* [requires.io] dependency update
* Server starts...
Various things are broken, but it runs!
* [requires.io] dependency update
* [requires.io] dependency update
* [requires.io] dependency update
* FIX: Broken migrations
* FIX: Update auth framework
* FIX: Correct static use in templates
* FIX: Fix supplier sort
* FIX: Remaining tests
* Revert "Disable password reset as temporary fix to vulnerability (#396)"
This reverts commit e0c6a56263.
# Conflicts:
# RIGS/urls.py
* FIX: Fix broken newlining in PDFs
Introduced by a change in Django 2.1 'HTML rendered by form widgets no longer includes a closing slash on void elements, e.g. <br>. This is incompatible within XHTML, although some widgets already used aspects of HTML5 such as boolean attributes.'
* FIX: Fix some Django4 deprecation warnings
Why not...
* Refactor dependency file
Should now only include dependencies we actually use, not dependencies of dependencies and unused things
* Add newlines to the paperwork print test event
This will catch the error encountered in 79ec9214f9
* Swap to pycodestyle rather than pep8 in Travis
And eliminate W605 errors
* Bit too heavy handed with the dep purge there...
* Whoops, helps if one installs pycodestyle...
* FIX: Re-add overridden login view
* Better fix for previous commit
* FIX: Bloody smartquotes
Co-authored-by: requires.io <support@requires.io>
* Added search to person, venue, organisation and event archive
* Added search to invoice archive
* Added event search to homepage
* Tidy up event search logic and optimise
* Fixed merge issues
* Stopped 404 on failed search
* Set default ordering of people, organisations & venues to alphabetical (rather than order of addition to database)
* Added invoice search to home page (if you have permissions)
* Made invoice archive sort by reverse invoice date (rather than order added to database)
* Added search help page (very pretty)
* Made single search box for all search types
* FIX: Missing date field breaking archive view
* FEAT: Add omnisearch to header
Tis a bit broken on mobile at the moment...
* CHORE: Conform old code to pep8
* FIX: Select the event form, not the search one in tests!
* Revert "FEAT: Add omnisearch to header"
This reverts commit 6bcb242d6b because it caused MANY more problems than anticipated...
* FIX: Stop 404 on failed search, again
* FEAT: Basic testing of search
* Use a tooltip to help explain the UX
Obviously since it needs a tooltip it isn't brilliant UX but the best I can think of for now...
Co-authored-by: Tom Price <tom@codedinternet.com>
Co-authored-by: David Taylor <david@taylorhq.com>
Co-authored-by: Arona Jones <aj@aronajones.com>
* CHANGE: First pass at opening up RIGS #233
Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.
* CHANGE: New user signups now require admin approval
Given that I intend to reveal much more data to new users this seems necessary...
* CHORE: Fix CI
* FIX: Legacy Profiles are now auto-approved correctly
* Add testing of approval mechanism
This fixes the other functional tests failing because the user cannot login without being approved.
* Superusers bypass approval check
This should fix the remainder of the tests
* Prevent unapproved users logging in through embeds
Test suite doing its job...!
* FIX: Require login on events and event embeds again
Little too far to the open side there Arona... Whooooooops!
* FIX: Use has_oembed decorator for events
* FIX: Re-prevent basic seeing reversion
This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.
* FIX: Remove mitigation for #264
Someone quietly fixed it, it appears
* FEAT: Add admin email notif when an account is activated and awaiting approval
No async or time-since shenanigans yet!
* FIX: Whoops, undo accidental whitespace change
* FEAT: Add a fifteen min cooldown between emails to admins
Probably not the right way to go about it...but it does work!
TODO: How to handle cooldown-emailing shared mailbox addresses?
* FIX: Remove event modal history deadlink for basic users
Also removes some links on the RIGS homepage that will deadlink for them
* FIX: Wrong perms syntax for history pages
* CHORE: Squash migrations
* FIX: Use a setting for cooldown
* FIX: Minor code improvements
Add forms, views, templates and URLs.
Remove created at in favour of the built in versioning as that's much more accurate.
Switch to a OneToOneField with EventAuthorisation -> event as a result of this.
Move validation from models to forms where it probably belongs.
Provide more descriptive errors.
Add success page for authorisation.
