-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ticketing #501
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #501 +/- ##
==========================================
+ Coverage 69.78% 71.00% +1.21%
==========================================
Files 31 31
Lines 6387 6804 +417
==========================================
+ Hits 4457 4831 +374
- Misses 1930 1973 +43 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All gas no breaks. Well done Rohan!
backend/clubs/views.py
Outdated
buyers = tickets.filter(owner__isnull=False).values("id", "fullname", "type") | ||
|
||
return Response({"totals": totals, "available": available, "buyers": buyers}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Buyers probably shouldn't be public because we don't want everyone to know who owns tickets. I don't think it's a huge deal but would be weird if I could like track you down and know for certain that you're doing to show. Maybe just show the user their own tickets or something? I like totals
and available
though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Never mind, my bad I didn't realize this viewset had a permission class — this is perfect!
…out and updated when any cart is validated before checkout
* Merge master into ticketing * Move ticketing migration to end
|
GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
---|---|---|---|---|---|
10282361 | Triggered | Generic High Entropy Secret | 428dd7e | backend/pennclubs/settings/development.py | View secret |
9451515 | Triggered | Generic Password | 50b9c0b | .github/workflows/cdkactions_build-and-deploy.yaml | View secret |
9451515 | Triggered | Generic Password | 03214af | .github/workflows/cdkactions_build-and-deploy.yaml | View secret |
9451515 | Triggered | Generic Password | 80e8201 | .github/workflows/cdkactions_build-and-deploy.yaml | View secret |
10282361 | Triggered | Generic High Entropy Secret | 40fb7f7 | backend/pennclubs/settings/ci.py | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
* Owned tickets tab skeleton code. * 🎉 Functional but suspicious code * 🧹 Fix some good practice --------- Co-authored-by: Julian Weng <julian.weng.us@gmail.com>
* Add test cases for backend ticketing APIs Long overdue addition of tests to the ticketing backend. Tests and fixes all the APIs under the Event and Ticket models. There are more complex workflows with race conditions etc that are not tested, but should be at some point. Unmerged functionality is also not tested yet. * Don't use locked rows to groupby * Set cybersource settings in CI * Address feedback
* Add to cart feature (styling is borked) * 🐛 Broken code * 🐛 fixed * 🎨 Readd event preview * 🧹 Less jank way of doing group discount visibility * 🎨 Address comments and actually type things * 🎨 Address nit --------- Co-authored-by: Julian Weng <julian.weng.us@gmail.com> Co-authored-by: Eunsoo Shin <me@esinx.net>
* Use capture context to verify transient token * Add migration * Minor changes to documentation * Add tests * Add comment explaining max char length
* Add ticket drop time to event attributes * Set ticket drop time at tickets creation * Add unit tests * Minor refactor to tests * Revert unneeded changes to Pipfile.lock * Allow users to specify drop time + more guards/tests * Remove dev artifact in tests * Fix all typos with "transferred" * Add 403 to response schema * Only display tickets after they've dropped
* add ability to transfer tickets * send confirmation emails on transfer * nit * address comments, add ticket creation serializer * fix migration * remove print statement 😔 * grrr * remove serializer, add tests * tests + fix * here at Penn Clubs, we love nits * lint
* Cart skeleton * Basic UI to payment. * More appropriately-sized shopping cart icon * Payment integration 1st step. * fix(move) * fix(TicketCard): extract and abstract * checkout flow ui * wip(payment) * 🎉 Add ability to remove tickets from cart * 🐛 Better backend error and remove cart logic * 🎉 Modify sold_out to return event type and count * 🎉 Add cart empty view and edit mode * 🎨 Add empty view * 🎨 Grafik design is my passion * 🎉 Modify edit success and display toast, correct e2e behavior * 🐛 Change color to make edit mode more obvious * 🎉 Toast for sold out tickets * Add frontend auth check to cart page and fix sold_out toast functionality (multiple toasts per ticket, ticket event name) * Fix backend tests for group discounts, new cart API, and more (#675) * Refactor cart summation to helper fn * Add tests for group discounts and cart totaling * Minor change to docs * Only populate `sold_out_tickets` if tickets cannot be replaced * Refactor tests to use new cart API * Make openAPI docs happy * Make `_calculate_cart_total` static method * Group discount shouldn't activate below threshold * Fix API docs & improve tests * Add minor subtest * Align tests with new API * Improve invalid ticket replacement * 🎉 Default to 1 ticket when buying smh * 🎉 Add a bunch of style and features * 🎨 Kinda responsive --------- Co-authored-by: Julian Weng <julian.weng.us@gmail.com> Co-authored-by: Eunsoo Shin <me@esinx.net> Co-authored-by: Avi Upadhyayula <69180850+aviupadhyayula@users.noreply.github.com> Co-authored-by: aviupadhyayula <aupadhy@gmail.com>
* Move guards on event deletion to the right place * Add @update_holds to destroy * Fix typo in testing docs * Test guards on event deletion * Improve test case logic * Address nit in tests
* Add issues_ticket route * Improve efficiency * Add tests for `issue_tickets` * Minor refactor to tests * Create transaction records after issuing * Make unit test more exhaustive * Return errors as array in response * Lock issue_tickets behind perms * Revert "Lock issue_tickets behind perms" This reverts commit 47e63b0. * Remove unnecessary holds * Change input schema naming * Auth lock issue_tickets route * Add test for perms
* attendance tracking * add comment
* Fix ticket interface for sellers. * Clarify type for buyersPerm. * 🎨 Yay * Frontend for admin ticket transfering and base props fix. * 🎉 Add issue ticket * Frontend for marking tickets as attended/not attended * 🎨 Split String and handle input edge case * 🧹 Hehe * 🚨 Some changes with a fake api endpoint * 🎉 Some fire UI * 🐛 Error Response not showing correctly * 🎨 Brr * Lint, improve UI language, fix items remaining in cart after deletion through button, fix updating item quantities in cart through button, fix success vs error toast for adding tickets to cart. * API integration for issuing tickets * Ticket transfer interface * Integrate attendance into frontend and add warning popup for un-attending people * 🎨 Nit * 🐛 Joy fixes everything --------- Co-authored-by: Joy Liu <34288846+joyliu-q@users.noreply.github.com> Co-authored-by: Joy Liu <joyliu.q@gmail.com>
* Added support for free tickets * fix lint error * fix lint error * Added free ticket tests * Address feedback * Address feedback * Add user a parameter to _give_tickets
…ta (#685) * Add buyable field and try to enforce it. Disable tickets with payments on frontend. * Add frontend handling for no-cost cart.
* Add beta tag everywhere and add frontend auth check for issuing tickets * Delete legacy events code
* fix expires_at test test (#664) * Cast exception to str in management command * Move submissions from /apply to user profile (#638) * finished changes * Remove Wharton applications from user profile (and update branch) (#641) * Update main.ts * Update frontend dependencies (#616) Upgrade from Node 14 to Node 20 and bump frontend dependency versions to current. --------- Co-authored-by: Julian Weng <julian.weng.us@gmail.com> * Update README.md * Update README backend instructions and intro blurb * Fix admin page access on frontend. (#626) Add frontend check for existing pre-loaded permissions on /admin. * Removed deprecated QuestionResponse model and duplicate line (#625) * Remove deprecated QuestionResponse model * remove duplicate line: 'rank field in Club' * made migrations after deleting QuestionResponse * Streamline django storages config (#618) * Add staticfiles * Fix AWS bucket routing for boto * Try setting credentials through env vars * Try renaming env vars? * Set AWS region * add back staticfiles * Remove region and signature version * Move credentials to new API * Use env variables and remove staticfiles * Add back staticfiles * Make code look pretty --------- Co-authored-by: Rohan Moniz <60864468+rm03@users.noreply.github.com> * Add hour to displayed application deadline (#628) * Add hour for application due dates * Make linter happy * Specify Eastern time zone * Display username if name is empty (#637) * finished changes * Remove Wharton applications from user profile * Fix weird artifacts from merge --------- Co-authored-by: Joy Liu <34288846+joyliu-q@users.noreply.github.com> Co-authored-by: Julian Weng <julian.weng.us@gmail.com> Co-authored-by: Rohan Moniz <60864468+rm03@users.noreply.github.com> Co-authored-by: Thomas Ngulube <47449914+Porcupine1@users.noreply.github.com> Co-authored-by: Owen Lester <owlester@sas.upenn.edu> * Bump debounce timeout to 400ms (#640) * Bump debounce timeout to 400ms * Make linter happy * small changes * added type * merging * deleted file --------- Co-authored-by: Avi Upadhyayula <69180850+aviupadhyayula@users.noreply.github.com> Co-authored-by: Joy Liu <34288846+joyliu-q@users.noreply.github.com> Co-authored-by: Julian Weng <julian.weng.us@gmail.com> Co-authored-by: Rohan Moniz <60864468+rm03@users.noreply.github.com> Co-authored-by: Thomas Ngulube <47449914+Porcupine1@users.noreply.github.com> * Add carousel (#622) * add carousel * Old react-multi-carousel * fixed npm yarn * remvoed packagelock.json * fixing issues * change height * minor changes * deleted a comment * merging? * delete one onClick * change breakpoint * Revert "Move submissions from /apply to user profile (#638)" (#673) This reverts commit 29d9a12. * Revert "Add carousel (#622)" (#674) This reverts commit fcab615. * Improve error reporting in mgmt cmds (#678) * Fix bug in Excel column names (#683) * Remove unused `tickets_count` field --------- Co-authored-by: Thomas Ngulube <47449914+Porcupine1@users.noreply.github.com> Co-authored-by: owlester12 <64493239+owlester12@users.noreply.github.com> Co-authored-by: Joy Liu <34288846+joyliu-q@users.noreply.github.com> Co-authored-by: Julian Weng <julian.weng.us@gmail.com> Co-authored-by: Rohan Moniz <60864468+rm03@users.noreply.github.com>
Mega PR for Ticketing project
Ticket administrators
api/events/<event_id>/tickets
) (idempotency/editable)api/ticket/<ticket_id>
)api/ticket/<ticket_id>/qr
)api/events/<event_id>/tickets
). Buyers are viewable only by officers of club. (GETapi/events/<event_id>/buyers
).Ticket buyers
api/events/<event_id>/add_to_cart
)api/tickets
)api/events/<event_id>/remove_from_cart
)api/tickets/checkout
)api/tickets/cart
)api/tickets/buy
)Misc