Commit Graph

13840 Commits

Author SHA1 Message Date
Oliver
825e4b4cd8
Part API Filter Fix (#3271)
* Fix API filter 'in_bom_for'

- get_parts_in_bom() returns a list, not a queryset
- Thus, we have to enumerate the ID values, rather than filtering by queryset

* Add unit test for part API filter
2022-06-29 11:47:17 +10:00
Oliver
26d5d15b49
Change the default serialization level for postgresql DB (#3268)
- Previously defaulted to SERIALIZABLE
- Now defaults to READ_COMMITTED
2022-06-29 07:27:35 +10:00
Matthias Mair
cf70e4220f
Update requirements (#3228)
* Remove stat context variables

* Revert "Remove stat context variables"

This reverts commit 0989c308d0.

* remove old backport

* move requirements

* move isort

* move migrations-tests

* add pip-tools as req and add hook

* Use hashes and also run when txt files are added

* Update to hashes in requirements

* update requirements install path

* remove allauth-2fa for a test

* install dev-requirements

* re-enable allauth

* remove hashes from pre normal setup

* Remove version bindings if they are the laest

* move depencies to upper bound

* fix django-money

* remove windows specific requirements

* also install dependencies

* update markdownify

* remove django-admin-shell

* remove unneeded packages

* add docs

* remove pins and fix pre-commit pipeline

* pin django-money

* really remove admin shell

* return default behaviour for money serializer

* pip fix

* update filter name

* set decimal for output

* add migrations

* pin coveralls

* update requirements

Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
2022-06-28 22:12:00 +10:00
Oliver
1a90d06acc
New Crowdin updates (#3232)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-28 14:09:05 +10:00
Oliver
f223ea224d
Docker requirements update (#3266)
* Pin mariadb package <= 1.1.0

- Recent update to 1.1.2 requires newer version of mariadb connector

* Change <= to <
2022-06-28 13:47:10 +10:00
Oliver
8f92fddd2d
Virtual part fix (#3265)
* Add 'virtual': False requirement to sales order items

* Adds "virtual" filter for part table

* Adds extra validation to the SalesOrderLineItem model

* Prevent creation of stock items for virtual parts

- Add validation check to clean() method of StockItem model
- Improve validation message for StockItemSerializer class

* Hide "new stock item" button for virtual parts

* Hide more buttons for 'virtual' parts
2022-06-28 13:39:27 +10:00
Matthias Mair
b63ba4b636
[BUG] Duplication of "base URL" setting (#3263)
* [BUG] Duplication of "base URL" setting
Fixes #3196

Adds after_safe key to settings: this action is executed after the setting is saved. The current setting object is supplied to the function as the first argument.

* Add unittests

* fix style

* ammned allowed keys
2022-06-28 11:26:05 +10:00
Oliver
ad57ca5ddf
Adds notification when items are received against a purcahse order (#3259) 2022-06-27 07:30:38 +10:00
Oliver
b13e12b7bd
Adds a template for handling 403 errors due to CSRF issues (#3260) 2022-06-26 18:09:58 +10:00
Oliver
8c6e3db774
Bug fix for field validation on child forms (#3258)
* Bug fix for field validation on child forms

- If a child form is launched which conatins numerical inputs, field validation fails
- Not taking the "level" parameter into account when looking for the field

* trim long description strings in modal forms
2022-06-26 12:25:42 +10:00
Oliver
b2e31e3474
Notify users when a build order is completed (#3255) 2022-06-26 09:25:37 +10:00
Oliver
56bbda60b5
Add map files for qr-scanner library (#3254) 2022-06-25 16:33:17 +10:00
Oliver
ce67fd1c61
Exchange backend fix (#3253)
* Prevent creation of duplicate backend objects

* Ignore exchange errors, rather than returning None

* Revert "Prevent creation of duplicate backend objects"

This reverts commit 0b6d1ce86f.
2022-06-25 15:30:54 +10:00
Oliver
44b42050aa
Fix translation issue with javascript (#3246)
* Adds a custom translation node class to strip dirty characters from translated strings

* Update javascript files to use new template tag

* Override behaviour of {% load i18n %}

- No longer requires custom tag loading
- All templates now use escaped translation values
- Requires re-ordering of app loading
- Revert js_i18n to simply i18n

* CI step now lints JS files compiled in each locale

* Checking that the CI step fails

* Revert "Checking that the CI step fails"

This reverts commit ba2be0470d.
2022-06-25 10:50:26 +10:00
Oliver
16ac1d97f7
Remove custom javascript from auth pages (#3250)
* Remove custom javascript from auth pages

- Unauthorized user cannot load these scripts
- Simply throws console errors

* Split basic "show message" function out into new js file

* Split more generic functions out into new .js file

* javascript linting fix
2022-06-25 07:45:50 +10:00
Oliver
5b54979202
Prevent write of SERVER_RESTART_REQUIRED setting when importing dataset (#3249) 2022-06-24 20:42:55 +10:00
Oliver
daf019c13a
CI unit test fixes (#3244)
* CI unit test fixes

* Validate expected response depending on status of DEBUG mode

* Remove tests for browsable API endpoints
2022-06-23 14:26:42 +10:00
Oliver
782ba5693a
Prevent newline characters from breaking part page rendering (#3242) 2022-06-23 13:49:48 +10:00
Oliver
b247aa6062
Fix thumbnail command (#3243)
- New image size "preview" was not being generated
- Check was looking for existance of "thumbnail" (which did exist)
- Updated so that all image sizes are generated on a migration
2022-06-23 13:48:36 +10:00
Matthias Mair
7283197bac
MFA remove improvement (#3239)
* temporary fix for GHSA-8j76-mm54-52xq

* return to setting afterwards
2022-06-23 12:21:10 +10:00
Oliver
4268130669
Small visual tweaks to various auth views (#3238) 2022-06-23 07:09:17 +10:00
Oliver
9b4e443289
Prevent calculation of 'allocation_count' before model is saved (#3235) 2022-06-22 20:50:21 +10:00
Oliver
63b4ff3eb6
Remove reliance on django-markdownx (#3231)
* Remove reliance on django-markdownx

- We are now rendering notes on the client side using easymde
- No longer any need to utilize the markdownx integration
- Adds character limit for notes fields`

* Adjust legacy migrations - remove references to markdownx

* Fix bug for company notes field
2022-06-20 22:20:04 +10:00
Oliver
a8b71d7d9e
New Crowdin updates (#3227)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-20 11:35:59 +10:00
Oliver
652e6fb83e
Sales order tables (#3225)
* Add buttons to expand / collapse shipment tables

(cherry picked from commit 0af9fc473e)

* Updates for sales order lines table

(cherry picked from commit d99ec062ad)
2022-06-18 22:22:00 +10:00
Oliver
eb255e84d8
Small UI improvements to the settings interface (#3223) 2022-06-18 17:33:59 +10:00
Oliver
eeff6074e7
Adds a simple unit test to ensure that bleach is running on API data (#3222) 2022-06-18 17:08:47 +10:00
Oliver
9ba3fdf23d
Only enable browsable API if in debug mode (#3221)
(cherry picked from commit 6556cbd163)
2022-06-18 16:42:50 +10:00
Oliver
36868ebb4c
Hide buttons for users without required permissions (#3219) 2022-06-18 14:49:46 +10:00
Oliver
12fcccb5a6
Fix API endpoint permission for the "AttachmentMixin" class (#3218)
* Fix API endpoint permission for the "AttachmentMixin" class

- Any authenticated user could perform CREATE and UPDATE operations on attachments
- Could be performed via the browsable DRF API
- Could also be performed via the front-end (with some advaned jiggering of OPTIONS code)

* Show or hide buttons depending on the permissions of the user

* Add shortcut for table permission check
2022-06-18 14:48:09 +10:00
Oliver
18cf92ec8b
Update django-allauth to 0.48.0 (#3217)
* Update django-allauth to 0.48.0

* Update allauth settings
2022-06-18 12:30:59 +10:00
Oliver
74bec86675
Part page loading improvements (#3185)
* Lazy load the pricing bom table when the "pricing" tab is selected

* Update django-debug-toolbar configuration

* Major refactoring for the 'can_build' function

- Use a single annotated query to the db, rather than a for loop (which is what a caveman would use)
- Query performance is greatly improved
- Also refactors existing variant-part-stock subquery code, to make it re-usable

* Use minified JS and CSS where possible

* Render a 'preview' version of each part image

- Saves load time when the image is quite large
- Adds a data migration to render out the new variation

* Adds 'preview' version of company images

* Defer loading of javascript files

Note: some cannot be deferred - jquery in particular

* Crucial bugfix for user roles context

- Previously was *not* being calculated correctly
- A non-superuser role would most likely display pages incorrectly

* Prevent loading of "about" on every page

- Load dynamically when requested
- Takes ~400ms!
- Cuts out a lot of fat

* Match displayed image size to preview image size

* Utilize caching framework for accessing user "role" information

- Reduces number of DB queries required by rendering framework

* Remove redundant query elements

* Remove 'stock' field from PartBrief serializer

- A calculated field on a serializer is a *bad idea* when that calculation requires a DB hit

* Query improvements for StockItem serializer

- Remove calculated fields
- Fix annotations

* Bug fixes

* Remove JS load test

- Loading of JS files is now deferred, so the unit test does not work as it used to

* Fix broken template for "maintenance" page

* Remove thumbnail generation migrations

- Already performed manually as part of ''invoke migrate"
- Running as a migration causes unit test problems
- Not sensible to run this as a data-migration anyway

* tweak for build table
2022-06-17 21:26:28 +10:00
Oliver
0d01ea2f2e
Auth forms fix (#3214)
* Improvement and consolidation of various auth forms

* Update "disable 2FA" page to use form fields

Note: Requires merging of https://github.com/valohai/django-allauth-2fa/pull/135

* Update django-allauth-2fa requirements
2022-06-17 11:33:45 +10:00
Matthias Mair
50a4bda184
Small changes to password changing (#3213)
* fix formatting

* also check for the old password

* validate that password matches the rules
2022-06-17 10:36:36 +10:00
Jonas Otto
136924cd3f
fix docs link for "email settings not configured" warning (#3209) 2022-06-17 08:14:40 +10:00
Oliver
d84b67ddf4
Label dpi config (#3208)
* Updates for label printing settings:

- Make LABEL_ENABLE a global setting
- Add LABEL_DPI setting (default = 300)
- Add new global settings tab

* Use the configured DPI when printing labels
2022-06-16 14:49:17 +10:00
Oliver
9bd62f986f
Sanitize data before displaying in markdown editor (#3205)
* Sanitize data before displaying in markdown editor

* Use the sanitize option provided by easymde

* Spelling fix
2022-06-16 10:57:28 +10:00
Matthias Mair
e83995b4f5
Add bleach (#41) (#3204)
* use shims for API view inheritation

* Add mixin for input sanitation

* fix clean operation to fix all string values

* Also clean up dicts
this is to future-proof this function

* Update docstirng

* proof custom methods against XSS through authenticated users
2022-06-16 10:01:53 +10:00
Oliver
f8a2760955
New Crowdin updates (#3187)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-16 07:57:23 +10:00
Oliver
7a1869d30c
Fix sanitization for array case - was missing a return value (#3199)
(cherry picked from commit c05ae111d0)
2022-06-15 20:43:32 +10:00
Oliver
cd418d6948
Merge pull request from GHSA-rm89-9g65-4ffr
* Enable HTML escaping for all tables by default

* Enable HTML escaping for all tables by default

* Adds automatic escaping for bootstrap tables where custom formatter function is specified

- Intercept the row data *before* it is provided to the renderer function
- Adds a function for sanitizing nested data structure

* Sanitize form data before processing
2022-06-15 18:33:33 +10:00
Oliver
57563f6b7a
Merge pull request from GHSA-7rq4-qcpw-74gq
* Create custom ModelResource subclass

- Strips illegal starting characters from string cells
- Prevents formula injection

* Update all existing ModelResource classes to base off InvenTreeResource

* Handle more complex case where an illegal char is hidden behind another one
2022-06-15 18:32:35 +10:00
Oliver
76aa3a75f2
Merge pull request from GHSA-fr2w-mp56-g4xp
* Enforce file download for attachments table(s)

* Enforce file download for attachment in 'StockItemTestResult' table
2022-06-15 18:31:56 +10:00
Oliver
0759c3769e
Spelling fix: dates -> days (#3193) 2022-06-14 10:07:48 +10:00
Oliver
3ae0a9d974
Add major release notes section for security fixes (#3191)
- Ref: https://github.com/inventree/InvenTree/pull/3190
2022-06-14 08:10:10 +10:00
Oliver
0a0d151f15
Add security.md (#3190)
* Create SECURITY.md

Add a security disclosure policty document

(cherry picked from commit 35b7d51cf2)

* Adds desired target for resolution

(cherry picked from commit 828163848a)
2022-06-14 08:09:51 +10:00
Oliver
8b464e4397
Migrate "Convert to Variant" form to the API (#3183)
* Adds a Part API filter to limit query to valid conversion options for the specified part

* Refactor 'exclude_tree' filter to use django-filter framework

* Refactor the 'ancestor' filter

* Refactoring more API filtering fields:

- variant_of
- in_bom_for

* Adds API endpoint / view / serializer for converting a StockItem to variant

* stock item conversion now perfomed via the API

* Bump API version

* Add unit tests for new filtering option on the Part list API endpoint

* Adds  unit test for "convert" API endpoint functionality
2022-06-12 16:06:11 +10:00
Oliver
9b86bc6002
New Crowdin updates (#3162)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-12 14:10:15 +10:00
Oliver
1ae6bde896
Clear cache for more unit tests (#3184) 2022-06-12 12:58:40 +10:00
Oliver
6eddcd3c23
Setting caching (#3178)
* Revert "Remove stat context variables"

This reverts commit 0989c308d0.

* Add a caching framework for inventree settings

- Actions that use "settings" require a DB hit every time
- For example the part.full_name() method looks at the PART_NAME_FORMAT setting
- This means 1 DB hit for every part which is serialized!!

* Fixes for DebugToolbar integration

- Requires different INTERNAL_IPS when running behind docker
- Some issues with TEMPLATES framework

* Revert "Revert "Remove stat context variables""

This reverts commit 52e6359265.

* Add unit tests for settings caching

* Update existing unit tests to handle cache framework

* Fix for unit test

* Re-enable cache for default part values

* Clear cache for further unit tests
2022-06-12 10:56:16 +10:00