2
0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-25 18:37:38 +00:00
Commit Graph

13982 Commits

Author SHA1 Message Date
Oliver
b13e12b7bd Adds a template for handling 403 errors due to CSRF issues (#3260) 2022-06-26 18:09:58 +10:00
Oliver
8c6e3db774 Bug fix for field validation on child forms (#3258)
* Bug fix for field validation on child forms

- If a child form is launched which conatins numerical inputs, field validation fails
- Not taking the "level" parameter into account when looking for the field

* trim long description strings in modal forms
2022-06-26 12:25:42 +10:00
Oliver
b2e31e3474 Notify users when a build order is completed (#3255) 2022-06-26 09:25:37 +10:00
Oliver
56bbda60b5 Add map files for qr-scanner library (#3254) 2022-06-25 16:33:17 +10:00
Oliver
ce67fd1c61 Exchange backend fix (#3253)
* Prevent creation of duplicate backend objects

* Ignore exchange errors, rather than returning None

* Revert "Prevent creation of duplicate backend objects"

This reverts commit 0b6d1ce86f.
2022-06-25 15:30:54 +10:00
Oliver
44b42050aa Fix translation issue with javascript (#3246)
* Adds a custom translation node class to strip dirty characters from translated strings

* Update javascript files to use new template tag

* Override behaviour of {% load i18n %}

- No longer requires custom tag loading
- All templates now use escaped translation values
- Requires re-ordering of app loading
- Revert js_i18n to simply i18n

* CI step now lints JS files compiled in each locale

* Checking that the CI step fails

* Revert "Checking that the CI step fails"

This reverts commit ba2be0470d.
2022-06-25 10:50:26 +10:00
Oliver
16ac1d97f7 Remove custom javascript from auth pages (#3250)
* Remove custom javascript from auth pages

- Unauthorized user cannot load these scripts
- Simply throws console errors

* Split basic "show message" function out into new js file

* Split more generic functions out into new .js file

* javascript linting fix
2022-06-25 07:45:50 +10:00
Oliver
5b54979202 Prevent write of SERVER_RESTART_REQUIRED setting when importing dataset (#3249) 2022-06-24 20:42:55 +10:00
Oliver
daf019c13a CI unit test fixes (#3244)
* CI unit test fixes

* Validate expected response depending on status of DEBUG mode

* Remove tests for browsable API endpoints
2022-06-23 14:26:42 +10:00
Oliver
782ba5693a Prevent newline characters from breaking part page rendering (#3242) 2022-06-23 13:49:48 +10:00
Oliver
b247aa6062 Fix thumbnail command (#3243)
- New image size "preview" was not being generated
- Check was looking for existance of "thumbnail" (which did exist)
- Updated so that all image sizes are generated on a migration
2022-06-23 13:48:36 +10:00
Matthias Mair
7283197bac MFA remove improvement (#3239)
* temporary fix for GHSA-8j76-mm54-52xq

* return to setting afterwards
2022-06-23 12:21:10 +10:00
Oliver
4268130669 Small visual tweaks to various auth views (#3238) 2022-06-23 07:09:17 +10:00
Oliver
9b4e443289 Prevent calculation of 'allocation_count' before model is saved (#3235) 2022-06-22 20:50:21 +10:00
Oliver
63b4ff3eb6 Remove reliance on django-markdownx (#3231)
* Remove reliance on django-markdownx

- We are now rendering notes on the client side using easymde
- No longer any need to utilize the markdownx integration
- Adds character limit for notes fields`

* Adjust legacy migrations - remove references to markdownx

* Fix bug for company notes field
2022-06-20 22:20:04 +10:00
Oliver
a8b71d7d9e New Crowdin updates (#3227)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-20 11:35:59 +10:00
Oliver
652e6fb83e Sales order tables (#3225)
* Add buttons to expand / collapse shipment tables

(cherry picked from commit 0af9fc473e)

* Updates for sales order lines table

(cherry picked from commit d99ec062ad)
2022-06-18 22:22:00 +10:00
Oliver
eb255e84d8 Small UI improvements to the settings interface (#3223) 2022-06-18 17:33:59 +10:00
Oliver
eeff6074e7 Adds a simple unit test to ensure that bleach is running on API data (#3222) 2022-06-18 17:08:47 +10:00
Oliver
9ba3fdf23d Only enable browsable API if in debug mode (#3221)
(cherry picked from commit 6556cbd163)
2022-06-18 16:42:50 +10:00
Oliver
36868ebb4c Hide buttons for users without required permissions (#3219) 2022-06-18 14:49:46 +10:00
Oliver
12fcccb5a6 Fix API endpoint permission for the "AttachmentMixin" class (#3218)
* Fix API endpoint permission for the "AttachmentMixin" class

- Any authenticated user could perform CREATE and UPDATE operations on attachments
- Could be performed via the browsable DRF API
- Could also be performed via the front-end (with some advaned jiggering of OPTIONS code)

* Show or hide buttons depending on the permissions of the user

* Add shortcut for table permission check
2022-06-18 14:48:09 +10:00
Oliver
18cf92ec8b Update django-allauth to 0.48.0 (#3217)
* Update django-allauth to 0.48.0

* Update allauth settings
2022-06-18 12:30:59 +10:00
Oliver
74bec86675 Part page loading improvements (#3185)
* Lazy load the pricing bom table when the "pricing" tab is selected

* Update django-debug-toolbar configuration

* Major refactoring for the 'can_build' function

- Use a single annotated query to the db, rather than a for loop (which is what a caveman would use)
- Query performance is greatly improved
- Also refactors existing variant-part-stock subquery code, to make it re-usable

* Use minified JS and CSS where possible

* Render a 'preview' version of each part image

- Saves load time when the image is quite large
- Adds a data migration to render out the new variation

* Adds 'preview' version of company images

* Defer loading of javascript files

Note: some cannot be deferred - jquery in particular

* Crucial bugfix for user roles context

- Previously was *not* being calculated correctly
- A non-superuser role would most likely display pages incorrectly

* Prevent loading of "about" on every page

- Load dynamically when requested
- Takes ~400ms!
- Cuts out a lot of fat

* Match displayed image size to preview image size

* Utilize caching framework for accessing user "role" information

- Reduces number of DB queries required by rendering framework

* Remove redundant query elements

* Remove 'stock' field from PartBrief serializer

- A calculated field on a serializer is a *bad idea* when that calculation requires a DB hit

* Query improvements for StockItem serializer

- Remove calculated fields
- Fix annotations

* Bug fixes

* Remove JS load test

- Loading of JS files is now deferred, so the unit test does not work as it used to

* Fix broken template for "maintenance" page

* Remove thumbnail generation migrations

- Already performed manually as part of ''invoke migrate"
- Running as a migration causes unit test problems
- Not sensible to run this as a data-migration anyway

* tweak for build table
2022-06-17 21:26:28 +10:00
Oliver
0d01ea2f2e Auth forms fix (#3214)
* Improvement and consolidation of various auth forms

* Update "disable 2FA" page to use form fields

Note: Requires merging of https://github.com/valohai/django-allauth-2fa/pull/135

* Update django-allauth-2fa requirements
2022-06-17 11:33:45 +10:00
Matthias Mair
50a4bda184 Small changes to password changing (#3213)
* fix formatting

* also check for the old password

* validate that password matches the rules
2022-06-17 10:36:36 +10:00
Jonas Otto
136924cd3f fix docs link for "email settings not configured" warning (#3209) 2022-06-17 08:14:40 +10:00
Oliver
d84b67ddf4 Label dpi config (#3208)
* Updates for label printing settings:

- Make LABEL_ENABLE a global setting
- Add LABEL_DPI setting (default = 300)
- Add new global settings tab

* Use the configured DPI when printing labels
2022-06-16 14:49:17 +10:00
Oliver
9bd62f986f Sanitize data before displaying in markdown editor (#3205)
* Sanitize data before displaying in markdown editor

* Use the sanitize option provided by easymde

* Spelling fix
2022-06-16 10:57:28 +10:00
Matthias Mair
e83995b4f5 Add bleach (#41) (#3204)
* use shims for API view inheritation

* Add mixin for input sanitation

* fix clean operation to fix all string values

* Also clean up dicts
this is to future-proof this function

* Update docstirng

* proof custom methods against XSS through authenticated users
2022-06-16 10:01:53 +10:00
Oliver
f8a2760955 New Crowdin updates (#3187)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-16 07:57:23 +10:00
Oliver
7a1869d30c Fix sanitization for array case - was missing a return value (#3199)
(cherry picked from commit c05ae111d0)
2022-06-15 20:43:32 +10:00
Oliver
cd418d6948 Merge pull request from GHSA-rm89-9g65-4ffr
* Enable HTML escaping for all tables by default

* Enable HTML escaping for all tables by default

* Adds automatic escaping for bootstrap tables where custom formatter function is specified

- Intercept the row data *before* it is provided to the renderer function
- Adds a function for sanitizing nested data structure

* Sanitize form data before processing
2022-06-15 18:33:33 +10:00
Oliver
57563f6b7a Merge pull request from GHSA-7rq4-qcpw-74gq
* Create custom ModelResource subclass

- Strips illegal starting characters from string cells
- Prevents formula injection

* Update all existing ModelResource classes to base off InvenTreeResource

* Handle more complex case where an illegal char is hidden behind another one
2022-06-15 18:32:35 +10:00
Oliver
76aa3a75f2 Merge pull request from GHSA-fr2w-mp56-g4xp
* Enforce file download for attachments table(s)

* Enforce file download for attachment in 'StockItemTestResult' table
2022-06-15 18:31:56 +10:00
Oliver
0759c3769e Spelling fix: dates -> days (#3193) 2022-06-14 10:07:48 +10:00
Oliver
3ae0a9d974 Add major release notes section for security fixes (#3191)
- Ref: https://github.com/inventree/InvenTree/pull/3190
2022-06-14 08:10:10 +10:00
Oliver
0a0d151f15 Add security.md (#3190)
* Create SECURITY.md

Add a security disclosure policty document

(cherry picked from commit 35b7d51cf2)

* Adds desired target for resolution

(cherry picked from commit 828163848a)
2022-06-14 08:09:51 +10:00
Oliver
8b464e4397 Migrate "Convert to Variant" form to the API (#3183)
* Adds a Part API filter to limit query to valid conversion options for the specified part

* Refactor 'exclude_tree' filter to use django-filter framework

* Refactor the 'ancestor' filter

* Refactoring more API filtering fields:

- variant_of
- in_bom_for

* Adds API endpoint / view / serializer for converting a StockItem to variant

* stock item conversion now perfomed via the API

* Bump API version

* Add unit tests for new filtering option on the Part list API endpoint

* Adds  unit test for "convert" API endpoint functionality
2022-06-12 16:06:11 +10:00
Oliver
9b86bc6002 New Crowdin updates (#3162)
* updated translation base

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

* Fix: New translations django.po from Crowdin

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2022-06-12 14:10:15 +10:00
Oliver
1ae6bde896 Clear cache for more unit tests (#3184) 2022-06-12 12:58:40 +10:00
Oliver
6eddcd3c23 Setting caching (#3178)
* Revert "Remove stat context variables"

This reverts commit 0989c308d0.

* Add a caching framework for inventree settings

- Actions that use "settings" require a DB hit every time
- For example the part.full_name() method looks at the PART_NAME_FORMAT setting
- This means 1 DB hit for every part which is serialized!!

* Fixes for DebugToolbar integration

- Requires different INTERNAL_IPS when running behind docker
- Some issues with TEMPLATES framework

* Revert "Revert "Remove stat context variables""

This reverts commit 52e6359265.

* Add unit tests for settings caching

* Update existing unit tests to handle cache framework

* Fix for unit test

* Re-enable cache for default part values

* Clear cache for further unit tests
2022-06-12 10:56:16 +10:00
Matthias Mair
90aa7b8444 Sentry (#3174)
* Add sentry for optional error reporting
Closes https://github.com/inventreedb/org/issues/3
Heavily inspired by https://github.com/netbox-community/netbox/issues/9340

* do not consider optional stuff in coverage

* Add DSN for inventree org

Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
2022-06-11 23:13:13 +10:00
Oliver
5ecba6b13c Add error handling for case where user does not have git installed (#3179) 2022-06-11 23:11:50 +10:00
Oliver
090f4f4387 Converting more forms to the API (#3181)
* Delete category via the API

* Delete StockLocation via the API

* Delete StockItem via the API

- Removes the final instance of AjaxDelete

* Remove URL path

* Add missing code
2022-06-11 21:53:26 +10:00
Oliver
63f1e58ca9 Fix container priority for docker compose recipe (#3180)
- Cache must be running *before* the server
- Server must be running *before* the worker
2022-06-11 19:58:36 +10:00
Matthias Mair
7c28bf1f64 Clean up tasks (#3175)
* Remove shell command
Fixes #3157

* Also run translation stats on updates

* remove style command

* remove import_fixtures command

* remove check

* fix docstirngs regarding D415

* move function up

* move task

* move task

* move tasks

* move task

* add section comments

* Revert "remove import_fixtures command"

This reverts commit e202ff2b80.
2022-06-11 10:07:57 +10:00
Oliver
d9efe27f8a Adds redis support to production docker-compose (#3171)
* Adds a redis container to the production docker-compose script

* Fix ports
2022-06-10 20:16:19 +10:00
miggland
79f498a648 Export records update - allow overwriting existing files without user input (#3156)
* Add flag to overwrite existing file when exporting records

* Remove temp. file at end of export process

* Run flake8 on tasks.py as well

* Fix style

* Change style of default text

* Add type bool

* dev-setup

* Revert "dev-setup"

This reverts commit 789356422a.

* Update tasks.py with new flags to allow choosing where permissions end up, and if temporary files are kept or not
2022-06-09 11:47:29 +10:00
Oliver
258957c14c SupplierPart availability (#3148)
* Adds new fields to the SupplierPart model:

- available
- availability_updated

* Allow availability_updated field to be blank

* Revert "Remove stat context variables"

This reverts commit 0989c308d0.

* Increment API version

* Adds availability information to the SupplierPart API serializer

- If the 'available' field is updated, the current date is added to the availability_updated field

* Add 'available' field to SupplierPart table

* More JS refactoring

* Add unit testing for specifying availability via the API

* Display availability data on the SupplierPart detail page

* Add ability to set 'available' quantity from the SupplierPart detail page

* Revert "Revert "Remove stat context variables""

This reverts commit 3f98037f79.
2022-06-08 21:49:07 +10:00