7aad1b2983
FIX: Wrong perms syntax for history pages
2020-01-26 13:51:37 +00:00
4dd89c0b73
FIX: Re-prevent basic seeing reversion
...
This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.
2020-01-23 16:29:10 +00:00
20a6cca9d3
FIX: Use has_oembed decorator for events
2020-01-23 16:20:46 +00:00
b74dfac33d
Merge remote-tracking branch 'origin/master' into open
2020-01-23 16:11:11 +00:00
Matthew Smith
e0c6a56263
Disable password reset as temporary fix to vulnerability ( #396 )
...
Disabled password reset and left message notifying user of problem. In response to CVE-2019-19844
2020-01-17 13:13:16 +00:00
0ee393725e
FIX: Require login on events and event embeds again
...
Little too far to the open side there Arona... Whooooooops!
2020-01-11 20:31:05 +00:00
d06273c215
CHORE: Fix CI
2020-01-11 18:26:35 +00:00
30b323cd7b
CHANGE: First pass at opening up RIGS #233
...
Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.
2019-11-27 21:14:02 +00:00
David Taylor
35997aa882
Add API hook for logging risk assessment completion ( #341 )
2019-07-28 23:08:18 +01:00
David Taylor
7babaee44c
Add link to pre-filled risk assessment form
2019-07-14 23:09:44 +01:00
David Taylor
f9389e3996
PEP8 all the things
2017-09-22 14:57:14 +01:00
David Taylor
f8aaf9f36e
Merge branch 'master' into feature/online-auth
...
# Conflicts:
# RIGS/rigboard.py
# RIGS/test_functional.py
# RIGS/urls.py
# requirements.txt
2017-05-12 20:53:00 +01:00
David Taylor
9b1cc965c7
Update to Django 1.10
2017-05-10 18:41:17 +01:00
David Taylor
83028418fe
Fix deprecation warnings for django 1.10
2017-05-10 18:30:17 +01:00
David Taylor
7ac9eef7a2
Merge master into python-deps
...
# Conflicts:
# PyRIGS/settings.py
# RIGS/admin.py
# RIGS/models.py
# RIGS/test_functional.py
# RIGS/urls.py
# requirements.txt
# wercker.yml
2017-05-10 17:32:21 +01:00
Tom Price
f57ac3acb1
Add sending of html email for the request
2017-05-09 18:35:29 +01:00
Tom Price
5d17d642ec
Update templates to include the new authorisation fields
2017-04-10 21:43:18 +01:00
Tom Price
7fd0c50146
Add sending of emails to clients.
...
Add email sending methods.
Add TEC side sending of emails.
2017-04-10 20:39:19 +01:00
Tom Price
e65e97b1a3
Client facing authorisation procedures.
...
Add forms, views, templates and URLs.
Remove created at in favour of the built in versioning as that's much more accurate.
Switch to a OneToOneField with EventAuthorisation -> event as a result of this.
Move validation from models to forms where it probably belongs.
Provide more descriptive errors.
Add success page for authorisation.
2017-04-07 02:14:33 +01:00
David Taylor
0e72c3f896
Made pretty, and made embedding accessible to non-keyholders
2016-10-08 21:38:12 +01:00
David Taylor
ac7e85c24a
PEP8 and comments
2016-10-08 17:30:23 +01:00
David Taylor
73b8ce4add
Revert "Added decorator for X-Frame header"
...
This reverts commit 8a838aa4bd
2016-10-08 17:19:35 +01:00
David Taylor
536842971d
Revert "Try just removing the header, this should work in all browsers"
...
This reverts commit 3e224a33a7
2016-10-08 17:19:18 +01:00
David Taylor
3e224a33a7
Try just removing the header, this should work in all browsers
2016-10-08 17:14:29 +01:00
David Taylor
8a838aa4bd
Added decorator for X-Frame header
2016-10-07 02:51:08 +01:00
David Taylor
1b28efb6af
Allow the embedded login to be embedded (useful feature)
2016-10-06 16:10:51 +01:00
David Taylor
441a2be0b8
Added embedded login, and all iframe links open in new tab
2016-10-06 16:08:01 +01:00
David Taylor
f0bb4c5b02
Move exemption to urls.py (cleaner)
2016-10-06 13:13:09 +01:00
David Taylor
59efc2c485
Fixed JSON
2016-10-06 12:59:37 +01:00
David Taylor
69b0ff9fae
Made embed page, with clickjacking protection turned off
2016-10-06 12:52:33 +01:00
David Taylor
4b94ea7ef2
Made login redirect JS for event detail
2016-10-06 12:02:44 +01:00
David Taylor
0244f5cfca
Restored login security to events
2016-10-05 10:42:49 +01:00
David Taylor
f7ea0cb834
Remove security from event detail (for testing in staging)
2016-10-03 23:09:57 +01:00
David Taylor
6370679b62
Initial proof of concept
2016-10-03 22:45:57 +01:00
David Taylor
67624eea6f
Allow deleting invoices, if there are no payments yet
2016-06-15 23:18:46 +01:00
Tom Price
d43e4b2465
Update settings and urls to fix new deprecations
2016-03-31 12:33:46 +01:00
David Taylor
1681ab8fee
Allowed linking to specific views/dates on the calendar - closes #153
2016-02-29 20:35:53 +00:00
David Taylor
73ba535efb
Fixed API permissions, and removed unnecessary data from the events api (it now only gives information available to non-keyholders - the rest wasn't used anyway).
...
This now means the web-calendar view works for non-keyholders
2015-06-28 22:54:58 +01:00
David Taylor
ad4784ff15
Explicitly set redirect view permanent/temporary
2015-05-28 19:42:05 +01:00
David Taylor
a66c7a79db
Merge branch 'master' into revision-view
2015-05-24 12:24:21 +01:00
David Taylor
383760d9a2
Made index login_required
2015-05-24 03:14:13 +01:00
David Taylor
2bfa9321a3
Redesigned homepage
2015-05-23 23:03:41 +01:00
David Taylor
85a7a37280
Added urls for other models
2015-05-23 18:34:35 +01:00
David Taylor
3c47b4a64b
More work on other model support
2015-05-23 16:49:54 +01:00
David Taylor
1cdf3e2b34
Added activity stream view
2015-05-22 21:08:22 +01:00
David Taylor
8d355b8ffa
Separate versioning into separate file
2015-05-22 19:20:37 +01:00
David Taylor
caf0e6cf45
Added invoice paperwork functionality
2015-05-22 15:20:43 +01:00
Tom Price
ab558c1ccc
Add event history view
2015-05-18 15:21:44 +01:00
Tom Price
5803421fec
Merge branch 'master' into revision-view
2015-05-18 14:36:23 +01:00
Tom Price
fc08848e76
Actually rename the correct line...
2015-04-25 19:54:22 +01:00
