Automatic creation of views/urls for anything registered with reversion, with a small amount of hackage to preserve legacy stuff. (and the DAMNED asset IDs!) I would never get distracted...
* [requires.io] dependency update
* Server starts...
Various things are broken, but it runs!
* [requires.io] dependency update
* [requires.io] dependency update
* [requires.io] dependency update
* FIX: Broken migrations
* FIX: Update auth framework
* FIX: Correct static use in templates
* FIX: Fix supplier sort
* FIX: Remaining tests
* Revert "Disable password reset as temporary fix to vulnerability (#396)"
This reverts commit e0c6a56263.
# Conflicts:
# RIGS/urls.py
* FIX: Fix broken newlining in PDFs
Introduced by a change in Django 2.1 'HTML rendered by form widgets no longer includes a closing slash on void elements, e.g. <br>. This is incompatible within XHTML, although some widgets already used aspects of HTML5 such as boolean attributes.'
* FIX: Fix some Django4 deprecation warnings
Why not...
* Refactor dependency file
Should now only include dependencies we actually use, not dependencies of dependencies and unused things
* Add newlines to the paperwork print test event
This will catch the error encountered in 79ec9214f9
* Swap to pycodestyle rather than pep8 in Travis
And eliminate W605 errors
* Bit too heavy handed with the dep purge there...
* Whoops, helps if one installs pycodestyle...
* FIX: Re-add overridden login view
* Better fix for previous commit
* FIX: Bloody smartquotes
Co-authored-by: requires.io <support@requires.io>
* CHANGE: First pass at opening up RIGS #233
Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.
* CHANGE: New user signups now require admin approval
Given that I intend to reveal much more data to new users this seems necessary...
* CHORE: Fix CI
* FIX: Legacy Profiles are now auto-approved correctly
* Add testing of approval mechanism
This fixes the other functional tests failing because the user cannot login without being approved.
* Superusers bypass approval check
This should fix the remainder of the tests
* Prevent unapproved users logging in through embeds
Test suite doing its job...!
* FIX: Require login on events and event embeds again
Little too far to the open side there Arona... Whooooooops!
* FIX: Use has_oembed decorator for events
* FIX: Re-prevent basic seeing reversion
This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.
* FIX: Remove mitigation for #264
Someone quietly fixed it, it appears
* FEAT: Add admin email notif when an account is activated and awaiting approval
No async or time-since shenanigans yet!
* FIX: Whoops, undo accidental whitespace change
* FEAT: Add a fifteen min cooldown between emails to admins
Probably not the right way to go about it...but it does work!
TODO: How to handle cooldown-emailing shared mailbox addresses?
* FIX: Remove event modal history deadlink for basic users
Also removes some links on the RIGS homepage that will deadlink for them
* FIX: Wrong perms syntax for history pages
* CHORE: Squash migrations
* FIX: Use a setting for cooldown
* FIX: Minor code improvements
