
+* Manage gift cards
 
 Devices cannot change events or products and cannot access vouchers.
 

doc/api/resources/devices.rst

@@ -30,7 +30,7 @@ software_brand                        string                     Device software
 software_version                      string                     Device software version (read-only)
 created                               datetime                   Creation time
 initialized                           datetime                   Time of initialization (or ``null``)
-initialization_token                  string                     Token for initialization (field invisible without write permission)
+initialization_token                  string                     Token for initialization
 revoked                               boolean                    Whether this device no longer has access
 security_profile                      string                     The name of a supported security profile restricting API access
 ===================================== ========================== =======================================================

doc/api/resources/events.rst

@@ -65,6 +65,8 @@ Endpoints
 
    Returns a list of all events within a given organizer the authenticated user/token has access to.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -159,6 +161,8 @@ Endpoints
 
    Returns information on one event, identified by its slug.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -230,6 +234,8 @@ Endpoints
    Please note that events cannot be created as 'live' using this endpoint. Quotas and payment must be added to the
    event before sales can go live.
 
+   Permission required: "Can create events"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -332,6 +338,8 @@ Endpoints
    Please note that you can only copy from events under the same organizer this way. Use the ``clone_from`` parameter
    when creating a new event for this instead.
 
+   Permission required: "Can create events"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -425,6 +433,8 @@ Endpoints
 
    Updates an event
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -500,6 +510,8 @@ Endpoints
 
    Delete an event. Note that events with orders cannot be deleted to ensure data integrity.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -549,6 +561,8 @@ organizer level.
 
    Get current values of event settings.
 
+   Permission required: "Can change event settings" (Exception: with device auth, *some* settings can always be *read*.)
+
    **Example request**:
 
    .. sourcecode:: http
@@ -601,8 +615,6 @@ organizer level.
 
    Updates event settings. Note that ``PUT`` is not allowed here, only ``PATCH``.
 
-   Permission "Can change event settings" is always required. Some keys require additional permissions.
-
     .. warning::
 
        Settings can be stored at different levels in pretix. If a value is not set on event level, a default setting

doc/api/resources/orders.rst

@@ -117,8 +117,6 @@ cancellation_date                     datetime                   Time of order c
                                                                  reliable for orders that have been cancelled,
                                                                  reactivated and cancelled again.
 plugin_data                           object                     Additional data added by plugins.
-use_gift_cards                        list of strings            List of unique gift card secrets that are used to pay
-                                                                 for this order.
 ===================================== ========================== =======================================================
 
 
@@ -158,10 +156,6 @@ use_gift_cards                        list of strings            List of unique
 
    The ``tax_rounding_mode`` attribute has been added.
 
-.. versionchanged:: 2026.03
-
-   The ``use_gift_cards`` attribute has been added.
-
 .. _order-position-resource:
 
 Order position resource
@@ -993,6 +987,8 @@ Creating orders
 
        * does not support file upload questions
 
+       * does not support redeeming gift cards
+
        * does not support or validate memberships
 
 
@@ -1099,14 +1095,6 @@ Creating orders
      whether these emails are enabled for certain sales channels. If set to ``null``, behavior will be controlled by pretix'
      settings based on the sales channels (added in pretix 4.7). Defaults to ``false``.
      Used to be ``send_mail`` before pretix 3.14.
-   * ``use_gift_cards`` (optional) The provided gift cards will be used to pay for this order. They will be debited and
-     all the necessary payment records for these transactions will be created. The gift cards will be used in sequence to
-     pay for the order. Processing of the gift cards stops as soon as the order is payed for. All gift card transactions
-     are listed under ``payments`` in the response.
-     This option can only be used with orders that are in the pending state.
-     The ``use_gift_cards`` attribute can not be combined with ``payment_info`` and ``payment_provider`` fields. If the
-     order isn't completely paid after its creation with ``use_gift_cards``, then a subsequent request to the payment
-     endpoint is needed.
 
    If you want to use add-on products, you need to set the ``positionid`` fields of all positions manually
    to incrementing integers starting with ``1``. Then, you can reference one of these
@@ -1731,56 +1719,6 @@ List of all order positions
    :statuscode 401: Authentication failure
    :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
 
-.. http:get:: /api/v1/organizers/(organizer)/orderpositions/
-
-   Returns a list of all order positions within all events of a given organizer (with sufficient access permissions).
-
-   The supported query parameters and output format of this endpoint are almost identical to those of the list endpoint
-   within an event.
-   The only changes are that responses also contain the ``event`` attribute in each result and that the 'pdf_data'
-   parameter is not supported.
-
-   **Example request**:
-
-   .. sourcecode:: http
-
-      GET /api/v1/organizers/bigevents/orderpositions/ HTTP/1.1
-      Host: pretix.eu
-      Accept: application/json, text/javascript
-
-   **Example response**:
-
-   .. sourcecode:: http
-
-      HTTP/1.1 200 OK
-      Vary: Accept
-      Content-Type: application/json
-      X-Page-Generated: 2017-12-01T10:00:00Z
-
-      {
-        "count": 1,
-        "next": null,
-        "previous": null,
-        "results": [
-          {
-            "id:": 23442
-            "event": "sampleconf",
-            "order": "ABC12",
-            "positionid": 1,
-            "canceled": false,
-            "item": 1345,
-            ...
-          }
-        ]
-      }
-
-   :param organizer: The ``slug`` field of the organizer to fetch
-   :statuscode 200: no error
-   :statuscode 401: Authentication failure
-   :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view this resource.
-
-
-
 Fetching individual positions
 -----------------------------
 

doc/api/resources/organizers.rst

@@ -110,6 +110,8 @@ Endpoints
 
    Updates an organizer. Currently only the ``plugins`` field may be updated.
 
+   Permission required: "Can change organizer settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -170,6 +172,8 @@ information about the properties.
 
    Get current values of organizer settings.
 
+   Permission required: "Can change organizer settings"
+
    **Example request**:
 
    .. sourcecode:: http

doc/api/resources/reusablemedia.rst

@@ -154,7 +154,7 @@ Endpoints
 .. http:post:: /api/v1/organizers/(organizer)/reusablemedia/lookup/
 
    Look up a new reusable medium by its identifier. In some cases, this might lead to the automatic creation of a new
-   medium behind the scenes, therefore this endpoint requires write permissions.
+   medium behind the scenes.
 
    This endpoint, and this endpoint only, might return media from a different organizer if there is a cross-acceptance
    agreement. In this case, only linked gift cards will be returned, no order position or customer records,

doc/api/resources/subevents.rst

@@ -154,6 +154,8 @@ Endpoints
 
    Creates a new subevent.
 
+   Permission required: "Can create events"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -298,6 +300,8 @@ Endpoints
    provide all fields of the resource, other fields will be reset to default. With ``PATCH``, you only need to provide
    the fields that you want to change.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http
@@ -369,6 +373,8 @@ Endpoints
 
    Delete a sub-event. Note that events with orders cannot be deleted to ensure data integrity.
 
+   Permission required: "Can change event settings"
+
    **Example request**:
 
    .. sourcecode:: http

doc/api/resources/teams.rst

@@ -24,58 +24,21 @@ all_events                            boolean                    Whether this te
 limit_events                          list                       List of event slugs this team has access to
 require_2fa                           boolean                    Whether members of this team are required to use
                                                                  two-factor authentication
-all_event_permissions                 bool                       Whether members of this team are granted all event-level
-                                                                 permissions, including future additions
-limit_event_permissions               list of strings            The event-level permissions team members are granted
-all_organizer_permissions             bool                       Whether members of this team are granted all organizer-level
-                                                                 permissions, including future additions
-all_organizer_permissions             list of strings            The organizer-level permissions team members are granted
-can_create_events                     boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_change_teams                      boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_change_organizer_settings         boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_manage_customers                  boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_manage_reusable_media             boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_manage_gift_cards                 boolean                    **DEPRECATED**. Legacy interface, use ``limit_organizer_permissions``.
-can_change_event_settings             boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_change_items                      boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_view_orders                       boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_change_orders                     boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_view_vouchers                     boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_change_vouchers                   boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
-can_checkin_orders                    boolean                    **DEPRECATED**. Legacy interface, use ``limit_event_permissions``.
+can_create_events                     boolean
+can_change_teams                      boolean
+can_change_organizer_settings         boolean
+can_manage_customers                  boolean
+can_manage_reusable_media             boolean
+can_manage_gift_cards                 boolean
+can_change_event_settings             boolean
+can_change_items                      boolean
+can_view_orders                       boolean
+can_change_orders                     boolean
+can_view_vouchers                     boolean
+can_change_vouchers                   boolean
+can_checkin_orders                    boolean
 ===================================== ========================== =======================================================
 
-Possible values for ``limit_organizer_permissions`` defined in the core pretix system (plugins might add more)::
-
-    organizer.events:create
-    organizer.settings.general:write
-    organizer.teams:write
-    organizer.seatingplans:write
-    organizer.giftcards:read
-    organizer.giftcards:write
-    organizer.customers:read
-    organizer.customers:write
-    organizer.reusablemedia:read
-    organizer.reusablemedia:write
-    organizer.devices:read
-    organizer.devices:write
-    organizer.outgoingmails:read
-
-Possible values for ``limit_event_permissions`` defined in the core pretix system (plugins might add more)::
-
-    event.settings.general:write
-    event.settings.payment:write
-    event.settings.tax:write
-    event.settings.invoicing:write
-    event.subevents:write
-    event.items:write
-    event.orders:read
-    event.orders:write
-    event.orders:checkin
-    event.vouchers:read
-    event.vouchers:write
-    event:cancel
-
 Team member resource
 --------------------
 
@@ -158,10 +121,6 @@ Team endpoints
             "all_events": true,
             "limit_events": [],
             "require_2fa": true,
-            "all_event_permissions": true,
-            "limit_event_permissions": [],
-            "all_organizer_permissions": true,
-            "limit_organizer_permissions": [],
             "can_create_events": true,
             ...
           }
@@ -200,10 +159,6 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": true,
-        "limit_organizer_permissions": [],
         "can_create_events": true,
         ...
       }
@@ -232,10 +187,7 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": true,
-        "limit_organizer_permissions": [],
+        "can_create_events": true,
         ...
       }
 
@@ -253,10 +205,6 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": true,
-        "limit_organizer_permissions": [],
         "can_create_events": true,
         ...
       }
@@ -284,8 +232,7 @@ Team endpoints
       Content-Length: 94
 
       {
-        "all_organizer_permissions": false,
-        "limit_organizer_permissions": ["organizer.events:create"]
+        "can_create_events": true
       }
 
    **Example response**:
@@ -302,10 +249,6 @@ Team endpoints
         "all_events": true,
         "limit_events": [],
         "require_2fa": true,
-        "all_event_permissions": true,
-        "limit_event_permissions": [],
-        "all_organizer_permissions": false,
-        "limit_organizer_permissions": ["organizer.events:create"],
         "can_create_events": true,
         ...
       }

doc/api/resources/webhooks.rst

@@ -60,9 +60,6 @@ The following values for ``action_types`` are valid with pretix core:
     * ``pretix.event.added``
     * ``pretix.event.changed``
     * ``pretix.event.deleted``
-    * ``pretix.giftcards.created``
-    * ``pretix.giftcards.modified``
-    * ``pretix.giftcards.transaction.*``
     * ``pretix.voucher.added``
     * ``pretix.voucher.changed``
     * ``pretix.voucher.deleted``

doc/development/api/customview.rst

@@ -55,12 +55,12 @@ your views:
     )
 
     class AdminView(EventPermissionRequiredMixin, View):
-        permission = 'event.orders:read'
+        permission = 'can_view_orders'
 
         ...
 
 
-    @event_permission_required('event.orders:read')
+    @event_permission_required('can_view_orders')
     def admin_view(request, organizer, event):
         ...
 
@@ -78,7 +78,7 @@ event-related views, there is also a signal that allows you to add the view to t
     @receiver(nav_event, dispatch_uid='friends_tickets_nav')
     def navbar_info(sender, request, **kwargs):
         url = resolve(request.path_info)
-        if not request.user.has_event_permission(request.organizer, request.event, 'event.vouchers:read'):
+        if not request.user.has_event_permission(request.organizer, request.event, 'can_change_vouchers'):
             return []
         return [{
             'label': _('My plugin view'),
@@ -118,7 +118,7 @@ for good integration. If you just want to display a form, you could do it like t
 
     class MySettingsView(EventSettingsViewMixin, EventSettingsFormView):
         model = Event
-        permission = 'event.settings.general:write'
+        permission = 'can_change_settings'
         form_class = MySettingsForm
         template_name = 'my_plugin/settings.html'
 
@@ -204,13 +204,13 @@ In case of ``orga_router`` and ``event_router``, permission checking is done for
 in the control panel. However, you need to make sure on your own only to return the correct subset of data! ``request
 .event`` and ``request.organizer`` are available as usual.
 
-To require a special permission like ``event.orders:read``, you do not need to inherit from a special ViewSet base
+To require a special permission like ``can_view_orders``, you do not need to inherit from a special ViewSet base
 class, you can just set the ``permission`` attribute on your viewset:
 
 .. code-block:: python
 
     class MyViewSet(ModelViewSet):
-        permission = 'event.orders:read'
+        permission = 'can_view_orders'
         ...
 
 If you want to check the permission only for some methods of your viewset, you have to do it yourself. Note here that
@@ -220,7 +220,7 @@ following:
 .. code-block:: python
 
     perm_holder = (request.auth if isinstance(request.auth, TeamAPIToken) else request.user)
-    if perm_holder.has_event_permission(request.event.organizer, request.event, 'event.orders:read'):
+    if perm_holder.has_event_permission(request.event.organizer, request.event, 'can_view_orders'):
         ...
 
 

doc/development/api/exporter.rst

@@ -80,24 +80,8 @@ The exporter class
 
    .. autoattribute:: category
 
-   .. autoattribute:: feature
-
    .. autoattribute:: export_form_fields
 
-   .. autoattribute:: repeatable_read
-
    .. automethod:: render
 
       This is an abstract method, you **must** override this!
-
-   .. automethod:: available_for_user
-
-   .. automethod:: get_required_event_permission
-
-On organizer level, by default exporters are expected to handle on a *set of events* and the system will automatically
-add a form field that allows the selection of events, limited to events the user has correct permissions for. If this
-does not fit your organizer, because it is not related to events, you should **also** inherit from the following class:
-
-.. class:: pretix.base.exporter.OrganizerLevelExportMixin
-
-   .. automethod:: get_required_organizer_permission

doc/development/api/general.rst

@@ -14,8 +14,7 @@ Core
    :members: periodic_task, event_live_issues, event_copy_data, email_filter, register_notification_types, notification,
       item_copy_data, register_sales_channel_types, register_global_settings, quota_availability, global_email_filter,
       register_ticket_secret_generators, gift_card_transaction_display,
-      register_text_placeholders, register_mail_placeholders, device_info_updated,
-      register_event_permission_groups, register_organizer_permission_groups
+      register_text_placeholders, register_mail_placeholders, device_info_updated
 
 Order events
 """"""""""""

doc/development/implementation/logging.rst

@@ -196,7 +196,7 @@ A simple implementation could look like this:
 .. code-block:: python
 
     class MyNotificationType(NotificationType):
-        required_permission = "event.orders:read"
+        required_permission = "can_view_orders"
         action_type = "pretix.event.order.paid"
         verbose_name = _("Order has been paid")
 

doc/development/implementation/permissions.rst

@@ -2,7 +2,7 @@ Permissions
 ===========
 
 pretix uses a fine-grained permission system to control who is allowed to control what parts of the system.
-The central concept here is the concept of *Teams*. You can read more on `configuring teams and permissions`_
+The central concept here is the concept of *Teams*. You can read more on `configuring teams and permissions <user-teams>`_
 and the :class:`pretix.base.models.Team` model in the respective parts of the documentation. The basic digest is:
 An organizer account can have any number of teams, and any number of users can be part of a team. A team can be
 assigned a set of permissions and connected to some or all of the events of the organizer.
@@ -25,8 +25,8 @@ permission level to access a view:
 
 
     class MyOrgaView(OrganizerPermissionRequiredMixin, View):
-        permission = 'organizer.settings.general:write'
-        # Only users with the permission ``organizer.settings.general:write`` on
+        permission = 'can_change_organizer_settings'
+        # Only users with the permission ``can_change_organizer_settings`` on
         # this organizer can access this
 
 
@@ -35,9 +35,9 @@ permission level to access a view:
         # Only users with *any* permission on this organizer can access this
 
 
-    @organizer_permission_required('organizer.settings.general:write')
+    @organizer_permission_required('can_change_organizer_settings')
     def my_orga_view(request, organizer, **kwargs):
-        # Only users with the permission ``organizer.settings.general:write`` on
+        # Only users with the permission ``can_change_organizer_settings`` on
         # this organizer can access this
 
 
@@ -56,8 +56,8 @@ Of course, the same is available on event level:
 
 
     class MyEventView(EventPermissionRequiredMixin, View):
-        permission = 'event.settings.general:write'
-        # Only users with the permission ``event.settings.general:write`` on
+        permission = 'can_change_event_settings'
+        # Only users with the permission ``can_change_event_settings`` on
         # this event can access this
 
 
@@ -65,16 +65,13 @@ Of course, the same is available on event level:
         permission = None
         # Only users with *any* permission on this event can access this
 
-    class MyThirdEventView(EventPermissionRequiredMixin, View):
-        permission = AnyPermissionOf('event.settings.payment:write', 'event.settings.general:write')
-        # Only users with at least one of the specified permissions on this event
-        # can access this
 
-    @event_permission_required('event.settings.general:write')
+    @event_permission_required('can_change_event_settings')
     def my_event_view(request, organizer, **kwargs):
-        # Only users with the permission ``event.settings.general:write`` on
+        # Only users with the permission ``can_change_event_settings`` on
         # this event can access this
 
+
     @event_permission_required()
     def my_other_event_view(request, organizer, **kwargs):
         # Only users with *any* permission on this event can access this
@@ -124,7 +121,7 @@ When creating your own ``viewset`` using Django REST framework, you just need to
 and pretix will check it automatically for you::
 
     class MyModelViewSet(viewsets.ReadOnlyModelViewSet):
-        permission = 'event.orders:read'
+        permission = 'can_view_orders'
 
 Checking permission in code
 ---------------------------
@@ -139,12 +136,12 @@ Return all users that are in any team that is connected to this event::
 
 Return all users that are in a team with a specific permission for this event::
 
-    >>> event.get_users_with_permission('event.orders:read')
+    >>> event.get_users_with_permission('can_change_event_settings')
     <QuerySet: …>
 
 Determine if a user has a certain permission for a specific event::
 
-    >>> user.has_event_permission(organizer, event, 'event.orders:read', request=request)
+    >>> user.has_event_permission(organizer, event, 'can_change_event_settings', request=request)
     True
 
 Determine if a user has any permission for a specific event::
@@ -156,27 +153,27 @@ In the two previous commands, the ``request`` argument is optional, but required
 
 The same method exists for organizer-level permissions::
 
-    >>> user.has_organizer_permission(organizer, 'event.orders:read', request=request)
+    >>> user.has_organizer_permission(organizer, 'can_change_event_settings', request=request)
     True
 
 Sometimes, it might be more useful to get the set of permissions at once::
 
     >>> user.get_event_permission_set(organizer, event)
-    {'event.settings.general:write', 'event.orders:read', 'event.orders:write'}
+    {'can_change_event_settings', 'can_view_orders', 'can_change_orders'}
 
     >>> user.get_organizer_permission_set(organizer, event)
-    {'organizer.settings.general:write', 'organizer.events:create'}
+    {'can_change_organizer_settings', 'can_create_events'}
 
 Within a view on the ``/control`` subpath, the results of these two methods are already available in the
 ``request.eventpermset`` and ``request.orgapermset`` properties. This makes it convenient to query them in templates::
 
-    {% if "event.orders:write" in request.eventpermset %}
+    {% if "can_change_orders" in request.eventpermset %}
         …
     {% endif %}
 
 You can also do the reverse to get any events a user has access to::
 
-    >>> user.get_events_with_permission('event.settings.general:write', request=request)
+    >>> user.get_events_with_permission('can_change_event_settings', request=request)
     <QuerySet: …>
 
     >>> user.get_events_with_any_permission(request=request)
@@ -198,53 +195,3 @@ staff mode is active. You can check if a user is in staff mode using their sessi
 Staff mode has a hard time limit and during staff mode, a middleware will log all requests made by that user. Later,
 the user is able to also save a message to comment on what they did in their administrative session. This feature is
 intended to help compliance with data protection rules as imposed e.g. by GDPR.
-
-Adding permissions
-------------------
-
-Plugins can add permissions through the ``register_event_permission_groups`` and ``register_organizer_permission_groups``.
-We recommend to use this only for very significant permissions, as the system will become less usable with too many
-permission levels, also because the team page will show all permission options, even those of disabled plugins.
-
-To register your permissions, you need to register a **permission group** (often representing an area of functionality
-or a key model). Below that group, there are **actions**, which represent the actual permissions. Permissions will be
-generated as ``<group_name>:<action>``. Then, you need to define **options** which are the valid combinations of the
-actions that should be possible to select for a team. This two-step mechanism exists to provide a better user experience
-and avoid useless combinations like "write but not read".
-
-Example::
-
-    @receiver(register_event_permission_groups)
-    def register_plugin_event_permissions(sender, **kwargs):
-        return [
-            PermissionGroup(
-                name="pretix_myplugin.resource",
-                label=_("Resources"),
-                actions=["read", "write"],
-                options=[
-                    PermissionOption(actions=tuple(), label=_("No access")),
-                    PermissionOption(actions=("read",), label=_("View")),
-                    PermissionOption(actions=("read", "write"), label=_("View and change")),
-                ],
-                help_text=_("Some help text")
-            ),
-        ]
-
-
-    @receiver(register_organizer_permission_groups)
-    def register_plugin_organizer_permissions(sender, **kwargs):
-        return [
-            PermissionGroup(
-                name="pretix_myplugin.resource",
-                label=_("Resources"),
-                actions=["read", "write"],
-                options=[
-                    PermissionOption(actions=tuple(), label=_("No access")),
-                    PermissionOption(actions=("read",), label=_("View")),
-                    PermissionOption(actions=("read", "write"), label=_("View and change")),
-                ],
-                help_text=_("Some help text")
-            ),
-        ]
-
-.. _configuring teams and permissions: https://docs.pretix.eu/guides/teams/

doc/requirements.rtd.txt

@@ -1,6 +1,6 @@
 sphinx==9.1.*
 sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=2.0.0
+sphinxcontrib-httpdomain~=1.8.1
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2

doc/requirements.txt

@@ -1,7 +1,7 @@
 -e ../
 sphinx==9.1.*
 sphinx-rtd-theme~=3.1.0
-sphinxcontrib-httpdomain~=2.0.0
+sphinxcontrib-httpdomain~=1.8.1
 sphinxcontrib-images~=1.0.1
 sphinxcontrib-jquery~=4.1
 sphinxcontrib-spelling~=8.0.2

pyproject.toml

@@ -3,7 +3,7 @@ name = "pretix"
 dynamic = ["version"]
 description = "Reinventing presales, one ticket at a time"
 readme = "README.rst"
-requires-python = ">=3.11"
+requires-python = ">=3.10"
 license = {file = "LICENSE"}
 keywords = ["tickets", "web", "shop", "ecommerce"]
 authors = [
@@ -19,11 +19,10 @@ classifiers = [
   "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
   "Environment :: Web Environment",
   "License :: OSI Approved :: GNU Affero General Public License v3",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
   "Programming Language :: Python :: 3.11",
-  "Programming Language :: Python :: 3.12",
-  "Programming Language :: Python :: 3.13",
-  "Programming Language :: Python :: 3.14",
-  "Framework :: Django :: 5.2",
+  "Framework :: Django :: 4.2",
 ]
 
 dependencies = [
@@ -34,10 +33,10 @@ dependencies = [
   "celery==5.6.*",
   "chardet==5.2.*",
   "cryptography>=44.0.0",
-  "css-inline==0.20.*",
+  "css-inline==0.19.*",
   "defusedcsv>=1.1.0",
   "dnspython==2.*",
-  "Django[argon2]==5.2.*",
+  "Django[argon2]==4.2.*,>=4.2.26",
   "django-bootstrap3==26.1",
   "django-compressor==4.6.0",
   "django-countries==8.2.*",
@@ -55,18 +54,18 @@ dependencies = [
   "django-phonenumber-field==8.4.*",
   "django-redis==6.0.*",
   "django-scopes==2.0.*",
-  "django-statici18n==2.7.*",
+  "django-statici18n==2.6.*",
   "djangorestframework==3.16.*",
   "dnspython==2.8.*",
   "drf_ujson2==1.7.*",
   "geoip2==5.*",
-  "importlib_metadata==9.*",  # Polyfill, we can probably drop this once we require Python 3.10+
+  "importlib_metadata==8.*",  # Polyfill, we can probably drop this once we require Python 3.10+
   "isoweek",
   "jsonschema",
   "kombu==5.6.*",
   "libsass==0.23.*",
   "lxml",
-  "markdown==3.10.2",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
+  "markdown==3.10.1",  # 3.3.5 requires importlib-metadata>=4.4, but django-bootstrap3 requires importlib-metadata<3.
   # We can upgrade markdown again once django-bootstrap3 upgrades or once we drop Python 3.6 and 3.7
   "mt-940==4.30.*",
   "oauthlib==3.3.*",
@@ -74,11 +73,11 @@ dependencies = [
   "packaging",
   "paypalrestsdk==1.13.*",
   "paypal-checkout-serversdk==1.0.*",
-  "PyJWT==2.12.*",
+  "PyJWT==2.10.*",
   "phonenumberslite==9.0.*",
   "Pillow==12.1.*",
   "pretix-plugin-build",
-  "protobuf==7.34.*",
+  "protobuf==6.33.*",
   "psycopg2-binary",
   "pycountry",
   "pycparser==3.0",
@@ -93,7 +92,7 @@ dependencies = [
   "redis==7.1.*",
   "reportlab==4.4.*",
   "requests==2.32.*",
-  "sentry-sdk==2.56.*",
+  "sentry-sdk==2.51.*",
   "sepaxml==2.7.*",
   "stripe==7.9.*",
   "text-unidecode==1.*",
@@ -111,10 +110,10 @@ dev = [
   "aiohttp==3.13.*",
   "coverage",
   "coveralls",
-  "fakeredis==2.34.*",
+  "fakeredis==2.33.*",
   "flake8==7.3.*",
   "freezegun",
-  "isort==8.0.*",
+  "isort==7.0.*",
   "pep8-naming==0.15.*",
   "potypo",
   "pytest-asyncio>=0.24",

src/pretix/__init__.py

@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2026.3.0"
+__version__ = "2026.2.0.dev0"

src/pretix/api/auth/permission.py

@@ -36,9 +36,7 @@ from rest_framework.permissions import SAFE_METHODS, BasePermission
 
 from pretix.api.models import OAuthAccessToken
 from pretix.base.models import Device, Event, User
-from pretix.base.models.auth import (
-    EventPermissionSet, OrganizerPermissionSet, SuperuserPermissionSet,
-)
+from pretix.base.models.auth import SuperuserPermissionSet
 from pretix.base.models.organizer import TeamAPIToken
 from pretix.helpers.security import (
     Session2FASetupRequired, SessionInvalid, SessionPasswordChangeRequired,
@@ -87,7 +85,7 @@ class EventPermission(BasePermission):
             if isinstance(perm_holder, User) and perm_holder.has_active_staff_session(request.session.session_key):
                 request.eventpermset = SuperuserPermissionSet()
             else:
-                request.eventpermset = EventPermissionSet(perm_holder.get_event_permission_set(request.organizer, request.event))
+                request.eventpermset = perm_holder.get_event_permission_set(request.organizer, request.event)
 
             if isinstance(required_permission, (list, tuple)):
                 if not any(p in request.eventpermset for p in required_permission):
@@ -102,7 +100,7 @@ class EventPermission(BasePermission):
             if isinstance(perm_holder, User) and perm_holder.has_active_staff_session(request.session.session_key):
                 request.orgapermset = SuperuserPermissionSet()
             else:
-                request.orgapermset = OrganizerPermissionSet(perm_holder.get_organizer_permission_set(request.organizer))
+                request.orgapermset = perm_holder.get_organizer_permission_set(request.organizer)
 
             if isinstance(required_permission, (list, tuple)):
                 if not any(p in request.eventpermset for p in required_permission):
@@ -126,12 +124,12 @@ class EventCRUDPermission(EventPermission):
     def has_permission(self, request, view):
         if not super(EventCRUDPermission, self).has_permission(request, view):
             return False
-        elif view.action == 'create' and 'organizer.events:create' not in request.orgapermset:
+        elif view.action == 'create' and 'can_create_events' not in request.orgapermset:
             return False
-        elif view.action == 'destroy' and 'event.settings.general:write' not in request.eventpermset:
+        elif view.action == 'destroy' and 'can_change_event_settings' not in request.eventpermset:
             return False
         elif view.action in ['update', 'partial_update'] \
-                and 'event.settings.general:write' not in request.eventpermset:
+                and 'can_change_event_settings' not in request.eventpermset:
             return False
 
         return True

src/pretix/api/serializers/event.py

@@ -300,7 +300,7 @@ class EventSerializer(SalesChannelMigrationMixin, I18nAwareModelSerializer):
     def ignored_meta_properties(self):
         perm_holder = (self.context['request'].auth if isinstance(self.context['request'].auth, (Device, TeamAPIToken))
                        else self.context['request'].user)
-        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'organizer.settings.general:write', request=self.context['request']):
+        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'can_change_organizer_settings', request=self.context['request']):
             return []
         return [k for k, p in self.meta_properties.items() if p.protected]
 
@@ -445,7 +445,7 @@ class CloneEventSerializer(EventSerializer):
         date_admission = validated_data.pop('date_admission', None)
         new_event = super().create({**validated_data, 'plugins': None})
 
-        event = self.context['event']
+        event = Event.objects.filter(slug=self.context['event'], organizer=self.context['organizer'].pk).first()
         new_event.copy_data_from(event, skip_meta_data='meta_data' in validated_data)
 
         if plugins is not None:
@@ -561,7 +561,7 @@ class SubEventSerializer(I18nAwareModelSerializer):
     def ignored_meta_properties(self):
         perm_holder = (self.context['request'].auth if isinstance(self.context['request'].auth, (Device, TeamAPIToken))
                        else self.context['request'].user)
-        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'organizer.settings.general:write', request=self.context['request']):
+        if perm_holder.has_organizer_permission(self.context['request'].organizer, 'can_change_organizer_settings', request=self.context['request']):
             return []
         return [k for k, p in self.meta_properties.items() if p.protected]
 
@@ -707,10 +707,7 @@ class TaxRuleSerializer(CountryFieldMixin, I18nAwareModelSerializer):
 
 
 class EventSettingsSerializer(SettingsSerializer):
-    default_write_permission = 'event.settings.general:write'
     default_fields = [
-        # These are readable for all users with access to the events, therefore secrets stored in the settings store
-        # should not be included!
         'imprint_url',
         'checkout_email_helptext',
         'presale_has_ended_text',
@@ -1083,16 +1080,16 @@ class SeatSerializer(I18nAwareModelSerializer):
 
     def prefetch_expanded_data(self, items, request, expand_fields):
         if 'orderposition' in expand_fields:
-            if 'event.orders:read' not in request.eventpermset:
-                raise PermissionDenied('event.orders:read permission required for expand=orderposition')
+            if 'can_view_orders' not in request.eventpermset:
+                raise PermissionDenied('can_view_orders permission required for expand=orderposition')
             prefetch_by_id(items, OrderPosition.objects.prefetch_related('order'), 'orderposition_id', 'orderposition')
         if 'cartposition' in expand_fields:
-            if 'event.orders:read' not in request.eventpermset:
-                raise PermissionDenied('event.orders:read permission required for expand=cartposition')
+            if 'can_view_orders' not in request.eventpermset:
+                raise PermissionDenied('can_view_orders permission required for expand=cartposition')
             prefetch_by_id(items, CartPosition.objects, 'cartposition_id', 'cartposition')
         if 'voucher' in expand_fields:
-            if 'event.vouchers:read' not in request.eventpermset:
-                raise PermissionDenied('event.vouchers:read permission required for expand=voucher')
+            if 'can_view_vouchers' not in request.eventpermset:
+                raise PermissionDenied('can_view_vouchers permission required for expand=voucher')
             prefetch_by_id(items, Voucher.objects, 'voucher_id', 'voucher')
 
     def __init__(self, instance, *args, **kwargs):

src/pretix/api/serializers/exporters.py

@@ -27,9 +27,7 @@ from rest_framework.exceptions import ValidationError
 
 from pretix.api.serializers.forms import form_field_to_serializer_field
 from pretix.base.exporter import OrganizerLevelExportMixin
-from pretix.base.models import (
-    Event, ScheduledEventExport, ScheduledOrganizerExport,
-)
+from pretix.base.models import ScheduledEventExport, ScheduledOrganizerExport
 from pretix.base.timeframes import SerializerDateFrameField
 
 
@@ -56,29 +54,20 @@ class ExporterSerializer(serializers.Serializer):
 
 class JobRunSerializer(serializers.Serializer):
     def __init__(self, *args, **kwargs):
-        ex = self.ex = kwargs.pop('exporter')
+        ex = kwargs.pop('exporter')
+        events = kwargs.pop('events', None)
         super().__init__(*args, **kwargs)
-        if ex.is_multievent and not isinstance(ex, OrganizerLevelExportMixin):
-            self.fields["all_events"] = serializers.BooleanField(
-                required=False,
-            )
+        if events is not None and not isinstance(ex, OrganizerLevelExportMixin):
             self.fields["events"] = serializers.SlugRelatedField(
-                queryset=ex.events,
+                queryset=events,
                 required=False,
-                allow_empty=True,
+                allow_empty=False,
                 slug_field='slug',
                 many=True
             )
         for k, v in ex.export_form_fields.items():
             self.fields[k] = form_field_to_serializer_field(v)
 
-    def to_representation(self, instance):
-        # Translate between events as a list of slugs (API) and list of ints (database)
-        if self.ex.is_multievent and not isinstance(self.ex, OrganizerLevelExportMixin) and "events" in instance and isinstance(instance["events"], list):
-            instance["events"] = [e for e in self.ex.events.filter(pk__in=instance["events"])]
-        instance = super().to_representation(instance)
-        return instance
-
     def to_internal_value(self, data):
         if isinstance(data, QueryDict):
             data = data.copy()
@@ -106,14 +95,6 @@ class JobRunSerializer(serializers.Serializer):
                 data[fk] = f'{d_from.isoformat() if d_from else ""}/{d_to.isoformat() if d_to else ""}'
 
         data = super().to_internal_value(data)
-
-        # Translate between events as a list of slugs (API) and list of ints (database)
-        if self.ex.is_multievent and not isinstance(self.ex, OrganizerLevelExportMixin) and "events" in data and isinstance(data["events"], list):
-            if data["events"] and isinstance(data["events"][0], Event):
-                data["events"] = [e.pk for e in data["events"]]
-            elif data["events"] and isinstance(data["events"][0], str):
-                data["events"] = [e.pk for e in self.ex.events.filter(slug__in=data["events"]).only("pk")]
-
         return data
 
     def is_valid(self, raise_exception=False):
@@ -150,20 +131,13 @@ class ScheduledExportSerializer(serializers.ModelSerializer):
             exporter = self.context['exporters'].get(identifier)
             if exporter:
                 try:
-                    attrs["export_form_data"] = JobRunSerializer(exporter=exporter).to_internal_value(attrs["export_form_data"])
+                    JobRunSerializer(exporter=exporter).to_internal_value(attrs["export_form_data"])
                 except ValidationError as e:
                     raise ValidationError({"export_form_data": e.detail})
             else:
                 raise ValidationError({"export_identifier": ["Unknown exporter."]})
         return attrs
 
-    def to_representation(self, instance):
-        repr = super().to_representation(instance)
-        exporter = self.context['exporters'].get(instance.export_identifier)
-        if exporter:
-            repr["export_form_data"] = JobRunSerializer(exporter=exporter).to_representation(repr["export_form_data"])
-        return repr
-
     def validate_mail_additional_recipients(self, value):
         d = value.replace(' ', '')
         if len(d.split(',')) > 25:

src/pretix/api/serializers/forms.py

@@ -65,9 +65,8 @@ def form_field_to_serializer_field(field):
         if isinstance(field, m_from):
             return m_to(
                 required=field.required,
-                allow_null=not field.required and not isinstance(field, forms.BooleanField),
+                allow_null=not field.required,
                 validators=field.validators,
-                initial=field.initial,
                 **{kwarg: getattr(field, kwarg, None) for kwarg in m_kwargs}
             )
 

src/pretix/api/serializers/media.py

@@ -24,7 +24,7 @@ from decimal import Decimal
 
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
-from rest_framework.exceptions import PermissionDenied, ValidationError
+from rest_framework.exceptions import ValidationError
 
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.api.serializers.order import OrderPositionSerializer
@@ -66,9 +66,6 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
         super().__init__(*args, **kwargs)
 
         if 'linked_giftcard' in self.context['request'].query_params.getlist('expand'):
-            if not self.context["can_read_giftcards"]:
-                raise PermissionDenied("No permission to access gift card details.")
-
             self.fields['linked_giftcard'] = NestedGiftCardSerializer(read_only=True, context=self.context)
             if 'linked_giftcard.owner_ticket' in self.context['request'].query_params.getlist('expand'):
                 self.fields['linked_giftcard'].fields['owner_ticket'] = NestedOrderPositionSerializer(read_only=True, context=self.context)
@@ -80,8 +77,6 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
             )
 
         if 'linked_orderposition' in self.context['request'].query_params.getlist('expand'):
-            # No additional permission check performed, documented limitation of the permission system
-            # Would get to complex/unusable otherwise since the permission depends on the event
             self.fields['linked_orderposition'] = NestedOrderPositionSerializer(read_only=True)
         else:
             self.fields['linked_orderposition'] = serializers.PrimaryKeyRelatedField(
@@ -91,9 +86,6 @@ class ReusableMediaSerializer(I18nAwareModelSerializer):
             )
 
         if 'customer' in self.context['request'].query_params.getlist('expand'):
-            if not self.context["can_read_customers"]:
-                raise PermissionDenied("No permission to access customer details.")
-
             self.fields['customer'] = CustomerSerializer(read_only=True)
         else:
             self.fields['customer'] = serializers.SlugRelatedField(

src/pretix/api/serializers/order.py

@@ -19,7 +19,6 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-import json
 import logging
 import os
 from collections import Counter, defaultdict
@@ -53,7 +52,7 @@ from pretix.base.decimal import round_decimal
 from pretix.base.i18n import language
 from pretix.base.invoicing.transmission import get_transmission_types
 from pretix.base.models import (
-    CachedFile, Checkin, Customer, Device, GiftCard, Invoice, InvoiceAddress,
+    CachedFile, Checkin, Customer, Device, Invoice, InvoiceAddress,
     InvoiceLine, Item, ItemVariation, Order, OrderPosition, Question,
     QuestionAnswer, ReusableMedium, SalesChannel, Seat, SubEvent, TaxRule,
     Voucher,
@@ -62,7 +61,6 @@ from pretix.base.models.orders import (
     BlockedTicketSecret, CartPosition, OrderFee, OrderPayment, OrderRefund,
     PrintLog, RevokedTicketSecret, Transaction,
 )
-from pretix.base.payment import GiftCardPayment, PaymentException
 from pretix.base.pdf import get_images, get_variables
 from pretix.base.services.cart import error_messages
 from pretix.base.services.locking import LOCK_TRUST_WINDOW, lock_objects
@@ -615,7 +613,7 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
             # /events/…/checkinlists/…/positions/
             # We're unable to check this on this level if we're on /checkinrpc/, in which case we rely on the view
             # layer to not set pdf_data=true in the first place.
-            request and hasattr(request, 'eventpermset') and 'event.orders:read' not in request.eventpermset
+            request and hasattr(request, 'eventpermset') and 'can_view_orders' not in request.eventpermset
         )
         if ('pdf_data' in self.context and not self.context['pdf_data']) or pdf_data_forbidden:
             self.fields.pop('pdf_data', None)
@@ -638,14 +636,6 @@ class OrderPositionSerializer(I18nAwareModelSerializer):
         return entry
 
 
-class OrganizerOrderPositionSerializer(OrderPositionSerializer):
-    event = SlugRelatedField(slug_field='slug', read_only=True)
-
-    class Meta(OrderPositionSerializer.Meta):
-        fields = OrderPositionSerializer.Meta.fields + ('event',)
-        read_only_fields = OrderPositionSerializer.Meta.read_only_fields + ('event',)
-
-
 class RequireAttentionField(serializers.Field):
     def to_representation(self, instance: OrderPosition):
         return instance.require_checkin_attention
@@ -1201,7 +1191,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
     )
     tax_rounding_mode = serializers.ChoiceField(choices=ROUNDING_MODES, allow_null=True, required=False,)
     locale = serializers.ChoiceField(choices=[], required=False, allow_null=True)
-    use_gift_cards = serializers.ListField(child=serializers.CharField(required=False), required=False)
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
@@ -1217,7 +1206,7 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         fields = ('code', 'status', 'testmode', 'email', 'phone', 'locale', 'payment_provider', 'fees', 'comment', 'sales_channel',
                   'invoice_address', 'positions', 'checkin_attention', 'checkin_text', 'payment_info', 'payment_date',
                   'consume_carts', 'force', 'send_email', 'simulate', 'customer', 'custom_followup_at',
-                  'require_approval', 'valid_if_pending', 'expires', 'api_meta', 'tax_rounding_mode', 'use_gift_cards')
+                  'require_approval', 'valid_if_pending', 'expires', 'api_meta', 'tax_rounding_mode')
 
     def validate_payment_provider(self, pp):
         if pp is None:
@@ -1226,18 +1215,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
             raise ValidationError('The given payment provider is not known.')
         return pp
 
-    def validate_payment_info(self, info):
-        if info:
-            try:
-                obj = json.loads(info)
-            except ValueError:
-                raise ValidationError('payment_info must be valid JSON.')
-
-            if not isinstance(obj, dict):
-                # only objects are allowed
-                raise ValidationError('payment_info must be a JSON object.')
-        return info
-
     def validate_expires(self, expires):
         if expires < now():
             raise ValidationError('Expiration date must be in the future.')
@@ -1312,14 +1289,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         payment_date = validated_data.pop('payment_date', now())
         force = validated_data.pop('force', False)
         simulate = validated_data.pop('simulate', False)
-        gift_card_secrets = validated_data.pop('use_gift_cards') if 'use_gift_cards' in validated_data else []
-
-        if (payment_provider is not None or payment_info != '{}') and len(gift_card_secrets) > 0:
-            raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is not compatible with payment_provider or payment_info']})
-        if validated_data.get('status') != Order.STATUS_PENDING and len(gift_card_secrets) > 0:
-            raise ValidationError({"use_gift_cards": ['The attribute use_gift_cards is only supported for orders that are created as pending']})
-        if len(set(gift_card_secrets)) != len(gift_card_secrets):
-            raise ValidationError({"use_gift_cards": ['Multiple copies of the same gift card secret are not allowed']})
 
         if not validated_data.get("sales_channel"):
             validated_data["sales_channel"] = self.context['event'].organizer.sales_channels.get(identifier="web")
@@ -1804,45 +1773,6 @@ class OrderCreateSerializer(I18nAwareModelSerializer):
         if order.total != Decimal('0.00') and order.event.currency == "XXX":
             raise ValidationError('Paid products not supported without a valid currency.')
 
-        for gift_card_secret in gift_card_secrets:
-            try:
-                if order.status != Order.STATUS_PAID:
-                    gift_card_payment_provider = GiftCardPayment(event=order.event)
-
-                    gc = order.event.organizer.accepted_gift_cards.get(
-                        secret=gift_card_secret
-                    )
-
-                    payment = order.payments.create(
-                        amount=min(order.pending_sum, gc.value),
-                        provider=gift_card_payment_provider.identifier,
-                        info_data={
-                            'gift_card': gc.pk,
-                            'gift_card_secret': gc.secret,
-                            'retry': True
-                        },
-                        state=OrderPayment.PAYMENT_STATE_CREATED
-                    )
-                    gift_card_payment_provider.execute_payment(request=None, payment=payment, is_early_special_case=True)
-
-                    if order.pending_sum <= Decimal('0.00'):
-                        order.status = Order.STATUS_PAID
-
-            except PaymentException:
-                pass
-
-            except GiftCard.DoesNotExist as e:
-                payment = order.payments.create(
-                    amount=order.pending_sum,
-                    provider=GiftCardPayment.identifier,
-                    info_data={
-                        'gift_card_secret': gift_card_secret,
-                    },
-                    state=OrderPayment.PAYMENT_STATE_CREATED
-                )
-                payment.fail(info={**payment.info_data, 'error': str(e)},
-                             send_mail=False)
-
         if order.total == Decimal('0.00') and validated_data.get('status') != Order.STATUS_PAID and not validated_data.get('require_approval'):
             order.status = Order.STATUS_PAID
             order.save()

src/pretix/api/serializers/organizer.py

@@ -45,19 +45,12 @@ from pretix.base.models import (
     SalesChannel, SeatingPlan, Team, TeamAPIToken, TeamInvite, User,
 )
 from pretix.base.models.seating import SeatingPlanLayoutValidator
-from pretix.base.permissions import (
-    get_all_event_permission_groups, get_all_organizer_permission_groups,
-)
 from pretix.base.plugins import (
     PLUGIN_LEVEL_EVENT, PLUGIN_LEVEL_EVENT_ORGANIZER_HYBRID,
     PLUGIN_LEVEL_ORGANIZER,
 )
 from pretix.base.services.mail import mail
 from pretix.base.settings import validate_organizer_settings
-from pretix.helpers.permission_migration import (
-    OLD_TO_NEW_EVENT_COMPAT, OLD_TO_NEW_EVENT_MIGRATION,
-    OLD_TO_NEW_ORGANIZER_COMPAT, OLD_TO_NEW_ORGANIZER_MIGRATION,
-)
 from pretix.helpers.urls import build_absolute_uri as build_global_uri
 from pretix.multidomain.urlreverse import build_absolute_uri
 
@@ -313,128 +306,23 @@ class EventSlugField(serializers.SlugRelatedField):
         return self.context['organizer'].events.all()
 
 
-class PermissionMultipleChoiceField(serializers.MultipleChoiceField):
-    def to_internal_value(self, data):
-        return {
-            p: True for p in super().to_internal_value(data)
-        }
-
-    def to_representation(self, value):
-        return [p for p, v in value.items() if v]
-
-
 class TeamSerializer(serializers.ModelSerializer):
     limit_events = EventSlugField(slug_field='slug', many=True)
-    limit_event_permissions = PermissionMultipleChoiceField(choices=[], required=False, allow_null=False, allow_empty=True)
-    limit_organizer_permissions = PermissionMultipleChoiceField(choices=[], required=False, allow_null=False, allow_empty=True)
-
-    # Legacy fields, handled in to_representation and validate
-    can_change_event_settings = serializers.BooleanField(required=False, write_only=True)
-    can_change_items = serializers.BooleanField(required=False, write_only=True)
-    can_view_orders = serializers.BooleanField(required=False, write_only=True)
-    can_change_orders = serializers.BooleanField(required=False, write_only=True)
-    can_checkin_orders = serializers.BooleanField(required=False, write_only=True)
-    can_view_vouchers = serializers.BooleanField(required=False, write_only=True)
-    can_change_vouchers = serializers.BooleanField(required=False, write_only=True)
-    can_create_events = serializers.BooleanField(required=False, write_only=True)
-    can_change_organizer_settings = serializers.BooleanField(required=False, write_only=True)
-    can_change_teams = serializers.BooleanField(required=False, write_only=True)
-    can_manage_gift_cards = serializers.BooleanField(required=False, write_only=True)
-    can_manage_customers = serializers.BooleanField(required=False, write_only=True)
-    can_manage_reusable_media = serializers.BooleanField(required=False, write_only=True)
 
     class Meta:
         model = Team
         fields = (
-            'id', 'name', 'require_2fa', 'all_events', 'limit_events', 'all_event_permissions', 'limit_event_permissions',
-            'all_organizer_permissions', 'limit_organizer_permissions', 'can_change_event_settings',
-            'can_change_items', 'can_view_orders', 'can_change_orders', 'can_checkin_orders', 'can_view_vouchers',
-            'can_change_vouchers', 'can_create_events', 'can_change_organizer_settings', 'can_change_teams',
-            'can_manage_gift_cards', 'can_manage_customers', 'can_manage_reusable_media'
+            'id', 'name', 'require_2fa', 'all_events', 'limit_events', 'can_create_events', 'can_change_teams',
+            'can_change_organizer_settings', 'can_manage_gift_cards', 'can_change_event_settings',
+            'can_change_items', 'can_view_orders', 'can_change_orders', 'can_view_vouchers',
+            'can_change_vouchers', 'can_checkin_orders', 'can_manage_customers', 'can_manage_reusable_media'
         )
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-
-        event_perms_flattened = []
-        organizer_perms_flattened = []
-        for pg in get_all_event_permission_groups().values():
-            for action in pg.actions:
-                event_perms_flattened.append(f"{pg.name}:{action}")
-        for pg in get_all_organizer_permission_groups().values():
-            for action in pg.actions:
-                organizer_perms_flattened.append(f"{pg.name}:{action}")
-
-        self.fields['limit_event_permissions'].choices = [(p, p) for p in event_perms_flattened]
-        self.fields['limit_organizer_permissions'].choices = [(p, p) for p in organizer_perms_flattened]
-
-    def to_representation(self, instance):
-        r = super().to_representation(instance)
-        for old, new in OLD_TO_NEW_EVENT_COMPAT.items():
-            r[old] = instance.all_event_permissions or all(instance.limit_event_permissions.get(n) for n in new)
-        for old, new in OLD_TO_NEW_ORGANIZER_COMPAT.items():
-            r[old] = instance.all_organizer_permissions or all(instance.limit_organizer_permissions.get(n) for n in new)
-        return r
-
     def validate(self, data):
-        old_data_set = any(k.startswith("can_") for k in data)
-        new_data_set = any(k in data for k in [
-            "all_event_permissions", "limit_event_permissions", "all_organizer_permissions", "limit_organizer_permissions"
-        ])
-        if old_data_set and new_data_set:
-            raise ValidationError("You cannot set deprecated and current permission attributes at the same time.")
-
         full_data = self.to_internal_value(self.to_representation(self.instance)) if self.instance else {}
         full_data.update(data)
-
-        if new_data_set:
-            if full_data.get('limit_event_permissions') and full_data.get('all_event_permissions'):
-                raise ValidationError('Do not set both limit_event_permissions and all_event_permissions.')
-            if full_data.get('limit_organizer_permissions') and full_data.get('all_organizer_permissions'):
-                raise ValidationError('Do not set both limit_organizer_permissions and all_organizer_permissions.')
-
-        if old_data_set:
-            # Migrate with same logic as in migration 0297_pluggable_permissions
-            if all(full_data.get(k) is True for k in OLD_TO_NEW_EVENT_MIGRATION.keys() if k != "can_checkin_orders"):
-                data["all_event_permissions"] = True
-                data["limit_event_permissions"] = {}
-            else:
-                data["all_event_permissions"] = False
-                data["limit_event_permissions"] = {}
-                for k, v in OLD_TO_NEW_EVENT_MIGRATION.items():
-                    if full_data.get(k) is True:
-                        data["limit_event_permissions"].update({kk: True for kk in v})
-            if all(full_data.get(k) is True for k in OLD_TO_NEW_ORGANIZER_MIGRATION.keys() if k != "can_checkin_orders"):
-                data["all_organizer_permissions"] = True
-                data["limit_organizer_permissions"] = {}
-            else:
-                data["all_organizer_permissions"] = False
-                data["limit_organizer_permissions"] = {}
-                for k, v in OLD_TO_NEW_ORGANIZER_MIGRATION.items():
-                    if full_data.get(k) is True:
-                        data["limit_organizer_permissions"].update({kk: True for kk in v})
-
         if full_data.get('limit_events') and full_data.get('all_events'):
             raise ValidationError('Do not set both limit_events and all_events.')
-
-        full_data.update(data)
-        for pg in get_all_event_permission_groups().values():
-            requested = ",".join(sorted(
-                a for a in pg.actions if self.instance and full_data["limit_event_permissions"].get(f"{pg.name}:{a}")
-            ))
-            if requested not in (",".join(sorted(opt.actions)) for opt in pg.options):
-                possible = '\' or \''.join(','.join(opt.actions) for opt in pg.options)
-                raise ValidationError(f"For permission group {pg.name}, the valid combinations of actions are "
-                                      f"'{possible}' but you tried to set '{requested}'.")
-        for pg in get_all_organizer_permission_groups().values():
-            requested = ",".join(sorted(
-                a for a in pg.actions if self.instance and full_data["limit_organizer_permissions"].get(f"{pg.name}:{a}")
-            ))
-            if requested not in (",".join(sorted(opt.actions)) for opt in pg.options):
-                possible = '\' or \''.join(','.join(opt.actions) for opt in pg.options)
-                raise ValidationError(f"For permission group {pg.name}, the valid combinations of actions are "
-                                      f"'{possible}' but you tried to set '{requested}'.")
-
         return data
 
 
@@ -451,7 +339,7 @@ class DeviceSerializer(serializers.ModelSerializer):
     created = serializers.DateTimeField(read_only=True)
     revoked = serializers.BooleanField(read_only=True)
     initialized = serializers.DateTimeField(read_only=True)
-    initialization_token = serializers.CharField(read_only=True)
+    initialization_token = serializers.DateTimeField(read_only=True)
     security_profile = serializers.ChoiceField(choices=[], required=False, default="full")
 
     class Meta:
@@ -465,8 +353,6 @@ class DeviceSerializer(serializers.ModelSerializer):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.fields['security_profile'].choices = [(k, v.verbose_name) for k, v in get_all_security_profiles().items()]
-        if not self.context['can_see_tokens']:
-            del self.fields['initialization_token']
 
 
 class TeamInviteSerializer(serializers.ModelSerializer):
@@ -479,10 +365,9 @@ class TeamInviteSerializer(serializers.ModelSerializer):
     def _send_invite(self, instance):
         mail(
             instance.email,
-            _('Account invitation'),
+            _('pretix account invitation'),
             'pretixcontrol/email/invitation.txt',
             {
-                'instance': settings.PRETIX_INSTANCE_NAME,
                 'user': self,
                 'organizer': self.context['organizer'].name,
                 'team': instance.team.name,
@@ -551,10 +436,7 @@ class TeamMemberSerializer(serializers.ModelSerializer):
 
 
 class OrganizerSettingsSerializer(SettingsSerializer):
-    default_write_permission = 'organizer.settings.general:write'
     default_fields = [
-        # These are readable for all users with access to the events, therefore secrets stored in the settings store
-        # should not be included!
         'customer_accounts',
         'customer_accounts_native',
         'customer_accounts_link_by_email',

src/pretix/api/serializers/settings.py

@@ -37,8 +37,6 @@ logger = logging.getLogger(__name__)
 class SettingsSerializer(serializers.Serializer):
     default_fields = []
     readonly_fields = []
-    default_write_permission = 'organizer.settings.general:write'
-    write_permission_required = {}
 
     def __init__(self, *args, **kwargs):
         self.changed_data = []
@@ -60,17 +58,9 @@ class SettingsSerializer(serializers.Serializer):
             f._label = str(form_kwargs.get('label', fname))
             f._help_text = str(form_kwargs.get('help_text'))
             f.parent = self
-
-            self.write_permission_required[fname] = DEFAULTS[fname].get('write_permission', self.default_write_permission)
-
             self.fields[fname] = f
 
     def validate(self, attrs):
-        for k in attrs.keys():
-            p = self.write_permission_required.get(k, self.default_write_permission)
-            if p not in self.context["permissions"]:
-                raise ValidationError({k: f"Setting this field requires permission {p}"})
-
         return {k: v for k, v in attrs.items() if k not in self.readonly_fields}
 
     def update(self, instance: HierarkeyProxy, validated_data):

src/pretix/api/urls.py

@@ -67,7 +67,6 @@ orga_router.register(r'invoices', order.InvoiceViewSet)
 orga_router.register(r'scheduled_exports', exporters.ScheduledOrganizerExportViewSet)
 orga_router.register(r'exporters', exporters.OrganizerExportersViewSet, basename='exporters')
 orga_router.register(r'transactions', order.OrganizerTransactionViewSet)
-orga_router.register(r'orderpositions', order.OrganizerOrderPositionViewSet, basename='orderpositions')
 
 team_router = routers.DefaultRouter()
 team_router.register(r'members', organizer.TeamMemberViewSet)
@@ -84,7 +83,7 @@ event_router.register(r'discounts', discount.DiscountViewSet)
 event_router.register(r'quotas', item.QuotaViewSet)
 event_router.register(r'vouchers', voucher.VoucherViewSet)
 event_router.register(r'orders', order.EventOrderViewSet)
-event_router.register(r'orderpositions', order.EventOrderPositionViewSet)
+event_router.register(r'orderpositions', order.OrderPositionViewSet)
 event_router.register(r'transactions', order.TransactionViewSet)
 event_router.register(r'invoices', order.InvoiceViewSet)
 event_router.register(r'revokedsecrets', order.RevokedSecretViewSet, basename='revokedsecrets')

src/pretix/api/views/cart.py

@@ -52,8 +52,8 @@ class CartPositionViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnly
     ordering = ('datetime',)
     ordering_fields = ('datetime', 'cart_id')
     lookup_field = 'id'
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return CartPosition.objects.filter(

src/pretix/api/views/checkin.py

@@ -67,7 +67,6 @@ from pretix.base.models import (
     Question, ReusableMedium, RevokedTicketSecret, TeamAPIToken,
 )
 from pretix.base.models.orders import PrintLog
-from pretix.base.permissions import AnyPermissionOf
 from pretix.base.services.checkin import (
     CheckInError, RequiredQuestionsError, SQLLogic, perform_checkin,
 )
@@ -119,11 +118,11 @@ class CheckinListViewSet(viewsets.ModelViewSet):
 
     def _get_permission_name(self, request):
         if request.path.endswith('/failed_checkins/'):
-            return 'event.orders:checkin', 'event.orders:write'
+            return 'can_checkin_orders', 'can_change_orders'
         elif request.method in SAFE_METHODS:
-            return 'event.orders:read', 'event.orders:checkin',
+            return 'can_view_orders', 'can_checkin_orders',
         else:
-            return 'event.settings.general:write'
+            return 'can_change_event_settings'
 
     def get_queryset(self):
         qs = self.request.event.checkin_lists.prefetch_related(
@@ -189,15 +188,11 @@ class CheckinListViewSet(viewsets.ModelViewSet):
         clist = self.get_object()
         if serializer.validated_data.get('nonce'):
             if kwargs.get('position'):
-                prev = kwargs['position'].all_checkins.filter(
-                    nonce=serializer.validated_data['nonce'],
-                    successful=False
-                ).first()
+                prev = kwargs['position'].all_checkins.filter(nonce=serializer.validated_data['nonce']).first()
             else:
                 prev = clist.checkins.filter(
                     nonce=serializer.validated_data['nonce'],
                     raw_barcode=serializer.validated_data['raw_barcode'],
-                    successful=False
                 ).first()
             if prev:
                 # Ignore because nonce is already handled
@@ -475,7 +470,7 @@ def _redeem_process(*, checkinlists, raw_barcode, answers_data, datetime, force,
             'event': op.order.event,
             'pdf_data': pdf_data and (
                 user if user and user.is_authenticated else auth
-            ).has_event_permission(request.organizer, event, 'event.orders:read', request),
+            ).has_event_permission(request.organizer, event, 'can_view_orders', request),
         }
 
     common_checkin_args = dict(
@@ -840,8 +835,8 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
     }
 
     filterset_class = CheckinOrderPositionFilter
-    permission = AnyPermissionOf('event.orders:read', 'event.orders:checkin')
-    write_permission = AnyPermissionOf('event.orders:write', 'event.orders:checkin')
+    permission = ('can_view_orders', 'can_checkin_orders')
+    write_permission = ('can_change_orders', 'can_checkin_orders')
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -872,7 +867,7 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
             expand=self.request.query_params.getlist('expand'),
         )
 
-        if 'pk' not in self.request.resolver_match.kwargs and 'event.orders:read' not in self.request.eventpermset \
+        if 'pk' not in self.request.resolver_match.kwargs and 'can_view_orders' not in self.request.eventpermset \
                 and len(self.request.query_params.get('search', '')) < 3:
             qs = qs.none()
 
@@ -921,9 +916,9 @@ class CheckinListPositionViewSet(viewsets.ReadOnlyModelViewSet):
 class CheckinRPCRedeemView(views.APIView):
     def post(self, request, *args, **kwargs):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission(('event.orders:write', 'event.orders:checkin'))
+            events = self.request.auth.get_events_with_permission(('can_change_orders', 'can_checkin_orders'))
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission(('event.orders:write', 'event.orders:checkin'), self.request).filter(
+            events = self.request.user.get_events_with_permission(('can_change_orders', 'can_checkin_orders'), self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -991,9 +986,9 @@ class CheckinRPCSearchView(ListAPIView):
     @cached_property
     def lists(self):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission(('event.orders:read', 'event.orders:checkin'))
+            events = self.request.auth.get_events_with_permission(('can_view_orders', 'can_checkin_orders'))
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission(('event.orders:read', 'event.orders:checkin'), self.request).filter(
+            events = self.request.user.get_events_with_permission(('can_view_orders', 'can_checkin_orders'), self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -1010,9 +1005,9 @@ class CheckinRPCSearchView(ListAPIView):
     @cached_property
     def has_full_access_permission(self):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission('event.orders:read')
+            events = self.request.auth.get_events_with_permission('can_view_orders')
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission('event.orders:read', self.request).filter(
+            events = self.request.user.get_events_with_permission('can_view_orders', self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -1039,9 +1034,9 @@ class CheckinRPCSearchView(ListAPIView):
 class CheckinRPCAnnulView(views.APIView):
     def post(self, request, *args, **kwargs):
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            events = self.request.auth.get_events_with_permission(('event.orders:write', 'event.orders:checkin'))
+            events = self.request.auth.get_events_with_permission(('can_change_orders', 'can_checkin_orders'))
         elif self.request.user.is_authenticated:
-            events = self.request.user.get_events_with_permission(('event.orders:write', 'event.orders:checkin'), self.request).filter(
+            events = self.request.user.get_events_with_permission(('can_change_orders', 'can_checkin_orders'), self.request).filter(
                 organizer=self.request.organizer
             )
         else:
@@ -1119,7 +1114,7 @@ class CheckinViewSet(viewsets.ReadOnlyModelViewSet):
     filterset_class = CheckinFilter
     ordering = ('created', 'id')
     ordering_fields = ('created', 'datetime', 'id',)
-    permission = 'event.orders:read'
+    permission = 'can_view_orders'
 
     def get_queryset(self):
         qs = Checkin.all.filter().select_related(

src/pretix/api/views/discount.py

@@ -57,7 +57,7 @@ class DiscountViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.discounts.prefetch_related(

src/pretix/api/views/event.py

@@ -281,11 +281,6 @@ class EventViewSet(viewsets.ModelViewSet):
         new_event = serializer.save(organizer=self.request.organizer)
 
         if copy_from:
-            perm_holder = (self.request.auth if isinstance(self.request.auth, (Device, TeamAPIToken))
-                           else self.request.user)
-            if not copy_from.allow_copy_data(self.request.organizer, perm_holder):
-                raise PermissionDenied("Not sufficient permission on source event to copy")
-
             new_event.copy_data_from(copy_from, skip_meta_data='meta_data' in serializer.validated_data)
 
             if plugins is not None:
@@ -346,24 +341,15 @@ class CloneEventViewSet(viewsets.ModelViewSet):
     lookup_field = 'slug'
     lookup_url_kwarg = 'event'
     http_method_names = ['post']
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_create_events'
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        ctx['event'] = Event.objects.get(slug=self.kwargs['event'], organizer=self.request.organizer)
+        ctx['event'] = self.kwargs['event']
         ctx['organizer'] = self.request.organizer
         return ctx
 
     def perform_create(self, serializer):
-        # Weird edge case: Requires settings permission on the event (to read) but also on the organizer (two write)
-        perm_holder = (self.request.auth if isinstance(self.request.auth, (Device, TeamAPIToken))
-                       else self.request.user)
-        if not perm_holder.has_organizer_permission(self.request.organizer, "organizer.events:create", request=self.request):
-            raise PermissionDenied("No permission to create events")
-
-        if not serializer.context['event'].allow_copy_data(self.request.organizer, perm_holder):
-            raise PermissionDenied("Not sufficient permission on source event to copy")
-
         serializer.save(organizer=self.request.organizer)
 
         serializer.instance.log_action(
@@ -440,7 +426,7 @@ with scopes_disabled():
 class SubEventViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = SubEventSerializer
     queryset = SubEvent.objects.none()
-    write_permission = 'event.subevents:write'
+    write_permission = 'can_change_event_settings'
     filter_backends = (DjangoFilterBackend, TotalOrderingFilter)
     ordering = ('date_from',)
     ordering_fields = ('id', 'date_from', 'last_modified')
@@ -560,7 +546,7 @@ class SubEventViewSet(ConditionalListView, viewsets.ModelViewSet):
 class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = TaxRuleSerializer
     queryset = TaxRule.objects.none()
-    write_permission = 'event.settings.tax:write'
+    write_permission = 'can_change_event_settings'
 
     def get_queryset(self):
         return self.request.event.tax_rules.all()
@@ -603,7 +589,7 @@ class TaxRuleViewSet(ConditionalListView, viewsets.ModelViewSet):
 class ItemMetaPropertiesViewSet(viewsets.ModelViewSet):
     serializer_class = ItemMetaPropertiesSerializer
     queryset = ItemMetaProperty.objects.none()
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_change_event_settings'
 
     def get_queryset(self):
         qs = self.request.event.item_meta_properties.all()
@@ -650,18 +636,19 @@ class ItemMetaPropertiesViewSet(viewsets.ModelViewSet):
 
 class EventSettingsView(views.APIView):
     permission = None
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_change_event_settings'
 
     def get(self, request, *args, **kwargs):
         if isinstance(request.auth, Device):
             s = DeviceEventSettingsSerializer(instance=request.event.settings, event=request.event, context={
-                'request': request, 'permissions': request.eventpermset
+                'request': request
+            })
+        elif 'can_change_event_settings' in request.eventpermset:
+            s = EventSettingsSerializer(instance=request.event.settings, event=request.event, context={
+                'request': request
             })
         else:
-            s = EventSettingsSerializer(instance=request.event.settings, event=request.event, context={
-                'request': request, 'permissions': request.eventpermset,
-            })
-
+            raise PermissionDenied()
         if 'explain' in request.GET:
             return Response({
                 fname: {
@@ -675,7 +662,7 @@ class EventSettingsView(views.APIView):
 
     def patch(self, request, *wargs, **kwargs):
         s = EventSettingsSerializer(instance=request.event.settings, data=request.data, partial=True,
-                                    event=request.event, context={'request': request, 'permissions': request.eventpermset})
+                                    event=request.event, context={'request': request})
         s.is_valid(raise_exception=True)
         with transaction.atomic():
             s.save()
@@ -687,7 +674,7 @@ class EventSettingsView(views.APIView):
                 )
         s = EventSettingsSerializer(
             instance=request.event.settings, event=request.event, context={
-                'request': request, 'permissions': request.eventpermset
+                'request': request
             })
         return Response(s.data)
 
@@ -714,7 +701,7 @@ class SeatFilter(FilterSet):
 class SeatViewSet(ConditionalListView, viewsets.ModelViewSet):
     serializer_class = SeatSerializer
     queryset = Seat.objects.none()
-    write_permission = 'event.settings.general:write'
+    write_permission = 'can_change_event_settings'
     filter_backends = (DjangoFilterBackend, )
     filterset_class = SeatFilter
 

src/pretix/api/views/exporters.py

@@ -40,12 +40,12 @@ from pretix.api.serializers.exporters import (
 )
 from pretix.base.exporter import OrganizerLevelExportMixin
 from pretix.base.models import (
-    CachedFile, Device, ScheduledEventExport, ScheduledOrganizerExport,
+    CachedFile, Device, Event, ScheduledEventExport, ScheduledOrganizerExport,
     TeamAPIToken,
 )
-from pretix.base.models.organizer import TeamQuerySet
-from pretix.base.services.export import (
-    export, init_event_exporters, init_organizer_exporters, multiexport,
+from pretix.base.services.export import export, multiexport
+from pretix.base.signals import (
+    register_data_exporters, register_multievent_data_exporters,
 )
 from pretix.helpers.http import ChunkBasedFileResponse
 
@@ -111,7 +111,7 @@ class ExportersMixin:
     @action(detail=True, methods=['POST'])
     def run(self, *args, **kwargs):
         instance = self.get_object()
-        serializer = JobRunSerializer(exporter=instance, data=self.request.data)
+        serializer = JobRunSerializer(exporter=instance, data=self.request.data, **self.get_serializer_kwargs())
         serializer.is_valid(raise_exception=True)
 
         cf = CachedFile(web_download=True)
@@ -136,34 +136,27 @@ class ExportersMixin:
 
 
 class EventExportersViewSet(ExportersMixin, viewsets.ViewSet):
-    permission = None
+    permission = 'can_view_orders'
+
+    def get_serializer_kwargs(self):
+        return {}
 
     @cached_property
     def exporters(self):
-        raw_exporters = list(init_event_exporters(
-            event=self.request.event,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
         exporters = []
+        responses = register_data_exporters.send(self.request.event)
+        raw_exporters = [response(self.request.event, self.request.organizer) for r, response in responses if response]
+        raw_exporters = [
+            ex for ex in raw_exporters
+            if ex.available_for_user(self.request.user if self.request.user and self.request.user.is_authenticated else None)
+        ]
         for ex in sorted(raw_exporters, key=lambda ex: str(ex.verbose_name)):
             ex._serializer = JobRunSerializer(exporter=ex)
             exporters.append(ex)
         return exporters
 
     def do_export(self, cf, instance, data):
-        return export.apply_async(args=(
-            self.request.event.id,
-        ), kwargs={
-            'user': self.request.user.pk if self.request.user and self.request.user.is_authenticated else None,
-            'token': self.request.auth.pk if isinstance(self.request.auth, TeamAPIToken) else None,
-            'device': self.request.auth.pk if isinstance(self.request.auth, Device) else None,
-            'fileid': str(cf.id),
-            'provider': instance.identifier,
-            'form_data': data,
-        })
+        return export.apply_async(args=(self.request.event.id, str(cf.id), instance.identifier, data))
 
 
 class OrganizerExportersViewSet(ExportersMixin, viewsets.ViewSet):
@@ -171,23 +164,47 @@ class OrganizerExportersViewSet(ExportersMixin, viewsets.ViewSet):
 
     @cached_property
     def exporters(self):
-        raw_exporters = list(init_organizer_exporters(
-            organizer=self.request.organizer,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
         exporters = []
+        if isinstance(self.request.auth, (Device, TeamAPIToken)):
+            perm_holder = self.request.auth
+        else:
+            perm_holder = self.request.user
+        events = perm_holder.get_events_with_permission('can_view_orders', request=self.request).filter(
+            organizer=self.request.organizer
+        )
+        responses = register_multievent_data_exporters.send(self.request.organizer)
+        raw_exporters = [
+            response(Event.objects.none() if issubclass(response, OrganizerLevelExportMixin) else events, self.request.organizer)
+            for r, response in responses
+            if response
+        ]
+        raw_exporters = [
+            ex for ex in raw_exporters
+            if (
+                not isinstance(ex, OrganizerLevelExportMixin) or
+                perm_holder.has_organizer_permission(self.request.organizer, ex.organizer_required_permission, self.request)
+            ) and ex.available_for_user(self.request.user if self.request.user and self.request.user.is_authenticated else None)
+        ]
         for ex in sorted(raw_exporters, key=lambda ex: str(ex.verbose_name)):
-            ex._serializer = JobRunSerializer(exporter=ex)
+            ex._serializer = JobRunSerializer(exporter=ex, events=events)
             exporters.append(ex)
         return exporters
 
+    def get_serializer_kwargs(self):
+        if isinstance(self.request.auth, (Device, TeamAPIToken)):
+            perm_holder = self.request.auth
+        else:
+            perm_holder = self.request.user
+        return {
+            'events': perm_holder.get_events_with_permission('can_view_orders', request=self.request).filter(
+                organizer=self.request.organizer
+            )
+        }
+
     def do_export(self, cf, instance, data):
         return multiexport.apply_async(kwargs={
             'organizer': self.request.organizer.id,
-            'user': self.request.user.id if self.request.user and self.request.user.is_authenticated else None,
+            'user': self.request.user.id if self.request.user.is_authenticated else None,
             'token': self.request.auth.pk if isinstance(self.request.auth, TeamAPIToken) else None,
             'device': self.request.auth.pk if isinstance(self.request.auth, Device) else None,
             'fileid': str(cf.id),
@@ -205,11 +222,11 @@ class ScheduledExportersViewSet(viewsets.ModelViewSet):
 class ScheduledEventExportViewSet(ScheduledExportersViewSet):
     serializer_class = ScheduledEventExportSerializer
     queryset = ScheduledEventExport.objects.none()
-    permission = None
+    permission = 'can_view_orders'
 
     def get_queryset(self):
         perm_holder = self.request.auth if isinstance(self.request.auth, (TeamAPIToken, Device)) else self.request.user
-        if not perm_holder.has_event_permission(self.request.organizer, self.request.event, 'event.settings.general:write',
+        if not perm_holder.has_event_permission(self.request.organizer, self.request.event, 'can_change_event_settings',
                                                 request=self.request):
             if self.request.user.is_authenticated:
                 qs = self.request.event.scheduled_exports.filter(owner=self.request.user)
@@ -241,28 +258,11 @@ class ScheduledEventExportViewSet(ScheduledExportersViewSet):
 
     @cached_property
     def exporters(self):
-        exporters = list(init_event_exporters(
-            event=self.request.event,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
+        responses = register_data_exporters.send(self.request.event)
+        exporters = [response(self.request.event, self.request.organizer) for r, response in responses if response]
         return {e.identifier: e for e in exporters}
 
     def perform_update(self, serializer):
-        if not self.request.user.is_authenticated or self.request.user != serializer.instance.owner:
-            # This is to prevent a possible privilege escalation where user A creates a scheduled export and
-            # user B has settings permission (= they can see the export configuration), but not enough permission
-            # to run the export themselves. Without this check, user B could modify the export and add themselves
-            # as a recipient. Thereby, user B would gain access to data they can't have.
-            exporter = self.exporters.get(serializer.instance.export_identifier)
-            if not exporter:
-                raise PermissionDenied("No access to exporter.")
-            perm_holder = self.request.auth if isinstance(self.request.auth, (TeamAPIToken, Device)) else self.request.user
-            if not perm_holder.has_event_permission(self.request.organizer, self.request.event, exporter.get_required_event_permission()):
-                raise PermissionDenied("No permission to edit exports you could not run.")
-
         serializer.save(event=self.request.event)
         serializer.instance.compute_next_run()
         serializer.instance.error_counter = 0
@@ -291,7 +291,7 @@ class ScheduledOrganizerExportViewSet(ScheduledExportersViewSet):
 
     def get_queryset(self):
         perm_holder = self.request.auth if isinstance(self.request.auth, (TeamAPIToken, Device)) else self.request.user
-        if not perm_holder.has_organizer_permission(self.request.organizer, 'organizer.settings.general:write',
+        if not perm_holder.has_organizer_permission(self.request.organizer, 'can_change_organizer_settings',
                                                     request=self.request):
             if self.request.user.is_authenticated:
                 qs = self.request.organizer.scheduled_exports.filter(owner=self.request.user)
@@ -321,55 +321,26 @@ class ScheduledOrganizerExportViewSet(ScheduledExportersViewSet):
         ctx['exporters'] = self.exporters
         return ctx
 
+    @cached_property
+    def events(self):
+        if isinstance(self.request.auth, (TeamAPIToken, Device)):
+            return self.request.auth.get_events_with_permission('can_view_orders')
+        elif self.request.user.is_authenticated:
+            return self.request.user.get_events_with_permission('can_view_orders', self.request).filter(
+                organizer=self.request.organizer
+            )
+
     @cached_property
     def exporters(self):
-        exporters = list(init_organizer_exporters(
-            organizer=self.request.organizer,
-            user=self.request.user if self.request.user and self.request.user.is_authenticated else None,
-            token=self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None,
-            device=self.request.auth if isinstance(self.request.auth, Device) else None,
-            request=self.request,
-        ))
+        responses = register_multievent_data_exporters.send(self.request.organizer)
+        exporters = [
+            response(Event.objects.none() if issubclass(response, OrganizerLevelExportMixin) else self.events,
+                     self.request.organizer)
+            for r, response in responses if response
+        ]
         return {e.identifier: e for e in exporters}
 
     def perform_update(self, serializer):
-        if not self.request.user.is_authenticated or self.request.user != serializer.instance.owner:
-            # This is to prevent a possible privilege escalation where user A creates a scheduled export and
-            # user B has settings permission (= they can see the export configuration), but not enough permission
-            # to run the export themselves. Without this check, user B could modify the export and add themselves
-            # as a recipient. Thereby, user B would gain access to data they can't have.
-            exporter = self.exporters.get(serializer.instance.export_identifier)
-            if not exporter:
-                raise PermissionDenied("No access to exporter.")
-            perm_holder = (self.request.auth if isinstance(self.request.auth, (Device, TeamAPIToken))
-                           else self.request.user)
-            if isinstance(exporter, OrganizerLevelExportMixin):
-                if not perm_holder.has_organizer_permission(
-                        self.request.organizer, exporter.get_required_organizer_permission(), request=self.request,
-                ):
-                    raise PermissionDenied("No permission to edit exports you could not run.")
-            else:
-                if serializer.instance.export_form_data.get("all_events", False):
-                    if isinstance(self.request.auth, Device):
-                        if not self.request.auth.all_events:
-                            raise PermissionDenied("No permission to edit exports you could not run.")
-                    elif isinstance(self.request.auth, TeamAPIToken):
-                        if not self.request.auth.team.all_events:
-                            raise PermissionDenied("No permission to edit exports you could not run.")
-                    elif self.request.user.is_authenticated:
-                        if not self.request.user.teams.filter(
-                                TeamQuerySet.event_permission_q(exporter.get_required_event_permission()),
-                                all_events=True,
-                        ).exists():
-                            raise PermissionDenied("No permission to edit exports you could not run.")
-                else:
-                    events_selected = serializer.instance.export_form_data.get("events", [])
-                    events_permission = set(perm_holder.get_events_with_permission(
-                        exporter.get_required_event_permission(), request=self.request
-                    ).values_list("pk", flat=True))
-                    if not all(e in events_permission for e in events_selected):
-                        raise PermissionDenied("No permission to edit exports you could not run.")
-
         serializer.save(organizer=self.request.organizer)
         serializer.instance.compute_next_run()
         serializer.instance.error_counter = 0

src/pretix/api/views/item.py

@@ -99,7 +99,7 @@ class ItemViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering = ('position', 'id')
     filterset_class = ItemFilter
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.items.select_related('tax_rule').prefetch_related(
@@ -163,7 +163,7 @@ class ItemVariationViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -234,7 +234,7 @@ class ItemBundleViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id',)
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -286,7 +286,7 @@ class ItemProgramTimeViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id',)
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -339,7 +339,7 @@ class ItemAddOnViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     @cached_property
     def item(self):
@@ -398,7 +398,7 @@ class ItemCategoryViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.categories.all()
@@ -453,7 +453,7 @@ class QuestionViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position', 'id')
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.questions.prefetch_related('options').all()
@@ -497,7 +497,7 @@ class QuestionOptionViewSet(viewsets.ModelViewSet):
     ordering_fields = ('id', 'position')
     ordering = ('position',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         q = get_object_or_404(Question, pk=self.kwargs['question'], event=self.request.event)
@@ -564,7 +564,7 @@ class QuotaViewSet(ConditionalListView, viewsets.ModelViewSet):
     ordering_fields = ('id', 'size')
     ordering = ('id',)
     permission = None
-    write_permission = 'event.items:write'
+    write_permission = 'can_change_items'
 
     def get_queryset(self):
         return self.request.event.quotas.select_related('subevent').prefetch_related('items', 'variations').all()

src/pretix/api/views/media.py

@@ -62,8 +62,8 @@ with scopes_disabled():
 class ReusableMediaViewSet(viewsets.ModelViewSet):
     serializer_class = ReusableMediaSerializer
     queryset = ReusableMedium.objects.none()
-    permission = 'organizer.reusablemedia:read'
-    write_permission = 'organizer.reusablemedia:write'
+    permission = 'can_manage_reusable_media'
+    write_permission = 'can_manage_reusable_media'
     filter_backends = (DjangoFilterBackend, OrderingFilter)
     ordering = ('-updated', '-id')
     ordering_fields = ('created', 'updated', 'identifier', 'type', 'id')
@@ -95,8 +95,6 @@ class ReusableMediaViewSet(viewsets.ModelViewSet):
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
         ctx['organizer'] = self.request.organizer
-        ctx['can_read_giftcards'] = 'organizer.giftcards:read' in self.request.orgapermset
-        ctx['can_read_customers'] = 'organizer.customers:read' in self.request.orgapermset
         return ctx
 
     @transaction.atomic()

src/pretix/api/views/order.py

@@ -57,10 +57,9 @@ from pretix.api.serializers.order import (
     BlockedTicketSecretSerializer, InvoiceSerializer, OrderCreateSerializer,
     OrderPaymentCreateSerializer, OrderPaymentSerializer,
     OrderPositionSerializer, OrderRefundCreateSerializer,
-    OrderRefundSerializer, OrderSerializer, OrganizerOrderPositionSerializer,
-    OrganizerTransactionSerializer, PriceCalcSerializer, PrintLogSerializer,
-    RevokedTicketSecretSerializer, SimulatedOrderSerializer,
-    TransactionSerializer,
+    OrderRefundSerializer, OrderSerializer, OrganizerTransactionSerializer,
+    PriceCalcSerializer, PrintLogSerializer, RevokedTicketSecretSerializer,
+    SimulatedOrderSerializer, TransactionSerializer,
 )
 from pretix.api.serializers.orderchange import (
     BlockNameSerializer, OrderChangeOperationSerializer,
@@ -317,7 +316,7 @@ class OrderViewSetMixin:
 
 class OrganizerOrderViewSet(OrderViewSetMixin, viewsets.ReadOnlyModelViewSet):
     def get_base_queryset(self):
-        perm = "event.orders:read" if self.request.method in SAFE_METHODS else "event.orders:write"
+        perm = "can_view_orders" if self.request.method in SAFE_METHODS else "can_change_orders"
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
             return Order.objects.filter(
                 event__organizer=self.request.organizer,
@@ -338,8 +337,8 @@ class OrganizerOrderViewSet(OrderViewSetMixin, viewsets.ReadOnlyModelViewSet):
 
 
 class EventOrderViewSet(OrderViewSetMixin, viewsets.ModelViewSet):
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
@@ -1066,12 +1065,15 @@ with scopes_disabled():
             }
 
 
-class OrderPositionViewSetMixin:
+class OrderPositionViewSet(viewsets.ModelViewSet):
+    serializer_class = OrderPositionSerializer
     queryset = OrderPosition.all.none()
     filter_backends = (DjangoFilterBackend, RichOrderingFilter)
     ordering = ('order__datetime', 'positionid')
     ordering_fields = ('order__code', 'order__datetime', 'positionid', 'attendee_name', 'order__status',)
     filterset_class = OrderPositionFilter
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
     ordering_custom = {
         'attendee_name': {
             '_order': F('display_name').asc(nulls_first=True),
@@ -1085,7 +1087,8 @@ class OrderPositionViewSetMixin:
 
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        ctx['pdf_data'] = False
+        ctx['event'] = self.request.event
+        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
         ctx['check_quotas'] = self.request.query_params.get('check_quotas', 'true').lower() == 'true'
         return ctx
 
@@ -1094,8 +1097,9 @@ class OrderPositionViewSetMixin:
             qs = OrderPosition.all
         else:
             qs = OrderPosition.objects
-        qs = qs.filter(order__event__organizer=self.request.organizer)
-        if self.request.query_params.get('pdf_data', 'false').lower() == 'true' and getattr(self.request, 'event', None):
+
+        qs = qs.filter(order__event=self.request.event)
+        if self.request.query_params.get('pdf_data', 'false').lower() == 'true':
             prefetch_related_objects([self.request.organizer], 'meta_properties')
             prefetch_related_objects(
                 [self.request.event],
@@ -1150,9 +1154,9 @@ class OrderPositionViewSetMixin:
             qs = qs.prefetch_related(
                 Prefetch('checkins', queryset=Checkin.objects.select_related("device")),
                 Prefetch('print_logs', queryset=PrintLog.objects.select_related('device')),
-                'answers', 'answers__options', 'answers__question', 'order__event', 'order__event__organizer'
+                'answers', 'answers__options', 'answers__question',
             ).select_related(
-                'item', 'order', 'seat'
+                'item', 'order', 'order__event', 'order__event__organizer', 'seat'
             )
         return qs
 
@@ -1164,49 +1168,6 @@ class OrderPositionViewSetMixin:
                 return prov
         raise NotFound('Unknown output provider.')
 
-
-class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
-    serializer_class = OrganizerOrderPositionSerializer
-    permission = None
-    write_permission = None
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-
-        perm = "event.orders:read" if self.request.method in SAFE_METHODS else "event.orders:write"
-
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
-            auth_obj = self.request.auth
-        elif self.request.user.is_authenticated:
-            auth_obj = self.request.user
-        else:
-            raise PermissionDenied("Unknown authentication scheme")
-
-        qs = qs.filter(
-            order__event__in=auth_obj.get_events_with_permission(perm, request=self.request).filter(
-                organizer=self.request.organizer
-            )
-        )
-
-        return qs
-
-
-class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet):
-    serializer_class = OrderPositionSerializer
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
-
-    def get_serializer_context(self):
-        ctx = super().get_serializer_context()
-        ctx['event'] = self.request.event
-        ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
-        return ctx
-
-    def get_queryset(self):
-        qs = super().get_queryset()
-        qs = qs.filter(order__event=self.request.event)
-        return qs
-
     @action(detail=True, methods=['POST'], url_name='price_calc')
     def price_calc(self, request, *args, **kwargs):
         """
@@ -1613,8 +1574,8 @@ class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet
 class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderPaymentSerializer
     queryset = OrderPayment.objects.none()
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
     lookup_field = 'local_id'
 
     def get_serializer_context(self):
@@ -1786,8 +1747,8 @@ class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
 class RefundViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = OrderRefundSerializer
     queryset = OrderRefund.objects.none()
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
     lookup_field = 'local_id'
 
     def get_queryset(self):
@@ -1944,18 +1905,13 @@ class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
     ordering = ('nr',)
     ordering_fields = ('nr', 'date')
     filterset_class = InvoiceFilter
+    permission = 'can_view_orders'
     lookup_url_kwarg = 'number'
     lookup_field = 'nr'
-
-    def _get_permission_name(self, request):
-        if 'event' in request.resolver_match.kwargs:
-            if request.method not in SAFE_METHODS:
-                return "event.orders:write"
-            return "event.orders:read"
-        return None  # org-level is handled by event__in check
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
-        perm = "event.orders:read" if self.request.method in SAFE_METHODS else "event.orders:write"
+        perm = "can_view_orders" if self.request.method in SAFE_METHODS else "can_change_orders"
         if getattr(self.request, 'event', None):
             qs = self.request.event.invoices
         elif isinstance(self.request.auth, (TeamAPIToken, Device)):
@@ -2096,8 +2052,8 @@ class RevokedSecretViewSet(viewsets.ReadOnlyModelViewSet):
     ordering = ('-created',)
     ordering_fields = ('created', 'secret')
     filterset_class = RevokedSecretFilter
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return RevokedTicketSecret.objects.filter(event=self.request.event)
@@ -2118,8 +2074,8 @@ class BlockedSecretViewSet(viewsets.ReadOnlyModelViewSet):
     filter_backends = (DjangoFilterBackend, TotalOrderingFilter)
     ordering = ('-updated', '-pk')
     filterset_class = BlockedSecretFilter
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return BlockedTicketSecret.objects.filter(event=self.request.event)
@@ -2154,7 +2110,7 @@ class TransactionViewSet(viewsets.ReadOnlyModelViewSet):
     ordering = ('datetime', 'pk')
     ordering_fields = ('datetime', 'created', 'id',)
     filterset_class = TransactionFilter
-    permission = 'event.orders:read'
+    permission = 'can_view_orders'
 
     def get_queryset(self):
         return Transaction.objects.filter(order__event=self.request.event).select_related("order")
@@ -2171,11 +2127,11 @@ class OrganizerTransactionViewSet(TransactionViewSet):
 
         if isinstance(self.request.auth, (TeamAPIToken, Device)):
             qs = qs.filter(
-                order__event__in=self.request.auth.get_events_with_permission("event.orders:read"),
+                order__event__in=self.request.auth.get_events_with_permission("can_view_orders"),
             )
         elif self.request.user.is_authenticated:
             qs = qs.filter(
-                order__event__in=self.request.user.get_events_with_permission("event.orders:read", request=self.request)
+                order__event__in=self.request.user.get_events_with_permission("can_view_orders", request=self.request)
             )
         else:
             raise PermissionDenied("Unknown authentication scheme")

src/pretix/api/views/organizer.py

@@ -70,7 +70,7 @@ class OrganizerViewSet(mixins.UpdateModelMixin, viewsets.ReadOnlyModelViewSet):
     filter_backends = (TotalOrderingFilter,)
     ordering = ('slug',)
     ordering_fields = ('name', 'slug')
-    write_permission = "organizer.settings.general:write"
+    write_permission = "can_change_organizer_settings"
 
     def get_queryset(self):
         if self.request.user.is_authenticated:
@@ -154,8 +154,8 @@ class OrganizerViewSet(mixins.UpdateModelMixin, viewsets.ReadOnlyModelViewSet):
 class SeatingPlanViewSet(viewsets.ModelViewSet):
     serializer_class = SeatingPlanSerializer
     queryset = SeatingPlan.objects.none()
-    permission = None
-    write_permission = 'organizer.seatingplans:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
 
     def get_queryset(self):
         return self.request.organizer.seating_plans.order_by('name')
@@ -221,8 +221,8 @@ with scopes_disabled():
 class GiftCardViewSet(viewsets.ModelViewSet):
     serializer_class = GiftCardSerializer
     queryset = GiftCard.objects.none()
-    permission = 'organizer.giftcards:read'
-    write_permission = 'organizer.giftcards:write'
+    permission = 'can_manage_gift_cards'
+    write_permission = 'can_manage_gift_cards'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = GiftCardFilter
 
@@ -249,24 +249,12 @@ class GiftCardViewSet(viewsets.ModelViewSet):
     def perform_create(self, serializer):
         value = serializer.validated_data.pop('value')
         inst = serializer.save(issuer=self.request.organizer)
-        inst.log_action(
-            action='pretix.giftcards.created',
-            user=self.request.user,
-            auth=self.request.auth,
-        )
         inst.transactions.create(value=value, acceptor=self.request.organizer)
         inst.log_action(
-            action='pretix.giftcards.transaction.manual',
+            'pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data=merge_dicts(
-                self.request.data,
-                {
-                    'id': inst.pk,
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
-                }
-            )
+            data=merge_dicts(self.request.data, {'id': inst.pk})
         )
 
     @transaction.atomic()
@@ -281,7 +269,7 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             inst = serializer.save(secret=serializer.instance.secret, currency=serializer.instance.currency,
                                    testmode=serializer.instance.testmode)
             inst.log_action(
-                action='pretix.giftcards.modified',
+                'pretix.giftcards.modified',
                 user=self.request.user,
                 auth=self.request.auth,
                 data=self.request.data,
@@ -294,14 +282,10 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             diff = value - old_value
             inst.transactions.create(value=diff, acceptor=self.request.organizer)
             inst.log_action(
-                action='pretix.giftcards.transaction.manual',
+                'pretix.giftcards.transaction.manual',
                 user=self.request.user,
                 auth=self.request.auth,
-                data={
-                    'value': diff,
-                    'acceptor_id': self.request.organizer.id,
-                    'acceptor_slug': self.request.organizer.slug
-                }
+                data={'value': diff}
             )
 
         return inst
@@ -325,15 +309,10 @@ class GiftCardViewSet(viewsets.ModelViewSet):
             }, status=status.HTTP_409_CONFLICT)
         gc.transactions.create(value=value, text=text, info=info, acceptor=self.request.organizer)
         gc.log_action(
-            action='pretix.giftcards.transaction.manual',
+            'pretix.giftcards.transaction.manual',
             user=self.request.user,
             auth=self.request.auth,
-            data={
-                'value': value,
-                'text': text,
-                'acceptor_id': self.request.organizer.id,
-                'acceptor_slug': self.request.organizer.slug
-            }
+            data={'value': value, 'text': text}
         )
         return Response(GiftCardSerializer(gc, context=self.get_serializer_context()).data, status=status.HTTP_200_OK)
 
@@ -344,8 +323,8 @@ class GiftCardViewSet(viewsets.ModelViewSet):
 class GiftCardTransactionViewSet(viewsets.ReadOnlyModelViewSet):
     serializer_class = GiftCardTransactionSerializer
     queryset = GiftCardTransaction.objects.none()
-    permission = 'organizer.giftcards:read'
-    write_permission = 'organizer.giftcards:write'
+    permission = 'can_manage_gift_cards'
+    write_permission = 'can_manage_gift_cards'
 
     @cached_property
     def giftcard(self):
@@ -362,8 +341,8 @@ class GiftCardTransactionViewSet(viewsets.ReadOnlyModelViewSet):
 class TeamViewSet(viewsets.ModelViewSet):
     serializer_class = TeamSerializer
     queryset = Team.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     def get_queryset(self):
         return self.request.organizer.teams.order_by('pk')
@@ -402,8 +381,8 @@ class TeamViewSet(viewsets.ModelViewSet):
 class TeamMemberViewSet(DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = TeamMemberSerializer
     queryset = User.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     @cached_property
     def team(self):
@@ -431,8 +410,8 @@ class TeamMemberViewSet(DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
 class TeamInviteViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = TeamInviteSerializer
     queryset = TeamInvite.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     @cached_property
     def team(self):
@@ -468,8 +447,8 @@ class TeamInviteViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyMo
 class TeamAPITokenViewSet(CreateModelMixin, DestroyModelMixin, viewsets.ReadOnlyModelViewSet):
     serializer_class = TeamAPITokenSerializer
     queryset = TeamAPIToken.objects.none()
-    permission = 'organizer.teams:write'
-    write_permission = 'organizer.teams:write'
+    permission = 'can_change_teams'
+    write_permission = 'can_change_teams'
 
     @cached_property
     def team(self):
@@ -532,8 +511,8 @@ class DeviceViewSet(mixins.CreateModelMixin,
                     GenericViewSet):
     serializer_class = DeviceSerializer
     queryset = Device.objects.none()
-    permission = 'organizer.devices:read'
-    write_permission = 'organizer.devices:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
     lookup_field = 'device_id'
 
     def get_queryset(self):
@@ -542,9 +521,6 @@ class DeviceViewSet(mixins.CreateModelMixin,
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
         ctx['organizer'] = self.request.organizer
-        ctx['can_see_tokens'] = (
-            self.request.user if self.request.user and self.request.user.is_authenticated else self.request.auth
-        ).has_organizer_permission(self.request.organizer, 'organizer.devices:write', request=self.request)
         return ctx
 
     @transaction.atomic()
@@ -571,11 +547,11 @@ class DeviceViewSet(mixins.CreateModelMixin,
 
 class OrganizerSettingsView(views.APIView):
     permission = None
-    write_permission = 'organizer.settings.general:write'
+    write_permission = 'can_change_organizer_settings'
 
     def get(self, request, *args, **kwargs):
         s = OrganizerSettingsSerializer(instance=request.organizer.settings, organizer=request.organizer, context={
-            'request': request, 'permissions': request.orgapermset
+            'request': request
         })
         if 'explain' in request.GET:
             return Response({
@@ -592,7 +568,7 @@ class OrganizerSettingsView(views.APIView):
         s = OrganizerSettingsSerializer(
             instance=request.organizer.settings, data=request.data, partial=True,
             organizer=request.organizer, context={
-                'request': request, 'permissions': request.orgapermset
+                'request': request
             }
         )
         s.is_valid(raise_exception=True)
@@ -604,7 +580,7 @@ class OrganizerSettingsView(views.APIView):
                 }
             )
         s = OrganizerSettingsSerializer(instance=request.organizer.settings, organizer=request.organizer, context={
-            'request': request, 'permissions': request.orgapermset
+            'request': request
         })
         return Response(s.data)
 
@@ -621,8 +597,7 @@ with scopes_disabled():
 class CustomerViewSet(viewsets.ModelViewSet):
     serializer_class = CustomerSerializer
     queryset = Customer.objects.none()
-    permission = 'organizer.customers:read'
-    write_permission = 'organizer.customers:write'
+    permission = 'can_manage_customers'
     lookup_field = 'identifier'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = CustomerFilter
@@ -682,7 +657,7 @@ class CustomerViewSet(viewsets.ModelViewSet):
 class MembershipTypeViewSet(viewsets.ModelViewSet):
     serializer_class = MembershipTypeSerializer
     queryset = MembershipType.objects.none()
-    permission = 'organizer.settings.general:write'
+    permission = 'can_change_organizer_settings'
 
     def get_queryset(self):
         qs = self.request.organizer.membership_types.all()
@@ -739,8 +714,7 @@ with scopes_disabled():
 class MembershipViewSet(viewsets.ModelViewSet):
     serializer_class = MembershipSerializer
     queryset = Membership.objects.none()
-    permission = 'organizer.customers:read'
-    write_permission = 'organizer.customers:write'
+    permission = 'can_manage_customers'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = MembershipFilter
 
@@ -790,8 +764,8 @@ with scopes_disabled():
 class SalesChannelViewSet(viewsets.ModelViewSet):
     serializer_class = SalesChannelSerializer
     queryset = SalesChannel.objects.none()
-    permission = 'organizer.settings.general:write'
-    write_permission = 'organizer.settings.general:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = SalesChannelFilter
     lookup_field = 'identifier'

src/pretix/api/views/shredders.py

@@ -204,7 +204,7 @@ class ShreddersMixin:
 
 
 class EventShreddersViewSet(ShreddersMixin, viewsets.ViewSet):
-    permission = 'event.orders:write'
+    permission = 'can_change_orders'
 
     def get_serializer_kwargs(self):
         return {}

src/pretix/api/views/voucher.py

@@ -62,8 +62,8 @@ class VoucherViewSet(viewsets.ModelViewSet):
     ordering = ('id',)
     ordering_fields = ('id', 'code', 'max_usages', 'valid_until', 'value')
     filterset_class = VoucherFilter
-    permission = 'event.vouchers:read'
-    write_permission = 'event.vouchers:write'
+    permission = 'can_view_vouchers'
+    write_permission = 'can_change_vouchers'
 
     @scopes_disabled()  # we have an event check here, and we can save some performance on subqueries
     def get_queryset(self):

src/pretix/api/views/waitinglist.py

@@ -51,8 +51,8 @@ class WaitingListViewSet(viewsets.ModelViewSet):
     ordering = ('created', 'pk',)
     ordering_fields = ('id', 'created', 'email', 'item')
     filterset_class = WaitingListFilter
-    permission = 'event.orders:read'
-    write_permission = 'event.orders:write'
+    permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return self.request.event.waitinglistentries.all()

src/pretix/api/views/webhooks.py

@@ -35,8 +35,8 @@ class WebhookFilter(FilterSet):
 class WebHookViewSet(viewsets.ModelViewSet):
     serializer_class = WebHookSerializer
     queryset = WebHook.objects.none()
-    permission = 'organizer.settings.general:write'
-    write_permission = 'organizer.settings.general:write'
+    permission = 'can_change_organizer_settings'
+    write_permission = 'can_change_organizer_settings'
     filter_backends = (DjangoFilterBackend,)
     filterset_class = WebhookFilter
 

src/pretix/api/webhooks.py

@@ -174,38 +174,6 @@ class ParametrizedEventWebhookEvent(ParametrizedWebhookEvent):
         }
 
 
-class ParametrizedGiftcardWebhookEvent(ParametrizedWebhookEvent):
-    def build_payload(self, logentry: LogEntry):
-        giftcard = logentry.content_object
-        if not giftcard:
-            return None
-
-        return {
-            'notification_id': logentry.pk,
-            'issuer_id': logentry.organizer_id,
-            'issuer_slug': logentry.organizer.slug,
-            'giftcard': giftcard.pk,
-            'action': logentry.action_type,
-        }
-
-
-class ParametrizedGiftcardTransactionWebhookEvent(ParametrizedWebhookEvent):
-    def build_payload(self, logentry: LogEntry):
-        giftcard = logentry.content_object
-        if not giftcard:
-            return None
-
-        return {
-            'notification_id': logentry.pk,
-            'issuer_id': logentry.organizer_id,
-            'issuer_slug': logentry.organizer.slug,
-            'acceptor_id': logentry.parsed_data.get('acceptor_id'),
-            'acceptor_slug': logentry.parsed_data.get('acceptor_slug'),
-            'giftcard': giftcard.pk,
-            'action': logentry.action_type,
-        }
-
-
 class ParametrizedVoucherWebhookEvent(ParametrizedWebhookEvent):
 
     def build_payload(self, logentry: LogEntry):
@@ -465,18 +433,6 @@ def register_default_webhook_events(sender, **kwargs):
             'pretix.customer.anonymized',
             _('Customer account anonymized'),
         ),
-        ParametrizedGiftcardWebhookEvent(
-            'pretix.giftcards.created',
-            _('Gift card added'),
-        ),
-        ParametrizedGiftcardWebhookEvent(
-            'pretix.giftcards.modified',
-            _('Gift card modified'),
-        ),
-        ParametrizedGiftcardTransactionWebhookEvent(
-            'pretix.giftcards.transaction.*',
-            _('Gift card used in transaction'),
-        )
     )
 
 

src/pretix/base/auth.py

@@ -224,7 +224,7 @@ class HistoryPasswordValidator:
         ).delete()
 
 
-def has_event_access_permission(request, permission='event.settings.general:write'):
+def has_event_access_permission(request, permission='can_change_event_settings'):
     return (
         request.user.is_authenticated and
         request.user.has_event_permission(request.organizer, request.event, permission, request=request)

src/pretix/base/datasync/datasync.py

@@ -216,10 +216,7 @@ class OutboundSyncProvider:
 
             try:
                 mapped_objects = self.sync_order(sq.order)
-                actions_taken = [res and res.sync_info.get("action", "") for res_list in mapped_objects.values() for res in res_list]
-                should_write_logentry = any(action not in (None, "nothing_to_do") for action in actions_taken)
-                logger.info('Synced order %s to %s, actions: %r, log: %r', sq.order.code, sq.sync_provider, actions_taken, should_write_logentry)
-                if should_write_logentry:
+                if not all(all(not res or res.sync_info.get("action", "") == "nothing_to_do" for res in res_list) for res_list in mapped_objects.values()):
                     sq.order.log_action("pretix.event.order.data_sync.success", {
                         "provider": self.identifier,
                         "objects": {
@@ -240,7 +237,7 @@ class OutboundSyncProvider:
                     sq.set_sync_error("exceeded", e.messages, e.full_message)
                 else:
                     logger.info(
-                        f"Could not sync order {sq.order.code} to {sq.sync_provider} "
+                        f"Could not sync order {sq.order.code} to {type(self).__name__} "
                         f"(transient error, attempt #{sq.failed_attempts}, next {sq.not_before})",
                         exc_info=True,
                     )

src/pretix/base/email.py

@@ -39,7 +39,7 @@ from pretix.base.templatetags.rich_text import (
     DEFAULT_CALLBACKS, EMAIL_RE, URL_RE, abslink_callback,
     markdown_compile_email, truelink_callback,
 )
-from pretix.helpers.format import FormattedString, SafeFormatter, format_map
+from pretix.helpers.format import SafeFormatter, format_map
 
 from pretix.base.services.placeholders import (  # noqa
     get_available_placeholders, PlaceholderContext
@@ -141,7 +141,6 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
         return markdown_compile_email(plaintext, context=context)
 
     def render(self, plain_body: str, plain_signature: str, subject: str, order, position, context) -> str:
-        apply_format_map = not isinstance(plain_body, FormattedString)
         body_md = self.compile_markdown(plain_body, context)
         if context:
             linker = bleach.Linker(
@@ -150,13 +149,12 @@ class TemplateBasedMailRenderer(BaseHTMLMailRenderer):
                 callbacks=DEFAULT_CALLBACKS + [truelink_callback, abslink_callback],
                 parse_email=True
             )
-            if apply_format_map:
-                body_md = format_map(
-                    body_md,
-                    context=context,
-                    mode=SafeFormatter.MODE_RICH_TO_HTML,
-                    linkifier=linker
-                )
+            body_md = format_map(
+                body_md,
+                context=context,
+                mode=SafeFormatter.MODE_RICH_TO_HTML,
+                linkifier=linker
+            )
         htmlctx = {
             'site': settings.PRETIX_INSTANCE_NAME,
             'site_url': settings.SITE_URL,

src/pretix/base/exporter.py

@@ -73,9 +73,6 @@ class BaseExporter:
             self.events = Event.objects.filter(pk=event.pk)
             self.timezone = event.timezone
 
-        if hasattr(self, 'organizer_required_permission'):
-            raise TypeError("Deprecated attribute organizer_required_permission no longer supported.")
-
     def __str__(self):
         return self.identifier
 
@@ -179,30 +176,15 @@ class BaseExporter:
         """
         return True
 
-    @classmethod
-    def get_required_event_permission(cls) -> str:
-        """
-        The permission level required to use this exporter for events. For multi-event-exports, this will be used
-        to limit the selection of events. Will be ignored if the ``OrganizerLevelExportMixin`` mixin is used.
-        The default implementation returns ``"event.orders:read"``.
-        """
-        return 'event.orders:read'
-
 
 class OrganizerLevelExportMixin:
-    @classmethod
-    def get_required_event_permission(cls):
-        raise TypeError("required_event_permission may not be called on OrganizerLevelExportMixin")
-
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
+    @property
+    def organizer_required_permission(self) -> str:
         """
-        The permission level required to use this exporter. Must be set for organizer-level exports. Set to `None` to
-        allow everyone with any access to the organizer.
-
-        ``get_required_event_permission`` will be ignored on this class.
+        The permission level required to use this exporter. Only useful for organizer-level exports,
+        not for event-level exports.
         """
-        raise NotImplementedError()
+        return 'can_view_orders'
 
 
 class ListExporter(BaseExporter):

src/pretix/base/exporters/customers.py

@@ -47,13 +47,10 @@ from ..signals import register_multievent_data_exporters
 class CustomerListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'customerlist'
     verbose_name = gettext_lazy('Customer accounts')
+    organizer_required_permission = 'can_manage_customers'
     category = pgettext_lazy('export_category', 'Customer accounts')
     description = gettext_lazy('Download a spreadsheet of all currently registered customer accounts.')
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return 'organizer.customers:write'
-
     @property
     def additional_form_fields(self):
         return OrderedDict(

src/pretix/base/exporters/orderlist.py

@@ -271,7 +271,7 @@ class OrderListExporter(MultiSheetListExporter):
 
         qs = self._date_filter(qs, form_data, rel='')
 
-        if form_data.get('paid_only'):
+        if form_data['paid_only']:
             qs = qs.filter(status=Order.STATUS_PAID)
         return qs
 
@@ -315,9 +315,8 @@ class OrderListExporter(MultiSheetListExporter):
             for id, vn in payment_methods:
                 headers.append(_('Paid by {method}').format(method=vn))
 
-        if self.event_object_cache:
-            # get meta_data labels from first cached event if any
-            headers += next(iter(self.event_object_cache.values())).meta_data.keys()
+        # get meta_data labels from first cached event
+        headers += next(iter(self.event_object_cache.values())).meta_data.keys()
         yield headers
 
         full_fee_sum_cache = {
@@ -458,7 +457,7 @@ class OrderListExporter(MultiSheetListExporter):
         ).annotate(
             payment_providers=Subquery(p_providers, output_field=CharField()),
         ).select_related('order', 'order__invoice_address', 'order__customer', 'tax_rule')
-        if form_data.get('paid_only'):
+        if form_data['paid_only']:
             qs = qs.filter(order__status=Order.STATUS_PAID, canceled=False)
 
         if form_data.get('items'):
@@ -504,9 +503,8 @@ class OrderListExporter(MultiSheetListExporter):
         headers.append(_('External customer ID'))
         headers.append(_('Payment providers'))
 
-        if self.event_object_cache:
-            # get meta_data labels from first cached event if any
-            headers += next(iter(self.event_object_cache.values())).meta_data.keys()
+        # get meta_data labels from first cached event
+        headers += next(iter(self.event_object_cache.values())).meta_data.keys()
         yield headers
 
         yield self.ProgressSetTotal(total=qs.count())
@@ -562,7 +560,7 @@ class OrderListExporter(MultiSheetListExporter):
         qs = OrderPosition.all.filter(
             order__event__in=self.events,
         )
-        if form_data.get('paid_only'):
+        if form_data['paid_only']:
             qs = qs.filter(order__status=Order.STATUS_PAID, canceled=False)
 
         if form_data.get('items'):
@@ -653,7 +651,6 @@ class OrderListExporter(MultiSheetListExporter):
             pgettext('address', 'State'),
             _('Voucher'),
             _('Voucher budget usage'),
-            _('Voucher tag'),
             _('Pseudonymization ID'),
             _('Ticket secret'),
             _('Seat ID'),
@@ -709,9 +706,9 @@ class OrderListExporter(MultiSheetListExporter):
             _('Position order link')
         ]
 
+        # get meta_data labels from first cached event
+        meta_data_labels = next(iter(self.event_object_cache.values())).meta_data.keys()
         if has_subevents:
-            # get meta_data labels from first cached event
-            meta_data_labels = next(iter(self.event_object_cache.values())).meta_data.keys()
             headers += meta_data_labels
         yield headers
 
@@ -772,7 +769,6 @@ class OrderListExporter(MultiSheetListExporter):
                     op.state_for_address or '',
                     op.voucher.code if op.voucher else '',
                     op.voucher_budget_use if op.voucher_budget_use else '',
-                    op.voucher.tag if op.voucher else '',
                     op.pseudonymization_id,
                     op.secret,
                 ]
@@ -1239,14 +1235,11 @@ class QuotaListExporter(ListExporter):
 class GiftcardTransactionListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'giftcardtransactionlist'
     verbose_name = gettext_lazy('Gift card transactions')
+    organizer_required_permission = 'can_manage_gift_cards'
     category = pgettext_lazy('export_category', 'Gift cards')
     description = gettext_lazy('Download a spreadsheet of all gift card transactions.')
     repeatable_read = False
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return 'organizer.giftcards:read'
-
     @property
     def additional_form_fields(self):
         d = [
@@ -1349,13 +1342,10 @@ class GiftcardRedemptionListExporter(ListExporter):
 class GiftcardListExporter(OrganizerLevelExportMixin, ListExporter):
     identifier = 'giftcardlist'
     verbose_name = gettext_lazy('Gift cards')
+    organizer_required_permission = 'can_manage_gift_cards'
     category = pgettext_lazy('export_category', 'Gift cards')
     description = gettext_lazy('Download a spreadsheet of all gift cards including their current value.')
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return 'organizer.giftcards:read'
-
     @property
     def additional_form_fields(self):
         return OrderedDict(

src/pretix/base/exporters/reusablemedia.py

@@ -36,10 +36,6 @@ class ReusableMediaExporter(OrganizerLevelExportMixin, ListExporter):
     description = _('Download a spread sheet with the data of all reusable medias on your account.')
     repeatable_read = False
 
-    @classmethod
-    def get_required_organizer_permission(cls) -> str:
-        return "organizer.reusablemedia:read"
-
     def iterate_list(self, form_data):
         media = ReusableMedium.objects.filter(
             organizer=self.organizer,

src/pretix/base/forms/auth.py

@@ -196,7 +196,8 @@ class RegistrationForm(forms.Form):
     def clean_password(self):
         password1 = self.cleaned_data.get('password', '')
         user = User(email=self.cleaned_data.get('email'))
-        validate_password(password1, user=user)
+        if validate_password(password1, user=user) is not None:
+            raise forms.ValidationError(_(password_validators_help_texts()), code='pw_invalid')
         return password1
 
     def clean_email(self):

src/pretix/base/forms/questions.py

@@ -45,6 +45,7 @@ import pycountry
 from django import forms
 from django.conf import settings
 from django.contrib import messages
+from django.contrib.gis.geoip2 import GeoIP2
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import SimpleUploadedFile
 from django.core.validators import (
@@ -101,7 +102,6 @@ from pretix.helpers.countries import (
 from pretix.helpers.escapejson import escapejson_attr
 from pretix.helpers.http import get_client_ip
 from pretix.helpers.i18n import get_format_without_seconds
-from pretix.helpers.security import get_geoip
 from pretix.presale.signals import question_form_fields
 
 logger = logging.getLogger(__name__)
@@ -393,7 +393,7 @@ class WrappedPhoneNumberPrefixWidget(PhoneNumberPrefixWidget):
 
 def guess_country_from_request(request, event):
     if settings.HAS_GEOIP:
-        g = get_geoip()
+        g = GeoIP2()
         try:
             res = g.country(get_client_ip(request))
             if res['country_code'] and len(res['country_code']) == 2:
@@ -890,18 +890,18 @@ class BaseQuestionsForm(forms.Form):
                 if not help_text:
                     if q.valid_date_min and q.valid_date_max:
                         help_text = format_lazy(
-                            _('Please enter a date between {min} and {max}.'),
+                            'Please enter a date between {min} and {max}.',
                             min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                             max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                         )
                     elif q.valid_date_min:
                         help_text = format_lazy(
-                            _('Please enter a date no earlier than {min}.'),
+                            'Please enter a date no earlier than {min}.',
                             min=date_format(q.valid_date_min, "SHORT_DATE_FORMAT"),
                         )
                     elif q.valid_date_max:
                         help_text = format_lazy(
-                            _('Please enter a date no later than {max}.'),
+                            'Please enter a date no later than {max}.',
                             max=date_format(q.valid_date_max, "SHORT_DATE_FORMAT"),
                         )
                 if initial and initial.answer:
@@ -939,18 +939,18 @@ class BaseQuestionsForm(forms.Form):
                 if not help_text:
                     if q.valid_datetime_min and q.valid_datetime_max:
                         help_text = format_lazy(
-                            _('Please enter a date and time between {min} and {max}.'),
+                            'Please enter a date and time between {min} and {max}.',
                             min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                             max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                         )
                     elif q.valid_datetime_min:
                         help_text = format_lazy(
-                            _('Please enter a date and time no earlier than {min}.'),
+                            'Please enter a date and time no earlier than {min}.',
                             min=date_format(q.valid_datetime_min, "SHORT_DATETIME_FORMAT"),
                         )
                     elif q.valid_datetime_max:
                         help_text = format_lazy(
-                            _('Please enter a date and time no later than {max}.'),
+                            'Please enter a date and time no later than {max}.',
                             max=date_format(q.valid_datetime_max, "SHORT_DATETIME_FORMAT"),
                         )
 
@@ -1415,7 +1415,6 @@ class BaseInvoiceAddressForm(forms.ModelForm):
                     if not data.get(r):
                         raise ValidationError({r: _("This field is required for the selected type of invoice transmission.")})
 
-                transmission_type.validate_invoice_address_data(data)
                 self.instance.transmission_type = transmission_type.identifier
                 self.instance.transmission_info = transmission_type.form_data_to_transmission_info(data)
             elif transmission_type.is_exclusive(self.event, data.get("country"), data.get("is_business")):

src/pretix/base/forms/widgets.py

@@ -42,8 +42,6 @@ from django.utils.html import escape
 from django.utils.timezone import get_current_timezone, now
 from django.utils.translation import gettext_lazy as _
 
-from pretix.helpers.format import PlainHtmlAlternativeString
-
 
 def replace_arabic_numbers(inp):
     if not isinstance(inp, str):
@@ -63,18 +61,11 @@ def replace_arabic_numbers(inp):
     return inp.translate(table)
 
 
-def format_placeholder_help_text(placeholder_name, sample_value):
-    if isinstance(sample_value, PlainHtmlAlternativeString):
-        sample_value = sample_value.plain
-    title = (_("Sample: %s") % sample_value) if sample_value else ""
-    return ('<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(title), escape(placeholder_name)))
-
-
 def format_placeholders_help_text(placeholders, event=None):
     placeholders = [(k, v.render_sample(event) if event else v) for k, v in placeholders.items()]
     placeholders.sort(key=lambda x: x[0])
     phs = [
-        format_placeholder_help_text(k, v)
+        '<button type="button" class="content-placeholder" title="%s">{%s}</button>' % (escape(_("Sample: %s") % v) if v else "", escape(k))
         for k, v in placeholders
     ]
     return _('Available placeholders: {list}').format(

src/pretix/base/invoicing/email.py

@@ -33,7 +33,8 @@ from pretix.base.invoicing.transmission import (
     transmission_types,
 )
 from pretix.base.models import Invoice, InvoiceAddress
-from pretix.base.services.mail import mail
+from pretix.base.services.mail import mail, render_mail
+from pretix.helpers.format import format_map
 
 
 @transmission_types.new()
@@ -133,7 +134,9 @@ class EmailTransmissionProvider(TransmissionProvider):
             subject = invoice.order.event.settings.get('mail_subject_order_invoice', as_type=LazyI18nString)
 
             # Do not set to completed because that is done by the email sending task
-            outgoing_mail = mail(
+            subject = format_map(subject, context)
+            email_content = render_mail(template, context)
+            mail(
                 [recipient],
                 subject,
                 template,
@@ -148,10 +151,19 @@ class EmailTransmissionProvider(TransmissionProvider):
                 plain_text_only=True,
                 no_order_links=True,
             )
-            if outgoing_mail:
-                invoice.order.log_action(
-                    'pretix.event.order.email.invoice',
-                    user=None,
-                    auth=None,
-                    data=outgoing_mail.log_data()
-                )
+            invoice.order.log_action(
+                'pretix.event.order.email.invoice',
+                user=None,
+                auth=None,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'position': None,
+                    'recipient': recipient,
+                    'invoices': [invoice.pk],
+                    'attach_tickets': False,
+                    'attach_ical': False,
+                    'attach_other_files': [],
+                    'attach_cached_files': [],
+                }
+            )

src/pretix/base/invoicing/pdf.py

@@ -148,10 +148,6 @@ class NumberedCanvas(Canvas):
         self.restoreState()
 
 
-class InvoiceNotReadyException(Exception):
-    pass
-
-
 class BaseInvoiceRenderer:
     """
     This is the base class for all invoice renderers.

src/pretix/base/invoicing/peppol.py

@@ -204,12 +204,6 @@ class PeppolTransmissionType(TransmissionType):
         }
         return base | {"transmission_peppol_participant_id"}
 
-    def validate_invoice_address_data(self, address_data: dict):
-        # Special case Belgium: If a Belgian business ID is used as Peppol ID, it should match the VAT ID
-        if address_data.get("transmission_peppol_participant_id").startswith("0208:") and address_data.get("vat_id"):
-            if address_data["vat_id"].removeprefix("BE") != address_data["transmission_peppol_participant_id"].removeprefix("0208:"):
-                raise ValidationError({"transmission_peppol_participant_id": _("The Peppol participant ID does not match your VAT ID.")})
-
     def pdf_watermark(self) -> str:
         return pgettext("peppol_invoice", "Visual copy")
 

src/pretix/base/invoicing/transmission.py

@@ -21,10 +21,9 @@
 #
 from typing import Optional
 
-from django.utils.translation import gettext_lazy as _
 from django_countries.fields import Country
 
-from pretix.base.models import Invoice
+from pretix.base.models import Invoice, InvoiceAddress
 from pretix.base.signals import EventPluginRegistry, Registry
 
 
@@ -89,7 +88,7 @@ class TransmissionType:
     def invoice_address_form_fields_visible(self, country: Country, is_business: bool) -> set:
         return set(self.invoice_address_form_fields.keys())
 
-    def validate_invoice_address_data(self, address_data: dict):
+    def validate_address(self, ia: InvoiceAddress):
         pass
 
     @property
@@ -107,22 +106,6 @@ class TransmissionType:
     def transmission_info_to_form_data(self, transmission_info: dict) -> dict:
         return transmission_info
 
-    def describe_info(self, transmission_info: dict, country: Country, is_business: bool):
-        form_data = self.transmission_info_to_form_data(transmission_info)
-        data = []
-        visible_field_keys = self.invoice_address_form_fields_visible(country, is_business)
-        for k, f in self.invoice_address_form_fields.items():
-            if k not in visible_field_keys:
-                continue
-            v = form_data.get(k)
-            if v is True:
-                v = _("Yes")
-            elif v is False:
-                v = _("No")
-            if v:
-                data.append((f.label, v))
-        return data
-
     def pdf_watermark(self) -> Optional[str]:
         """
         Return a watermark that should be rendered across the PDF file.

src/pretix/base/management/commands/makemigrations.py

@@ -36,9 +36,8 @@ from django.core.management.commands.makemigrations import Command as Parent
 
 from ._migrations import monkeypatch_migrations
 
+monkeypatch_migrations()
+
 
 class Command(Parent):
-
-    def handle(self, *args, **kwargs):
-        monkeypatch_migrations()
-        return super().handle(*args, **kwargs)
+    pass

src/pretix/base/management/commands/runperiodic.py

@@ -64,7 +64,7 @@ class Command(BaseCommand):
         if not periodic_task.receivers or periodic_task.sender_receivers_cache.get(self) is NO_RECEIVERS:
             return
 
-        for receiver in periodic_task._live_receivers(self)[0]:
+        for receiver in periodic_task._live_receivers(self):
             name = f'{receiver.__module__}.{receiver.__name__}'
             if options['list_tasks']:
                 print(name)

src/pretix/base/migrations/0234_total_ordering.py

@@ -41,20 +41,16 @@ class Migration(migrations.Migration):
             name='datetime',
             field=models.DateTimeField(),
         ),
-        migrations.AddIndex(
-            'logentry',
-            models.Index(fields=('datetime', 'id'), name="pretixbase__datetim_b1fe5a_idx"),
+        migrations.AlterIndexTogether(
+            name='logentry',
+            index_together={('datetime', 'id')},
         ),
-        migrations.AddIndex(
-            'order',
-            models.Index(fields=["datetime", "id"], name="pretixbase__datetim_66aff0_idx"),
+        migrations.AlterIndexTogether(
+            name='order',
+            index_together={('datetime', 'id'), ('last_modified', 'id')},
         ),
-        migrations.AddIndex(
-            'order',
-            models.Index(fields=["last_modified", "id"], name="pretixbase__last_mo_4ebf8b_idx"),
-        ),
-        migrations.AddIndex(
-            'transaction',
-            models.Index(fields=('datetime', 'id'), name="pretixbase__datetim_b20405_idx"),
+        migrations.AlterIndexTogether(
+            name='transaction',
+            index_together={('datetime', 'id')},
         ),
     ]

src/pretix/base/migrations/0236_reusable_media.py

@@ -61,10 +61,7 @@ class Migration(migrations.Migration):
             options={
                 'ordering': ('identifier', 'type', 'organizer'),
                 'unique_together': {('identifier', 'type', 'organizer')},
-                'indexes': [
-                    models.Index(fields=('identifier', 'type', 'organizer'), name='reusable_medium_organizer_index'),
-                    models.Index(fields=('updated', 'id'), name="pretixbase__updated_093277_idx")
-                ],
+                'index_together': {('identifier', 'type', 'organizer'), ('updated', 'id')},
             },
             bases=(models.Model, pretix.base.models.base.LoggingMixin),
         ),

src/pretix/base/migrations/0246_bigint.py

@@ -9,6 +9,31 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.RenameIndex(
+            model_name="logentry",
+            new_name="pretixbase__datetim_b1fe5a_idx",
+            old_fields=("datetime", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="order",
+            new_name="pretixbase__datetim_66aff0_idx",
+            old_fields=("datetime", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="order",
+            new_name="pretixbase__last_mo_4ebf8b_idx",
+            old_fields=("last_modified", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="reusablemedium",
+            new_name="pretixbase__updated_093277_idx",
+            old_fields=("updated", "id"),
+        ),
+        migrations.RenameIndex(
+            model_name="transaction",
+            new_name="pretixbase__datetim_b20405_idx",
+            old_fields=("datetime", "id"),
+        ),
         migrations.AlterField(
             model_name="attendeeprofile",
             name="id",

src/pretix/base/migrations/0260_alter_reusablemedium_index_together.py

@@ -1,6 +1,6 @@
 # Generated by Django 4.2.10 on 2024-04-02 15:16
 
-from django.db import migrations, models
+from django.db import migrations
 
 
 class Migration(migrations.Migration):
@@ -10,8 +10,8 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
-        migrations.RemoveIndex(
-            "reusablemedium",
-            'reusable_medium_organizer_index',
+        migrations.AlterIndexTogether(
+            name="reusablemedium",
+            index_together=set(),
         ),
     ]

src/pretix/base/migrations/0298_pluggable_permissions.py

@@ -1,137 +0,0 @@
-from django.db import migrations, models
-
-from pretix.helpers.permission_migration import (
-    OLD_TO_NEW_EVENT_MIGRATION, OLD_TO_NEW_ORGANIZER_MIGRATION,
-)
-
-
-def migrate_teams_forward(apps, schema_editor):
-    Team = apps.get_model("pretixbase", "Team")
-
-    for team in Team.objects.iterator():
-        if all(getattr(team, k) for k in OLD_TO_NEW_EVENT_MIGRATION.keys() if k != "can_checkin_orders"):
-            team.all_event_permissions = True
-            team.limit_event_permissions = {}
-        else:
-            team.all_event_permissions = False
-            for k, v in OLD_TO_NEW_EVENT_MIGRATION.items():
-                if getattr(team, k):
-                    team.limit_event_permissions.update({kk: True for kk in v})
-
-            # Prevent combinations that were possible previously but no longer make sense
-            if team.limit_event_permissions.get("event.orders:checkin") and team.limit_event_permissions.get("event.orders:write"):
-                team.limit_event_permissions.pop("event.orders:checkin")
-            if team.limit_event_permissions.get("event.orders:write") and not team.limit_event_permissions.get("event.orders:read"):
-                team.limit_event_permissions.pop("event.orders:write")
-            if team.limit_event_permissions.get("event.vouchers:write") and not team.limit_event_permissions.get("event.vouchers:read"):
-                team.limit_event_permissions.pop("event.vouchers:write")
-
-        if all(getattr(team, k) for k in OLD_TO_NEW_ORGANIZER_MIGRATION.keys()):
-            team.all_organizer_permissions = True
-            team.limit_organizer_permissions = {}
-        else:
-            team.all_organizer_permissions = False
-            for k, v in OLD_TO_NEW_ORGANIZER_MIGRATION.items():
-                if getattr(team, k):
-                    team.limit_organizer_permissions.update({kk: True for kk in v})
-
-        team.save(update_fields=[
-            "all_event_permissions", "limit_event_permissions", "all_organizer_permissions", "limit_organizer_permissions"
-        ])
-
-
-def migrate_teams_backward(apps, schema_editor):
-    Team = apps.get_model("pretixbase", "Team")
-
-    for team in Team.objects.iterator():
-        for k, v in OLD_TO_NEW_EVENT_MIGRATION.items():
-            setattr(team, k, team.all_event_permissions or all(team.limit_event_permissions.get(kk) for kk in v))
-        for k, v in OLD_TO_NEW_ORGANIZER_MIGRATION.items():
-            setattr(team, k, team.all_organizer_permissions or all(team.limit_organizer_permissions.get(kk) for kk in v))
-        team.save()
-
-
-class Migration(migrations.Migration):
-
-    dependencies = [
-        ("pretixbase", "0297_outgoingmail"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="team",
-            name="all_event_permissions",
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AddField(
-            model_name="team",
-            name="all_organizer_permissions",
-            field=models.BooleanField(default=False),
-        ),
-        migrations.AddField(
-            model_name="team",
-            name="limit_event_permissions",
-            field=models.JSONField(default=dict),
-        ),
-        migrations.AddField(
-            model_name="team",
-            name="limit_organizer_permissions",
-            field=models.JSONField(default=dict),
-        ),
-        migrations.RunPython(
-            migrate_teams_forward,
-            migrate_teams_backward,
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_event_settings",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_items",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_orders",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_organizer_settings",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_teams",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_change_vouchers",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_checkin_orders",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_create_events",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_manage_customers",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_manage_gift_cards",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_manage_reusable_media",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_view_orders",
-        ),
-        migrations.RemoveField(
-            model_name="team",
-            name="can_view_vouchers",
-        ),
-    ]

src/pretix/base/modelimport_vouchers.py

@@ -132,7 +132,7 @@ class AllowIgnoreQuotaColumn(BooleanColumnMixin, ImportColumn):
 
 class PriceModeColumn(ImportColumn):
     identifier = 'price_mode'
-    verbose_name = gettext_lazy('Price effect')
+    verbose_name = gettext_lazy('Price mode')
     default_value = None
     initial = 'static:none'
 
@@ -147,7 +147,7 @@ class PriceModeColumn(ImportColumn):
         elif value in reverse:
             return reverse[value]
         else:
-            raise ValidationError(_("Could not parse {value} as a price effect, use one of {options}.").format(
+            raise ValidationError(_("Could not parse {value} as a price mode, use one of {options}.").format(
                 value=value, options=', '.join(d.keys())
             ))
 
@@ -162,7 +162,7 @@ class ValueColumn(DecimalColumnMixin, ImportColumn):
     def clean(self, value, previous_values):
         value = super().clean(value, previous_values)
         if value and previous_values.get("price_mode") == "none":
-            raise ValidationError(_("It is pointless to set a value without a price effect."))
+            raise ValidationError(_("It is pointless to set a value without a price mode."))
         return value
 
     def assign(self, value, obj: Voucher, **kwargs):

src/pretix/base/models/auth.py

@@ -49,7 +49,6 @@ from django.core.exceptions import BadRequest, PermissionDenied
 from django.db import IntegrityError, models, transaction
 from django.db.models import Q
 from django.utils.crypto import get_random_string, salted_hmac
-from django.utils.functional import cached_property
 from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from django_otp.models import Device
@@ -213,28 +212,6 @@ class SuperuserPermissionSet:
         return True
 
 
-class EventPermissionSet(set):
-    def __contains__(self, item):
-        from pretix.base.permissions import assert_valid_event_permission
-
-        if super().__contains__(item):
-            return True
-
-        assert_valid_event_permission(item, allow_tuple=False)
-        return False
-
-
-class OrganizerPermissionSet(set):
-    def __contains__(self, item):
-        from pretix.base.permissions import assert_valid_organizer_permission
-
-        if super().__contains__(item):
-            return True
-
-        assert_valid_organizer_permission(item, allow_tuple=False)
-        return False
-
-
 class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
     """
     This is the user model used by pretix for authentication.
@@ -369,8 +346,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
             {
                 'user': self,
                 'messages': msg,
-                'url': build_absolute_uri('control:user.settings'),
-                'instance': settings.PRETIX_INSTANCE_NAME,
+                'url': build_absolute_uri('control:user.settings')
             },
             event=None,
             user=self,
@@ -415,7 +391,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
                 'user': self,
                 'reason': msg,
                 'code': code,
-                'instance': settings.PRETIX_INSTANCE_NAME,
             },
             event=None,
             user=self,
@@ -455,7 +430,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         mail(
             self.email, _('Password recovery'), 'pretixcontrol/email/forgot.txt',
             {
-                'instance': settings.PRETIX_INSTANCE_NAME,
                 'user': self,
                 'url': (build_absolute_uri('control:auth.forgot.recover')
                         + '?id=%d&token=%s' % (self.id, default_token_generator.make_token(self)))
@@ -495,7 +469,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: set
         """
         teams = self._get_teams_for_event(organizer, event)
-        sets = [t.event_permission_set() for t in teams]
+        sets = [t.permission_set() for t in teams]
         if sets:
             return set.union(*sets)
         else:
@@ -509,7 +483,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: set
         """
         teams = self._get_teams_for_organizer(organizer)
-        sets = [t.organizer_permission_set() for t in teams]
+        sets = [t.permission_set() for t in teams]
         if sets:
             return set.union(*sets)
         else:
@@ -524,7 +498,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
 
         :param organizer: The organizer of the event
         :param event: The event to check
-        :param perm_name: The permission, e.g. ``event.orders:read``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: The current request (optional)
         :param session_key: The current session key (optional)
         :return: bool
@@ -536,8 +510,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         if teams:
             self._teamcache['e{}'.format(event.pk)] = teams
             if isinstance(perm_name, (tuple, list)):
-                return any([any(team.has_event_permission(p) for team in teams) for p in perm_name])
-            if not perm_name or any([team.has_event_permission(perm_name) for team in teams]):
+                return any([any(team.has_permission(p) for team in teams) for p in perm_name])
+            if not perm_name or any([team.has_permission(perm_name) for team in teams]):
                 return True
         return False
 
@@ -547,7 +521,7 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         to the organizer ``organizer``.
 
         :param organizer: The organizer to check
-        :param perm_name: The permission, e.g. ``organizer.events:create``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: The current request (optional). Required to detect staff sessions properly.
         :return: bool
         """
@@ -556,8 +530,8 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         teams = self._get_teams_for_organizer(organizer)
         if teams:
             if isinstance(perm_name, (tuple, list)):
-                return any([any(team.has_organizer_permission(p) for team in teams) for p in perm_name])
-            if not perm_name or any([team.has_organizer_permission(perm_name) for team in teams]):
+                return any([any(team.has_permission(p) for team in teams) for p in perm_name])
+            if not perm_name or any([team.has_permission(perm_name) for team in teams]):
                 return True
         return False
 
@@ -588,15 +562,14 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: Iterable of Events
         """
         from .event import Event
-        from .organizer import TeamQuerySet
 
         if request and self.has_active_staff_session(request.session.session_key):
             return Event.objects.all()
 
         if isinstance(permission, (tuple, list)):
-            q = reduce(operator.or_, [TeamQuerySet.event_permission_q(p) for p in permission])
+            q = reduce(operator.or_, [Q(**{p: True}) for p in permission])
         else:
-            q = TeamQuerySet.event_permission_q(permission)
+            q = Q(**{permission: True})
 
         return Event.objects.filter(
             Q(organizer_id__in=self.teams.filter(q, all_events=True).values_list('organizer', flat=True))
@@ -629,13 +602,14 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         :return: Iterable of Organizers
         """
         from .event import Organizer
-        from .organizer import TeamQuerySet
 
         if request and self.has_active_staff_session(request.session.session_key):
             return Organizer.objects.all()
 
+        kwargs = {permission: True}
+
         return Organizer.objects.filter(
-            id__in=self.teams.filter(TeamQuerySet.organizer_permission_q(permission)).values_list('organizer', flat=True)
+            id__in=self.teams.filter(**kwargs).values_list('organizer', flat=True)
         )
 
     def has_active_staff_session(self, session_key=None):
@@ -690,11 +664,6 @@ class User(AbstractBaseUser, PermissionsMixin, LoggingMixin):
         self.session_token = generate_session_token()
         self.save(update_fields=['session_token'])
 
-    @cached_property
-    @scopes_disabled()
-    def is_in_any_teams(self):
-        return self.teams.exists()
-
 
 class UserKnownLoginSource(models.Model):
     user = models.ForeignKey('User', on_delete=models.CASCADE, related_name="known_login_sources")

src/pretix/base/models/base.py

@@ -130,8 +130,6 @@ class LoggingMixin:
             organizer_id = self.event.organizer_id
         elif hasattr(self, 'organizer_id'):
             organizer_id = self.organizer_id
-        elif hasattr(self, 'issuer_id'):
-            organizer_id = self.issuer_id
 
         if user and not user.is_authenticated:
             user = None

src/pretix/base/models/customers.py

@@ -40,7 +40,6 @@ from i18nfield.fields import I18nCharField
 from phonenumber_field.modelfields import PhoneNumberField
 
 from pretix.base.banlist import banned
-from pretix.base.i18n import language
 from pretix.base.models.base import LoggedModel
 from pretix.base.models.fields import MultiStringField
 from pretix.base.models.giftcards import GiftCardTransaction
@@ -165,28 +164,6 @@ class Customer(LoggedModel):
         self.attendee_profiles.all().delete()
         self.invoice_addresses.all().delete()
 
-    def send_security_notice(self, message, email=None):
-        from pretix.base.services.mail import SendMailException, mail
-        from pretix.multidomain.urlreverse import build_absolute_uri
-
-        try:
-            with language(self.locale):
-                mail(
-                    email or self.email,
-                    self.organizer.settings.mail_subject_customer_security_notice,
-                    self.organizer.settings.mail_text_customer_security_notice,
-                    {
-                        **self.get_email_context(),
-                        'message': str(message),
-                        'url': build_absolute_uri(self.organizer, 'presale:organizer.customer.index')
-                    },
-                    customer=self,
-                    organizer=self.organizer,
-                    locale=self.locale
-                )
-        except SendMailException:
-            pass  # Already logged
-
     @scopes_disabled()
     def assign_identifier(self):
         charset = list('ABCDEFGHJKLMNPQRSTUVWXYZ23456789')

src/pretix/base/models/datasync.py

@@ -86,7 +86,7 @@ class OrderSyncQueue(models.Model):
 
     def set_sync_error(self, failure_mode, messages, full_message):
         logger.exception(
-            f"Could not sync order {self.order.code} to {self.sync_provider} ({failure_mode})"
+            f"Could not sync order {self.order.code} to {type(self).__name__} ({failure_mode})"
         )
         self.order.log_action(f"pretix.event.order.data_sync.failed.{failure_mode}", {
             "provider": self.sync_provider,

src/pretix/base/models/devices.py

@@ -29,9 +29,6 @@ from django.utils.translation import gettext_lazy as _
 from django_scopes import ScopedManager, scopes_disabled
 
 from pretix.base.models import LoggedModel
-from pretix.base.permissions import (
-    AnyPermissionOf, assert_valid_event_permission,
-)
 
 
 @scopes_disabled()
@@ -192,19 +189,13 @@ class Device(LoggedModel):
                 kwargs['update_fields'] = {'device_id'}.union(kwargs['update_fields'])
         super().save(*args, **kwargs)
 
-    def _event_permission_set(self) -> set:
+    def permission_set(self) -> set:
         return {
-            'event.orders:read',
-            'event.orders:write',
-            'event.vouchers:read',
-        }
-
-    def _organizer_permission_set(self) -> set:
-        return {
-            'organizer.giftcards:read',
-            'organizer.giftcards:write',
-            'organizer.reusablemedia:read',
-            'organizer.reusablemedia:write',
+            'can_view_orders',
+            'can_change_orders',
+            'can_view_vouchers',
+            'can_manage_gift_cards',
+            'can_manage_reusable_media',
         }
 
     def get_event_permission_set(self, organizer, event) -> set:
@@ -218,7 +209,7 @@ class Device(LoggedModel):
         has_event_access = (self.all_events and organizer == self.organizer) or (
             event in self.limit_events.all()
         )
-        return self._event_permission_set() if has_event_access else set()
+        return self.permission_set() if has_event_access else set()
 
     def get_organizer_permission_set(self, organizer) -> set:
         """
@@ -227,7 +218,7 @@ class Device(LoggedModel):
         :param organizer: The organizer of the event
         :return: set of permissions
         """
-        return self._organizer_permission_set() if self.organizer == organizer else set()
+        return self.permission_set() if self.organizer == organizer else set()
 
     def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
         """
@@ -236,7 +227,7 @@ class Device(LoggedModel):
 
         :param organizer: The organizer of the event
         :param event: The event to check
-        :param perm_name: The permission, e.g. ``event.orders:read``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
@@ -244,8 +235,8 @@ class Device(LoggedModel):
             event in self.limit_events.all()
         )
         if isinstance(perm_name, (tuple, list)):
-            return has_event_access and any(p in self._event_permission_set() for p in perm_name)
-        return has_event_access and (not perm_name or perm_name in self._event_permission_set())
+            return has_event_access and any(p in self.permission_set() for p in perm_name)
+        return has_event_access and (not perm_name or perm_name in self.permission_set())
 
     def has_organizer_permission(self, organizer, perm_name=None, request=None):
         """
@@ -253,13 +244,13 @@ class Device(LoggedModel):
         to the organizer ``organizer``.
 
         :param organizer: The organizer to check
-        :param perm_name: The permission, e.g. ``organizer.events:create``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
         if isinstance(perm_name, (tuple, list)):
-            return organizer == self.organizer and any(p in self._organizer_permission_set() for p in perm_name)
-        return organizer == self.organizer and (not perm_name or perm_name in self._organizer_permission_set())
+            return organizer == self.organizer and any(p in self.permission_set() for p in perm_name)
+        return organizer == self.organizer and (not perm_name or perm_name in self.permission_set())
 
     def get_events_with_any_permission(self):
         """
@@ -279,10 +270,9 @@ class Device(LoggedModel):
         :param request: Ignored, for compatibility with User model
         :return: Iterable of Events
         """
-        assert_valid_event_permission(permission)
         if (
-            isinstance(permission, (AnyPermissionOf, list, tuple)) and any(p in self._event_permission_set() for p in permission)
-        ) or (isinstance(permission, str) and permission in self._event_permission_set()):
+                isinstance(permission, (list, tuple)) and any(p in self.permission_set() for p in permission)
+        ) or (isinstance(permission, str) and permission in self.permission_set()):
             return self.get_events_with_any_permission()
         else:
             return self.organizer.events.none()

src/pretix/base/models/event.py

@@ -843,33 +843,6 @@ class Event(EventMixin, LoggedModel):
             time(hour=23, minute=59, second=59)
         ), tz)
 
-    def allow_copy_data(self, new_organizer, auth) -> bool:
-        """
-        Returns whether it is allowed to copy the event to the target organizer. Auth can be TeamAPIToken or User.
-        """
-        from ..permissions import get_all_event_permissions
-        from .auth import User
-
-        if self.organizer == new_organizer:
-            # Copying in the same organizer is always okay with any read access, we just need to ensure it does not
-            # grant more permissions than I had before, but that is handled by the view logic
-            return auth.has_event_permission(self.organizer, self, None)
-
-        if isinstance(auth, User):
-            # Cross-organizer copying requires almost full permission of source to prevent settings extraction
-            required_permissions = get_all_event_permissions() - {
-                # We do not require these, as this data is not copied
-                "event.orders:read", "event.orders:write", "event.vouchers:read", "event.vouchers:write",
-                "event.subevents:write",
-            }
-            given_permission = auth.get_event_permission_set(self.organizer, self)
-            return all(p in given_permission for p in required_permissions if ":" in p)
-
-        else:
-            # Tokens or devices can never copy between organizers, as they are organizer-bound. Kept for future
-            # compatibility and easier calling
-            return False
-
     def copy_data_from(self, other, skip_meta_data=False):
         from ..signals import event_copy_data
         from . import (
@@ -1413,13 +1386,14 @@ class Event(EventMixin, LoggedModel):
         from .auth import User
 
         if permission:
-            qs = Team.objects.with_event_permission(permission)
+            kwargs = {permission: True}
         else:
-            qs = Team.objects.all()
+            kwargs = {}
 
-        team_with_perm = qs.filter(
+        team_with_perm = Team.objects.filter(
             members__pk=OuterRef('pk'),
             organizer=self.organizer,
+            **kwargs
         ).filter(
             Q(all_events=True) | Q(limit_events__pk=self.pk)
         )

src/pretix/base/models/log.py

@@ -88,7 +88,7 @@ class LogEntry(models.Model):
 
     class Meta:
         ordering = ('-datetime', '-id')
-        indexes = [models.Index(fields=["datetime", "id"], name="pretixbase__datetim_b1fe5a_idx")]
+        indexes = [models.Index(fields=["datetime", "id"])]
 
     def display(self):
         from pretix.base.logentrytype_registry import log_entry_types

src/pretix/base/models/mail.py

@@ -220,20 +220,3 @@ class OutgoingMail(models.Model):
             error_log_action_type = 'pretix.email.error'
             log_target = None
         return log_target, error_log_action_type
-
-    def log_data(self):
-        return {
-            "subject": self.subject,
-            "message": self.body_plain,
-            "to": self.to,
-            "cc": self.cc,
-            "bcc": self.bcc,
-
-            "invoices": [i.pk for i in self.should_attach_invoices.all()],
-            "attach_tickets": self.should_attach_tickets,
-            "attach_ical": self.should_attach_ical,
-            "attach_other_files": self.should_attach_other_files,
-            "attach_cached_files": [cf.filename for cf in self.should_attach_cached_files.all()],
-
-            "position": self.orderposition.positionid if self.orderposition else None,
-        }

src/pretix/base/models/media.py

@@ -122,7 +122,7 @@ class ReusableMedium(LoggedModel):
     class Meta:
         unique_together = (("identifier", "type", "organizer"),)
         indexes = [
-            models.Index(fields=("updated", "id"), name="pretixbase__updated_093277_idx"),
+            models.Index(fields=("updated", "id")),
         ]
         ordering = "identifier", "type", "organizer"
 

src/pretix/base/models/orders.py

@@ -87,6 +87,7 @@ from pretix.base.timemachine import time_machine_now
 
 from ...helpers import OF_SELF
 from ...helpers.countries import CachedCountries, FastCountryField
+from ...helpers.format import format_map
 from ...helpers.names import build_name
 from ...testutils.middleware import debugflags_var
 from ._transactions import (
@@ -336,8 +337,8 @@ class Order(LockModel, LoggedModel):
         verbose_name_plural = _("Orders")
         ordering = ("-datetime", "-pk")
         indexes = [
-            models.Index(fields=["datetime", "id"], name="pretixbase__datetim_66aff0_idx"),
-            models.Index(fields=["last_modified", "id"], name="pretixbase__last_mo_4ebf8b_idx"),
+            models.Index(fields=["datetime", "id"]),
+            models.Index(fields=["last_modified", "id"]),
         ]
         constraints = [
             models.UniqueConstraint(fields=["organizer", "code"], name="order_organizer_code_uniq"),
@@ -1166,7 +1167,7 @@ class Order(LockModel, LoggedModel):
                          only be attached for this position and child positions, the link will only point to the
                          position and the attendee email will be used if available.
         """
-        from pretix.base.services.mail import mail
+        from pretix.base.services.mail import mail, render_mail
 
         if not self.email and not (position and position.attendee_email):
             return
@@ -1176,20 +1177,31 @@ class Order(LockModel, LoggedModel):
             if position and position.attendee_email:
                 recipient = position.attendee_email
 
-            outgoing_mail = mail(
+            email_content = render_mail(template, context)
+            subject = format_map(subject, context)
+            mail(
                 recipient, subject, template, context,
                 self.event, self.locale, self, headers=headers, sender=sender,
                 invoices=invoices, attach_tickets=attach_tickets,
                 position=position, auto_email=auto_email, attach_ical=attach_ical,
                 attach_other_files=attach_other_files, attach_cached_files=attach_cached_files,
             )
-            if outgoing_mail:
-                self.log_action(
-                    log_entry_type,
-                    user=user,
-                    auth=auth,
-                    data=outgoing_mail.log_data(),
-                )
+            self.log_action(
+                log_entry_type,
+                user=user,
+                auth=auth,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'position': position.positionid if position else None,
+                    'recipient': recipient,
+                    'invoices': [i.pk for i in invoices] if invoices else [],
+                    'attach_tickets': attach_tickets,
+                    'attach_ical': attach_ical,
+                    'attach_other_files': attach_other_files,
+                    'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
+                }
+            )
 
     def resend_link(self, user=None, auth=None):
         with language(self.locale, self.event.settings.region):
@@ -2887,14 +2899,16 @@ class OrderPosition(AbstractPosition):
         :param attach_tickets: Attach tickets of this order, if they are existing and ready to download
         :param attach_ical: Attach relevant ICS files
         """
-        from pretix.base.services.mail import mail
+        from pretix.base.services.mail import mail, render_mail
 
         if not self.attendee_email:
             return
 
         with language(self.order.locale, self.order.event.settings.region):
             recipient = self.attendee_email
-            outgoing_mail = mail(
+            email_content = render_mail(template, context)
+            subject = format_map(subject, context)
+            mail(
                 recipient, subject, template, context,
                 self.event, self.order.locale, order=self.order, headers=headers, sender=sender,
                 position=self,
@@ -2903,13 +2917,21 @@ class OrderPosition(AbstractPosition):
                 attach_ical=attach_ical,
                 attach_other_files=attach_other_files,
             )
-            if outgoing_mail:
-                self.order.log_action(
-                    log_entry_type,
-                    user=user,
-                    auth=auth,
-                    data=outgoing_mail.log_data(),
-                )
+            self.order.log_action(
+                log_entry_type,
+                user=user,
+                auth=auth,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'recipient': recipient,
+                    'invoices': [i.pk for i in invoices] if invoices else [],
+                    'attach_tickets': attach_tickets,
+                    'attach_ical': attach_ical,
+                    'attach_other_files': attach_other_files,
+                    'attach_cached_files': [],
+                }
+            )
 
     def resend_link(self, user=None, auth=None):
 
@@ -3080,7 +3102,7 @@ class Transaction(models.Model):
     class Meta:
         ordering = 'datetime', 'pk'
         indexes = [
-            models.Index(fields=['datetime', 'id'], name="pretixbase__datetim_b20405_idx")
+            models.Index(fields=['datetime', 'id'])
         ]
 
     def save(self, *args, **kwargs):
@@ -3485,10 +3507,18 @@ class InvoiceAddress(models.Model):
     def describe_transmission(self):
         from pretix.base.invoicing.transmission import transmission_types
         data = []
+
         t, __ = transmission_types.get(identifier=self.transmission_type)
         data.append((_("Transmission type"), t.public_name))
-        if self.transmission_info:
-            data += t.describe_info(self.transmission_info, self.country, self.is_business)
+        form_data = t.transmission_info_to_form_data(self.transmission_info or {})
+        for k, f in t.invoice_address_form_fields.items():
+            v = form_data.get(k)
+            if v is True:
+                v = _("Yes")
+            elif v is False:
+                v = _("No")
+            if v:
+                data.append((f.label, v))
         return data
 
 

src/pretix/base/models/organizer.py

@@ -31,10 +31,9 @@
 # Unless required by applicable law or agreed to in writing, software distributed under the Apache License 2.0 is
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations under the License.
-import operator
+
 import string
 from datetime import date, datetime, time
-from functools import reduce
 
 import pytz_deprecation_shim
 from django.conf import settings
@@ -54,10 +53,6 @@ from i18nfield.strings import LazyI18nString
 from pretix.base.models.base import LoggedModel
 from pretix.base.validators import OrganizerSlugBanlistValidator
 
-from ...helpers.permission_migration import (
-    OLD_TO_NEW_EVENT_COMPAT, OLD_TO_NEW_ORGANIZER_COMPAT,
-    LegacyPermissionProperty,
-)
 from ..settings import settings_hierarkey
 from .auth import User
 
@@ -314,38 +309,6 @@ def generate_api_token():
     return get_random_string(length=64, allowed_chars=string.ascii_lowercase + string.digits)
 
 
-class TeamQuerySet(models.QuerySet):
-    @classmethod
-    def event_permission_q(cls, perm_name):
-        from ..permissions import assert_valid_event_permission
-
-        if perm_name.startswith('can_') and perm_name in OLD_TO_NEW_EVENT_COMPAT:  # legacy
-            return reduce(operator.and_, [cls.event_permission_q(p) for p in OLD_TO_NEW_EVENT_COMPAT[perm_name]])
-        assert_valid_event_permission(perm_name, allow_legacy=False)
-        return (
-            Q(all_event_permissions=True) |
-            Q(**{f'limit_event_permissions__{perm_name}': True})
-        )
-
-    @classmethod
-    def organizer_permission_q(cls, perm_name):
-        from ..permissions import assert_valid_organizer_permission
-
-        if perm_name.startswith('can_') and perm_name in OLD_TO_NEW_ORGANIZER_COMPAT:  # legacy
-            return reduce(operator.and_, [cls.organizer_permission_q(p) for p in OLD_TO_NEW_ORGANIZER_COMPAT[perm_name]])
-        assert_valid_organizer_permission(perm_name, allow_legacy=False)
-        return (
-            Q(all_organizer_permissions=True) |
-            Q(**{f'limit_organizer_permissions__{perm_name}': True})
-        )
-
-    def with_event_permission(self, perm_name):
-        return self.filter(self.event_permission_q(perm_name))
-
-    def with_organizer_permission(self, perm_name):
-        return self.filter(self.organizer_permission_q(perm_name))
-
-
 class Team(LoggedModel):
     """
     A team is a collection of people given certain access rights to one or more events of an organizer.
@@ -358,10 +321,36 @@ class Team(LoggedModel):
     :param all_events: Whether this team has access to all events of this organizer
     :type all_events: bool
     :param limit_events: A set of events this team has access to. Irrelevant if ``all_events`` is ``True``.
+    :param can_create_events: Whether or not the members can create new events with this organizer account.
+    :type can_create_events: bool
+    :param can_change_teams: If ``True``, the members can change the teams of this organizer account.
+    :type can_change_teams: bool
+    :param can_manage_customers: If ``True``, the members can view and change organizer-level customer accounts.
+    :type can_manage_customers: bool
+    :param can_manage_reusable_media: If ``True``, the members can view and change organizer-level reusable media.
+    :type can_manage_reusable_media: bool
+    :param can_change_organizer_settings: If ``True``, the members can change the settings of this organizer account.
+    :type can_change_organizer_settings: bool
+    :param can_change_event_settings: If ``True``, the members can change the settings of the associated events.
+    :type can_change_event_settings: bool
+    :param can_change_items: If ``True``, the members can change and add items and related objects for the associated events.
+    :type can_change_items: bool
+    :param can_view_orders: If ``True``, the members can inspect details of all orders of the associated events.
+    :type can_view_orders: bool
+    :param can_change_orders: If ``True``, the members can change details of orders of the associated events.
+    :type can_change_orders: bool
+    :param can_checkin_orders: If ``True``, the members can perform check-in related actions.
+    :type can_checkin_orders: bool
+    :param can_view_vouchers: If ``True``, the members can inspect details of all vouchers of the associated events.
+    :type can_view_vouchers: bool
+    :param can_change_vouchers: If ``True``, the members can change and create vouchers for the associated events.
+    :type can_change_vouchers: bool
     """
     organizer = models.ForeignKey(Organizer, related_name="teams", on_delete=models.CASCADE)
     name = models.CharField(max_length=190, verbose_name=_("Team name"))
     members = models.ManyToManyField(User, related_name="teams", verbose_name=_("Team members"))
+    all_events = models.BooleanField(default=False, verbose_name=_("All events (including newly created ones)"))
+    limit_events = models.ManyToManyField('Event', verbose_name=_("Limit to events"), blank=True)
     require_2fa = models.BooleanField(
         default=False, verbose_name=_("Require all members of this team to use two-factor authentication"),
         help_text=_("If you turn this on, all members of the team will be required to either set up two-factor "
@@ -369,33 +358,62 @@ class Team(LoggedModel):
                     "all users.")
     )
 
-    # Scope
-    all_events = models.BooleanField(default=False, verbose_name=_("All events (including newly created ones)"))
-    limit_events = models.ManyToManyField('Event', verbose_name=_("Limit to events"), blank=True)
-
-    # Permissions
-    # We store them as {key: True} instead of [key] because otherwise not all lookups we need are supported on SQLite
-    all_event_permissions = models.BooleanField(default=False, verbose_name=_("All event permissions"))
-    limit_event_permissions = models.JSONField(default=dict, verbose_name=_("Event permissions"))
-    all_organizer_permissions = models.BooleanField(default=False, verbose_name=_("All organizer permissions"))
-    limit_organizer_permissions = models.JSONField(default=dict, verbose_name=_("Organizer permissions"))
-
-    # Legacy lookups for plugin compatibility
-    can_change_event_settings = LegacyPermissionProperty()
-    can_change_items = LegacyPermissionProperty()
-    can_view_orders = LegacyPermissionProperty()
-    can_change_orders = LegacyPermissionProperty()
-    can_checkin_orders = LegacyPermissionProperty()
-    can_view_vouchers = LegacyPermissionProperty()
-    can_change_vouchers = LegacyPermissionProperty()
-    can_create_events = LegacyPermissionProperty()
-    can_change_organizer_settings = LegacyPermissionProperty()
-    can_change_teams = LegacyPermissionProperty()
-    can_manage_gift_cards = LegacyPermissionProperty()
-    can_manage_customers = LegacyPermissionProperty()
-    can_manage_reusable_media = LegacyPermissionProperty()
-
-    objects = TeamQuerySet.as_manager()
+    can_create_events = models.BooleanField(
+        default=False,
+        verbose_name=_("Can create events"),
+    )
+    can_change_teams = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change teams and permissions"),
+    )
+    can_change_organizer_settings = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change organizer settings"),
+        help_text=_('Someone with this setting can get access to most data of all of your events, i.e. via privacy '
+                    'reports, so be careful who you add to this team!')
+    )
+    can_manage_customers = models.BooleanField(
+        default=False,
+        verbose_name=_("Can manage customer accounts")
+    )
+    can_manage_reusable_media = models.BooleanField(
+        default=False,
+        verbose_name=_("Can manage reusable media")
+    )
+    can_manage_gift_cards = models.BooleanField(
+        default=False,
+        verbose_name=_("Can manage gift cards")
+    )
+    can_change_event_settings = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change event settings")
+    )
+    can_change_items = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change product settings")
+    )
+    can_view_orders = models.BooleanField(
+        default=False,
+        verbose_name=_("Can view orders")
+    )
+    can_change_orders = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change orders")
+    )
+    can_checkin_orders = models.BooleanField(
+        default=False,
+        verbose_name=_("Can perform check-ins"),
+        help_text=_('This includes searching for attendees, which can be used to obtain personal information about '
+                    'attendees. Users with "can change orders" can also perform check-ins.')
+    )
+    can_view_vouchers = models.BooleanField(
+        default=False,
+        verbose_name=_("Can view vouchers")
+    )
+    can_change_vouchers = models.BooleanField(
+        default=False,
+        verbose_name=_("Can change vouchers")
+    )
 
     def __str__(self) -> str:
         return _("%(name)s on %(object)s") % {
@@ -403,62 +421,21 @@ class Team(LoggedModel):
             'object': str(self.organizer),
         }
 
-    def event_permission_set(self, include_legacy=True) -> set:
-        from ..permissions import get_all_event_permission_groups
-
-        result = set()
-        for pg in get_all_event_permission_groups().values():
-            for action in pg.actions:
-                if self.all_event_permissions or self.limit_event_permissions.get(f"{pg.name}:{action}"):
-                    result.add(f"{pg.name}:{action}")
-
-        if include_legacy:
-            # Add legacy permissions as well for plugin compatibility
-            for k, v in OLD_TO_NEW_EVENT_COMPAT.items():
-                if self.all_event_permissions or all(self.limit_event_permissions.get(kk) for kk in v):
-                    result.add(k)
-
-            if "can_change_event_settings" in result:
-                result.add("can_change_settings")
-
-        return result
-
-    def organizer_permission_set(self, include_legacy=True) -> set:
-        from ..permissions import get_all_organizer_permission_groups
-
-        result = set()
-        for pg in get_all_organizer_permission_groups().values():
-            for action in pg.actions:
-                if self.all_organizer_permissions or self.limit_organizer_permissions.get(f"{pg.name}:{action}"):
-                    result.add(f"{pg.name}:{action}")
-
-        if include_legacy:
-            # Add legacy permissions as well for plugin compatibility
-            for k, v in OLD_TO_NEW_ORGANIZER_COMPAT.items():
-                if self.all_organizer_permissions or all(self.limit_organizer_permissions.get(kk) for kk in v):
-                    result.add(k)
-
-        return result
+    def permission_set(self) -> set:
+        attribs = dir(self)
+        return {
+            a for a in attribs if a.startswith('can_') and self.has_permission(a)
+        }
 
     @property
-    def can_change_settings(self):  # Legacy compatibility
+    def can_change_settings(self):  # Legacy compatiblilty
         return self.can_change_event_settings
 
-    def has_event_permission(self, perm_name):
-        from ..permissions import assert_valid_event_permission
-
-        if perm_name.startswith('can_') and hasattr(self, perm_name):  # legacy
+    def has_permission(self, perm_name):
+        try:
             return getattr(self, perm_name)
-        assert_valid_event_permission(perm_name, allow_legacy=False)
-        return self.all_event_permissions or self.limit_event_permissions.get(perm_name, False)
-
-    def has_organizer_permission(self, perm_name):
-        from ..permissions import assert_valid_organizer_permission
-
-        if perm_name.startswith('can_') and hasattr(self, perm_name):  # legacy
-            return getattr(self, perm_name)
-        assert_valid_organizer_permission(perm_name, allow_legacy=False)
-        return self.all_organizer_permissions or self.limit_organizer_permissions.get(perm_name, False)
+        except AttributeError:
+            raise ValueError('Invalid required permission: %s' % perm_name)
 
     def permission_for_event(self, event):
         if self.all_events:
@@ -470,19 +447,6 @@ class Team(LoggedModel):
     def active_tokens(self):
         return self.tokens.filter(active=True)
 
-    def save(self, **kwargs):
-        if not isinstance(self.limit_event_permissions, dict):
-            raise TypeError("Permissions must be a dictionary")
-        if not isinstance(self.limit_organizer_permissions, dict):
-            raise TypeError("Permissions must be a dictionary")
-        for k in self.limit_event_permissions.values():
-            if k is not True:
-                raise TypeError("Permissions must only contain True values")
-        for k in self.limit_organizer_permissions.values():
-            if k is not True:
-                raise TypeError("Permissions must only contain True values")
-        return super().save(**kwargs)
-
     class Meta:
         verbose_name = _("Team")
         verbose_name_plural = _("Teams")
@@ -539,7 +503,7 @@ class TeamAPIToken(models.Model):
         has_event_access = (self.team.all_events and organizer == self.team.organizer) or (
             event in self.team.limit_events.all()
         )
-        return self.team.event_permission_set() if has_event_access else set()
+        return self.team.permission_set() if has_event_access else set()
 
     def get_organizer_permission_set(self, organizer) -> set:
         """
@@ -548,7 +512,7 @@ class TeamAPIToken(models.Model):
         :param organizer: The organizer of the event
         :return: set of permissions
         """
-        return self.team.organizer_permission_set() if self.team.organizer == organizer else set()
+        return self.team.permission_set() if self.team.organizer == organizer else set()
 
     def has_event_permission(self, organizer, event, perm_name=None, request=None) -> bool:
         """
@@ -557,7 +521,7 @@ class TeamAPIToken(models.Model):
 
         :param organizer: The organizer of the event
         :param event: The event to check
-        :param perm_name: The permission, e.g. ``event.orders:read``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
@@ -565,8 +529,8 @@ class TeamAPIToken(models.Model):
             event in self.team.limit_events.all()
         )
         if isinstance(perm_name, (tuple, list)):
-            return has_event_access and any(self.team.has_event_permission(p) for p in perm_name)
-        return has_event_access and (not perm_name or self.team.has_event_permission(perm_name))
+            return has_event_access and any(self.team.has_permission(p) for p in perm_name)
+        return has_event_access and (not perm_name or self.team.has_permission(perm_name))
 
     def has_organizer_permission(self, organizer, perm_name=None, request=None):
         """
@@ -574,13 +538,13 @@ class TeamAPIToken(models.Model):
         to the organizer ``organizer``.
 
         :param organizer: The organizer to check
-        :param perm_name: The permission, e.g. ``organizer.events:create``
+        :param perm_name: The permission, e.g. ``can_change_teams``
         :param request: This parameter is ignored and only defined for compatibility reasons.
         :return: bool
         """
         if isinstance(perm_name, (tuple, list)):
-            return organizer == self.team.organizer and any(self.team.has_organizer_permission(p) for p in perm_name)
-        return organizer == self.team.organizer and (not perm_name or self.team.has_organizer_permission(perm_name))
+            return organizer == self.team.organizer and any(self.team.has_permission(p) for p in perm_name)
+        return organizer == self.team.organizer and (not perm_name or self.team.has_permission(perm_name))
 
     def get_events_with_any_permission(self):
         """
@@ -600,11 +564,9 @@ class TeamAPIToken(models.Model):
         :param request: Ignored, for compatibility with User model
         :return: Iterable of Events
         """
-        from pretix.base.permissions import AnyPermissionOf
-
         if (
-            isinstance(permission, (AnyPermissionOf, list, tuple)) and any(self.team.has_event_permission(p) for p in permission)
-        ) or (isinstance(permission, str) and self.team.has_event_permission(permission)):
+                isinstance(permission, (list, tuple)) and any(getattr(self.team, p, False) for p in permission)
+        ) or (isinstance(permission, str) and getattr(self.team, permission, False)):
             return self.get_events_with_any_permission()
         else:
             return self.team.organizer.events.none()

src/pretix/base/models/vouchers.py

@@ -239,7 +239,7 @@ class Voucher(LoggedModel):
         )
     )
     price_mode = models.CharField(
-        verbose_name=_("Price effect"),
+        verbose_name=_("Price mode"),
         max_length=100,
         choices=PRICE_MODES,
         default='none'

src/pretix/base/models/waitinglist.py

@@ -34,9 +34,10 @@ from phonenumber_field.modelfields import PhoneNumberField
 from pretix.base.email import get_email_context
 from pretix.base.i18n import language
 from pretix.base.models import User, Voucher
-from pretix.base.services.mail import mail
+from pretix.base.services.mail import mail, render_mail
 from pretix.helpers import OF_SELF
 
+from ...helpers.format import format_map
 from ...helpers.names import build_name
 from .base import LoggedModel
 from .event import Event, SubEvent
@@ -180,11 +181,10 @@ class WaitingListEntry(LoggedModel):
                 block_quota=True,
                 item_id=self.item_id,
                 subevent_id=self.subevent_id,
-                waitinglistentries__isnull=False,
-                seat__isnull=True
+                waitinglistentries__isnull=False
             ).aggregate(free=Sum(F('max_usages') - F('redeemed')))['free'] or 0
             free_seats = num_free_seats_for_product - num_valid_vouchers_for_product
-            if free_seats < 1:
+            if not free_seats:
                 raise WaitingListException(_('No seat with this product is currently available.'))
 
         if '@' not in self.email:
@@ -272,7 +272,9 @@ class WaitingListEntry(LoggedModel):
         with language(self.locale, self.event.settings.region):
             recipient = self.email
 
-            outgoing_mail = mail(
+            email_content = render_mail(template, context)
+            subject = format_map(subject, context)
+            mail(
                 recipient, subject, template, context,
                 self.event,
                 self.locale,
@@ -282,13 +284,18 @@ class WaitingListEntry(LoggedModel):
                 attach_other_files=attach_other_files,
                 attach_cached_files=attach_cached_files,
             )
-            if outgoing_mail:
-                self.log_action(
-                    log_entry_type,
-                    user=user,
-                    auth=auth,
-                    data=outgoing_mail.log_data(),
-                )
+            self.log_action(
+                log_entry_type,
+                user=user,
+                auth=auth,
+                data={
+                    'subject': subject,
+                    'message': email_content,
+                    'recipient': recipient,
+                    'attach_other_files': attach_other_files,
+                    'attach_cached_files': [cf.filename for cf in attach_cached_files] if attach_cached_files else [],
+                }
+            )
 
     @staticmethod
     def clean_itemvar(event, item, variation):

src/pretix/base/notifications.py

@@ -151,7 +151,7 @@ def get_all_notification_types(event=None):
 
 
 class ParametrizedOrderNotificationType(NotificationType):
-    required_permission = "event.orders:read"
+    required_permission = "can_view_orders"
 
     def __init__(self, event, action_type, verbose_name, title):
         self._action_type = action_type

src/pretix/base/payment.py

@@ -1295,7 +1295,6 @@ class ManualPayment(BasePaymentProvider):
 
     def format_map(self, order, payment):
         return {
-            # Possible placeholder injection, we should make sure to never include user-controlled variables here
             'order': order.code,
             'amount': payment.amount,
             'currency': self.event.currency,
@@ -1526,26 +1525,16 @@ class GiftCardPayment(BasePaymentProvider):
     def payment_control_render(self, request, payment) -> str:
         from .models import GiftCard
 
-        if any(key in payment.info_data for key in ('gift_card', 'error')):
+        if 'gift_card' in payment.info_data:
+            gc = GiftCard.objects.get(pk=payment.info_data.get('gift_card'))
             template = get_template('pretixcontrol/giftcards/payment.html')
+
             ctx = {
                 'request': request,
                 'event': self.event,
-                **({'error': payment.info_data[
-                    'error']} if 'error' in payment.info_data else {}),
-                **({'gift_card_secret': payment.info_data[
-                    'gift_card_secret']} if 'gift_card_secret' in payment.info_data else {})
+                'gc': gc,
             }
-
-            try:
-                gc = GiftCard.objects.get(pk=payment.info_data.get('gift_card'))
-                ctx = {
-                    'gc': gc,
-                }
-            except GiftCard.DoesNotExist:
-                pass
-            finally:
-                return template.render(ctx)
+            return template.render(ctx)
 
     def payment_control_render_short(self, payment: OrderPayment) -> str:
         d = payment.info_data
@@ -1560,16 +1549,12 @@ class GiftCardPayment(BasePaymentProvider):
         try:
             gc = GiftCard.objects.get(pk=payment.info_data.get('gift_card'))
         except GiftCard.DoesNotExist:
-            return {
-                **({'error': payment.info_data[
-                    'error']} if 'error' in payment.info_data else {})
-            }
+            return {}
         return {
             'gift_card': {
                 'id': gc.pk,
                 'secret': gc.secret,
-                'organizer': gc.issuer.slug,
-                ** ({'error': payment.info_data['error']} if 'error' in payment.info_data else {})
+                'organizer': gc.issuer.slug
             }
         }
 
@@ -1641,8 +1626,6 @@ class GiftCardPayment(BasePaymentProvider):
                     raise PaymentException(_("This gift card does not support this currency."))
                 if not gc.accepted_by(self.event.organizer):
                     raise PaymentException(_("This gift card is not accepted by this event organizer."))
-                if gc.value <= Decimal("0.00"):
-                    raise PaymentException(_("All credit on this gift card has been used."))
                 if payment.amount > gc.value:
                     raise PaymentException(_("This gift card was used in the meantime. Please try again."))
                 if gc.testmode and not payment.order.testmode:
@@ -1663,16 +1646,8 @@ class GiftCardPayment(BasePaymentProvider):
                     'transaction_id': trans.pk,
                 }
                 payment.confirm(send_mail=not is_early_special_case, generate_invoice=not is_early_special_case)
-                gc.log_action(
-                    action='pretix.giftcards.transaction.payment',
-                    data={
-                        'value': trans.value,
-                        'acceptor_id': self.event.organizer.id,
-                        'acceptor_slug': self.event.organizer.slug
-                    }
-                )
         except PaymentException as e:
-            payment.fail(info={**payment.info_data, 'error': str(e)}, send_mail=not is_early_special_case)
+            payment.fail(info={'error': str(e)})
             raise e
 
     def payment_is_valid_session(self, request: HttpRequest) -> bool:
@@ -1695,15 +1670,6 @@ class GiftCardPayment(BasePaymentProvider):
             'transaction_id': trans.pk,
         }
         refund.done()
-        gc.log_action(
-            action='pretix.giftcards.transaction.refund',
-            data={
-                'value': refund.amount,
-                'acceptor_id': self.event.organizer.id,
-                'acceptor_slug': self.event.organizer.slug,
-                'text': refund.comment,
-            }
-        )
 
 
 @receiver(register_payment_providers, dispatch_uid="payment_free")

src/pretix/base/permissions.py

@@ -1,334 +0,0 @@
-#
-# This file is part of pretix (Community Edition).
-#
-# Copyright (C) 2014-2020  Raphael Michel and contributors
-# Copyright (C) 2020-today pretix GmbH and contributors
-#
-# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
-# Public License as published by the Free Software Foundation in version 3 of the License.
-#
-# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
-# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
-# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
-# this file, see <https://pretix.eu/about/en/license>.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
-# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
-# details.
-#
-# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
-# <https://www.gnu.org/licenses/>.
-#
-import functools
-import logging
-import warnings
-from collections import OrderedDict
-from typing import Callable, Dict, List, NamedTuple, Set, Tuple
-
-from django.apps import apps
-from django.dispatch import receiver
-from django.utils.functional import Promise
-from django.utils.translation import gettext_lazy as _, pgettext_lazy
-
-from pretix.base.signals import (
-    register_event_permission_groups, register_organizer_permission_groups,
-)
-
-logger = logging.getLogger(__name__)
-
-
-def cache_until_change(input_value: Callable):
-    def decorator(func):
-        old_input_value = None
-        cached_result = None
-
-        @functools.wraps(func)
-        def wrapper():
-            nonlocal cached_result, old_input_value
-            if cached_result is None or old_input_value != input_value():
-                cached_result = func()
-                old_input_value = input_value()
-            return cached_result
-        return wrapper
-    return decorator
-
-
-class PermissionOption(NamedTuple):
-    actions: Tuple[str, ...]
-    label: str | Promise
-    help_text: str | Promise = None
-
-
-class PermissionGroup(NamedTuple):
-    name: str
-    label: str | Promise
-    actions: List[str]
-    options: List[PermissionOption]
-    help_text: str | Promise = None
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_event_permission_groups() -> Dict[str, PermissionGroup]:
-    types = OrderedDict()
-    for recv, ret in register_event_permission_groups.send(None):
-        if isinstance(ret, (list, tuple)):
-            for r in ret:
-                types[r.name] = r
-        else:
-            types[ret.name] = ret
-    return types
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_organizer_permission_groups() -> Dict[str, PermissionGroup]:
-    types = OrderedDict()
-    for recv, ret in register_organizer_permission_groups.send(None):
-        if isinstance(ret, (list, tuple)):
-            for r in ret:
-                types[r.name] = r
-        else:
-            types[ret.name] = ret
-    return types
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_event_permissions() -> Set[str]:
-    from pretix.helpers.permission_migration import OLD_TO_NEW_EVENT_COMPAT
-
-    res = set(OLD_TO_NEW_EVENT_COMPAT.keys())
-    for pg in get_all_event_permission_groups().values():
-        for a in pg.actions:
-            res.add(f"{pg.name}:{a}")
-    return res
-
-
-@cache_until_change(input_value=lambda: apps.ready)
-def get_all_organizer_permissions() -> Set[str]:
-    from pretix.helpers.permission_migration import OLD_TO_NEW_ORGANIZER_COMPAT
-
-    res = set(OLD_TO_NEW_ORGANIZER_COMPAT.keys())
-    for pg in get_all_organizer_permission_groups().values():
-        for a in pg.actions:
-            res.add(f"{pg.name}:{a}")
-
-    return res
-
-
-def assert_valid_event_permission(permission, allow_legacy=True, allow_tuple=True):
-    if not apps.ready:
-        # can't really check yet
-        return
-    if allow_legacy and permission == "can_change_settings":
-        permission = "can_change_event_settings"
-    if permission is None:
-        return
-    if isinstance(permission, (AnyPermissionOf, list, tuple)) and allow_tuple:
-        for p in permission:
-            assert_valid_event_permission(p)
-        return
-    if not allow_legacy and ':' not in permission:
-        raise ValueError(f"Not allowed to use legacy permission '{permission}'")
-    all_permissions = get_all_event_permissions()
-    if permission not in all_permissions:
-        # Warning *and* exception because warning is silently caught when used in if statements in Django templates
-        warnings.warn(f"Use of undefined permission '{permission}'")
-        raise Exception(f"Undefined permission '{permission}'")
-
-
-def assert_valid_organizer_permission(permission, allow_legacy=True, allow_tuple=True):
-    if not apps.ready:
-        # can't really check yet
-        return
-    if permission is None:
-        return
-    if isinstance(permission, (AnyPermissionOf, list, tuple)) and allow_tuple:
-        for p in permission:
-            assert_valid_organizer_permission(p)
-        return
-    if not allow_legacy and ':' not in permission:
-        raise ValueError(f"Not allowed to use legacy permission '{permission}'")
-    all_permissions = get_all_organizer_permissions()
-    if permission not in all_permissions:
-        # Warning *and* exception because warning is silently caught when used in if statements in Django templates
-        warnings.warn(f"Use of undefined permission '{permission}'")
-        raise Exception(f"Undefined permission '{permission}'")
-
-
-class AnyPermissionOf(list):
-    def __init__(self, *items):
-        super().__init__(items)
-
-
-OPTS_ALL_READ = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "View")),
-    PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change")),
-]
-OPTS_ALL_READ_SETTINGS_API = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "View"),
-                     help_text=_("API only")),
-    PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change")),
-]
-OPTS_ALL_READ_SETTINGS_PARENT = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "View"),
-                     help_text=_("Menu item will only show up if the user has permission for general settings.")),
-    PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change")),
-]
-OPTS_READ_WRITE = [
-    PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-    PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View")),
-    PermissionOption(actions=("read", "write"), label=pgettext_lazy("permission_level", "View and change")),
-]
-
-
-@receiver(register_event_permission_groups, dispatch_uid="base_register_default_event_permissions")
-def register_default_event_permissions(sender, **kwargs):
-    return [
-        PermissionGroup(
-            name="event.settings.general",
-            label=_("General settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_API,
-            help_text=_(
-                "This includes access to all settings not listed explicitly below, including plugin settings."
-            ),
-        ),
-        PermissionGroup(
-            name="event.settings.payment",
-            label=_("Payment settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_PARENT,
-        ),
-        PermissionGroup(
-            name="event.settings.tax",
-            label=_("Tax settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_PARENT,
-        ),
-        PermissionGroup(
-            name="event.settings.invoicing",
-            label=_("Invoicing settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_PARENT,
-        ),
-        PermissionGroup(
-            name="event.subevents",
-            label=_("Event series dates"),
-            actions=["write"],
-            options=OPTS_ALL_READ,
-        ),
-        PermissionGroup(
-            name="event.items",
-            label=_("Products, quotas and questions"),
-            actions=["write"],
-            options=OPTS_ALL_READ,
-            help_text=_("Also includes related objects like categories or discounts."),
-        ),
-        PermissionGroup(
-            name="event.orders",
-            label=_("Orders"),
-            actions=["read", "write", "checkin"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("checkin",), label=pgettext_lazy("permission_level", "Only check-in")),
-                PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View all")),
-                PermissionOption(actions=("read", "checkin"), label=pgettext_lazy("permission_level", "View all and check-in")),
-                PermissionOption(actions=("read", "write"), label=pgettext_lazy("permission_level", "View all and change"),
-                                 help_text=_("Includes the ability to cancel and refund individual orders.")),
-            ],
-            help_text=_("Also includes related objects like the waiting list."),
-        ),
-        PermissionGroup(
-            name="event.vouchers",
-            label=_("Vouchers"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="event",
-            label=_("Full event or date cancellation"),
-            actions=["cancel"],
-            options=[
-                # If we ever add more actions, we need a new UI idea here
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "Not allowed")),
-                PermissionOption(actions=("cancel",), label=pgettext_lazy("permission_level", "Allowed")),
-            ],
-            help_text="",
-        ),
-    ]
-
-
-@receiver(register_organizer_permission_groups, dispatch_uid="base_register_default_organizer_permissions")
-def register_default_organizer_permissions(sender, **kwargs):
-    return [
-        PermissionGroup(
-            name="organizer.events",
-            label=_("Events"),
-            actions=["create"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "Access existing events")),
-                PermissionOption(actions=("create",), label=pgettext_lazy("permission_level", "Access existing and create new events")),
-            ],
-            help_text=_("The level of access to events is determined in detail by the settings below."),
-        ),
-        PermissionGroup(
-            name="organizer.settings.general",
-            label=_("Settings"),
-            actions=["write"],
-            options=OPTS_ALL_READ_SETTINGS_API,
-            help_text=_("This includes access to all organizer-level functionality not listed explicitly below, including plugin settings."),
-        ),
-        PermissionGroup(
-            name="organizer.teams",
-            label=_("Teams"),
-            actions=["write"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("write",), label=pgettext_lazy("permission_level", "View and change"),
-                                 help_text=_("Includes the ability to give someone (including oneself) additional permissions.")),
-            ],
-        ),
-        PermissionGroup(
-            name="organizer.giftcards",
-            label=_("Gift cards"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="organizer.customers",
-            label=_("Customers"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="organizer.reusablemedia",
-            label=_("Reusable media"),
-            actions=["read", "write"],
-            options=OPTS_READ_WRITE,
-        ),
-        PermissionGroup(
-            name="organizer.devices",
-            label=_("Devices"),
-            actions=["read", "write"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View")),
-                PermissionOption(actions=("read", "write"), label=pgettext_lazy("permission_level", "View and change"),
-                                 help_text=_("Includes the ability to give access to events and data oneself does not have access to.")),
-            ],
-        ),
-        PermissionGroup(
-            name="organizer.seatingplans",
-            label=_("Seating plans"),
-            actions=["write"],
-            options=OPTS_ALL_READ,
-        ),
-        PermissionGroup(
-            name="organizer.outgoingmails",
-            label=_("Outgoing emails"),
-            actions=["read"],
-            options=[
-                PermissionOption(actions=tuple(), label=pgettext_lazy("permission_level", "No access")),
-                PermissionOption(actions=("read",), label=pgettext_lazy("permission_level", "View")),
-            ],
-        ),
-    ]

src/pretix/base/plugins.py

@@ -65,7 +65,7 @@ def get_all_plugins(*, event=None, organizer=None) -> List[type]:
             if app.name in settings.PRETIX_PLUGINS_EXCLUDE:
                 continue
 
-            level = getattr(meta, "level", PLUGIN_LEVEL_EVENT)
+            level = getattr(app, "level", PLUGIN_LEVEL_EVENT)
             if level == PLUGIN_LEVEL_EVENT:
                 if event and hasattr(app, 'is_available'):
                     if not app.is_available(event):

src/pretix/base/services/cancelevent.py

@@ -45,6 +45,7 @@ from pretix.base.services.tax import split_fee_for_taxes
 from pretix.base.templatetags.money import money_filter
 from pretix.celery_app import app
 from pretix.helpers import OF_SELF
+from pretix.helpers.format import format_map
 
 logger = logging.getLogger(__name__)
 
@@ -54,7 +55,7 @@ def _send_wle_mail(wle: WaitingListEntry, subject: LazyI18nString, message: Lazy
         email_context = get_email_context(event_or_subevent=subevent or wle.event, event=wle.event)
         mail(
             wle.email,
-            str(subject),
+            format_map(subject, email_context),
             message,
             email_context,
             wle.event,
@@ -72,8 +73,9 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s
 
         email_context = get_email_context(event_or_subevent=subevent or order.event, refund_amount=refund_amount,
                                           order=order, position_or_address=ia, event=order.event)
+        real_subject = format_map(subject, email_context)
         order.send_mail(
-            subject, message, email_context,
+            real_subject, message, email_context,
             'pretix.event.order.email.event_canceled',
             user,
         )
@@ -83,13 +85,14 @@ def _send_mail(order: Order, subject: LazyI18nString, message: LazyI18nString, s
                 continue
 
             if p.addon_to_id is None and p.attendee_email and p.attendee_email != order.email:
+                real_subject = format_map(subject, email_context)
                 email_context = get_email_context(event_or_subevent=p.subevent or order.event,
                                                   event=order.event,
                                                   refund_amount=refund_amount,
                                                   position_or_address=p,
                                                   order=order, position=p)
                 order.send_mail(
-                    subject, message, email_context,
+                    real_subject, message, email_context,
                     'pretix.event.order.email.event_canceled',
                     position=p,
                     user=user

src/pretix/base/services/cart.py

@@ -334,8 +334,7 @@ def _check_position_constraints(
         raise CartPositionError(error_messages['voucher_invalid_subevent'])
 
     # Voucher expired
-    # (checked using real_now_dt as vouchers influence quota calculations)
-    if voucher and voucher.valid_until and voucher.valid_until < real_now_dt:
+    if voucher and voucher.valid_until and voucher.valid_until < time_machine_now_dt:
         raise CartPositionError(error_messages['voucher_expired'])
 
     # Subevent has been disabled

src/pretix/base/services/export.py

@@ -34,7 +34,7 @@ from django_scopes import scopes_disabled
 from i18nfield.strings import LazyI18nString
 
 from pretix.base.email import get_email_context
-from pretix.base.exporter import BaseExporter, OrganizerLevelExportMixin
+from pretix.base.exporter import OrganizerLevelExportMixin
 from pretix.base.i18n import LazyLocaleException, language
 from pretix.base.models import (
     CachedFile, Device, Event, Organizer, ScheduledEventExport, TeamAPIToken,
@@ -64,15 +64,7 @@ class ExportEmptyError(ExportError):
 
 
 @app.task(base=ProfiledEventTask, throws=(ExportError, ExportEmptyError), bind=True)
-def export(self, event: Event, user: User, device: int, token: int, fileid: str, provider: str,
-           form_data: Dict[str, Any], staff_session=False) -> None:
-    if user:
-        user = User.objects.get(pk=user)
-    if device:
-        device = Device.objects.get(pk=device)
-    if token:
-        device = TeamAPIToken.objects.get(pk=token)
-
+def export(self, event: Event, fileid: str, provider: str, form_data: Dict[str, Any]) -> None:
     def set_progress(val):
         if not self.request.called_directly:
             self.update_state(
@@ -80,38 +72,30 @@ def export(self, event: Event, user: User, device: int, token: int, fileid: str,
                 meta={'value': val}
             )
 
-    ex = init_event_exporter(
-        identifier=provider,
-        event=event,
-        user=user,
-        token=token,
-        device=device,
-        staff_session=staff_session,
-        progress_callback=set_progress,
-    )
-    if not ex:
-        raise ExportError(
-            gettext('Export not found or you do not have sufficient permission to perform this export.')
-        )
-
     file = CachedFile.objects.get(id=fileid)
     with language(event.settings.locale, event.settings.region), override(event.settings.timezone):
-        if ex.repeatable_read:
-            with repeatable_reads_transaction():
-                d = ex.render(form_data)
-        else:
-            d = ex.render(form_data)
+        responses = register_data_exporters.send(event)
+        for recv, response in responses:
+            if not response:
+                continue
+            ex = response(event, event.organizer, set_progress)
+            if ex.identifier == provider:
+                if ex.repeatable_read:
+                    with repeatable_reads_transaction():
+                        d = ex.render(form_data)
+                else:
+                    d = ex.render(form_data)
 
-        if d is None:
-            raise ExportError(
-                gettext('Your export did not contain any data.')
-            )
-        file.filename, file.type, data = d
+                if d is None:
+                    raise ExportError(
+                        gettext('Your export did not contain any data.')
+                    )
+                file.filename, file.type, data = d
 
-        close_old_connections()  # This task can run very long, we might need a new DB connection
+                close_old_connections()  # This task can run very long, we might need a new DB connection
 
-        f = ContentFile(data)
-        file.file.save(cachedfile_name(file, file.filename), f)
+                f = ContentFile(data)
+                file.file.save(cachedfile_name(file, file.filename), f)
     return str(file.pk)
 
 
@@ -121,7 +105,10 @@ def multiexport(self, organizer: Organizer, user: User, device: int, token: int,
     if device:
         device = Device.objects.get(pk=device)
     if token:
-        token = TeamAPIToken.objects.get(pk=token)
+        device = TeamAPIToken.objects.get(pk=token)
+    allowed_events = (device or token or user).get_events_with_permission('can_view_orders')
+    if user and staff_session:
+        allowed_events = organizer.events.all()
 
     def set_progress(val):
         if not self.request.called_directly:
@@ -131,35 +118,12 @@ def multiexport(self, organizer: Organizer, user: User, device: int, token: int,
             )
 
     file = CachedFile.objects.get(id=fileid)
-
-    event_qs = organizer.events.all()
-    if form_data.get('events') is not None and not form_data.get('all_events'):
-        if form_data['events'] and isinstance(form_data['events'][0], str):  # legacy API-created schedules
-            event_qs = event_qs.filter(slug__in=form_data.get('events'))
-        else:
-            event_qs = event_qs.filter(pk__in=form_data.get('events'))
-
-    ex = init_organizer_exporter(
-        identifier=provider,
-        organizer=organizer,
-        user=user,
-        token=token,
-        device=device,
-        staff_session=staff_session,
-        progress_callback=set_progress,
-        event_qs=event_qs,
-    )
-    if not ex:
-        raise ExportError(
-            gettext('Export not found or you do not have sufficient permission to perform this export.')
-        )
-
     if user:
         locale = user.locale
         timezone = user.timezone
         region = None  # todo: add to user?
     else:
-        e = ex.events.first()
+        e = allowed_events.first()
         if e:
             locale = e.settings.locale
             timezone = e.settings.timezone
@@ -169,138 +133,45 @@ def multiexport(self, organizer: Organizer, user: User, device: int, token: int,
             timezone = organizer.settings.timezone or settings.TIME_ZONE
             region = organizer.settings.region
     with language(locale, region), override(timezone):
-        if ex.repeatable_read:
-            with repeatable_reads_transaction():
-                d = ex.render(form_data)
+        if form_data.get('events') is not None and not form_data.get('all_events'):
+            if isinstance(form_data['events'][0], str):
+                events = allowed_events.filter(slug__in=form_data.get('events'), organizer=organizer)
+            else:
+                events = allowed_events.filter(pk__in=form_data.get('events'), organizer=organizer)
         else:
-            d = ex.render(form_data)
-        if d is None:
-            raise ExportError(
-                gettext('Your export did not contain any data.')
-            )
-        file.filename, file.type, data = d
+            events = allowed_events.filter(organizer=organizer)
+        responses = register_multievent_data_exporters.send(organizer)
 
-        close_old_connections()  # This task can run very long, we might need a new DB connection
-
-        f = ContentFile(data)
-        file.file.save(cachedfile_name(file, file.filename), f)
-    return str(file.pk)
-
-
-def init_event_exporter(identifier, **kwargs):
-    for ex in init_event_exporters(**kwargs):
-        if ex.identifier == identifier:
-            return ex
-    return None
-
-
-def init_event_exporters(event, user=None, token=None, device=None, request=None, staff_session=False, **kwargs):
-    if not user and not token and not device:
-        raise ValueError("No auth source given.")
-    perm_holder = device or token or user
-
-    responses = register_data_exporters.send(event)
-    for r, response in responses:
-        if not response:
-            continue
-
-        if issubclass(response, OrganizerLevelExportMixin):
-            raise TypeError("Cannot user organizer-level exporter on event level")
-
-        permission_name = response.get_required_event_permission()
-        if not perm_holder.has_event_permission(event.organizer, event, permission_name, request) and not staff_session:
-            continue
-
-        exporter: BaseExporter = response(event=event, organizer=event.organizer, **kwargs)
-
-        if not exporter.available_for_user(user if user and user.is_authenticated else None):
-            continue
-
-        yield exporter
-
-
-def init_organizer_exporter(identifier, **kwargs):
-    for ex in init_organizer_exporters(**kwargs):
-        if ex.identifier == identifier:
-            return ex
-    return None
-
-
-def init_organizer_exporters(
-    organizer, user=None, token=None, device=None, request=None, staff_session=False, event_qs=None, **kwargs
-):
-    if not user and not token and not device:
-        raise ValueError("No auth source given.")
-    perm_holder = device or token or user
-
-    _event_list_cache = {}
-    _has_permission_on_any_team_cache = {}
-    _team_cache = None
-
-    responses = register_multievent_data_exporters.send(organizer)
-    for r, response in responses:
-        if not response:
-            continue
-
-        if issubclass(response, OrganizerLevelExportMixin):
-            exporter: BaseExporter = response(event=Event.objects.none(), organizer=organizer, **kwargs)
-
-            try:
-                if not perm_holder.has_organizer_permission(organizer, response.get_required_organizer_permission(), request) and not staff_session:
-                    continue
-            except NotImplementedError:
-                logger.error(f"Not showing export {response} because get_required_organizer_permission() is not implemented.")
+        for recv, response in responses:
+            if not response:
                 continue
-
-        else:
-            permission_name = response.get_required_event_permission()
-
-            if permission_name not in _event_list_cache:
-                if staff_session:
-                    events = event_qs.all() if event_qs else organizer.events.all()
-                elif event_qs is not None:
-                    events = event_qs.filter(
-                        pk__in=perm_holder.get_events_with_permission(
-                            permission_name, request=request
-                        ).filter(
-                            organizer=organizer
-                        ).values("id")
+            ex = response(events, organizer, set_progress)
+            if ex.identifier == provider:
+                if (
+                    isinstance(ex, OrganizerLevelExportMixin) and
+                    not staff_session and
+                    not (device or token or user).has_organizer_permission(organizer, ex.organizer_required_permission)
+                ):
+                    raise ExportError(
+                        gettext('You do not have sufficient permission to perform this export.')
                     )
+
+                if ex.repeatable_read:
+                    with repeatable_reads_transaction():
+                        d = ex.render(form_data)
                 else:
-                    events = perm_holder.get_events_with_permission(
-                        permission_name, request=request
-                    ).filter(
-                        organizer=organizer
+                    d = ex.render(form_data)
+                if d is None:
+                    raise ExportError(
+                        gettext('Your export did not contain any data.')
                     )
+                file.filename, file.type, data = d
 
-                _event_list_cache[permission_name] = events
+                close_old_connections()  # This task can run very long, we might need a new DB connection
 
-            if permission_name not in _has_permission_on_any_team_cache:
-                # Check if the user has this event permission on any teams they are part of to decide whether to show
-                # the export at all.
-                # This is different from _event_list_cache[permission_name].exists() for the case of an organizer with
-                # zero events in total, or a team with zero events. In these cases, we still want people to be able
-                # to see waht exports they'll get once they have events.
-                if user:
-                    if _team_cache is None:
-                        _team_cache = list(user.teams.filter(organizer=organizer))
-                    _has_permission_on_any_team_cache[permission_name] = staff_session or any(
-                        t.has_event_permission(permission_name) for t in _team_cache
-                    )
-                elif token:
-                    _has_permission_on_any_team_cache[permission_name] = token.team.has_event_permission(permission_name)
-                elif device:
-                    _has_permission_on_any_team_cache[permission_name] = device.has_event_permission(permission_name)
-
-            if not _has_permission_on_any_team_cache[permission_name] and not staff_session:
-                continue
-
-            exporter: BaseExporter = response(event=_event_list_cache[permission_name], organizer=organizer, **kwargs)
-
-        if not exporter.available_for_user(user if user and user.is_authenticated else None):
-            continue
-
-        yield exporter
+                f = ContentFile(data)
+                file.file.save(cachedfile_name(file, file.filename), f)
+    return str(file.pk)
 
 
 def _run_scheduled_export(schedule, context: Union[Event, Organizer], exporter, config_url, retry_func, has_permission):
@@ -346,7 +217,7 @@ def _run_scheduled_export(schedule, context: Union[Event, Organizer], exporter,
 
         try:
             if not exporter:
-                raise ExportError("Export type not found or permission denied.")
+                raise ExportError("Export type not found.")
             if exporter.repeatable_read:
                 with repeatable_reads_transaction():
                     d = exporter.render(schedule.export_form_data)
@@ -420,20 +291,31 @@ def _run_scheduled_export(schedule, context: Union[Event, Organizer], exporter,
 def scheduled_organizer_export(self, organizer: Organizer, schedule: int) -> None:
     schedule = organizer.scheduled_exports.get(pk=schedule)
 
-    event_qs = organizer.events.all()
+    allowed_events = schedule.owner.get_events_with_permission('can_view_orders')
     if schedule.export_form_data.get('events') is not None and not schedule.export_form_data.get('all_events'):
         if isinstance(schedule.export_form_data['events'][0], str):
-            event_qs = event_qs.filter(slug__in=schedule.export_form_data.get('events'))
+            events = allowed_events.filter(slug__in=schedule.export_form_data.get('events'), organizer=organizer)
         else:
-            event_qs = event_qs.filter(pk__in=schedule.export_form_data.get('events'))
+            events = allowed_events.filter(pk__in=schedule.export_form_data.get('events'), organizer=organizer)
+    else:
+        events = allowed_events.filter(organizer=organizer)
+
+    responses = register_multievent_data_exporters.send(organizer)
+    exporter = None
+    for recv, response in responses:
+        if not response:
+            continue
+        ex = response(events, organizer)
+        if ex.identifier == schedule.export_identifier:
+            exporter = ex
+            break
 
-    exporter = init_organizer_exporter(
-        identifier=schedule.export_identifier,
-        organizer=organizer,
-        user=schedule.owner,
-        event_qs=event_qs,
-    )
     has_permission = schedule.owner.is_active
+    if isinstance(exporter, OrganizerLevelExportMixin):
+        if not schedule.owner.has_organizer_permission(organizer, exporter.organizer_required_permission):
+            has_permission = False
+    if exporter and not exporter.available_for_user(schedule.owner):
+        has_permission = False
 
     _run_scheduled_export(
         schedule,
@@ -454,12 +336,17 @@ def scheduled_organizer_export(self, organizer: Organizer, schedule: int) -> Non
 def scheduled_event_export(self, event: Event, schedule: int) -> None:
     schedule = event.scheduled_exports.get(pk=schedule)
 
-    exporter = init_event_exporter(
-        identifier=schedule.export_identifier,
-        event=event,
-        user=schedule.owner,
-    )
-    has_permission = schedule.owner.is_active
+    responses = register_data_exporters.send(event)
+    exporter = None
+    for recv, response in responses:
+        if not response:
+            continue
+        ex = response(event, event.organizer)
+        if ex.identifier == schedule.export_identifier:
+            exporter = ex
+            break
+
+    has_permission = schedule.owner.is_active and schedule.owner.has_event_permission(event.organizer, event, 'can_view_orders')
 
     _run_scheduled_export(
         schedule,

src/pretix/base/services/invoices.py

@@ -51,7 +51,6 @@ from django_scopes import scope, scopes_disabled
 from i18nfield.strings import LazyI18nString
 
 from pretix.base.i18n import language
-from pretix.base.invoicing.pdf import InvoiceNotReadyException
 from pretix.base.invoicing.transmission import (
     get_transmission_types, transmission_providers,
 )
@@ -505,7 +504,7 @@ def generate_invoice(order: Order, trigger_pdf=True):
     return invoice
 
 
-@app.task(base=TransactionAwareTask, throws=(InvoiceNotReadyException,))
+@app.task(base=TransactionAwareTask)
 def invoice_pdf_task(invoice: int):
     with scopes_disabled():
         i = Invoice.objects.get(pk=invoice)

src/pretix/base/services/mail.py

@@ -81,9 +81,7 @@ from pretix.base.signals import (
 )
 from pretix.celery_app import app
 from pretix.helpers import OF_SELF
-from pretix.helpers.format import (
-    FormattedString, PlainHtmlAlternativeString, SafeFormatter, format_map,
-)
+from pretix.helpers.format import SafeFormatter, format_map
 from pretix.helpers.hierarkey import clean_filename
 from pretix.multidomain.urlreverse import build_absolute_uri
 from pretix.presale.ical import get_private_icals
@@ -149,13 +147,13 @@ def prefix_subject(settings_holder, subject, highlight=False):
     return subject
 
 
-def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString], template: Union[str, LazyI18nString],
+def mail(email: Union[str, Sequence[str]], subject: str, template: Union[str, LazyI18nString],
          context: Dict[str, Any] = None, event: Event = None, locale: str = None, order: Order = None,
          position: OrderPosition = None, *, headers: dict = None, sender: str = None, organizer: Organizer = None,
          customer: Customer = None, invoices: Sequence = None, attach_tickets=False, auto_email=True, user=None,
          attach_ical=False, attach_cached_files: Sequence = None, attach_other_files: list=None,
          plain_text_only=False, no_order_links=False, cc: Sequence[str]=None, bcc: Sequence[str]=None,
-         sensitive: bool=False) -> Optional[OutgoingMail]:
+         sensitive: bool=False):
     """
     Sends out an email to a user. The mail will be sent synchronously or asynchronously depending on the installation.
 
@@ -220,9 +218,6 @@ def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString],
     if email == INVALID_ADDRESS:
         return
 
-    if isinstance(template, FormattedString):
-        raise TypeError("Cannot pass an already formatted body template")
-
     if no_order_links and not plain_text_only:
         raise ValueError('If you set no_order_links, you also need to set plain_text_only.')
 
@@ -256,28 +251,23 @@ def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString],
     if event and attach_tickets and not event.settings.mail_attach_tickets:
         attach_tickets = False
 
-    with language(locale), override(timezone):
+    with language(locale):
         if isinstance(context, dict) and order:
             _autoextend_context(context, order)
 
         # Build raw content
-        content_plain = render_mail(template, context, placeholder_mode=None)
+        body_plain = render_mail(template, context, placeholder_mode=SafeFormatter.MODE_RICH_TO_PLAIN)
         if settings_holder:
             signature = str(settings_holder.settings.get('mail_text_signature'))
         else:
             signature = ""
 
         # Build full plain-text body
-        if not isinstance(content_plain, FormattedString):
-            body_plain = format_map(content_plain, context, mode=SafeFormatter.MODE_RICH_TO_PLAIN)
-        else:
-            body_plain = content_plain
         body_plain = _wrap_plain_body(body_plain, signature, event, order, position, no_order_links)
+        body_plain = format_map(body_plain, context, mode=SafeFormatter.MODE_RICH_TO_PLAIN)
 
         # Build subject
-        if not isinstance(subject, FormattedString):
-            subject = format_map(subject, context)
-
+        subject = str(subject).format_map(TolerantDict(context))
         subject = raw_subject = subject.replace('\n', ' ').replace('\r', '')[:900]
         if settings_holder:
             subject = prefix_subject(settings_holder, subject)
@@ -296,24 +286,26 @@ def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString],
             else:
                 renderer = ClassicMailRenderer(None, organizer)
 
-            try:
-                if 'context' in inspect.signature(renderer.render).parameters:
-                    body_html = renderer.render(content_plain, signature, raw_subject, order, position, context)
-                elif 'position' in inspect.signature(renderer.render).parameters:
-                    # Backwards compatibility
-                    warnings.warn('Email renderer called without context argument because context argument is not '
-                                  'supported.',
-                                  DeprecationWarning)
-                    body_html = renderer.render(content_plain, signature, raw_subject, order, position)
-                else:
-                    # Backwards compatibility
-                    warnings.warn('Email renderer called without position argument because position argument is not '
-                                  'supported.',
-                                  DeprecationWarning)
-                    body_html = renderer.render(content_plain, signature, raw_subject, order)
-            except:
-                logger.exception('Could not render HTML body')
-                body_html = None
+            with override(timezone):
+                content_plain = render_mail(template, context, placeholder_mode=None)
+                try:
+                    if 'context' in inspect.signature(renderer.render).parameters:
+                        body_html = renderer.render(content_plain, signature, raw_subject, order, position, context)
+                    elif 'position' in inspect.signature(renderer.render).parameters:
+                        # Backwards compatibility
+                        warnings.warn('Email renderer called without context argument because context argument is not '
+                                      'supported.',
+                                      DeprecationWarning)
+                        body_html = renderer.render(content_plain, signature, raw_subject, order, position)
+                    else:
+                        # Backwards compatibility
+                        warnings.warn('Email renderer called without position argument because position argument is not '
+                                      'supported.',
+                                      DeprecationWarning)
+                        body_html = renderer.render(content_plain, signature, raw_subject, order)
+                except:
+                    logger.exception('Could not render HTML body')
+                    body_html = None
 
         m = OutgoingMail.objects.create(
             organizer=organizer,
@@ -335,26 +327,14 @@ def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString],
             should_attach_other_files=attach_other_files or [],
             sensitive=sensitive,
         )
-        m._prefetched_objects_cache = {}
         if invoices and not position:
             m.should_attach_invoices.add(*invoices)
-            # Hack: For logging, we'll later make a `should_attach_invoices.all()` call. We can prevent a useless
-            # DB query by filling the cache
-            m._prefetched_objects_cache[m.should_attach_invoices.prefetch_cache_name] = invoices
-        else:
-            m._prefetched_objects_cache[m.should_attach_invoices.prefetch_cache_name] = Invoice.objects.none()
         if attach_cached_files:
-            cf_list = []
             for cf in attach_cached_files:
                 if not isinstance(cf, CachedFile):
-                    cf = CachedFile.objects.get(pk=cf)
-                m.should_attach_cached_files.add(cf)
-                cf_list.append(cf)
-            # Hack: For logging, we'll later make a `should_attach_cached_files.all()` call. We can prevent a useless
-            # DB query by filling the cache
-            m._prefetched_objects_cache[m.should_attach_cached_files.prefetch_cache_name] = cf_list
-        else:
-            m._prefetched_objects_cache[m.should_attach_cached_files.prefetch_cache_name] = CachedFile.objects.none()
+                    m.should_attach_cached_files.add(CachedFile.objects.get(pk=cf))
+                else:
+                    m.should_attach_cached_files.add(cf)
 
         send_task = mail_send_task.si(
             outgoing_mail=m.id
@@ -376,8 +356,6 @@ def mail(email: Union[str, Sequence[str]], subject: Union[str, FormattedString],
                 lambda: chain(*task_chain).apply_async()
             )
 
-    return m
-
 
 class CustomEmail(EmailMultiAlternatives):
     def _create_mime_attachment(self, content, mimetype):
@@ -403,7 +381,7 @@ def mail_send_task(self, **kwargs) -> bool:
         # mail_send_task(self, *, outgoing_mail)
         with scopes_disabled():
             mail_send(**kwargs)
-        return False
+        return
     else:
         raise ValueError("Unknown arguments")
 
@@ -411,7 +389,7 @@ def mail_send_task(self, **kwargs) -> bool:
         try:
             outgoing_mail = OutgoingMail.objects.select_for_update(of=OF_SELF).get(pk=outgoing_mail)
         except OutgoingMail.DoesNotExist:
-            logger.info(f"Ignoring job for non existing email {outgoing_mail}")
+            logger.info(f"Ignoring job for non existing email {outgoing_mail.guid}")
             return False
         if outgoing_mail.status == OutgoingMail.STATUS_INFLIGHT:
             logger.info(f"Ignoring job for inflight email {outgoing_mail.guid}")
@@ -423,18 +401,6 @@ def mail_send_task(self, **kwargs) -> bool:
         outgoing_mail.inflight_since = now()
         outgoing_mail.save(update_fields=["status", "inflight_since"])
 
-    # Performance optimization, saves database queries later on if we resolve the known relationships
-    if outgoing_mail.event_id:
-        assert outgoing_mail.event.organizer_id == outgoing_mail.organizer.pk
-        outgoing_mail.event.organizer = outgoing_mail.organizer
-    if outgoing_mail.order_id:
-        assert outgoing_mail.order.event_id == outgoing_mail.event_id
-        outgoing_mail.order.event = outgoing_mail.event
-        outgoing_mail.order.organizer = outgoing_mail.organizer
-    if outgoing_mail.orderposition_id:
-        assert outgoing_mail.orderposition.order_id == outgoing_mail.order_id
-        outgoing_mail.orderposition.order = outgoing_mail.order
-
     headers = dict(outgoing_mail.headers)
     headers.setdefault('X-PX-Correlation', str(outgoing_mail.guid))
     email = CustomEmail(
@@ -469,24 +435,15 @@ def mail_send_task(self, **kwargs) -> bool:
                         content = ct.file.read()
                         args.append((name, content, ct.type))
                         attach_size += len(content)
-                    except Exception as e:
+                    except Exception:
                         # This sometimes fails e.g. with FileNotFoundError. We haven't been able to figure out
                         # why (probably some race condition with ticket cache invalidation?), so retry later.
                         try:
-                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}, will retry')
-                            retry_after = 60
-                            outgoing_mail.error = "Tickets not ready"
-                            outgoing_mail.error_detail = str(e)
-                            outgoing_mail.sent = now()
-                            outgoing_mail.status = OutgoingMail.STATUS_AWAITING_RETRY
-                            outgoing_mail.retry_after = now() + timedelta(seconds=retry_after)
-                            outgoing_mail.save(update_fields=["status", "error", "error_detail", "sent", "retry_after",
-                                                              "actual_attachments"])
-                            self.retry(max_retries=5, countdown=retry_after)
+                            self.retry(max_retries=5, countdown=60)
                         except MaxRetriesExceededError:
                             # Well then, something is really wrong, let's send it without attachment before we
                             # don't send at all
-                            logger.exception(f'Too many retries attaching tickets to email {outgoing_mail.guid}, skip attachment')
+                            logger.exception(f'Could not attach tickets to email {outgoing_mail.guid}')
                             pass
 
                 if attach_size * 1.37 < settings.FILE_UPLOAD_MAX_SIZE_EMAIL_ATTACHMENT - 1024 * 1024:
@@ -512,17 +469,16 @@ def mail_send_task(self, **kwargs) -> bool:
 
         # Attach calendar files
         if outgoing_mail.should_attach_ical and outgoing_mail.order:
-            with language(outgoing_mail.order.locale, outgoing_mail.event.settings.region):
-                fname = re.sub('[^a-zA-Z0-9 ]', '-', unidecode(pgettext('attachment_filename', 'Calendar invite')))
-                icals = get_private_icals(
-                    outgoing_mail.event,
-                    [outgoing_mail.orderposition] if outgoing_mail.orderposition else outgoing_mail.order.positions.all()
-                )
-                for i, cal in enumerate(icals):
-                    name = '{}{}.ics'.format(fname, f'-{i + 1}' if i > 0 else '')
-                    content = cal.serialize()
-                    mimetype = 'text/calendar'
-                    email.attach(name, content, mimetype)
+            fname = re.sub('[^a-zA-Z0-9 ]', '-', unidecode(pgettext('attachment_filename', 'Calendar invite')))
+            icals = get_private_icals(
+                outgoing_mail.event,
+                [outgoing_mail.orderposition] if outgoing_mail.orderposition else outgoing_mail.order.positions.all()
+            )
+            for i, cal in enumerate(icals):
+                name = '{}{}.ics'.format(fname, f'-{i + 1}' if i > 0 else '')
+                content = cal.serialize()
+                mimetype = 'text/calendar'
+                email.attach(name, content, mimetype)
 
         invoices_to_mark_transmitted = []
         for inv in outgoing_mail.should_attach_invoices.all():
@@ -563,7 +519,6 @@ def mail_send_task(self, **kwargs) -> bool:
                             )
                         except InvoiceAddress.DoesNotExist:
                             pass
-                        expected_recipients = {e.lower() for e in expected_recipients if e}
                         if any(t in expected_recipients for t in outgoing_mail.to):
                             invoices_to_mark_transmitted.append(inv)
 
@@ -834,12 +789,7 @@ def render_mail(template, context, placeholder_mode: Optional[int]=SafeFormatter
             body = format_map(body, context, mode=placeholder_mode)
     else:
         tpl = get_template(template)
-        context = {
-            # Known bug, should behave differently for plain and HTML but we'll fix after security release
-            k: v.html if isinstance(v, PlainHtmlAlternativeString) else v
-            for k, v in context.items()
-        }
-        body = FormattedString(tpl.render(context))
+        body = tpl.render(context)
     return body
 
 
@@ -985,7 +935,7 @@ def _wrap_plain_body(content_plain, signature, event, order, position, no_order_
     body_plain += "\r\n\r\n-- \r\n"
 
     if signature:
-        signature = format_map(signature, {"event": event.name if event else ''})
+        signature = signature.format(event=event.name if event else '')
         body_plain += signature
         body_plain += "\r\n\r\n-- \r\n"
 
@@ -997,7 +947,7 @@ def _wrap_plain_body(content_plain, signature, event, order, position, no_order_
         body_plain += _(
             "You can view your order details at the following URL:\n{orderurl}."
         ).replace("\n", "\r\n").format(
-            orderurl=build_absolute_uri(
+            event=event.name, orderurl=build_absolute_uri(
                 order.event, 'presale:event.order.position', kwargs={
                     'order': order.code,
                     'secret': position.web_secret,

src/pretix/base/services/orders.py

@@ -247,16 +247,6 @@ def reactivate_order(order: Order, force: bool=False, user: User=None, auth=None
                 for gc in position.issued_gift_cards.all():
                     gc = GiftCard.objects.select_for_update(of=OF_SELF).get(pk=gc.pk)
                     gc.transactions.create(value=position.price, order=order, acceptor=order.event.organizer)
-                    gc.log_action(
-                        action='pretix.giftcards.transaction.manual',
-                        user=user,
-                        auth=auth,
-                        data={
-                            'value': position.price,
-                            'acceptor_id': order.event.organizer.id,
-                            'acceptor_slug': order.event.organizer.slug
-                        }
-                    )
                     break
 
                 for m in position.granted_memberships.all():
@@ -558,15 +548,6 @@ def _cancel_order(order, user=None, send_mail: bool=True, api_token=None, device
                     )
                 else:
                     gc.transactions.create(value=-position.price, order=order, acceptor=order.event.organizer)
-                    gc.log_action(
-                        action='pretix.giftcards.transaction.manual',
-                        user=user,
-                        data={
-                            'value': -position.price,
-                            'acceptor_id': order.event.organizer.id,
-                            'acceptor_slug': order.event.organizer.slug
-                        }
-                    )
 
             for m in position.granted_memberships.all():
                 m.canceled = True
@@ -1799,6 +1780,8 @@ class OrderChangeManager:
             tax_rule = tax_rules.get(pos.pk, pos.tax_rule)
             if not tax_rule:
                 continue
+            if not pos.price:
+                continue
 
             try:
                 new_rate = tax_rule.tax_rate_for(ia)
@@ -1815,9 +1798,7 @@ class OrderChangeManager:
                                            override_tax_rate=new_rate, override_tax_code=new_code)
                 self._totaldiff_guesstimate += new_tax.gross - pos.price
                 self._operations.append(self.PriceOperation(pos, new_tax, new_tax.gross - pos.price))
-                if pos.price:
-                    # We do not consider the invoice dirty if only 0€-valued taxes are changed
-                    self._invoice_dirty = True
+                self._invoice_dirty = True
 
     def cancel_fee(self, fee: OrderFee):
         self._totaldiff_guesstimate -= fee.value
@@ -2453,16 +2434,6 @@ class OrderChangeManager:
                         ))
                     else:
                         gc.transactions.create(value=-position.price, order=self.order, acceptor=self.order.event.organizer)
-                        gc.log_action(
-                            action='pretix.giftcards.transaction.manual',
-                            user=self.user,
-                            auth=self.auth,
-                            data={
-                                'value': -position.price,
-                                'acceptor_id': self.order.event.organizer.id,
-                                'acceptor_slug': self.order.event.organizer.slug
-                            }
-                        )
 
                 for m in position.granted_memberships.with_usages().all():
                     m.canceled = True
@@ -2480,16 +2451,6 @@ class OrderChangeManager:
                             ))
                         else:
                             gc.transactions.create(value=-opa.position.price, order=self.order, acceptor=self.order.event.organizer)
-                            gc.log_action(
-                                action='pretix.giftcards.transaction.manual',
-                                user=self.user,
-                                auth=self.auth,
-                                data={
-                                    'value': -opa.position.price,
-                                    'acceptor_id': self.order.event.organizer.id,
-                                    'acceptor_slug': self.order.event.organizer.slug
-                                }
-                            )
 
                     for m in opa.granted_memberships.with_usages().all():
                         m.canceled = True
@@ -3158,10 +3119,7 @@ def _try_auto_refund(order, auto_refund=True, manual_refund=False, allow_partial
                 customer=order.customer,
                 testmode=order.testmode
             )
-            giftcard.log_action(
-                action='pretix.giftcards.created',
-                data={}
-            )
+            giftcard.log_action('pretix.giftcards.created', data={})
             r = order.refunds.create(
                 order=order,
                 payment=None,
@@ -3448,18 +3406,7 @@ def signal_listener_issue_giftcards(sender: Event, order: Order, **kwargs):
                     currency=sender.currency, issued_in=p, testmode=order.testmode,
                     expires=sender.organizer.default_gift_card_expiry,
                 )
-                gc.log_action(
-                    action='pretix.giftcards.created',
-                )
-                trans = gc.transactions.create(value=p.price - issued, order=order, acceptor=sender.organizer)
-                gc.log_action(
-                    action='pretix.giftcards.transaction.manual',
-                    data={
-                        'value': trans.value,
-                        'acceptor_id': order.event.organizer.id,
-                        'acceptor_slug': order.event.organizer.slug
-                    }
-                )
+                gc.transactions.create(value=p.price - issued, order=order, acceptor=sender.organizer)
                 any_giftcards = True
                 p.secret = gc.secret
                 p.save(update_fields=['secret'])

src/pretix/base/services/placeholders.py

@@ -24,7 +24,6 @@ import logging
 from datetime import timedelta
 from decimal import Decimal
 
-from django.db.models import Prefetch, prefetch_related_objects
 from django.dispatch import receiver
 from django.utils.formats import date_format
 from django.utils.html import escape, mark_safe
@@ -36,7 +35,6 @@ from pretix.base.forms.widgets import format_placeholders_help_text
 from pretix.base.i18n import (
     LazyCurrencyNumber, LazyDate, LazyExpiresDate, LazyNumber,
 )
-from pretix.base.models import EventMetaValue
 from pretix.base.reldate import RelativeDateWrapper
 from pretix.base.settings import PERSON_NAME_SCHEMES, get_name_parts_localized
 from pretix.base.signals import (
@@ -754,11 +752,6 @@ def base_placeholders(sender, **kwargs):
             name_scheme['sample'][f]
         ))
 
-    prefetch_related_objects(
-        [sender],
-        Prefetch('meta_values', queryset=EventMetaValue.objects.select_related("property"), to_attr="meta_values_cached")
-    )
-    prefetch_related_objects([sender.organizer], Prefetch('meta_properties'))
     for k, v in sender.meta_data.items():
         ph.append(MarkdownTextPlaceholder(
             'meta_%s' % k, ['event'], lambda event, k=k: event.meta_data[k],

src/pretix/base/services/shredder.py

@@ -176,7 +176,6 @@ def shred(self, event: Event, fileid: str, confirm_code: str, user: int=None, lo
                 _('Data shredding completed'),
                 'pretixbase/email/shred_completed.txt',
                 {
-                    'instance': settings.PRETIX_INSTANCE_NAME,
                     'user': user,
                     'organizer': event.organizer.name,
                     'event': str(event.name),

src/pretix/base/services/vouchers.py

@@ -39,7 +39,7 @@ def vouchers_send(event: Event, vouchers: list, subject: str, message: str, reci
         with language(event.settings.locale):
             email_context = get_email_context(event=event, name=r.get('name') or '',
                                               voucher_list=[v.code for v in voucher_list])
-            outgoing_mail = mail(
+            mail(
                 r['email'],
                 subject,
                 LazyI18nString(message),
@@ -60,8 +60,8 @@ def vouchers_send(event: Event, vouchers: list, subject: str, message: str, reci
                     data={
                         'recipient': r['email'],
                         'name': r.get('name'),
-                        'subject': outgoing_mail.subject,
-                        'message': outgoing_mail.body_plain,
+                        'subject': subject,
+                        'message': message,
                     },
                     save=False
                 ))

src/pretix/base/settings.py

@@ -100,7 +100,7 @@ def primary_font_kwargs():
 
     choices = [('Open Sans', 'Open Sans')]
     choices += sorted([
-        (a, FontSelect.FontOption(title=a, data=v)) for a, v in get_fonts(pdf_support_required=False).items()
+        (a, {"title": a, "data": v}) for a, v in get_fonts(pdf_support_required=False).items()
     ], key=lambda a: a[0])
     return {
         'choices': choices,
@@ -345,7 +345,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.tax:write',
         'form_kwargs': dict(
             label=_("Show net prices instead of gross prices in the product list"),
             help_text=_("Independent of your choice, the cart will show gross prices as this is the price that needs to be "
@@ -493,7 +492,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.ChoiceField,
         'serializer_class': serializers.ChoiceField,
-        'write_permission': 'event.settings.tax:write',
         'form_kwargs': dict(
             label=_("Rounding of taxes"),
             widget=forms.RadioSelect,
@@ -513,17 +511,15 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Ask for invoice address"),
-        ),
+        )
     },
     'invoice_address_not_asked_free': {
         'default': 'False',
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_('Do not ask for invoice address if an order is free'),
         )
@@ -533,7 +529,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Require customer name"),
         )
@@ -543,7 +538,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Show attendee names on invoices"),
         )
@@ -553,7 +547,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Show event location on invoices"),
             help_text=_("The event location will be shown below the list of products if it is the same for all "
@@ -565,7 +558,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.ChoiceField,
         'serializer_class': serializers.ChoiceField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Show exchange rates"),
             widget=forms.RadioSelect,
@@ -589,7 +581,6 @@ DEFAULTS = {
         'default': 'False',
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'type': bool,
         'form_kwargs': dict(
             label=_("Require invoice address"),
@@ -600,7 +591,6 @@ DEFAULTS = {
         'default': 'False',
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'type': bool,
         'form_kwargs': dict(
             label=_("Require a business address"),
@@ -613,7 +603,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Ask for beneficiary"),
             widget=forms.CheckboxInput(attrs={'data-checkbox-dependency': '#id_invoice_address_asked'}),
@@ -624,7 +613,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Custom recipient field label"),
             widget=I18nTextInput,
@@ -640,7 +628,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Custom recipient field help text"),
             widget=I18nTextInput,
@@ -653,7 +640,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Ask for VAT ID"),
             help_text=format_lazy(
@@ -669,7 +655,6 @@ DEFAULTS = {
         'type': list,
         'form_class': forms.MultipleChoiceField,
         'serializer_class': serializers.MultipleChoiceField,
-        'write_permission': 'event.settings.invoicing:write',
         'serializer_kwargs': dict(
             choices=lazy(
                 lambda *args: sorted([(cc, gettext(Country(cc).name)) for cc in VAT_ID_COUNTRIES], key=lambda c: c[1]),
@@ -697,7 +682,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Invoice address explanation"),
             widget=I18nMarkdownTextarea,
@@ -710,7 +694,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Show paid amount on partially paid invoices"),
             help_text=_("If an invoice has already been paid partially, this option will add the paid and pending "
@@ -722,7 +705,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Show free products on invoices"),
             help_text=_("Note that invoices will never be generated for orders that contain only free "
@@ -734,7 +716,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Show expiration date of order"),
             help_text=_("The expiration date will not be shown if the invoice is generated after the order is paid."),
@@ -746,7 +727,6 @@ DEFAULTS = {
         'form_class': forms.IntegerField,
         'serializer_class': serializers.IntegerField,
         'serializer_kwargs': dict(),
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Minimum length of invoice number after prefix"),
             help_text=_("The part of your invoice number after your prefix will be filled up with leading zeros up to this length, e.g. INV-001 or INV-00001."),
@@ -760,7 +740,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Generate invoices with consecutive numbers"),
             help_text=_("If deactivated, the order code will be used in the invoice number."),
@@ -771,7 +750,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Invoice number prefix"),
             help_text=_("This will be prepended to invoice numbers. If you leave this field empty, your event slug will "
@@ -799,7 +777,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Invoice number prefix for cancellations"),
             help_text=_("This will be prepended to invoice numbers of cancellations. If you leave this field empty, "
@@ -823,7 +800,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Highlight order code to make it stand out visibly"),
             help_text=_("Only respected by some invoice renderers."),
@@ -835,7 +811,6 @@ DEFAULTS = {
         'form_class': forms.ChoiceField,
         'serializer_class': serializers.ChoiceField,
         'serializer_kwargs': lambda: dict(**invoice_font_kwargs()),
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': lambda: dict(
             label=_('Font'),
             help_text=_("Only respected by some invoice renderers."),
@@ -846,7 +821,6 @@ DEFAULTS = {
     'invoice_renderer': {
         'default': 'classic',  # default for new events is 'modern1'
         'type': str,
-        'write_permission': 'event.settings.invoicing:write',
     },
     'ticket_secret_generator': {
         'default': 'random',
@@ -923,7 +897,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             widget=I18nMarkdownTextarea,
             widget_kwargs={'attrs': {
@@ -945,7 +918,6 @@ DEFAULTS = {
                 ('minutes', _("in minutes"))
             ),
         ),
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_("Set payment term"),
             widget=forms.RadioSelect,
@@ -963,7 +935,6 @@ DEFAULTS = {
         'type': int,
         'form_class': forms.IntegerField,
         'serializer_class': serializers.IntegerField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Payment term in days'),
             widget=forms.NumberInput(
@@ -989,7 +960,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Only end payment terms on weekdays'),
             help_text=_("If this is activated and the payment term of any order ends on a Saturday or Sunday, it will be "
@@ -1007,7 +977,6 @@ DEFAULTS = {
         'type': int,
         'form_class': forms.IntegerField,
         'serializer_class': serializers.IntegerField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Payment term in minutes'),
             help_text=_("The number of minutes after placing an order the user has to pay to preserve their reservation. "
@@ -1032,7 +1001,6 @@ DEFAULTS = {
         'type': RelativeDateWrapper,
         'form_class': RelativeDateField,
         'serializer_class': SerializerRelativeDateField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Last date of payments'),
             help_text=_("The last date any payments are accepted. This has precedence over the terms "
@@ -1045,7 +1013,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Automatically expire unpaid orders'),
             help_text=_("If checked, all unpaid orders will automatically go from 'pending' to 'expired' "
@@ -1058,7 +1025,6 @@ DEFAULTS = {
         'type': int,
         'form_class': forms.IntegerField,
         'serializer_class': serializers.IntegerField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Expiration delay'),
             help_text=_("The order will only actually expire this many days after the expiration date communicated "
@@ -1081,7 +1047,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Hide "payment pending" state on customer-facing pages'),
             help_text=_("The payment instructions panel will still be shown to the primary customer, but no indication "
@@ -1093,11 +1058,9 @@ DEFAULTS = {
         'default': 'True',
         'type': bool,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.payment:write',
     },
     'payment_giftcard_public_name': {
         'default': LazyI18nString.from_gettext(gettext_noop('Gift card')),
-        'write_permission': 'event.settings.payment:write',
         'type': LazyI18nString
     },
     'payment_giftcard_public_description': {
@@ -1106,12 +1069,10 @@ DEFAULTS = {
             'enough credit to pay for the full order, you will be shown this page again and you can either '
             'redeem another gift card or select a different payment method for the difference.'
         )),
-        'write_permission': 'event.settings.payment:write',
         'type': LazyI18nString
     },
     'payment_resellers__restrict_to_sales_channels': {
         'default': ['resellers'],
-        'write_permission': 'event.settings.payment:write',
         'type': list
     },
     'payment_term_accept_late': {
@@ -1119,7 +1080,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_('Accept late payments'),
             help_text=_("Accept payments for orders even when they are in 'expired' state as long as enough "
@@ -1149,7 +1109,6 @@ DEFAULTS = {
                 ('none', _('Charge no taxes')),
             ),
         ),
-        'write_permission': 'event.settings.payment:write',
         'form_kwargs': dict(
             label=_("Tax handling on payment fees"),
             widget=forms.RadioSelect,
@@ -1196,7 +1155,6 @@ DEFAULTS = {
                 ('paid', _('Automatically on payment or when required by payment method')),
             ),
         ),
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Generate invoices"),
             widget=forms.RadioSelect,
@@ -1225,7 +1183,6 @@ DEFAULTS = {
                 ('invoice_date', _('Invoice date')),
             ),
         ),
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Date of service"),
             widget=forms.RadioSelect,
@@ -1246,7 +1203,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Automatically cancel and reissue invoice on address changes"),
             help_text=_("If customers change their invoice address on an existing order, the invoice will "
@@ -1259,7 +1215,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Allow to update existing invoices"),
             help_text=_("By default, invoices can never again be changed once they are issued. In most countries, we "
@@ -1269,7 +1224,6 @@ DEFAULTS = {
     },
     'invoice_generate_sales_channels': {
         'default': json.dumps(['web']),
-        'write_permission': 'event.settings.invoicing:write',
         'type': list
     },
     'invoice_generate_only_business': {
@@ -1286,7 +1240,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Address line"),
             widget=forms.Textarea(attrs={
@@ -1302,7 +1255,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             max_length=190,
             label=_("Company name"),
@@ -1313,7 +1265,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             widget=forms.TextInput(attrs={
                 'placeholder': '12345'
@@ -1327,7 +1278,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             widget=forms.TextInput(attrs={
                 'placeholder': _('Random City')
@@ -1344,7 +1294,6 @@ DEFAULTS = {
         'serializer_kwargs': {
             'choices': [('', '')],
         },
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': {
             "label": pgettext_lazy('address', 'State'),
             'choices': [('', '')],
@@ -1356,7 +1305,6 @@ DEFAULTS = {
         'form_class': forms.ChoiceField,
         'serializer_class': serializers.ChoiceField,
         'serializer_kwargs': lambda: dict(**country_choice_kwargs()),
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': lambda: dict(
             label=_('Country'),
             widget=forms.Select(attrs={
@@ -1370,7 +1318,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Domestic tax ID"),
             help_text=_("e.g. tax number in Germany, ABN in Australia, …"),
@@ -1382,7 +1329,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("EU VAT ID"),
             max_length=190,
@@ -1393,7 +1339,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             widget=I18nTextarea,
             widget_kwargs={'attrs': {
@@ -1411,7 +1356,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             widget=I18nTextarea,
             widget_kwargs={'attrs': {
@@ -1429,7 +1373,6 @@ DEFAULTS = {
         'type': LazyI18nString,
         'form_class': I18nFormField,
         'serializer_class': I18nField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             widget=I18nTextarea,
             widget_kwargs={'attrs': {
@@ -1444,7 +1387,6 @@ DEFAULTS = {
     },
     'invoice_language': {
         'default': '__user__',
-        'write_permission': 'event.settings.invoicing:write',
         'type': str
     },
     'invoice_email_attachment': {
@@ -1452,7 +1394,6 @@ DEFAULTS = {
         'type': bool,
         'form_class': forms.BooleanField,
         'serializer_class': serializers.BooleanField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Attach invoices to emails"),
             help_text=_("If invoices are automatically generated for all orders, they will be attached to the order "
@@ -1466,7 +1407,6 @@ DEFAULTS = {
         'type': str,
         'form_class': forms.CharField,
         'serializer_class': serializers.CharField,
-        'write_permission': 'event.settings.invoicing:write',
         'form_kwargs': dict(
             label=_("Email address to receive a copy of each invoice"),
             help_text=_("Each newly created invoice will be sent to this email address shortly after creation. You can "
@@ -3008,28 +2948,6 @@ If you did not request a new password, please ignore this email.
 
 Best regards,  
 
-Your {organizer} team"""))  # noqa: W291
-    },
-    'mail_subject_customer_security_notice': {
-        'type': LazyI18nString,
-        'default': LazyI18nString.from_gettext(gettext_noop("Changes to your account at {organizer}")),
-    },
-    'mail_text_customer_security_notice': {
-        'type': LazyI18nString,
-        'default': LazyI18nString.from_gettext(gettext_noop("""Hello {name},
-
-the following change has been made to your account at {organizer}:
-
-{message}
-
-You can review and change your account settings here:
-
-{url}
-
-If this change was not performed by you, please contact us immediately.
-
-Best regards,  
-
 Your {organizer} team"""))  # noqa: W291
     },
     'smtp_use_custom': {
@@ -3320,8 +3238,7 @@ Your {organizer} team"""))  # noqa: W291
                 'image/png', 'image/jpeg', 'image/gif'
             ],
             max_size=settings.FILE_UPLOAD_MAX_SIZE_IMAGE,
-        ),
-        'write_permission': 'event.settings.invoicing:write',
+        )
     },
     'frontpage_text': {
         'default': '',
@@ -4148,14 +4065,6 @@ def validate_event_settings(event, settings_dict):
                     )
                 ]}
             )
-    if (
-        settings_dict.get('invoice_address_from_vat_id') and
-        settings_dict.get('invoice_address_from_country') and
-        settings_dict.get('invoice_address_from_country') not in VAT_ID_COUNTRIES
-    ):
-        raise ValidationError({
-            'invoice_address_from_vat_id': _('VAT-ID is not supported for "{}".').format(settings_dict.get('invoice_address_from_country'))
-        })
 
     payment_term_last = settings_dict.get('payment_term_last')
     if payment_term_last and event.presale_end:

src/pretix/base/shredder.py

@@ -363,7 +363,7 @@ class EmailAddressShredder(BaseDataShredder):
                     le.save(update_fields=['data', 'shredded'])
             else:
                 shred_log_fields(le, banlist=[
-                    'recipient', 'message', 'subject', 'full_mail', 'old_email', 'new_email', 'bcc', 'cc',
+                    'recipient', 'message', 'subject', 'full_mail', 'old_email', 'new_email'
                 ])
 
 

src/pretix/base/signals.py

@@ -32,7 +32,6 @@
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations under the License.
 
-import logging
 import warnings
 from typing import Any, Callable, Generic, List, Tuple, TypeVar
 
@@ -49,8 +48,6 @@ from .plugins import (
     PLUGIN_LEVEL_ORGANIZER,
 )
 
-logger = logging.getLogger(__name__)
-
 app_cache = {}
 T = TypeVar('T')
 
@@ -63,25 +60,23 @@ def _populate_app_cache():
 
 def get_defining_app(o):
     # If sentry packed this in a wrapper, unpack that
-    module = getattr(o, "__module__", None)
-    if module and "sentry" in module:
+    if "sentry" in o.__module__:
         o = o.__wrapped__
 
     if hasattr(o, "__mocked_app"):
         return o.__mocked_app
 
     # Find the Django application this belongs to
-    searchpath = module or getattr(o.__class__, "__module__", None) or ""
+    searchpath = o.__module__
 
     # Core modules are always active
-    if searchpath and any(searchpath.startswith(cm) for cm in settings.CORE_MODULES):
+    if any(searchpath.startswith(cm) for cm in settings.CORE_MODULES):
         return 'CORE'
 
     if not app_cache:
         _populate_app_cache()
 
-    app = None
-    while searchpath:
+    while True:
         app = app_cache.get(searchpath)
         if "." not in searchpath or app:
             break
@@ -162,7 +157,7 @@ class PluginSignal(Generic[T], django.dispatch.Signal):
         if not app_cache:
             _populate_app_cache()
 
-        for receiver in self._live_receivers(sender)[0]:
+        for receiver in self._sorted_receivers(sender):
             if self._is_receiver_active(sender, receiver):
                 response = receiver(signal=self, sender=sender, **named)
                 responses.append((receiver, response))
@@ -184,7 +179,7 @@ class PluginSignal(Generic[T], django.dispatch.Signal):
         if not app_cache:
             _populate_app_cache()
 
-        for receiver in self._live_receivers(sender)[0]:
+        for receiver in self._sorted_receivers(sender):
             if self._is_receiver_active(sender, receiver):
                 named[chain_kwarg_name] = response
                 response = receiver(signal=self, sender=sender, **named)
@@ -209,7 +204,7 @@ class PluginSignal(Generic[T], django.dispatch.Signal):
         if not app_cache:
             _populate_app_cache()
 
-        for receiver in self._live_receivers(sender)[0]:
+        for receiver in self._sorted_receivers(sender):
             if self._is_receiver_active(sender, receiver):
                 try:
                     response = receiver(signal=self, sender=sender, **named)
@@ -219,35 +214,17 @@ class PluginSignal(Generic[T], django.dispatch.Signal):
                     responses.append((receiver, response))
         return responses
 
-    def asend(self, sender: T, **named):
-        raise NotImplementedError()  # NOQA
-
-    def asend_robust(self, sender: T, **named):
-        raise NotImplementedError()  # NOQA
-
-    def _live_receivers(self, sender):
-        orig_list, orig_async_list = super()._live_receivers(sender)
-
-        if orig_async_list:
-            logger.error('Async receivers are not supported.')
-            raise NotImplementedError
-
-        def _getattr_fallback_to_class(obj, key):
-            return getattr(obj, key, getattr(obj.__class__, key))
-
-        def _is_core_module(receiver):
-            m = _getattr_fallback_to_class(receiver, "__module__")
-            return any(m.startswith(c) for c in settings.CORE_MODULES)
-
+    def _sorted_receivers(self, sender):
+        orig_list = self._live_receivers(sender)
         sorted_list = sorted(
             orig_list,
             key=lambda receiver: (
-                0 if _is_core_module(receiver) else 1,
-                _getattr_fallback_to_class(receiver, "__module__"),
-                _getattr_fallback_to_class(receiver, "__name__"),
+                0 if any(receiver.__module__.startswith(m) for m in settings.CORE_MODULES) else 1,
+                receiver.__module__,
+                receiver.__name__,
             )
         )
-        return sorted_list, []
+        return sorted_list
 
 
 class EventPluginSignal(PluginSignal[Event]):
@@ -323,42 +300,11 @@ class GlobalSignal(django.dispatch.Signal):
         if not self.receivers or self.sender_receivers_cache.get(sender) is NO_RECEIVERS:
             return response
 
-        for receiver in self._live_receivers(sender)[0]:
+        for receiver in self._live_receivers(sender):
             named[chain_kwarg_name] = response
             response = receiver(signal=self, sender=sender, **named)
         return response
 
-    def asend(self, sender: T, **named):
-        raise NotImplementedError()  # NOQA
-
-    def asend_robust(self, sender: T, **named):
-        raise NotImplementedError()  # NOQA
-
-    def _live_receivers(self, sender):
-        # Ensure consistent sorting of receivers
-        orig_list, orig_async_list = super()._live_receivers(sender)
-
-        if orig_async_list:
-            logger.error('Async receivers are not supported.')
-            raise NotImplementedError
-
-        def _getattr_fallback_to_class(obj, key):
-            return getattr(obj, key, getattr(obj.__class__, key))
-
-        def _is_core_module(receiver):
-            m = _getattr_fallback_to_class(receiver, "__module__")
-            return any(m.startswith(c) for c in settings.CORE_MODULES)
-
-        sorted_list = sorted(
-            orig_list,
-            key=lambda receiver: (
-                0 if _is_core_module(receiver) else 1,
-                _getattr_fallback_to_class(receiver, "__module__"),
-                _getattr_fallback_to_class(receiver, "__name__"),
-            )
-        )
-        return sorted_list, []
-
 
 class DeprecatedSignal(GlobalSignal):
 
@@ -615,18 +561,6 @@ however for this signal, the ``sender`` **may also be None** to allow creating t
 notification settings!
 """
 
-register_event_permission_groups = GlobalSignal()
-"""
-This signal is sent out to get all known permissions. Receivers should return an
-instance of pretix.base.permissions.PermissionGroup or a list of such instances.
-"""
-
-register_organizer_permission_groups = GlobalSignal()
-"""
-This signal is sent out to get all known permissions. Receivers should return an
-instance of pretix.base.permissions.PermissionGroup or a list of such instances.
-"""
-
 notification = EventPluginSignal()
 """
 Arguments: ``logentry_id``, ``notification_type``
@@ -1172,9 +1106,6 @@ api_event_settings_fields = EventPluginSignal()
 This signal is sent out to collect serializable settings fields for the API. You are expected to
 return a dictionary mapping names of attributes in the settings store to DRF serializer field instances.
 
-These are readable for all users with access to the events, therefore secrets stored in the settings store
-should not be included!
-
 As with all event-plugin signals, the ``sender`` keyword argument will contain the event.
 """
 

src/pretix/base/templates/404.html

@@ -8,6 +8,9 @@
         <h1>{% trans "Not found" %}</h1>
         <p>{% trans "I'm afraid we could not find the the resource you requested." %}</p>
         <p>{{ exception }}</p>
+        <p class="links">
+            <a id='goback' href='#'>{% trans "Take a step back" %}</a>
+        </p>
         {% if request.user.is_staff and not staff_session %}
             <form action="{% url 'control:user.sudo' %}?next={{ request.path|add:"?"|add:request.GET.urlencode|urlencode }}" method="post">
                 <p>

src/pretix/base/templates/error.html

@@ -12,9 +12,6 @@
     <meta charset="utf-8">
     <link rel="icon" href="{% static "pretixbase/img/favicon.ico" %}">
     {% block custom_header %}{% endblock %}
-    {% if css_theme %}
-        <link rel="stylesheet" type="text/css" href="{{ css_theme }}" />
-    {% endif %}
 </head>
 <body>
 <div class="container">

src/pretix/base/templates/pretixbase/email/shred_completed.txt

@@ -13,5 +13,5 @@ Start time: {{ start_time }} (new data added after this time might not have been
 
 Best regards,
 
-Your {{ instance }} team
+Your pretix team
 {% endblocktrans %}

src/pretix/base/templatetags/anonymize_email.py

@@ -1,34 +0,0 @@
-#
-# This file is part of pretix (Community Edition).
-#
-# Copyright (C) 2014-2020  Raphael Michel and contributors
-# Copyright (C) 2020-today pretix GmbH and contributors
-#
-# This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General
-# Public License as published by the Free Software Foundation in version 3 of the License.
-#
-# ADDITIONAL TERMS APPLY: Pursuant to Section 7 of the GNU Affero General Public License, additional terms are
-# applicable granting you additional permissions and placing additional restrictions on your usage of this software.
-# Please refer to the pretix LICENSE file to obtain the full terms applicable to this work. If you did not receive
-# this file, see <https://pretix.eu/about/en/license>.
-#
-# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
-# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
-# details.
-#
-# You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
-# <https://www.gnu.org/licenses/>.
-#
-from django import template
-from django.utils.html import mark_safe
-
-register = template.Library()
-
-
-@register.filter("anon_email")
-def anon_email(value):
-    """Replaces @ with [at] and . with [dot] for anonymization."""
-    if not isinstance(value, str):
-        return value
-    value = value.replace("@", "[at]").replace(".", "[dot]")
-    return mark_safe(''.join(['&#{0};'.format(ord(char)) for char in value]))