Merge dependabot/npm_and_yarn/engine.io-and-browser-sync-6.2.0 into combine-prs-branch

Bumps [engine.io](https://github.com/socketio/engine.io) to 6.2.0 and updates ancestor dependency [browser-sync](https://github.com/BrowserSync/browser-sync). These dependencies need to be updated together.


Updates `engine.io` from 3.5.0 to 6.2.0
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/engine.io/compare/3.5.0...6.2.0)

Updates `browser-sync` from 2.27.7 to 2.27.10
- [Release notes](https://github.com/BrowserSync/browser-sync/releases)
- [Changelog](https://github.com/BrowserSync/browser-sync/blob/master/CHANGELOG.md)
- [Commits](https://github.com/BrowserSync/browser-sync/compare/v2.27.7...v2.27.10)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: indirect
- dependency-name: browser-sync
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/combine-prs.yml

@@ -1,151 +0,0 @@
-name: 'Combine PRs'
-
-# Controls when the action will run - in this case triggered manually
-on:
-  workflow_dispatch:
-    inputs:
-      branchPrefix:
-        description: 'Branch prefix to find combinable PRs based on'
-        required: true
-        default: 'dependabot'
-      mustBeGreen:
-        description: 'Only combine PRs that are green (status is success)'
-        required: true
-        default: true
-      combineBranchName:
-        description: 'Name of the branch to combine PRs into'
-        required: true
-        default: 'combine-prs-branch'
-      ignoreLabel:
-        description: 'Exclude PRs with this label'
-        required: true
-        default: 'nocombine'
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  # This workflow contains a single job called "combine-prs"
-  combine-prs:
-    # The type of runner that the job will run on
-    runs-on: ubuntu-latest
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
-    steps:
-      - uses: actions/github-script@v6
-        id: create-combined-pr
-        name: Create Combined PR
-        with:
-          github-token: ${{secrets.GITHUB_TOKEN}}
-          script: |
-            const pulls = await github.paginate('GET /repos/:owner/:repo/pulls', {
-              owner: context.repo.owner,
-              repo: context.repo.repo
-            });
-            let branchesAndPRStrings = [];
-            let baseBranch = null;
-            let baseBranchSHA = null;
-            for (const pull of pulls) {
-              const branch = pull['head']['ref'];
-              console.log('Pull for branch: ' + branch);
-              if (branch.startsWith('${{ github.event.inputs.branchPrefix }}')) {
-                console.log('Branch matched prefix: ' + branch);
-                let statusOK = true;
-                if(${{ github.event.inputs.mustBeGreen }}) {
-                  console.log('Checking green status: ' + branch);
-                  const stateQuery = `query($owner: String!, $repo: String!, $pull_number: Int!) {
-                    repository(owner: $owner, name: $repo) {
-                      pullRequest(number:$pull_number) {
-                        commits(last: 1) {
-                          nodes {
-                            commit {
-                              statusCheckRollup {
-                                state
-                              }
-                            }
-                          }
-                        }
-                      }
-                    }
-                  }`
-                  const vars = {
-                    owner: context.repo.owner,
-                    repo: context.repo.repo,
-                    pull_number: pull['number']
-                  };
-                  const result = await github.graphql(stateQuery, vars);
-                  const [{ commit }] = result.repository.pullRequest.commits.nodes;
-                  const state = commit.statusCheckRollup.state
-                  console.log('Validating status: ' + state);
-                  if(state != 'SUCCESS') {
-                    console.log('Discarding ' + branch + ' with status ' + state);
-                    statusOK = false;
-                  }
-                }
-                console.log('Checking labels: ' + branch);
-                const labels = pull['labels'];
-                for(const label of labels) {
-                  const labelName = label['name'];
-                  console.log('Checking label: ' + labelName);
-                  if(labelName == '${{ github.event.inputs.ignoreLabel }}') {
-                    console.log('Discarding ' + branch + ' with label ' + labelName);
-                    statusOK = false;
-                  }
-                }
-                if (statusOK) {
-                  console.log('Adding branch to array: ' + branch);
-                  const prString = '#' + pull['number'] + ' ' + pull['title'];
-                  branchesAndPRStrings.push({ branch, prString });
-                  baseBranch = pull['base']['ref'];
-                  baseBranchSHA = pull['base']['sha'];
-                }
-              }
-            }
-            if (branchesAndPRStrings.length == 0) {
-              core.setFailed('No PRs/branches matched criteria');
-              return;
-            }
-            try {
-              await github.rest.git.createRef({
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-                ref: 'refs/heads/' + '${{ github.event.inputs.combineBranchName }}',
-                sha: baseBranchSHA
-              });
-            } catch (error) {
-              console.log(error);
-              core.setFailed('Failed to create combined branch - maybe a branch by that name already exists?');
-              return;
-            }
-            
-            let combinedPRs = [];
-            let mergeFailedPRs = [];
-            for(const { branch, prString } of branchesAndPRStrings) {
-              try {
-                await github.rest.repos.merge({
-                  owner: context.repo.owner,
-                  repo: context.repo.repo,
-                  base: '${{ github.event.inputs.combineBranchName }}',
-                  head: branch,
-                });
-                console.log('Merged branch ' + branch);
-                combinedPRs.push(prString);
-              } catch (error) {
-                console.log('Failed to merge branch ' + branch);
-                mergeFailedPRs.push(prString);
-              }
-            }
-            
-            console.log('Creating combined PR');
-            const combinedPRsString = combinedPRs.join('\n');
-            let body = '✅ This PR was created by the Combine PRs action by combining the following PRs:\n' + combinedPRsString;
-            if(mergeFailedPRs.length > 0) {
-              const mergeFailedPRsString = mergeFailedPRs.join('\n');
-              body += '\n\n⚠️ The following PRs were left out due to merge conflicts:\n' + mergeFailedPRsString
-            }
-            await github.rest.pulls.create({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              title: 'Combined PR',
-              head: '${{ github.event.inputs.combineBranchName }}',
-              base: baseBranch,
-              body: body
-            });

Pipfile

@@ -11,6 +11,7 @@ asgiref = "~=3.3.1"
 beautifulsoup4 = "~=4.9.3"
 Brotli = "~=1.0.9"
 cachetools = "~=4.2.1"
+certifi = "~=2020.12.5"
 chardet = "~=4.0.0"
 configparser = "~=5.0.1"
 contextlib2 = "~=0.6.0.post1"
@@ -25,16 +26,18 @@ django-ical = "~=1.7.1"
 django-recurrence = "~=1.10.3"
 django-registration-redux = "~=2.9"
 django-reversion = "~=3.0.9"
+django-toolbelt = "~=0.0.1"
 django-widget-tweaks = "~=1.4.8"
 django-htmlmin = "~=0.11.0"
 envparse = "~=0.2.0"
 gunicorn = "~=20.0.4"
 icalendar = "~=4.0.7"
 idna = "~=2.10"
+lxml = "~=4.7.1"
 Markdown = "~=3.3.3"
 msgpack = "~=1.0.2"
 pep517 = "~=0.9.1"
-Pillow = "~=9.3.0"
+Pillow = "~=9.0.0"
 premailer = "~=3.7.0"
 progress = "~=1.5"
 psutil = "~=5.8.0"
@@ -42,7 +45,7 @@ psycopg2 = "~=2.8.6"
 Pygments = "~=2.7.4"
 pyparsing = "~=2.4.7"
 PyPDF2 = "~=1.27.5"
-PyPOM = "~=2.2.4"
+PyPOM = "~=2.2.0"
 python-dateutil = "~=2.8.1"
 pytoml = "~=0.1.21"
 pytz = "~=2020.5"
@@ -79,10 +82,10 @@ django-hcaptcha = "*"
 pikepdf = "*"
 django-queryable-properties = "*"
 django-mass-edit = "*"
-selenium = "~=3.141.0"
 
 [dev-packages]
-pycodestyle = "~=2.9.1"
+selenium = "~=3.141.0"
+pycodestyle = "*"
 coveralls = "*"
 django-coverage-plugin = "*"
 pytest-cov = "*"

PyRIGS/settings.py

@@ -42,9 +42,8 @@ if not DEBUG:
 
 INTERNAL_IPS = ['127.0.0.1']
 
-DOMAIN = env('DOMAIN', default='example.com')
-
-ADMINS = [('IT Manager', f'it@{DOMAIN}'), ('Arona Jones', f'arona.jones@{DOMAIN}')]
+ADMINS = [('Tom Price', 'tomtom5152@gmail.com'), ('IT Manager', 'it@nottinghamtec.co.uk'),
+          ('Arona Jones', 'arona.jones@nottinghamtec.co.uk')]
 if DEBUG:
     ADMINS.append(('Testing Superuser', 'superuser@example.com'))
 

RIGS/forms.py

@@ -217,7 +217,7 @@ class EventChecklistForm(forms.ModelForm):
         for key in vehicles:
             pk = int(key.split('_')[1])
             driver_key = 'driver_' + str(pk)
-            if (self.data[driver_key] == ''):
+            if(self.data[driver_key] == ''):
                 raise forms.ValidationError('Add a driver to vehicle ' + str(pk), code='vehicle_mismatch')
             else:
                 try:

RIGS/management/commands/send_reminders.py

@@ -1,38 +0,0 @@
-import premailer
-import datetime
-
-from django.template.loader import get_template
-from django.contrib.staticfiles import finders
-from django.conf import settings
-from django.core.management.base import BaseCommand, CommandError
-from django.core.mail import EmailMultiAlternatives
-from django.utils import timezone
-from django.urls import reverse
-
-from RIGS import models
-
-
-class Command(BaseCommand):
-    help = 'Sends email reminders as required. Triggered daily through heroku-scheduler in production.'
-
-    def handle(self, *args, **options):
-        events = models.Event.objects.current_events().select_related('riskassessment')
-        for event in events:
-            earliest_time = event.earliest_time if isinstance(event.earliest_time, datetime.datetime) else timezone.make_aware(datetime.datetime.combine(event.earliest_time, datetime.time(00, 00)))
-            # 48 hours = 172800 seconds
-            if not event.cancelled and not event.dry_hire and (earliest_time - timezone.now()).total_seconds() <= 172800 and not hasattr(event, 'riskassessment'):
-                context = {
-                    "event": event,
-                    "url": "https://" + settings.DOMAIN + reverse('event_ra', kwargs={'pk': event.pk})
-                }
-                target = event.mic.email if event.mic else f"productions@{settings.DOMAIN}"
-                msg = EmailMultiAlternatives(
-                    f"{event} - Risk Assessment Incomplete",
-                    get_template("email/ra_reminder.txt").render(context),
-                    to=[target],
-                    reply_to=[f"h.s.manager@{settings.DOMAIN}"],
-                )
-                css = finders.find('css/email.css')
-                html = premailer.Premailer(get_template("email/ra_reminder.html").render(context), external_styles=css).transform()
-                msg.attach_alternative(html, 'text/html')
-                msg.send()

RIGS/signals.py

@@ -58,13 +58,13 @@ def send_eventauthorisation_success_email(instance):
 
     client_email = EmailMultiAlternatives(
         subject,
-        get_template("email/eventauthorisation_client_success.txt").render(context),
+        get_template("eventauthorisation_client_success.txt").render(context),
         to=[instance.email],
         reply_to=[settings.AUTHORISATION_NOTIFICATION_ADDRESS],
     )
 
     css = finders.find('css/email.css')
-    html = Premailer(get_template("email/eventauthorisation_client_success.html").render(context),
+    html = Premailer(get_template("eventauthorisation_client_success.html").render(context),
                      external_styles=css).transform()
     client_email.attach_alternative(html, 'text/html')
 
@@ -82,7 +82,7 @@ def send_eventauthorisation_success_email(instance):
 
     mic_email = EmailMessage(
         subject,
-        get_template("email/eventauthorisation_mic_success.txt").render(context),
+        get_template("eventauthorisation_mic_success.txt").render(context),
         to=[mic_email_address]
     )
 
@@ -117,12 +117,12 @@ def send_admin_awaiting_approval_email(user, request, **kwargs):
 
             email = EmailMultiAlternatives(
                 f"{context['number_of_users']} new users awaiting approval on RIGS",
-                get_template("email/admin_awaiting_approval.txt").render(context),
+                get_template("admin_awaiting_approval.txt").render(context),
                 to=[admin.email],
                 reply_to=[user.email],
             )
             css = finders.find('css/email.css')
-            html = Premailer(get_template("email/admin_awaiting_approval.html").render(context),
+            html = Premailer(get_template("admin_awaiting_approval.html").render(context),
                              external_styles=css).transform()
             email.attach_alternative(html, 'text/html')
             email.send()

RIGS/templates/email/eventauthorisation_mic_success.txt

@@ -1,5 +0,0 @@
-Hi {{object.event.mic.get_full_name|default_if_none:"somebody"}},
-
-Just to let you know your event N{{object.eventdisplay_id}} has been successfully authorised for £{{object.amount}} by {{object.name}} as of {{object.event.last_edited_at}}.
-
-The TEC Rig Information Gathering System

RIGS/templates/email/ra_reminder.html

@@ -1,16 +0,0 @@
-{% extends 'base_client_email.html' %}
-
-{% block content %}
-    <p>Hi {{event.mic.get_full_name|default_if_none:"Productions Manager"}},</p>
-
-    {% if event.mic %}
-    <p>Just to let you know your event {{event.display_id}} <em>requires<em> a pre-event risk assessment completing prior to the event. Please do so as soon as possible.</p>
-    {% else %}
-    <p>This is a reminder that event {{event.display_id}} requires a MIC assigning and a risk assessment completing.</p>
-    {% endif %}
-
-    <p>Fill it out here:</p>
-    <a href="{{url}}" class="btn btn-info"><span class="fas fa-paperclip"></span> Create Risk Assessment</a>
-
-    <p>TEC PA &amp; Lighting</p>
-{% endblock %}

RIGS/templates/email/ra_reminder.txt

@@ -1,9 +0,0 @@
-Hi {{event.mic.get_full_name|default_if_none:"Productions Manager"}},
-
-{% if event.mic %}
-Just to let you know your event {{event.display_id}} requires a risk assessment completing prior to the event. Please do so as soon as possible.
-{% else %}
-This is a reminder that event {{event.display_id}} requires a MIC assigning and a risk assessment completing.
-{% endif %}
-
-The TEC Rig Information Gathering System

RIGS/templates/eventauthorisation_mic_success.txt

@@ -0,0 +1,5 @@
+Hi {{object.event.mic.get_full_name|default_if_none:"somebody"}},
+
+Just to let you know your event N{{object.event.pk|stringformat:"05d"}} has been successfully authorised for £{{object.amount}} by {{object.name}} as of {{object.event.last_edited_at}}.
+
+The TEC Rig Information Gathering System

RIGS/templatetags/filters.py

@@ -118,9 +118,9 @@ def orderby(request, field, attr):
 @register.filter(needs_autoescape=True)  # Used for accessing outside of a form, i.e. in detail views of RiskAssessment and EventChecklist
 def get_field(obj, field, autoescape=True):
     value = getattr(obj, field)
-    if (isinstance(value, bool)):
+    if(isinstance(value, bool)):
         value = yesnoi(value, field in obj.inverted_fields)
-    elif (isinstance(value, str)):
+    elif(isinstance(value, str)):
         value = truncatewords(value, 20)
     return mark_safe(value)
 
@@ -144,7 +144,7 @@ def get_list(dictionary, key):
 
 @register.filter
 def profile_by_index(value):
-    if (value):
+    if(value):
         return models.Profile.objects.get(pk=int(value))
     else:
         return ""

RIGS/urls.py

@@ -75,7 +75,7 @@ urlpatterns = [
 
     path('event/<int:pk>/ra/', permission_required_with_403('RIGS.add_riskassessment')(views.EventRiskAssessmentCreate.as_view()),
          name='event_ra'),
-    path('event/ra/<int:pk>/', login_required(views.EventRiskAssessmentDetail.as_view()),
+    path('event/ra/<int:pk>/', permission_required_with_403('RIGS.view_riskassessment')(views.EventRiskAssessmentDetail.as_view()),
          name='ra_detail'),
     path('event/ra/<int:pk>/edit/', permission_required_with_403('RIGS.change_riskassessment')(views.EventRiskAssessmentEdit.as_view()),
          name='ra_edit'),
@@ -87,7 +87,7 @@ urlpatterns = [
 
     path('event/<int:pk>/checklist/', permission_required_with_403('RIGS.add_eventchecklist')(views.EventChecklistCreate.as_view()),
          name='event_ec'),
-    path('event/checklist/<int:pk>/', login_required(views.EventChecklistDetail.as_view()),
+    path('event/checklist/<int:pk>/', permission_required_with_403('RIGS.view_eventchecklist')(views.EventChecklistDetail.as_view()),
          name='ec_detail'),
     path('event/checklist/<int:pk>/edit/', permission_required_with_403('RIGS.change_eventchecklist')(views.EventChecklistEdit.as_view()),
          name='ec_edit'),

RIGS/views/rigboard.py

@@ -342,12 +342,12 @@ class EventAuthorisationRequest(generic.FormView, generic.detail.SingleObjectMix
 
         msg = EmailMultiAlternatives(
             f"{self.object.display_id} | {self.object.name} - Event Authorisation Request",
-            get_template("email/eventauthorisation_client_request.txt").render(context),
+            get_template("eventauthorisation_client_request.txt").render(context),
             to=[email],
             reply_to=[self.request.user.email],
         )
         css = finders.find('css/email.css')
-        html = premailer.Premailer(get_template("email/eventauthorisation_client_request.html").render(context),
+        html = premailer.Premailer(get_template("eventauthorisation_client_request.html").render(context),
                                    external_styles=css).transform()
         msg.attach_alternative(html, 'text/html')
 
@@ -357,7 +357,7 @@ class EventAuthorisationRequest(generic.FormView, generic.detail.SingleObjectMix
 
 
 class EventAuthoriseRequestEmailPreview(generic.DetailView):
-    template_name = "email/eventauthorisation_client_request.html"
+    template_name = "eventauthorisation_client_request.html"
     model = models.Event
 
     def render_to_response(self, context, **response_kwargs):

package.json

@@ -28,7 +28,7 @@
     "jquery": "^3.6.0",
     "konami": "^1.6.3",
     "moment": "^2.29.4",
-    "node-sass": "^7.0.3",
+    "node-sass": "^7.0.0",
     "popper.js": "^1.16.1",
     "postcss": "^8.4.5",
     "uglify-js": "^3.14.5"

training/urls.py

@@ -2,6 +2,7 @@ from django.urls import path
 
 from django.contrib.auth.decorators import login_required
 from training.decorators import is_supervisor
+from PyRIGS.decorators import permission_required_with_403
 
 from training import views, models
 from versioning.views import VersionHistory
@@ -11,9 +12,10 @@ urlpatterns = [
     path('item/<int:pk>/qualified_users/', login_required(views.ItemQualifications.as_view()), name='item_qualification'),
 
     path('trainee/list/', login_required(views.TraineeList.as_view()), name='trainee_list'),
-    path('trainee/<int:pk>/', login_required(views.TraineeDetail.as_view()),
+    path('trainee/<int:pk>/',
+         permission_required_with_403('RIGS.view_profile')(views.TraineeDetail.as_view()),
          name='trainee_detail'),
-    path('trainee/<int:pk>/history', login_required(VersionHistory.as_view()), name='trainee_history', kwargs={'model': models.Trainee, 'app': 'training'}),  # Not picked up automatically because proxy model (I think)
+    path('trainee/<int:pk>/history', permission_required_with_403('RIGS.view_profile')(VersionHistory.as_view()), name='trainee_history', kwargs={'model': models.Trainee, 'app': 'training'}),  # Not picked up automatically because proxy model (I think)
     path('trainee/<int:pk>/add_qualification/', is_supervisor()(views.AddQualification.as_view()),
          name='add_qualification'),
     path('trainee/edit_qualification/<int:pk>/', is_supervisor()(views.EditQualification.as_view()),

versioning/versioning.py

@@ -183,7 +183,7 @@ class ModelComparison:
     def name(self):
         obj = self.new if self.new else self.old
 
-        if (hasattr(obj, 'activity_feed_string')):
+        if(hasattr(obj, 'activity_feed_string')):
             return obj.activity_feed_string
         else:
             return str(obj)