* [requires.io] dependency update
* Server starts...
Various things are broken, but it runs!
* [requires.io] dependency update
* [requires.io] dependency update
* [requires.io] dependency update
* FIX: Broken migrations
* FIX: Update auth framework
* FIX: Correct static use in templates
* FIX: Fix supplier sort
* FIX: Remaining tests
* Revert "Disable password reset as temporary fix to vulnerability (#396)"
This reverts commit e0c6a56263.
# Conflicts:
# RIGS/urls.py
* FIX: Fix broken newlining in PDFs
Introduced by a change in Django 2.1 'HTML rendered by form widgets no longer includes a closing slash on void elements, e.g. <br>. This is incompatible within XHTML, although some widgets already used aspects of HTML5 such as boolean attributes.'
* FIX: Fix some Django4 deprecation warnings
Why not...
* Refactor dependency file
Should now only include dependencies we actually use, not dependencies of dependencies and unused things
* Add newlines to the paperwork print test event
This will catch the error encountered in 79ec9214f9
* Swap to pycodestyle rather than pep8 in Travis
And eliminate W605 errors
* Bit too heavy handed with the dep purge there...
* Whoops, helps if one installs pycodestyle...
* FIX: Re-add overridden login view
* Better fix for previous commit
* FIX: Bloody smartquotes
Co-authored-by: requires.io <support@requires.io>
* CHANGE: First pass at opening up RIGS #233
Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.
* CHANGE: New user signups now require admin approval
Given that I intend to reveal much more data to new users this seems necessary...
* CHORE: Fix CI
* FIX: Legacy Profiles are now auto-approved correctly
* Add testing of approval mechanism
This fixes the other functional tests failing because the user cannot login without being approved.
* Superusers bypass approval check
This should fix the remainder of the tests
* Prevent unapproved users logging in through embeds
Test suite doing its job...!
* FIX: Require login on events and event embeds again
Little too far to the open side there Arona... Whooooooops!
* FIX: Use has_oembed decorator for events
* FIX: Re-prevent basic seeing reversion
This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.
* FIX: Remove mitigation for #264
Someone quietly fixed it, it appears
* FEAT: Add admin email notif when an account is activated and awaiting approval
No async or time-since shenanigans yet!
* FIX: Whoops, undo accidental whitespace change
* FEAT: Add a fifteen min cooldown between emails to admins
Probably not the right way to go about it...but it does work!
TODO: How to handle cooldown-emailing shared mailbox addresses?
* FIX: Remove event modal history deadlink for basic users
Also removes some links on the RIGS homepage that will deadlink for them
* FIX: Wrong perms syntax for history pages
* CHORE: Squash migrations
* FIX: Use a setting for cooldown
* FIX: Minor code improvements
* Started POM and assets test
* FEAT: Adapt unit tests from RIGS to assets
* CHORE: pep8...
* Added Asset Create and Edit forms
* Add non-cable asset creation test
* CHORE: Frickin pep8...
* Add cable asset creation test
* Basic asset create validation testing
* Asset edit tests are here
A bit dodgy in places but par for the course for me :P
* Add access level tests
* Delete unused code
Much less effort way to increase coverage stats :D
* Add delete sample data test for completeness
Chasing that sweet 100% coverage...
* Add supplier list page + tests
Also fix the supplier page not being ordered alphabetically
* Helps if I add the migration...
* Add supplier create/edit tests
* Asset duplicate tests
Also fixed some random bugs
* Asset search tests
* 404 tests and test that everything requires authentication
* Test visibility of form errors
And fix supplier form not displaying errors correctly!
* Fix broken search test
Co-authored-by: Matthew Smith <mattysmith22@googlemail.com>
I prevented them from seeing the change stream, didn't prevent them seeing individual histories. This has to be done as otherwise it leaks financial information. If I can be arsed I'll come back to this and allow basic users to see a filtered version.
* FIX#388: Prevent assets losing supplier data on edit
* FEAT: Add associated assets to supplier detail view
* FIX: Tweak supplier list to make detail view accessible
* Potential fix for #380
No idea if it works because I can't reproduce locally. S/O Reckons it should... :P
* FEAT #386: Asset search searches serial number.
Pending addition of advanced search.
* FIX: Order asset categories/statuses alphabetically
Instead of by pk because that's silly.
* FEAT: Statuses can have a CSS class defined in the admin panel
This replaces the hardcoding of colours in the asset list.
* FIX: Squash migrations
* Fixed supplier not working on all the create asset template
* Refactored away "assets" property on "Supplier" by using "related_name" instead
Co-authored-by: Matthew Smith <mattysmith22@googlemail.com>
* FEAT: Initial work on revision history for assets
The revision history for individual items mostly works, though it shows database ID where it should show asset ID. Recent changes feed isn't yet done.
* FEAT: Initial implementation of asset activity stream
* CHORE: Fix pep8
* FIX: Asset history table 'branding'
* FIX: Individual asset version history is now correctly filtered
* FEAT: Make revision history for suppliers accessible
* CHORE: *sings* And a pep8 in a broken tree...
* Refactored out duplicated code from `AssetVersionHistory
* CHORE: pep8
And another random bit of wierd whitespace I found
Co-authored-by: Matthew Smith <mattysmith22@googlemail.com>
Closes#358
Add forms, views, templates and URLs.
Remove created at in favour of the built in versioning as that's much more accurate.
Switch to a OneToOneField with EventAuthorisation -> event as a result of this.
Move validation from models to forms where it probably belongs.
Provide more descriptive errors.
Add success page for authorisation.
Advise is now to always use HTTPS for libraries as somebody else manages the certificate it will always validate and it makes sure that a large target doesn't get subject to MITM attack.
