2
0
mirror of https://github.com/inventree/InvenTree.git synced 2025-10-26 02:47:41 +00:00
Commit Graph

21 Commits

Author SHA1 Message Date
Matthias Mair
2712f30382 fix: ci security issues (#9451)
* fix possible code injection errors

* pin n
2025-04-04 09:04:06 +11:00
Matthias Mair
24f433c948 Remove CUI (#8384)
* remove CUI

* fix loading

* fix login middleware

* remove css template functions

* tmp fix for recurtion

* remove old test

* fix assertations

* fix middleware tests

* re-add plugin tags

* remove thirdpartjs

* re-add mfa urls

* remove old js

* remove cui tags

* simplify error testing

* use license endpoint for testing instead

* disable successful test

* revert de-activation

* remove references to old UI customisation

* update docs to remove reference to removed page

* disable availabilty check

* possible fix to importing problem

* Revert "possible fix to importing problem"

This reverts commit ee9fccdc8c.

* remove old get_context_data

* fix migration

* remove unused function

* remove unused stuff

* remove unused template

* fix formatting of readme
2024-12-17 12:30:41 +11:00
Matthias Mair
9dc4fc1f8f [CI] Add zimor to check github action security (#8639)
* Add zimor to checks

* fix format

* use same version of checkout everywhere

* do only persist credentials if needed

* remove duplicate clones

* fix pin syntax

* fix pins

* fix template injection

* another injection fix

* Revert "remove duplicate clones"

This reverts commit 9a00ae2bbb.

* Add GH token for further rules
2024-12-17 10:12:51 +11:00
Oliver
1f6cd9fc54 [WIP] Data importer (#6911)
* Adds new model for DataImportSession

* Add file extension validation

Expose to admin interface also

* Switch to new 'importer' app

* Refactoring to help prevent circular imports

* Add serializer registry

- Use @register_importer tag for any serializer class

* Cleanup migration file

- Do not use one-time hard-coded values here

* Refactor code into registry.py

* Add validation for the uploaded file

- Must be importable by tablib

* Refactoring

* Adds property to retrieve matching serializer class

* Update helper functions

* Add hook to auto-assign columns on initial creation

* Rename field

* Enforce initial status value

* Add model for individual rows in the data import

* Add DataImportRow model

* Extract data rows as dict

* Update fields

- Remove "progress" field (will be calculated)
- Added "timestamp" field
- Added "complete" field to DataImportRow

* Auto-map column names

- Provide "sensible" default values

* Add API endpoint for DataImportSession

* Offload data import operation

- For large data files this may take a significant amount of time
- Offload it to the background worker process

* Refactor data import code

* Update models

- Add "columns" field to DataImportSession
- Add "errors" field to DataImportRow

* Move field mapping to a new model type

- Simpler validation

* Save "valid" status for each data row

* Include session defaults when validating row data

* Update content_excludes

- Ignore importer models in import/export

* Remove port from ALLOWED_HOST entries

* Skip table events for importer models

* Bug fixes

* Serializer updates

* Add more endpoints

- DataImportColumnMappingList
- DataImportRowList

* further updates:

- Add 'get_api_url' method
- Handle case where

* Expose "available fields" to the DataImportSession serializer

Uses the (already available) inventree metadata middleware

* Add detail endpoints

* Clear existing column mappings

* Add endpoint for accepting column mappings

* Add API endpoint exposing available importer serializers

* Add simple playground area for testing data importer

* Adds simple form to start new import session

- Needs work, file field does not currently function correctly

* data_file is *not* read_only

* Add check for file type

* Remove debug statements

* Refactor column mapping

- Generate mapping for each column
- Remove "columns" field
- Column names are calculated dynamically

* Fix uniqueness requirements on mapping table

* Admin updates

- Prevent deletion of mappings
- Prevent addition of mappings

* API endpoint updates

- Prevent mappings from being deleted
- Prevent mappings from being created

* Update importer drawer

* Add widget for selecting data columns

* UI tweaks

* Delete import session when closing modal

* Allow empty string value

* Complete column mapping

* Adds ability to remove rows

* Adjust drawer specs

* Add column 'description' to serializer

* Add option to hide labels in API form field

* Update column heading

* Fix frontend linting errors

* Revert drawer position

* Return correct type

* Fix shadowing

* Fix f-string

* simplify frontend code

* Move importer app

* Update API version

* Reintroduce export formats

* Add new models to RuleSet

* typescript cleanup

* Typescript cleanup

* Improvement for Switch / boolean field

* Display original row data on popover

* Only display mapped columns

* Add DataExportMixin class

- Replaces existing APIDownloadMixin
- Uses DRF serializers for exporting
- *much* more efficient

* Create new file: importer.mixins.py

* Add new mixin to existing views which support data export

* Better error handling

* Cleanup:

- Remove references to APIDownloadMixin
- Remove download_queryset method
- All now handled by API-based export functionality

* Replace table with InvenTreeTable

- Paginate imported rows
- Data can be searched, ordered,

* Make 'pathstring' fields read-only

* Expose list of valid importer types to the API

* Exclude read-only fields

* Cleanup

* Updates for session model

- Column is now editable on mapping object
- Field is no  longer editable
- Improve admin integration

* Adds new custom hook for controlling data import session

* Refactor column mapping widget

* Refactor ImportDataSelector

* Working on ImportDataSelector component

* Adds method for editing fields in import table

- Cell edit mode
- Row edit mode
- Form submission still needs work!

* Adds background task for removing old import sessions

* Fix api_version.py

* Update src/frontend/src/components/importer/ImportDataSelector.tsx

Co-authored-by: Lukas <76838159+wolflu05@users.noreply.github.com>

* Update model verbose names

* Rename mixin class

* Add serializer mixin classes

- Will allow for fine-tuning of the import/export proces

* @register_importer requires specific mixin

* Check subclass for export

* Fix typos

* Refactor export serializer

- Keep operations local to the class

* Add shim class to process an individual row before exporting it

* Add mixin to existing serializers

* Add export functionality for company serializers

* Adds  placeholder for custom admin class

* Update mantine styling

* spacing -> gap

* Add functionality to pre-process form data before upload

* Remove old references to download_queryset

* Improvements for data import drawer:

- Pin title at top of drawer

* Further improvements

* Fix column selection input

* Formatting improvements

* Use a <Stepper> component for better progress display

* Cleanup text

* Add export-only fields to BuildItem queryset

* Expand "export" fields for BuildItem dataset

* Skip backup and static steps in CI

* Remove hard-coded paths

* Fix for "accept_mapping" method

* Present required fields first on import session

* Add "get_importable_fields" method

* Add method for commiting imported row to database

* Cleanup

* Save "complete" state after row import

* Allow prevention of column caching

* Remove debug statement

* Add basic admin table for import sessions

* Fix for table filter functions

- New mantine version requires string values

* Add filters for import session table

* Remove debug message

* fix for <FilterItem />

* Create new import session from admin page

* Cleanup playground

* Re-open an existing import session

* Memoize cell value

* Update <ImportDataSelector>

* Enable download of build line data

* Add extra detail fields

* Register data importers for the stock app

* Enable download of stock item tracking data

* Register importerrs for "company" app

* Register importers for the "order" app

* Add extra fields to purchase order line item serializer

* Update verbose names for order models

* Cleanup import data table rendering

* Pass session information through to cell renderer

* add separate 'field_overrides' field

* Expose 'field_overrides' to API

* Refactor import field selection

* Use override data if provided

* Fix data extraction

- Ignore columns which are not mapped

* Fix fields.pop

- Provide 'None' argument

* Update import data rendering

* Handle missing / empty column names when importing data

* Bug fixin'

* Update hook

* Adds button to upload data straight to table

* Cache "available_fields"

- Reduces API access time by 85%

* Fix calculation of completed_row_count

* Import individual rows from import session

* Allow import of multiple simultaneous records

* Improve extraction of metadata

- Especially for related fields
- Request object no longer required

* Implement suspended rendering of model instances

* Cleanup

* Implement more columns for StockTable

* Allow stock filtering by packaging field

* Fix "stock_value" column

* Improve metadata extraction

- Handle read_only_fields in Meta
- Handle write_only_fields in Meta

* Increase maximum number of importable rows

* Force data import to run on background worker

* Add export-only fields to StockItemSerializer class

* Data conversion when performing initial import

* Various tweaks

* Fix order of operations for data import

* Rename component

* Allow import/export of more model types

* Fix verbose name

* Import rows as a bulk db operation

* Enable download for PartCategoryTemplateTable

* Update stock item export

* Updates for unit tests

* Remove xls format for now

- Causes some bug in tablib
- Surely xlsx is OK?

* More unit test updates

* Future proof migration

* Updates

* unit tests

* Unit test fix

* Remove 'field_overrides'

- field_defaults will suffice

* Remove 'xls' as download option from frontend

* Add simple unit test for data import

* PUI tweaks

---------

Co-authored-by: Lukas <76838159+wolflu05@users.noreply.github.com>
2024-07-06 18:29:52 +10:00
Matthias Mair
c9e9ef1754 Bump pre commit versions (#7255)
* bump pre-commit tools

* move uv config to pyproject

* style fix

* bump pre-commit deps again

* add config for code spell

* spelling fixes

* bump regex

* bump pre-commit

* bump versions again

* roll back regex version

* reverse uv bump

* compile for 3.12

* use 3.12 for ci

* remove unused env vars

* only cache main version

* set caching dep path

* remove caching distinction

* pip installl regex

* switch back to 3.9 default

* remove install test

* reset versions

* remove tomli

* Update playwright.config.ts

---------

Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2024-06-25 20:52:34 +10:00
Zanie Blue
ed1717942d Use UV_SYSTEM_PYTHON to allow the system Python interpreter instead of VIRTUAL_ENV (#7317) 2024-05-24 13:42:09 +10:00
Oliver
bc566c513f Fix sales order shipment / completed buttons (#7305)
* Fix sales order shipment / completed buttons

- Template logic needed tweaks

* Adjust logic for completing a sales order

* Tweak UV version

- Trying to get CI to run properly

* Pin version

* Ignore uv

* Cleanup

* Fix another --uv command
2024-05-23 21:24:38 +10:00
Matthias Mair
938c724395 Pin hashes in requirements (#7081)
* use global pin for requests

* unify on yaml for workflo files

* format workflow files

* pin action versions

* fix pinned version

* use system venv

* switch args

* remove uv for now and add setting for pyyaml

* use requirements file

* also switch on docker flow

* generate hashes

* added hashes to reqs

* add hashes for CI too

* add hash checking

* require hashes everywhere possible

* require hashes where possible in docker
2024-04-23 17:15:52 +10:00
Matthias Mair
0bace3f3af Code structure refactor (#5582)
* moved docker files to /contrib/container

* changed code owners to make more precise

* updated CI to use new subdirs

* added manual trigger for testing

* moved ci files

* moved assets into subdir

* moved deploy template file to contrib

* moved django files to src/backend

* updated paths in scripts etc

* updated reqs path

* fixed version file path

* fixed flake8 path

* fixed path to node ressources

* fixed task paths

* added dep path for node

* removed unused yarn lockfile

* removed unused ci script

* updated internal backend paths for tasks

* updated translation stats path

* fixed source path for coverage

* fixed main commit repo path

* fit in changes from testing

* gather packager improvements (#149)

* Matmair/issue5578 (#143)

* moved docker files to /contrib/container

* changed code owners to make more precise

* updated CI to use new subdirs

* added manual trigger for testing

* moved ci files

* moved assets into subdir

* moved deploy template file to contrib

* moved django files to src/backend

* updated paths in scripts etc

* updated reqs path

* fixed version file path

* fixed flake8 path

* fixed path to node ressources

* fixed task paths

* added dep path for node

* removed unused yarn lockfile

* removed unused ci script

* updated internal backend paths for tasks

* updated translation stats path

* fixed source path for coverage

* fixed main commit repo path

* fix docker path

* use project dir

* move project dir command

* fixed docker paths

* another fix?

* seperate tasks out

* remove tasks

* some debugging

* ci: add .deepsource.toml

* Update .deepsource.toml

* also ignore migrations

* more debugging

* fix path issues

* remove debug script

* fix style

* change locale path

* Fixed paths for requirements

* Added dummy requirements to fool packager

* fixed exec path

* remove deepsource

---------

Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>

* Added docs for file structure

* Fixed style errors

* updated deepsource paths

* fix deepsource paths

* fixed reqs

* merge fixes

* move newly added dirs too

* fix reqs files

* another dep fix

* merge upstream/master

* revert removal of tags

* merge upstream

* enabled detection of old config files

* adapt coverage src

* also detect and support old location for plugins.txt

* style fix

* fix ~/init.sh location

* fix requirements path

* fix config to current master

* move new folders

* fix import order

* fix paths for qc_check

* fix docs build

* fix fix path

* set docker project dir

* just use a cd

* set image path?

* set file correct

* fix copy path

* fix tasks dir

* fix init path

* fix copy path

* set prject dir

* fix paths

* remove old prod files

* fix dev env path

* set docker file

* Fix devcontainer docker compose file

* fix login attempt values

* fix init.sh path

* Fix pathing for Docker

* Docker build fix

- Set INVENTREE_BACKEND_DIR separately

* Update init.sh

* Fix path

* Update requirements.txt

* merge

* fix rq merge

* fix docker compose usage

---------

Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2024-04-03 12:16:59 +11:00
Matthias Mair
7c6eefbcdf CI-Actions: Security fixes (#6835)
* add security commitment

* fix badge path

* set token permissions
see https://github.com/inventree/InvenTree/security/code-scanning/48

* add more chapters

* break up flow text

* spellchecking

* clean diff

* bump setup-python to node 20 version

* fix docker version too
2024-03-25 09:11:16 +11:00
Oliver
f6123cc261 [WIP] docker / Caddy (#6551)
* remove docker-sqlite file

- Do not want to encourage use of sqlite

* Add Caddyfile

* Add default site URL to .env

- Matches Caddyfile

* Cleanup / simplify .env file

* Remove dev nginx conf file

* Further cleanup of .env file

* Update docker-compose.yml

- Use caddy image instead of nginx as proxy

* Set max body size

* gunicorn: enable external logging

* Update file structure

* Cleanup docker-compose file

* Update docker/docker-compose.yml

Co-authored-by: Matthias Mair <code@mjmair.com>

* Update docker/Caddyfile

Co-authored-by: Matthias Mair <code@mjmair.com>

* Fix for postgresql packages

- Need postgresql13-client to be installed, it contains pg_dump
- Without this, backup / restore *does not work*

* Create static_i18n dir if it does not exist

* Reduce output from collectstatic

* Revert gunicorn logging

- Want to see the logs in docker

* Fix trailing slash

Ref: https://github.com/inventree/InvenTree/pull/6551#issuecomment-1962423765

* tasks.py - pass 'nouv' option through

* Update package requirements:

- Allow installation of rapidfuzz without building

* Install uv as part of docker image

* Add environment variable to control downstream URL

* Do not use uv package manager by default

- Currently does not work "correctly" - ignores installed packages
- Requires further work to run reliably

* Fix docker-compose file

- Do not build locally

* Cleanup gunicorn file

- Remove unused lien

* Cleanup docker-compose.yml

- Simpler volume management

* Update Caddyfile

Add newline

* Update requirements.txt

Add newline

* Update tasks.py

Add missing blank line

* Simplify Caddyfile

* Adds option for customizing web port

* cleanup docker-compose.yml

- Better mapping of caddy data
- Cleaner volume setup

* Add django version template

- Ensure all docs links point to the current django version we are using

* docs: cleanup intro.md

* Cleanup serving_files.md

* Cleanup config.md

* docker install docs updates

* Enable code block copying

* Fix include file

* Fix link

* Update docker install docs

* Update docker.md

* Add info about demo dataset

* Tweak heading

* Update docs link checks

* Fix workflow

* Another fix

* More ignore pattearns

---------

Co-authored-by: Matthias Mair <code@mjmair.com>
2024-02-28 01:06:19 +11:00
Matthias Mair
1fa64dd8cc Fix tranlation pipeline (#6559)
* use default setup action

* small change to trigger CI

* use enviroment step

* define python version

* us uv a bit more

* clean diff

* globally define python version
2024-02-23 10:49:22 +11:00
Matthias Mair
f5e02fd292 Switch to uv (#6499)
* test UV performance

* second dummy change

* fix CI

* set version - uv is already proving to be great

* dummy bump

* bump to newer uv

* use uv in more places

* revert uv

* add flag to disable UV

* fix vevn for CI

* bump uv version

* bump to uv-016

* bump

* bump

* switch to uv
2024-02-23 09:55:19 +11:00
Matthias Mair
8308f36923 bump action versions (#5776) 2023-10-25 09:18:53 +11:00
Matthias Mair
21ed4b2081 Fix common spelling mistakes (#4956)
* add codespell

* first fixes

* doc fixes

* fix docstrings and comments

* functional changes

* docstrings again

* and docs again

* rename args

* add ignore

* use pre-commit for filtering instead

* ups

* fix typo in filter
2023-06-04 00:04:52 +10:00
Matthias Mair
2623c22b7e Remove hashes from dev requirements (#4627)
* Remove hashes from dev requirements
Fixes #4616

* rollback https://github.com/inventree/InvenTree/pull/4617
2023-04-19 07:10:02 +10:00
Oliver
0cff2080ae Pin PIP version (for testing) (#4617)
(cherry picked from commit ab792aa96f)
2023-04-17 21:38:11 +10:00
Matthias Mair
2dae60292e Fix typos/naming (#4242)
* fix usage of InvenTree name

* small typo fix

* rename notification plugin
all builtins should be named inventree...
2023-01-25 09:29:50 +11:00
Matthias Mair
c0bcee870e Bump actions to node 16 / current releases (#3799)
* bump actions to node 16 / current releases

* fix merge
2022-10-17 13:46:12 +11:00
Matthias Mair
cf70e4220f Update requirements (#3228)
* Remove stat context variables

* Revert "Remove stat context variables"

This reverts commit 0989c308d0.

* remove old backport

* move requirements

* move isort

* move migrations-tests

* add pip-tools as req and add hook

* Use hashes and also run when txt files are added

* Update to hashes in requirements

* update requirements install path

* remove allauth-2fa for a test

* install dev-requirements

* re-enable allauth

* remove hashes from pre normal setup

* Remove version bindings if they are the laest

* move depencies to upper bound

* fix django-money

* remove windows specific requirements

* also install dependencies

* update markdownify

* remove django-admin-shell

* remove unneeded packages

* add docs

* remove pins and fix pre-commit pipeline

* pin django-money

* really remove admin shell

* return default behaviour for money serializer

* pip fix

* update filter name

* set decimal for output

* add migrations

* pin coveralls

* update requirements

Co-authored-by: Oliver Walters <oliver.henry.walters@gmail.com>
2022-06-28 22:12:00 +10:00
Matthias Mair
4d8836378b CI updates (#3087)
* Add pre-commit to the stack

* exclude static

* Add locales to excludes

* fix style errors

* rename pipeline steps

* also wait on precommit

* make template matching simpler

* Use the same code for python setup everywhere

* use step and cache for python setup

* move regular settings up into general envs

* just use full update

* Use invoke instead of static references

* make setup actions more similar

* use python3

* refactor names to be similar

* fix runner version

* fix references

* remove incidential change

* use matrix for os

* Github can't do this right now

* ignore docstyle errors

* Add seperate docstring test

* update flake call

* do not fail on docstring

* refactor setup into workflow

* update reference

* switch to action

* resturcture

* add bash statements

* remove os from cache

* update input checks

* make code cleaner

* fix boolean

* no relative paths

* install wheel by python

* switch to install

* revert back to simple wheel

* refactor import export tests

* move setup keys back to not disturbe tests

* remove docstyle till that is fixed

* update references

* continue on error

* use relativ action references

* Change step / job docstrings
2022-05-28 10:38:12 +10:00