Automatic creation of views/urls for anything registered with reversion, with a small amount of hackage to preserve legacy stuff. (and the DAMNED asset IDs!) I would never get distracted...
* [requires.io] dependency update
* Server starts...
Various things are broken, but it runs!
* [requires.io] dependency update
* [requires.io] dependency update
* [requires.io] dependency update
* FIX: Broken migrations
* FIX: Update auth framework
* FIX: Correct static use in templates
* FIX: Fix supplier sort
* FIX: Remaining tests
* Revert "Disable password reset as temporary fix to vulnerability (#396)"
This reverts commit e0c6a56263.
# Conflicts:
# RIGS/urls.py
* FIX: Fix broken newlining in PDFs
Introduced by a change in Django 2.1 'HTML rendered by form widgets no longer includes a closing slash on void elements, e.g. <br>. This is incompatible within XHTML, although some widgets already used aspects of HTML5 such as boolean attributes.'
* FIX: Fix some Django4 deprecation warnings
Why not...
* Refactor dependency file
Should now only include dependencies we actually use, not dependencies of dependencies and unused things
* Add newlines to the paperwork print test event
This will catch the error encountered in 79ec9214f9
* Swap to pycodestyle rather than pep8 in Travis
And eliminate W605 errors
* Bit too heavy handed with the dep purge there...
* Whoops, helps if one installs pycodestyle...
* FIX: Re-add overridden login view
* Better fix for previous commit
* FIX: Bloody smartquotes
Co-authored-by: requires.io <support@requires.io>
* CHANGE: First pass at opening up RIGS #233
Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.
* CHANGE: New user signups now require admin approval
Given that I intend to reveal much more data to new users this seems necessary...
* CHORE: Fix CI
* FIX: Legacy Profiles are now auto-approved correctly
* Add testing of approval mechanism
This fixes the other functional tests failing because the user cannot login without being approved.
* Superusers bypass approval check
This should fix the remainder of the tests
* Prevent unapproved users logging in through embeds
Test suite doing its job...!
* FIX: Require login on events and event embeds again
Little too far to the open side there Arona... Whooooooops!
* FIX: Use has_oembed decorator for events
* FIX: Re-prevent basic seeing reversion
This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.
* FIX: Remove mitigation for #264
Someone quietly fixed it, it appears
* FEAT: Add admin email notif when an account is activated and awaiting approval
No async or time-since shenanigans yet!
* FIX: Whoops, undo accidental whitespace change
* FEAT: Add a fifteen min cooldown between emails to admins
Probably not the right way to go about it...but it does work!
TODO: How to handle cooldown-emailing shared mailbox addresses?
* FIX: Remove event modal history deadlink for basic users
Also removes some links on the RIGS homepage that will deadlink for them
* FIX: Wrong perms syntax for history pages
* CHORE: Squash migrations
* FIX: Use a setting for cooldown
* FIX: Minor code improvements
Add forms, views, templates and URLs.
Remove created at in favour of the built in versioning as that's much more accurate.
Switch to a OneToOneField with EventAuthorisation -> event as a result of this.
Move validation from models to forms where it probably belongs.
Provide more descriptive errors.
Add success page for authorisation.
There is never any need to track the time as VAT rate hardly ever changes and will always do so at midnight. We were already assuming this anyway but it was generating loads of warnings/errors.
This will break your local VAT rate database if using sqlite, but it is tested with postgres and works fine.
