From 0f8462dc7c11ddb0ce2de90dc8d7b3938bbf097a Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Wed, 6 Nov 2024 21:13:44 +0100
Subject: [PATCH 01/22] enforce startup order in docker-compose.yml

---
 deploy/dev/docker-compose.yml | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/deploy/dev/docker-compose.yml b/deploy/dev/docker-compose.yml
index 95e8083..dff5ab3 100644
--- a/deploy/dev/docker-compose.yml
+++ b/deploy/dev/docker-compose.yml
@@ -6,11 +6,17 @@ services:
     command: bash -c 'python manage.py migrate && python manage.py runserver 0.0.0.0:8000'
     environment:
       - HTTP_HOST=core
-      #- DATABASE_URL
+      - DB_HOST=db
+      - DB_PORT=3306
+      - DB_NAME=system3
+      - DB_USER=system3
+      - DB_PASSWORD=system3
     volumes:
       - ../../core:/code
     ports:
       - "8000:8000"
+    depends_on:
+      - db
 
   frontend:
     build:
@@ -23,6 +29,8 @@ services:
       - ./vue.config.js:/web/vue.config.js
     ports:
       - "8080:8080"
+    depends_on:
+      - core
 
   db:
     image: mariadb
@@ -30,4 +38,11 @@ services:
       MARIADB_RANDOM_ROOT_PASSWORD: true
       MARIADB_DATABASE: system3
       MARIADB_USER: system3
-      MARIADB_PASSWORD: system3
\ No newline at end of file
+      MARIADB_PASSWORD: system3
+    volumes:
+      - mariadb_data:/var/lib/mysql
+    ports:
+      - "3306:3306"
+
+volumes:
+  mariadb_data:
\ No newline at end of file

From b9cfdf54565066fcd90ea5b3527daa2966dcab71 Mon Sep 17 00:00:00 2001
From: bton <anton@postmitdermaus.de>
Date: Wed, 6 Nov 2024 21:09:06 +0100
Subject: [PATCH 02/22] fixed race contidion on ticket view loading

---
 web/src/views/Ticket.vue | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/web/src/views/Ticket.vue b/web/src/views/Ticket.vue
index 63f3515..cbb372c 100644
--- a/web/src/views/Ticket.vue
+++ b/web/src/views/Ticket.vue
@@ -79,16 +79,6 @@ export default {
             shipping_voucher_type: null,
         }
     },
-    watch: {
-        ticket(val) {
-            if (this.selected_state == null) {
-                this.selected_state = val.state;
-            }
-            if (this.selected_assignee == null) {
-                this.selected_assignee = val.assigned_to
-            }
-        }
-    },
     computed: {
         ...mapState(['tickets', 'state_options', 'users']),
         ...mapGetters(['availableShippingVoucherTypes']),
@@ -134,12 +124,14 @@ export default {
         },
     },
     mounted() {
-        this.scheduleAfterInit(() => [this.fetchTicketStates(), this.loadTickets(), this.loadUsers(),
-            this.fetchShippingVouchers()]);
+		this.scheduleAfterInit(() => [Promise.all([this.fetchTicketStates(), this.loadTickets(), this.loadUsers(), this.fetchShippingVouchers()]).then(()=>{
+			this.selected_state = this.ticket.state;
+			this.selected_assignee = this.ticket.assigned_to
+		})]);
     }
 };
 </script>
 
 <style scoped>
 
-</style>
\ No newline at end of file
+</style>

From 269f02c2cecfd97b4f0620bc95b1ce17abfdb820 Mon Sep 17 00:00:00 2001
From: lagertonne <mail@lagertonne.de>
Date: Wed, 6 Nov 2024 22:21:32 +0100
Subject: [PATCH 03/22] Add django standard metrics

---
 core/core/settings.py      | 5 +++++
 core/core/urls.py          | 1 +
 core/requirements.prod.txt | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/core/core/settings.py b/core/core/settings.py
index db23180..124fcad 100644
--- a/core/core/settings.py
+++ b/core/core/settings.py
@@ -50,6 +50,7 @@ INSTALLED_APPS = [
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'django_extensions',
+    'django_prometheus',
     'rest_framework',
     'knox',
     'drf_yasg',
@@ -85,6 +86,7 @@ SWAGGER_SETTINGS = {
 }
 
 MIDDLEWARE = [
+    'django_prometheus.middleware.PrometheusBeforeMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
@@ -92,6 +94,7 @@ MIDDLEWARE = [
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'django_prometheus.middleware.PrometheusAfterMiddleware',
 ]
 
 ROOT_URLCONF = 'core.urls'
@@ -210,4 +213,6 @@ CHANNEL_LAYERS = {
 
 }
 
+PROMETHEUS_METRIC_NAMESPACE = 'c3lf'
+
 TEST_RUNNER = 'core.test_runner.FastTestRunner'
diff --git a/core/core/urls.py b/core/core/urls.py
index b0161bb..df6e0d0 100644
--- a/core/core/urls.py
+++ b/core/core/urls.py
@@ -32,4 +32,5 @@ urlpatterns = [
     path('api/2/', include('notify_sessions.api_v2')),
     path('api/2/', include('authentication.api_v2')),
     path('api/', get_info),
+    path('', include('django_prometheus.urls')),
 ]
diff --git a/core/requirements.prod.txt b/core/requirements.prod.txt
index 14bdc0f..ee69fe7 100644
--- a/core/requirements.prod.txt
+++ b/core/requirements.prod.txt
@@ -41,3 +41,5 @@ urllib3==2.1.0
 uvicorn==0.24.0.post1
 watchfiles==0.21.0
 websockets==12.0
+django-prometheus==2.3.1
+prometheus_client==0.21.0

From 0c4995db2b1847e5cfe56fbcf00acf76fe4e028f Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Fri, 8 Nov 2024 20:04:43 +0100
Subject: [PATCH 04/22] add docker env for integration testing

---
 core/core/settings.py                         |  2 +-
 .../ansible/playbooks/templates/django.env.j2 |  1 +
 deploy/testing/Dockerfile.backend             | 11 ++++
 deploy/testing/Dockerfile.frontend            |  6 ++
 deploy/testing/docker-compose.yml             | 55 +++++++++++++++++++
 deploy/testing/vue.config.js                  | 27 +++++++++
 6 files changed, 101 insertions(+), 1 deletion(-)
 create mode 100644 deploy/testing/Dockerfile.backend
 create mode 100644 deploy/testing/Dockerfile.frontend
 create mode 100644 deploy/testing/docker-compose.yml
 create mode 100644 deploy/testing/vue.config.js

diff --git a/core/core/settings.py b/core/core/settings.py
index 124fcad..5b37ad8 100644
--- a/core/core/settings.py
+++ b/core/core/settings.py
@@ -207,7 +207,7 @@ CHANNEL_LAYERS = {
     'default': {
         'BACKEND': 'channels_redis.core.RedisChannelLayer',
         'CONFIG': {
-            'hosts': [('localhost', 6379)],
+            'hosts': [(os.getenv('REDIS_HOST', 'localhost'), 6379)],
         },
     }
 
diff --git a/deploy/ansible/playbooks/templates/django.env.j2 b/deploy/ansible/playbooks/templates/django.env.j2
index 72a0c30..a1757db 100644
--- a/deploy/ansible/playbooks/templates/django.env.j2
+++ b/deploy/ansible/playbooks/templates/django.env.j2
@@ -1,3 +1,4 @@
+REDIS_HOST=localhost
 DB_HOST=localhost
 DB_PORT=3306
 DB_NAME=c3lf_sys3
diff --git a/deploy/testing/Dockerfile.backend b/deploy/testing/Dockerfile.backend
new file mode 100644
index 0000000..c968994
--- /dev/null
+++ b/deploy/testing/Dockerfile.backend
@@ -0,0 +1,11 @@
+FROM python:3.11-bookworm
+LABEL authors="lagertonne"
+
+ENV PYTHONUNBUFFERED 1
+RUN mkdir /code
+WORKDIR /code
+COPY requirements.prod.txt /code/
+RUN apt update && apt install -y mariadb-client
+RUN pip install -r requirements.prod.txt
+RUN pip install mysqlclient
+COPY .. /code/
\ No newline at end of file
diff --git a/deploy/testing/Dockerfile.frontend b/deploy/testing/Dockerfile.frontend
new file mode 100644
index 0000000..0a41d1a
--- /dev/null
+++ b/deploy/testing/Dockerfile.frontend
@@ -0,0 +1,6 @@
+FROM docker.io/node:22
+
+RUN mkdir /web
+WORKDIR /web
+COPY package.json /web/
+RUN npm install
diff --git a/deploy/testing/docker-compose.yml b/deploy/testing/docker-compose.yml
new file mode 100644
index 0000000..e93e901
--- /dev/null
+++ b/deploy/testing/docker-compose.yml
@@ -0,0 +1,55 @@
+services:
+  redis:
+    image: redis
+    ports:
+      - "6379:6379"
+
+  db:
+    image: mariadb
+    environment:
+      MARIADB_RANDOM_ROOT_PASSWORD: true
+      MARIADB_DATABASE: system3
+      MARIADB_USER: system3
+      MARIADB_PASSWORD: system3
+    volumes:
+      - mariadb_data:/var/lib/mysql
+    ports:
+      - "3306:3306"
+
+  core:
+    build:
+      context: ../../core
+      dockerfile: ../deploy/testing/Dockerfile.backend
+    command: bash -c 'python manage.py migrate && python /code/server.py'
+    environment:
+      - HTTP_HOST=core
+      - REDIS_HOST=redis
+      - DB_HOST=db
+      - DB_PORT=3306
+      - DB_NAME=system3
+      - DB_USER=system3
+      - DB_PASSWORD=system3
+    volumes:
+      - ../../core:/code
+    ports:
+      - "8000:8000"
+    depends_on:
+      - db
+      - redis
+
+  frontend:
+    build:
+      context: ../../web
+      dockerfile: ../deploy/testing/Dockerfile.frontend
+    command: npm run serve
+    volumes:
+      - ../../web:/web:ro
+      - /web/node_modules
+      - ./vue.config.js:/web/vue.config.js
+    ports:
+      - "8080:8080"
+    depends_on:
+      - core
+
+volumes:
+  mariadb_data:
\ No newline at end of file
diff --git a/deploy/testing/vue.config.js b/deploy/testing/vue.config.js
new file mode 100644
index 0000000..f8f3c26
--- /dev/null
+++ b/deploy/testing/vue.config.js
@@ -0,0 +1,27 @@
+// vue.config.js
+
+module.exports = {
+    devServer: {
+        headers: {
+            "Access-Control-Allow-Origin": "*",
+            "Access-Control-Allow-Headers": "*",
+            "Access-Control-Allow-Methods": "*"
+        },
+        proxy: {
+            '^/media/2': {
+                target: 'http://core:8000/',
+            },
+            '^/api/2': {
+                target: 'http://core:8000/',
+            },
+            '^/api/1': {
+                target: 'http://core:8000/',
+            },
+            '^/ws/2': {
+                target: 'http://core:8000/',
+                ws: true,
+                logLevel: 'debug',
+            },
+        }
+    }
+}
\ No newline at end of file

From 4272aab6434b8bffd81d356bb387debcd33120f6 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Fri, 8 Nov 2024 22:23:52 +0100
Subject: [PATCH 05/22] save raw_mails as file

---
 core/mail/migrations/0006_email_raw_file.py | 36 +++++++++++++++++++++
 core/mail/models.py                         |  2 +-
 core/mail/protocol.py                       |  2 +-
 core/requirements.dev.txt                   |  2 ++
 4 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 core/mail/migrations/0006_email_raw_file.py

diff --git a/core/mail/migrations/0006_email_raw_file.py b/core/mail/migrations/0006_email_raw_file.py
new file mode 100644
index 0000000..1288bcf
--- /dev/null
+++ b/core/mail/migrations/0006_email_raw_file.py
@@ -0,0 +1,36 @@
+# Generated by Django 4.2.7 on 2024-11-08 20:37
+from django.core.files.base import ContentFile
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('mail', '0005_alter_eventaddress_event'),
+    ]
+
+    def move_raw_mails_to_file(apps, schema_editor):
+        Email = apps.get_model('mail', 'Email')
+        for email in Email.objects.all():
+            raw_content = email.raw
+            email.raw_file = ContentFile(raw_content)
+            email.raw = None
+            email.save()
+
+    operations = [
+        migrations.AddField(
+            model_name='email',
+            name='raw_file',
+            field=models.FileField(null=True, upload_to='raw_mail/'),
+        ),
+        migrations.RunPython(move_raw_mails_to_file),
+        migrations.RemoveField(
+            model_name='email',
+            name='raw',
+        ),
+        migrations.AlterField(
+            model_name='email',
+            name='raw_file',
+            field=models.FileField(upload_to='raw_mail/'),
+        ),
+    ]
diff --git a/core/mail/models.py b/core/mail/models.py
index 378854b..65371fe 100644
--- a/core/mail/models.py
+++ b/core/mail/models.py
@@ -18,7 +18,7 @@ class Email(SoftDeleteModel):
     recipient = models.CharField(max_length=255)
     reference = models.CharField(max_length=255, null=True, unique=True)
     in_reply_to = models.CharField(max_length=255, null=True)
-    raw = models.TextField()
+    raw_file = models.FileField(upload_to='raw_mail/')
     issue_thread = models.ForeignKey(IssueThread, models.SET_NULL, null=True, related_name='emails')
     event = models.ForeignKey(Event, models.SET_NULL, null=True)
 
diff --git a/core/mail/protocol.py b/core/mail/protocol.py
index a87f1a6..926e8c2 100644
--- a/core/mail/protocol.py
+++ b/core/mail/protocol.py
@@ -206,7 +206,7 @@ def receive_email(envelope, log=None):
 
     email = Email.objects.create(
         sender=sender, recipient=recipient, body=body, subject=subject, reference=header_message_id,
-        in_reply_to=header_in_reply_to, raw=envelope.content, event=target_event,
+        in_reply_to=header_in_reply_to, raw_file=ContentFile(envelope.content), event=target_event,
         issue_thread=active_issue_thread)
     for attachment in attachments:
         email.attachments.add(attachment)
diff --git a/core/requirements.dev.txt b/core/requirements.dev.txt
index 146aa37..3807a6c 100644
--- a/core/requirements.dev.txt
+++ b/core/requirements.dev.txt
@@ -73,3 +73,5 @@ watchfiles==0.21.0
 websockets==12.0
 yarl==1.9.4
 zope.interface==6.1
+django-prometheus==2.3.1
+prometheus_client==0.21.0

From a6a8b0defe4d435a855a3ea91bc6a646ed2c7f1f Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Sat, 9 Nov 2024 00:03:21 +0100
Subject: [PATCH 06/22] add functions to train mails as spam/ham

---
 core/core/settings.py                            |  9 +++++++--
 core/mail/models.py                              | 14 +++++++++++++-
 deploy/ansible/inventory.yml.sample              |  4 +++-
 deploy/ansible/playbooks/templates/django.env.j2 |  3 +++
 4 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/core/core/settings.py b/core/core/settings.py
index 5b37ad8..2d4a818 100644
--- a/core/core/settings.py
+++ b/core/core/settings.py
@@ -15,6 +15,9 @@ import sys
 import dotenv
 from pathlib import Path
 
+def truthy_str(s):
+    return s.lower() in ['true', '1', 't', 'y', 'yes', 'yeah', 'yup', 'certainly', 'sure', 'positive', 'uh-huh', '👍']
+
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
@@ -24,10 +27,10 @@ dotenv.load_dotenv(BASE_DIR / '.env')
 # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-tm*$w_14iqbiy-!7(8#ba7j+_@(7@rf2&a^!=shs&$03b%2*rv'
+SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'django-insecure-tm*$w_14iqbiy-!7(8#ba7j+_@(7@rf2&a^!=shs&$03b%2*rv')
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = truthy_str(os.getenv('DEBUG_MODE_ACTIVE', 'False'))
 
 ALLOWED_HOSTS = [os.getenv('HTTP_HOST', 'localhost')]
 
@@ -40,6 +43,8 @@ LEGACY_USER_PASSWORD = os.getenv('LEGACY_API_PASSWORD', 'legacy_password')
 
 SYSTEM3_VERSION = "0.0.0-dev.0"
 
+ACTIVE_SPAM_TRAINING = truthy_str(os.getenv('ACTIVE_SPAM_TRAINING', 'False'))
+
 # Application definition
 
 INSTALLED_APPS = [
diff --git a/core/mail/models.py b/core/mail/models.py
index 65371fe..2215fbb 100644
--- a/core/mail/models.py
+++ b/core/mail/models.py
@@ -3,7 +3,7 @@ import random
 from django.db import models
 from django_softdelete.models import SoftDeleteModel
 
-from core.settings import MAIL_DOMAIN
+from core.settings import MAIL_DOMAIN, ACTIVE_SPAM_TRAINING
 from files.models import AbstractFile
 from inventory.models import Event
 from tickets.models import IssueThread
@@ -28,6 +28,18 @@ class Email(SoftDeleteModel):
             self.reference = f'<{random.randint(0, 1000000000):09}@{MAIL_DOMAIN}>'
             self.save()
 
+    def train_spam(self):
+        if ACTIVE_SPAM_TRAINING:
+            import subprocess
+            path = self.raw_file.path
+            subprocess.run(["rspamc", "learn_spam", path])
+
+    def train_ham(self):
+        if ACTIVE_SPAM_TRAINING:
+            import subprocess
+            path = self.raw_file.path
+            subprocess.run(["rspamc", "learn_ham", path])
+
 
 class EventAddress(models.Model):
     id = models.AutoField(primary_key=True)
diff --git a/deploy/ansible/inventory.yml.sample b/deploy/ansible/inventory.yml.sample
index 6ba14ac..2a50efd 100644
--- a/deploy/ansible/inventory.yml.sample
+++ b/deploy/ansible/inventory.yml.sample
@@ -11,4 +11,6 @@ c3lf-nodes:
       mail_domain: <mail_domain>
       main_email: <main_email>
       legacy_api_user: <legacy_api_user>
-      legacy_api_password: <legacy_api_password>
\ No newline at end of file
+      legacy_api_password: <legacy_api_password>
+      debug_mode_active: false
+      django_secret_key: 'django-insecure-tm*$w_14iqbiy-!7(8#ba7j+_@(7@rf2&a^!=shs&$03b%2*rv'
\ No newline at end of file
diff --git a/deploy/ansible/playbooks/templates/django.env.j2 b/deploy/ansible/playbooks/templates/django.env.j2
index a1757db..c9b1c83 100644
--- a/deploy/ansible/playbooks/templates/django.env.j2
+++ b/deploy/ansible/playbooks/templates/django.env.j2
@@ -10,3 +10,6 @@ LEGACY_API_USER={{ legacy_api_user }}
 LEGACY_API_PASSWORD={{ legacy_api_password }}
 MEDIA_ROOT=/var/www/c3lf-sys3/userfiles
 STATIC_ROOT=/var/www/c3lf-sys3/staticfiles
+ACTIVE_SPAM_TRAINING=True
+DEBUG_MODE_ACTIVE={{ debug_mode_active }}
+DJANGO_SECRET_KEY={{ django_secret_key }}

From 5a6349c5d3d8bc9a47866901d9c0a0d5fce8910a Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Sat, 9 Nov 2024 01:00:53 +0100
Subject: [PATCH 07/22] train spam on state change to 'closed_spam'

---
 core/mail/migrations/0006_email_raw_file.py   |  6 ++--
 .../tickets/migrations/0011_train_old_spam.py | 31 +++++++++++++++++++
 core/tickets/models.py                        |  2 ++
 3 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 core/tickets/migrations/0011_train_old_spam.py

diff --git a/core/mail/migrations/0006_email_raw_file.py b/core/mail/migrations/0006_email_raw_file.py
index 1288bcf..4086af8 100644
--- a/core/mail/migrations/0006_email_raw_file.py
+++ b/core/mail/migrations/0006_email_raw_file.py
@@ -4,7 +4,6 @@ from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
-
     dependencies = [
         ('mail', '0005_alter_eventaddress_event'),
     ]
@@ -13,8 +12,9 @@ class Migration(migrations.Migration):
         Email = apps.get_model('mail', 'Email')
         for email in Email.objects.all():
             raw_content = email.raw
-            email.raw_file = ContentFile(raw_content)
-            email.raw = None
+            path = "mail_{}".format(email.id)
+            if len(raw_content):
+                email.raw_file.save(path, ContentFile(raw_content))
             email.save()
 
     operations = [
diff --git a/core/tickets/migrations/0011_train_old_spam.py b/core/tickets/migrations/0011_train_old_spam.py
new file mode 100644
index 0000000..206cbb4
--- /dev/null
+++ b/core/tickets/migrations/0011_train_old_spam.py
@@ -0,0 +1,31 @@
+# Generated by Django 4.2.7 on 2024-06-23 02:17
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('mail', '0006_email_raw_file'),
+        ('tickets', '0010_issuethread_event_itemrelation_and_more'),
+    ]
+
+    def train_old_mails(apps, schema_editor):
+        from tickets.models import IssueThread
+        for t in IssueThread.objects.all():
+            try:
+                state = t.state
+                i = 0
+                for e in t.emails.all():
+                    if e.raw_file:
+                        if state == 'closed_spam' and i == 0:
+                            e.train_spam()
+                        else:
+                            e.train_ham()
+                    i += 1
+            except:
+                pass
+
+    operations = [
+        migrations.RunPython(train_old_mails),
+    ]
diff --git a/core/tickets/models.py b/core/tickets/models.py
index db427fe..aff5d6c 100644
--- a/core/tickets/models.py
+++ b/core/tickets/models.py
@@ -60,6 +60,8 @@ class IssueThread(SoftDeleteModel):
         if self.state == value:
             return
         self.state_changes.create(state=value)
+        if value == 'closed_spam' and self.emails.exists():
+            self.emails.first().train_spam()
 
     @property
     def assigned_to(self):

From 8831f67f003526f460e2ebd4499ea8b89eb178a9 Mon Sep 17 00:00:00 2001
From: bton <anton@postmitdermaus.de>
Date: Sun, 10 Nov 2024 17:12:53 +0100
Subject: [PATCH 08/22] ticket state changes to pending_open on first view

---
 web/src/views/Ticket.vue | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/web/src/views/Ticket.vue b/web/src/views/Ticket.vue
index cbb372c..2042090 100644
--- a/web/src/views/Ticket.vue
+++ b/web/src/views/Ticket.vue
@@ -125,6 +125,9 @@ export default {
     },
     mounted() {
 		this.scheduleAfterInit(() => [Promise.all([this.fetchTicketStates(), this.loadTickets(), this.loadUsers(), this.fetchShippingVouchers()]).then(()=>{
+			if (this.ticket.state == "pending_new"){
+				this.ticket.state = "pending_open"
+			};
 			this.selected_state = this.ticket.state;
 			this.selected_assignee = this.ticket.assigned_to
 		})]);

From 444c2de16c522a1a0d9413cde186f8504c674c33 Mon Sep 17 00:00:00 2001
From: bton <anton@postmitdermaus.de>
Date: Sun, 10 Nov 2024 19:53:09 +0100
Subject: [PATCH 09/22] change the ticket.state in the backend too

---
 web/src/views/Ticket.vue | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/src/views/Ticket.vue b/web/src/views/Ticket.vue
index 2042090..f666ee8 100644
--- a/web/src/views/Ticket.vue
+++ b/web/src/views/Ticket.vue
@@ -126,7 +126,8 @@ export default {
     mounted() {
 		this.scheduleAfterInit(() => [Promise.all([this.fetchTicketStates(), this.loadTickets(), this.loadUsers(), this.fetchShippingVouchers()]).then(()=>{
 			if (this.ticket.state == "pending_new"){
-				this.ticket.state = "pending_open"
+				this.selected_state = "pending_open";
+				this.changeTicketStatus(this.ticket)
 			};
 			this.selected_state = this.ticket.state;
 			this.selected_assignee = this.ticket.assigned_to

From be02a3e163ce9de01834a83b79b63dfb054e7236 Mon Sep 17 00:00:00 2001
From: lagertonne <mail@lagertonne.de>
Date: Wed, 6 Nov 2024 22:26:48 +0100
Subject: [PATCH 10/22] cicd: Deploy testing automatically

---
 .forgejo/workflows/testing.yml | 41 ++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .forgejo/workflows/testing.yml

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
new file mode 100644
index 0000000..2237cf9
--- /dev/null
+++ b/.forgejo/workflows/testing.yml
@@ -0,0 +1,41 @@
+on:
+  push:
+    branches:
+      - testing
+jobs:
+  deploy:
+    runs-on: docker
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install ansible
+        run: |
+          apt update -y
+          apt install python3-pip -y
+          python3 -m pip install ansible
+          python3 -m pip install ansible-lint
+
+      - name: Populate relevant files
+        run: |
+          mkdir ~/.ssh
+          echo "${{ secrets.C3LF_SSH_TESTING }}" > ~/.ssh/id_ed25519
+          chmod 0600 ~/.ssh/id_ed25519
+          ls -lah ~/.ssh
+          command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )
+          eval $(ssh-agent -s)
+          ssh-add ~/.ssh/id_ed25519
+          echo "andromeda.lab.or.it ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXPoO0PE+B9PYwbGaLo98zhbmjAkp6eBtVeZe43v/+T" >> ~/.ssh/known_hosts
+          mkdir /etc/ansible
+          echo "${{ secrets.C3LF_INVENTORY_TESTING }}" > /etc/ansible/hosts
+
+      - name: Check ansible version
+        run: |
+          ansible --version
+
+      - name: List ansible hosts
+        run: |
+          ansible -m ping Andromeda
+
+      - name: Deploy testing
+        run: |
+          cd deploy/ansible
+          ansible-playbook playbooks/deploy-c3lf-sys3.yml

From 5ba4085e603d4d5ccec82a2163f7eadfdf813db1 Mon Sep 17 00:00:00 2001
From: lagertonne <mail@lagertonne.de>
Date: Wed, 6 Nov 2024 22:26:48 +0100
Subject: [PATCH 11/22] cicd: Run tests automatically

---
 .forgejo/workflows/testing.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 2237cf9..dd16880 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -3,7 +3,25 @@ on:
     branches:
       - testing
 jobs:
+  test:
+    runs-on: docker
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache-dependency-path: '**/requirements.dev.txt'
+      - name: Install dependencies
+        working-directory: core
+        run: pip3 install -r requirements.dev.txt
+      - name: Run django tests
+        working-directory: core
+        run: python3 manage.py test
+
   deploy:
+    needs: [test]
     runs-on: docker
     steps:
       - uses: actions/checkout@v4

From 63d6b7a5a8fd7aa447ca36bca74d80b09c79d0dd Mon Sep 17 00:00:00 2001
From: lagertonne <mail@lagertonne.de>
Date: Tue, 12 Nov 2024 16:51:29 +0100
Subject: [PATCH 12/22] cicd: run on every pull request, but only deploy on
 testing

---
 .forgejo/workflows/pull_request.yml | 20 ++++++++++++++++++++
 .forgejo/workflows/testing.yml      |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 .forgejo/workflows/pull_request.yml

diff --git a/.forgejo/workflows/pull_request.yml b/.forgejo/workflows/pull_request.yml
new file mode 100644
index 0000000..1171616
--- /dev/null
+++ b/.forgejo/workflows/pull_request.yml
@@ -0,0 +1,20 @@
+on:
+  pull_request:
+
+jobs:
+  test:
+    runs-on: docker
+    container:
+      image: ghcr.io/catthehacker/ubuntu:act-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache-dependency-path: '**/requirements.dev.txt'
+      - name: Install dependencies
+        working-directory: core
+        run: pip3 install -r requirements.dev.txt
+      - name: Run django tests
+        working-directory: core
+        run: python3 manage.py test
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index dd16880..3b44d24 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -2,6 +2,7 @@ on:
   push:
     branches:
       - testing
+
 jobs:
   test:
     runs-on: docker

From 120507512d2ad9abea62170dbe6735a90018af68 Mon Sep 17 00:00:00 2001
From: lagertonne <mail@lagertonne.de>
Date: Tue, 12 Nov 2024 17:28:12 +0100
Subject: [PATCH 13/22] deploy: Simple protection for metrics endpoint

---
 deploy/ansible/playbooks/templates/nginx.conf.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/deploy/ansible/playbooks/templates/nginx.conf.j2 b/deploy/ansible/playbooks/templates/nginx.conf.j2
index 608ffd5..3533f37 100644
--- a/deploy/ansible/playbooks/templates/nginx.conf.j2
+++ b/deploy/ansible/playbooks/templates/nginx.conf.j2
@@ -70,6 +70,13 @@ server {
         alias /var/www/c3lf-sys3/staticfiles/;
     }
 
+    location /metrics {
+        allow 95.156.226.90;
+        allow 127.0.0.1;
+        allow ::1;
+        deny all;
+    }
+
     listen 443 ssl http2; # managed by Certbot
     ssl_certificate /etc/letsencrypt/live/{{ web_domain }}/fullchain.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/{{ web_domain }}/privkey.pem; # managed by Certbot

From 2c609427ec94b48a6336f53651693a432d68cd46 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Wed, 13 Nov 2024 23:12:17 +0100
Subject: [PATCH 14/22] add simple issue templates

---
 .forgejo/issue_template/bug.yml     | 35 +++++++++++++++++++++++++++++
 .forgejo/issue_template/feature.yml | 27 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 .forgejo/issue_template/bug.yml
 create mode 100644 .forgejo/issue_template/feature.yml

diff --git a/.forgejo/issue_template/bug.yml b/.forgejo/issue_template/bug.yml
new file mode 100644
index 0000000..8b227a0
--- /dev/null
+++ b/.forgejo/issue_template/bug.yml
@@ -0,0 +1,35 @@
+name: Bug Report
+about: File a bug report
+labels:
+  - Kind/Bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+      placeholder: Tell us what you see!
+    validations:
+      required: true
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: What browsers are you seeing the problem on?
+      multiple: true
+      options:
+        - Firefox (Windows)
+        - Firefox (MacOS)
+        - Firefox (Linux)
+        - Firefox (Android)
+        - Firefox (iOS)
+        - Chrome (Windows)
+        - Chrome (MacOS)
+        - Chrome (Linux)
+        - Chrome (Android)
+        - Chrome (iOS)
+        - Safari
+        - Microsoft Edge
\ No newline at end of file
diff --git a/.forgejo/issue_template/feature.yml b/.forgejo/issue_template/feature.yml
new file mode 100644
index 0000000..c8cf794
--- /dev/null
+++ b/.forgejo/issue_template/feature.yml
@@ -0,0 +1,27 @@
+name: 'New Feature'
+about: 'This template is for new features'
+labels:
+  - Kind/Feature
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Before creating a Feature Ticket, please check for duplicates.
+  - type: markdown
+    attributes:
+      value: |
+        ### Implementation Checklist
+        - [ ] concept
+        - [ ] frontend
+        - [ ] backend
+        - [ ] unittests
+        - [ ] tested on staging
+    visible: [ content ]
+  - type: textarea
+    id: description
+    attributes:
+      label: 'Feature Description'
+      description: 'Explain the the feature.'
+      placeholder: Description
+    validations:
+      required: true
\ No newline at end of file

From d73bebd5de97bf4a3483398e04c5b4fb86182611 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Mon, 18 Nov 2024 02:01:23 +0100
Subject: [PATCH 15/22] match incoming mail to event

---
 core/core/wsgi.py                | 16 ----------------
 core/mail/models.py              |  4 ++--
 core/mail/protocol.py            | 11 +++++++----
 core/mail/tests/v2/test_mails.py |  6 ++++++
 4 files changed, 15 insertions(+), 22 deletions(-)
 delete mode 100644 core/core/wsgi.py

diff --git a/core/core/wsgi.py b/core/core/wsgi.py
deleted file mode 100644
index f44964d..0000000
--- a/core/core/wsgi.py
+++ /dev/null
@@ -1,16 +0,0 @@
-"""
-WSGI config for core project.
-
-It exposes the WSGI callable as a module-level variable named ``application``.
-
-For more information on this file, see
-https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/
-"""
-
-import os
-
-from django.core.wsgi import get_wsgi_application
-
-os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'core.settings')
-
-application = get_wsgi_application()
diff --git a/core/mail/models.py b/core/mail/models.py
index 2215fbb..36cd2b3 100644
--- a/core/mail/models.py
+++ b/core/mail/models.py
@@ -29,13 +29,13 @@ class Email(SoftDeleteModel):
             self.save()
 
     def train_spam(self):
-        if ACTIVE_SPAM_TRAINING:
+        if ACTIVE_SPAM_TRAINING and self.raw_file.path:
             import subprocess
             path = self.raw_file.path
             subprocess.run(["rspamc", "learn_spam", path])
 
     def train_ham(self):
-        if ACTIVE_SPAM_TRAINING:
+        if ACTIVE_SPAM_TRAINING and self.raw_file.path:
             import subprocess
             path = self.raw_file.path
             subprocess.run(["rspamc", "learn_ham", path])
diff --git a/core/mail/protocol.py b/core/mail/protocol.py
index 926e8c2..c5aaa4a 100644
--- a/core/mail/protocol.py
+++ b/core/mail/protocol.py
@@ -91,7 +91,7 @@ async def send_smtp(message):
     await aiosmtplib.send(message, hostname="127.0.0.1", port=25, use_tls=False, start_tls=False)
 
 
-def find_active_issue_thread(in_reply_to, address, subject):
+def find_active_issue_thread(in_reply_to, address, subject, event):
     from re import match
     uuid_match = match(r'^ticket\+([a-f0-9-]{36})@', address)
     if uuid_match:
@@ -102,7 +102,7 @@ def find_active_issue_thread(in_reply_to, address, subject):
     if reply_to.exists():
         return reply_to.first().issue_thread, False
     else:
-        issue = IssueThread.objects.create(name=subject)
+        issue = IssueThread.objects.create(name=subject, event=event)
         return issue, True
 
 
@@ -202,11 +202,14 @@ def receive_email(envelope, log=None):
     subject = unescape_and_decode_base64(subject)
     target_event = find_target_event(recipient)
 
-    active_issue_thread, new = find_active_issue_thread(header_in_reply_to, recipient, subject)
+    active_issue_thread, new = find_active_issue_thread(header_in_reply_to, recipient, subject, target_event)
+
+    from hashlib import sha256
+    random_filename = 'mail-' + sha256(envelope.content).hexdigest()
 
     email = Email.objects.create(
         sender=sender, recipient=recipient, body=body, subject=subject, reference=header_message_id,
-        in_reply_to=header_in_reply_to, raw_file=ContentFile(envelope.content), event=target_event,
+        in_reply_to=header_in_reply_to, raw_file=ContentFile(envelope.content, name=random_filename), event=target_event,
         issue_thread=active_issue_thread)
     for attachment in attachments:
         email.attachments.add(attachment)
diff --git a/core/mail/tests/v2/test_mails.py b/core/mail/tests/v2/test_mails.py
index 3df56ca..3b358ca 100644
--- a/core/mail/tests/v2/test_mails.py
+++ b/core/mail/tests/v2/test_mails.py
@@ -142,6 +142,7 @@ class LMTPHandlerTestCase(TestCase):  # TODO replace with less hacky test
         aiosmtplib.send.assert_called_once()
         self.assertEqual('test ä', Email.objects.all()[0].subject)
         self.assertEqual('Text mit Quoted-Printable-Kodierung: äöüß', Email.objects.all()[0].body)
+        self.assertTrue( Email.objects.all()[0].raw_file.path)
 
     def test_handle_quoted_printable_2(self):
         from aiosmtpd.smtp import Envelope
@@ -162,6 +163,7 @@ class LMTPHandlerTestCase(TestCase):  # TODO replace with less hacky test
         aiosmtplib.send.assert_called_once()
         self.assertEqual('suche_Mütze', Email.objects.all()[0].subject)
         self.assertEqual('Text mit Quoted-Printable-Kodierung: äöüß', Email.objects.all()[0].body)
+        self.assertTrue( Email.objects.all()[0].raw_file.path)
 
     def test_handle_base64(self):
         from aiosmtpd.smtp import Envelope
@@ -182,6 +184,7 @@ class LMTPHandlerTestCase(TestCase):  # TODO replace with less hacky test
         aiosmtplib.send.assert_called_once()
         self.assertEqual('test', Email.objects.all()[0].subject)
         self.assertEqual('Text mit Base64-Kodierung: äöüß', Email.objects.all()[0].body)
+        self.assertTrue( Email.objects.all()[0].raw_file.path)
 
     def test_handle_client_reply(self):
         issue_thread = IssueThread.objects.create(
@@ -229,6 +232,7 @@ class LMTPHandlerTestCase(TestCase):  # TODO replace with less hacky test
         self.assertEqual(IssueThread.objects.all()[0].name, 'test')
         self.assertEqual(IssueThread.objects.all()[0].state, 'pending_new')
         self.assertEqual(IssueThread.objects.all()[0].assigned_to, None)
+        self.assertTrue( Email.objects.all()[2].raw_file.path)
 
     def test_handle_client_reply_2(self):
         issue_thread = IssueThread.objects.create(
@@ -281,6 +285,7 @@ class LMTPHandlerTestCase(TestCase):  # TODO replace with less hacky test
         self.assertEqual(IssueThread.objects.all()[0].name, 'test')
         self.assertEqual(IssueThread.objects.all()[0].state, 'pending_open')
         self.assertEqual(IssueThread.objects.all()[0].assigned_to, None)
+        self.assertTrue( Email.objects.all()[2].raw_file.path)
 
     def test_mail_reply(self):
         issue_thread = IssueThread.objects.create(
@@ -384,6 +389,7 @@ class LMTPHandlerTestCase(TestCase):  # TODO replace with less hacky test
         states = StateChange.objects.filter(issue_thread=IssueThread.objects.all()[0])
         self.assertEqual(1, len(states))
         self.assertEqual('pending_new', states[0].state)
+        self.assertEqual(event, IssueThread.objects.all()[0].event)
 
     def test_mail_html_body(self):
         from aiosmtpd.smtp import Envelope

From 41b71bd51a7239c959bc352eb102ac131c3e8e43 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Wed, 13 Nov 2024 23:51:54 +0100
Subject: [PATCH 16/22] partition tickets by event

---
 core/inventory/api_v2.py              | 14 ++++----
 core/inventory/serializers.py         |  4 ++-
 core/inventory/tests/v2/test_items.py |  8 ++---
 core/tickets/api_v2.py                | 14 ++++++--
 core/tickets/serializers.py           |  5 ++-
 core/tickets/tests/v2/test_tickets.py | 46 ++++++++++++++++++++++++++-
 web/src/components/Navbar.vue         |  6 +++-
 web/src/store.js                      |  8 +++--
 8 files changed, 85 insertions(+), 20 deletions(-)

diff --git a/core/inventory/api_v2.py b/core/inventory/api_v2.py
index 0a34140..b539e97 100644
--- a/core/inventory/api_v2.py
+++ b/core/inventory/api_v2.py
@@ -1,4 +1,4 @@
-from django.urls import path
+from django.urls import re_path
 from django.contrib.auth.decorators import permission_required
 from rest_framework import routers, viewsets
 from rest_framework.decorators import api_view, permission_classes
@@ -40,7 +40,9 @@ def search_items(request, event_slug, query):
 @permission_classes([IsAuthenticated])
 def item(request, event_slug):
     try:
-        event = Event.objects.get(slug=event_slug)
+        event = None
+        if event_slug != 'none':
+            event = Event.objects.get(slug=event_slug)
         if request.method == 'GET':
             if not request.user.has_event_perm(event, 'view_item'):
                 return Response(status=403)
@@ -99,8 +101,8 @@ router.register(r'boxes', ContainerViewSet, basename='boxes')
 router.register(r'box', ContainerViewSet, basename='boxes')
 
 urlpatterns = router.urls + [
-    path('<event_slug>/items/', item),
-    path('<event_slug>/items/<query>/', search_items),
-    path('<event_slug>/item/', item),
-    path('<event_slug>/item/<id>/', item_by_id),
+    re_path(r'^(?P<event_slug>[\w-]+)/items/$', item, name='item'),
+    re_path(r'^(?P<event_slug>[\w-]+)/items/(?P<query>[-A-Za-z0-9+/]*={0,3})/$', search_items, name='search_items'),
+    re_path(r'^(?P<event_slug>[\w-]+)/item/$', item, name='item'),
+    re_path(r'^(?P<event_slug>[\w-]+)/item/(?P<id>\d+)/$', item_by_id, name='item_by_id'),
 ]
diff --git a/core/inventory/serializers.py b/core/inventory/serializers.py
index 5a26623..3c0eb7e 100644
--- a/core/inventory/serializers.py
+++ b/core/inventory/serializers.py
@@ -39,10 +39,12 @@ class ItemSerializer(serializers.ModelSerializer):
     box = serializers.SerializerMethodField()
     file = serializers.SerializerMethodField()
     returned = serializers.SerializerMethodField(required=False)
+    event = serializers.SlugRelatedField(slug_field='slug', queryset=Event.objects.all(),
+                                         allow_null=True, required=False)
 
     class Meta:
         model = Item
-        fields = ['cid', 'box', 'uid', 'description', 'file', 'dataImage', 'returned']
+        fields = ['cid', 'box', 'uid', 'description', 'file', 'dataImage', 'returned', 'event']
         read_only_fields = ['uid']
 
     def get_cid(self, instance):
diff --git a/core/inventory/tests/v2/test_items.py b/core/inventory/tests/v2/test_items.py
index 056b38c..a955161 100644
--- a/core/inventory/tests/v2/test_items.py
+++ b/core/inventory/tests/v2/test_items.py
@@ -30,7 +30,7 @@ class ItemTestCase(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(),
                          [{'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': None,
-                           'returned': False}])
+                           'returned': False, 'event': self.event.slug}])
 
     def test_members_with_file(self):
         import base64
@@ -40,7 +40,7 @@ class ItemTestCase(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(),
                          [{'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': file.hash,
-                           'returned': False}])
+                           'returned': False, 'event': self.event.slug}])
 
     def test_multi_members(self):
         Item.objects.create(container=self.box, event=self.event, description='1')
@@ -55,7 +55,7 @@ class ItemTestCase(TestCase):
         self.assertEqual(response.status_code, 201)
         self.assertEqual(response.json(),
                          {'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': None,
-                          'returned': False})
+                          'returned': False, 'event': self.event.slug})
         self.assertEqual(len(Item.objects.all()), 1)
         self.assertEqual(Item.objects.all()[0].uid, 1)
         self.assertEqual(Item.objects.all()[0].description, '1')
@@ -86,7 +86,7 @@ class ItemTestCase(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(),
                          {'uid': 1, 'description': '2', 'box': 'BOX', 'cid': self.box.cid, 'file': None,
-                          'returned': False})
+                          'returned': False, 'event': self.event.slug})
         self.assertEqual(len(Item.objects.all()), 1)
         self.assertEqual(Item.objects.all()[0].uid, 1)
         self.assertEqual(Item.objects.all()[0].description, '2')
diff --git a/core/tickets/api_v2.py b/core/tickets/api_v2.py
index 596bd9b..39404f2 100644
--- a/core/tickets/api_v2.py
+++ b/core/tickets/api_v2.py
@@ -56,7 +56,7 @@ def reply(request, pk):
 @api_view(['POST'])
 @permission_classes([IsAuthenticated])
 @permission_required('tickets.add_issuethread_manual', raise_exception=True)
-def manual_ticket(request):
+def manual_ticket(request, event_slug):
     if 'name' not in request.data:
         return Response({'status': 'error', 'message': 'missing name'}, status=status.HTTP_400_BAD_REQUEST)
     if 'sender' not in request.data:
@@ -66,8 +66,16 @@ def manual_ticket(request):
     if 'body' not in request.data:
         return Response({'status': 'error', 'message': 'missing body'}, status=status.HTTP_400_BAD_REQUEST)
 
+    event = None
+    if event_slug != 'none':
+        try:
+            event = Event.objects.get(slug=event_slug)
+        except:
+            return Response({'status': 'error', 'message': 'invalid event'}, status=status.HTTP_400_BAD_REQUEST)
+
     issue = IssueThread.objects.create(
         name=request.data['name'],
+        event=event,
         manually_created=True,
     )
     email = Email.objects.create(
@@ -122,8 +130,8 @@ router.register(r'tickets', IssueViewSet, basename='issues')
 router.register(r'shipping_vouchers', ShippingVoucherViewSet, basename='shipping_vouchers')
 
 urlpatterns = ([
+                   re_path(r'tickets/states/$', get_available_states, name='get_available_states'),
                    re_path(r'^tickets/(?P<pk>\d+)/reply/$', reply, name='reply'),
                    re_path(r'^tickets/(?P<pk>\d+)/comment/$', add_comment, name='add_comment'),
-                   re_path(r'^tickets/manual/$', manual_ticket, name='manual_ticket'),
-                   re_path(r'^tickets/states/$', get_available_states, name='get_available_states'),
+                   re_path(r'^(?P<event_slug>[\w-]+)/tickets/manual/$', manual_ticket, name='manual_ticket'),
                ] + router.urls)
diff --git a/core/tickets/serializers.py b/core/tickets/serializers.py
index a980b97..f5b7ef6 100644
--- a/core/tickets/serializers.py
+++ b/core/tickets/serializers.py
@@ -1,6 +1,7 @@
 from rest_framework import serializers
 
 from authentication.models import ExtendedUser
+from inventory.models import Event
 from mail.api_v2 import AttachmentSerializer
 from tickets.models import IssueThread, Comment, STATE_CHOICES, ShippingVoucher
 from inventory.serializers import ItemSerializer
@@ -41,11 +42,13 @@ class IssueSerializer(serializers.ModelSerializer):
     last_activity = serializers.SerializerMethodField()
     assigned_to = serializers.SlugRelatedField(slug_field='username', queryset=ExtendedUser.objects.all(),
                                                allow_null=True, required=False)
+    event = serializers.SlugRelatedField(slug_field='slug', queryset=Event.objects.all(),
+                                         allow_null=True, required=False)
     related_items = ItemSerializer(many=True, read_only=True)
 
     class Meta:
         model = IssueThread
-        fields = ('id', 'timeline', 'name', 'state', 'assigned_to', 'last_activity', 'uuid', 'related_items')
+        fields = ('id', 'timeline', 'name', 'state', 'assigned_to', 'last_activity', 'uuid', 'related_items', 'event')
         read_only_fields = ('id', 'timeline', 'last_activity', 'uuid', 'related_items')
 
     def to_internal_value(self, data):
diff --git a/core/tickets/tests/v2/test_tickets.py b/core/tickets/tests/v2/test_tickets.py
index 8223506..9e89ed5 100644
--- a/core/tickets/tests/v2/test_tickets.py
+++ b/core/tickets/tests/v2/test_tickets.py
@@ -3,6 +3,7 @@ from datetime import datetime, timedelta
 from django.test import TestCase, Client
 
 from authentication.models import ExtendedUser
+from inventory.models import Event
 from mail.models import Email, EmailAttachment
 from tickets.models import IssueThread, StateChange, Comment
 from django.contrib.auth.models import Permission
@@ -16,6 +17,7 @@ class IssueApiTest(TestCase):
         self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
         self.user.user_permissions.add(*Permission.objects.all())
         self.user.save()
+        self.event = Event.objects.create(slug='evt')
         self.token = AuthToken.objects.create(user=self.user)
         self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
 
@@ -28,6 +30,7 @@ class IssueApiTest(TestCase):
         now = datetime.now()
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         mail1 = Email.objects.create(
             subject='test',
@@ -61,6 +64,7 @@ class IssueApiTest(TestCase):
         self.assertEqual(response.json()[0]['id'], issue.id)
         self.assertEqual(response.json()[0]['name'], "test issue")
         self.assertEqual(response.json()[0]['state'], "pending_new")
+        self.assertEqual(response.json()[0]['event'], "evt")
         self.assertEqual(response.json()[0]['assigned_to'], None)
         self.assertEqual(response.json()[0]['uuid'], issue.uuid)
         self.assertEqual(response.json()[0]['last_activity'], comment.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
@@ -93,12 +97,15 @@ class IssueApiTest(TestCase):
         now = datetime.now()
         issue1 = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         issue2 = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         issue3 = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         mail1 = Email.objects.create(
             subject='test',
@@ -118,8 +125,11 @@ class IssueApiTest(TestCase):
         self.assertEqual(200, response.status_code)
         self.assertEqual(3, len(response.json()))
         self.assertEqual(issue1.id, response.json()[0]['id'])
+        self.assertEqual("evt", response.json()[0]['event'])
         self.assertEqual(issue2.id, response.json()[1]['id'])
+        self.assertEqual("evt", response.json()[1]['event'])
         self.assertEqual(issue3.id, response.json()[2]['id'])
+        self.assertEqual("evt", response.json()[2]['event'])
         self.assertEqual(issue1.state_changes.first().timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
                          response.json()[0]['last_activity'])
         self.assertEqual(mail1.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
@@ -153,6 +163,7 @@ class IssueApiTest(TestCase):
         now = datetime.now()
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         mail1 = Email.objects.create(
             subject='test',
@@ -189,6 +200,7 @@ class IssueApiTest(TestCase):
         self.assertEqual(200, response.status_code)
         self.assertEqual(1, len(response.json()))
         self.assertEqual(issue.id, response.json()[0]['id'])
+        self.assertEqual("evt", response.json()[0]['event'])
         self.assertEqual('pending_new', response.json()[0]['state'])
         self.assertEqual('test issue', response.json()[0]['name'])
         self.assertEqual(None, response.json()[0]['assigned_to'])
@@ -230,13 +242,14 @@ class IssueApiTest(TestCase):
         self.assertEqual(file2.hash, response.json()[0]['timeline'][1]['attachments'][1]['hash'])
 
     def test_manual_creation(self):
-        response = self.client.post('/api/2/tickets/manual/',
+        response = self.client.post('/api/2/evt/tickets/manual/',
                                     {'name': 'test issue', 'sender': 'test', 'recipient': 'test', 'body': 'test'},
                                     content_type='application/json')
         self.assertEqual(response.status_code, 201)
         self.assertEqual(response.json()['state'], 'pending_new')
         self.assertEqual(response.json()['name'], 'test issue')
         self.assertEqual(response.json()['assigned_to'], None)
+        self.assertEqual("evt", response.json()['event'])
         timeline = response.json()['timeline']
         self.assertEqual(len(timeline), 2)
         self.assertEqual(timeline[0]['type'], 'state')
@@ -247,9 +260,35 @@ class IssueApiTest(TestCase):
         self.assertEqual(timeline[1]['subject'], 'test issue')
         self.assertEqual(timeline[1]['body'], 'test')
 
+    def test_manual_creation_none(self):
+        response = self.client.post('/api/2/none/tickets/manual/',
+                                    {'name': 'test issue', 'sender': 'test', 'recipient': 'test', 'body': 'test'},
+                                    content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response.json()['state'], 'pending_new')
+        self.assertEqual(response.json()['name'], 'test issue')
+        self.assertEqual(response.json()['assigned_to'], None)
+        self.assertEqual(None, response.json()['event'])
+        timeline = response.json()['timeline']
+        self.assertEqual(len(timeline), 2)
+        self.assertEqual(timeline[0]['type'], 'state')
+        self.assertEqual(timeline[0]['state'], 'pending_new')
+        self.assertEqual(timeline[1]['type'], 'mail')
+        self.assertEqual(timeline[1]['sender'], 'test')
+        self.assertEqual(timeline[1]['recipient'], 'test')
+        self.assertEqual(timeline[1]['subject'], 'test issue')
+        self.assertEqual(timeline[1]['body'], 'test')
+
+    def test_manual_creation_invalid(self):
+        response = self.client.post('/api/2/foobar/tickets/manual/',
+                                    {'name': 'test issue', 'sender': 'test', 'recipient': 'test', 'body': 'test'},
+                                    content_type='application/json')
+        self.assertEqual(response.status_code, 400)
+
     def test_post_comment_altenative(self):
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         response = self.client.post(f'/api/2/tickets/{issue.id}/comment/', {'comment': 'test'})
         self.assertEqual(response.status_code, 201)
@@ -260,6 +299,7 @@ class IssueApiTest(TestCase):
     def test_post_alt_comment_empty(self):
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         response = self.client.post(f'/api/2/tickets/{issue.id}/comment/', {'comment': ''})
         self.assertEqual(response.status_code, 400)
@@ -267,6 +307,7 @@ class IssueApiTest(TestCase):
     def test_state_change(self):
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         response = self.client.patch(f'/api/2/tickets/{issue.id}/', {'state': 'pending_open'},
                                      content_type='application/json')
@@ -284,6 +325,7 @@ class IssueApiTest(TestCase):
     def test_state_change_invalid_state(self):
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         response = self.client.patch(f'/api/2/tickets/{issue.id}/', {'state': 'invalid'},
                                      content_type='application/json')
@@ -292,12 +334,14 @@ class IssueApiTest(TestCase):
     def test_assign_user(self):
         issue = IssueThread.objects.create(
             name="test issue",
+            event=self.event,
         )
         response = self.client.patch(f'/api/2/tickets/{issue.id}/', {'assigned_to': self.user.username},
                                      content_type='application/json')
         self.assertEqual(200, response.status_code)
         self.assertEqual('pending_new', response.json()['state'])
         self.assertEqual('test issue', response.json()['name'])
+        self.assertEqual("evt", response.json()['event'])
         self.assertEqual(self.user.username, response.json()['assigned_to'])
         timeline = response.json()['timeline']
         self.assertEqual(2, len(timeline))
diff --git a/web/src/components/Navbar.vue b/web/src/components/Navbar.vue
index 686f324..eb7504b 100644
--- a/web/src/components/Navbar.vue
+++ b/web/src/components/Navbar.vue
@@ -6,7 +6,8 @@
                 {{ getEventSlug }}
             </button>
             <div class="dropdown-menu bg-dark" aria-labelledby="dropdownMenuButton">
-                <a class="dropdown-item text-light" href="#" v-for="(event, index) in events" v-bind:key="index"
+                <a class="dropdown-item text-light" href="#" v-for="(event, index) in selectableEvents"
+                   v-bind:key="index"
                    :class="{ active: event.slug === getEventSlug }" @click="changeEvent(event)">{{ event.slug }}</a>
             </div>
         </div>
@@ -115,6 +116,9 @@ export default {
     computed: {
         ...mapState(['events']),
         ...mapGetters(['getEventSlug', 'getActiveView', "checkPermission", "hasPermissions", "layout", "route"]),
+        selectableEvents() {
+            return [{slug: 'all'}, ...this.events, {slug: 'none'}];
+        }
     },
     methods: {
         ...mapActions(['changeEvent', 'changeView']),
diff --git a/web/src/store.js b/web/src/store.js
index 53d01b6..3140a99 100644
--- a/web/src/store.js
+++ b/web/src/store.js
@@ -21,7 +21,7 @@ const store = createStore({
         state_options: [],
         shippingVouchers: [],
 
-        lastEvent: '37C3',
+        lastEvent: 'all',
         lastUsed: {},
         searchQuery: '',
         remember: false,
@@ -358,7 +358,8 @@ const store = createStore({
         async searchEventItems({commit, getters, state}, query) {
             const encoded_query = base64.encode(utf8.encode(query));
 
-            const {data, success} = await http.get(`/2/${getters.getEventSlug}/items/${encoded_query}/`, state.user.token);
+            const {data, success} = await http.get(`/2/${getters.getEventSlug}/items/${encoded_query}/`,
+                state.user.token);
             if (data && success)
                 commit('replaceLoadedItems', data);
         },
@@ -410,7 +411,8 @@ const store = createStore({
         async searchEventTickets({commit, getters, state}, query) {
             const encoded_query = base64.encode(utf8.encode(query));
 
-            const {data, success} = await http.get(`/2/${getters.getEventSlug}/tickets/${encoded_query}/`, state.user.token);
+            const {data, success} = await http.get(`/2/${getters.getEventSlug}/tickets/${encoded_query}/`,
+                state.user.token);
             if (data && success)
                 commit('replaceTickets', data);
         },

From c9d58191b376718e5b1ff022b1136d6c3e427dd1 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Sun, 17 Nov 2024 00:16:54 +0100
Subject: [PATCH 17/22] show tickets filtered by active event

---
 core/core/settings.py         |   2 +
 core/tickets/serializers.py   |   2 -
 web/src/components/Navbar.vue |  17 +-
 web/src/store.js              | 288 ++++++++++++++++------------------
 web/src/utils.js              |  10 +-
 web/src/views/Items.vue       |  10 +-
 web/src/views/Ticket.vue      |  25 +--
 web/src/views/Tickets.vue     |  19 ++-
 8 files changed, 175 insertions(+), 198 deletions(-)

diff --git a/core/core/settings.py b/core/core/settings.py
index 2d4a818..6796112 100644
--- a/core/core/settings.py
+++ b/core/core/settings.py
@@ -15,9 +15,11 @@ import sys
 import dotenv
 from pathlib import Path
 
+
 def truthy_str(s):
     return s.lower() in ['true', '1', 't', 'y', 'yes', 'yeah', 'yup', 'certainly', 'sure', 'positive', 'uh-huh', '👍']
 
+
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent
 
diff --git a/core/tickets/serializers.py b/core/tickets/serializers.py
index f5b7ef6..9f14e7e 100644
--- a/core/tickets/serializers.py
+++ b/core/tickets/serializers.py
@@ -55,8 +55,6 @@ class IssueSerializer(serializers.ModelSerializer):
         ret = super().to_internal_value(data)
         if 'state' in data:
             ret['state'] = data['state']
-#        if 'assigned_to' in data:
-#            ret['assigned_to'] = data['assigned_to']
         return ret
 
     def validate(self, attrs):
diff --git a/web/src/components/Navbar.vue b/web/src/components/Navbar.vue
index eb7504b..ccfb0f0 100644
--- a/web/src/components/Navbar.vue
+++ b/web/src/components/Navbar.vue
@@ -49,12 +49,12 @@
                 </button>
             </div>
             <button type="button" class="btn text-nowrap btn-success mr-1" @click="$emit('addItemClicked')"
-                    v-if="isItemView()">
+                    v-if="isItemView()  && getEventSlug !== 'all'">
                 <font-awesome-icon icon="plus"/>
                 <span class="d-none d-md-inline">&nbsp;Add Item</span>
             </button>
             <button type="button" class="btn text-nowrap btn-success mr-1" @click="$emit('addTicketClicked')"
-                    v-if="isTicketView()">
+                    v-if="isTicketView() && getEventSlug !== 'all'">
                 <font-awesome-icon icon="plus"/>
                 <span class="d-none d-md-inline">&nbsp;Add Ticket</span>
             </button>
@@ -65,19 +65,6 @@
         </button>
         <div class="collapse navbar-collapse" id="navbarSupportedContent">
             <ul class="navbar-nav ml-auto">
-                <!--li class="nav-item dropdown">
-                    <button class="btn nav-link dropdown-toggle" type="button" id="dropdownMenuButton2"
-                            data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-                        {{ getActiveView }}
-                    </button>
-                    <ul class="dropdown-menu bg-dark" aria-labelledby="dropdownMenuButton2">
-                        <li class="" v-for="(link, index) in views" v-bind:key="index"
-                            :class="{ active: link.path === getActiveView }">
-                            <a class="nav-link text-nowrap" href="#" @click="changeView(link)">{{ link.title }}</a>
-                        </li>
-                    </ul>
-                </li-->
-
                 <li class="nav-item" v-for="(link, index) in links" v-bind:key="index">
                     <a class="nav-link text-nowrap" :href="link.path" @click.prevent="navigateTo(link.path)">
                         {{ link.title }}
diff --git a/web/src/store.js b/web/src/store.js
index 3140a99..dcc3aea 100644
--- a/web/src/store.js
+++ b/web/src/store.js
@@ -3,7 +3,7 @@ import router from './router';
 
 import * as base64 from 'base-64';
 import * as utf8 from 'utf8';
-import {ticketStateColorLookup, ticketStateIconLookup, http} from "@/utils";
+import {ticketStateColorLookup, ticketStateIconLookup, http, http_session} from "@/utils";
 import sharedStatePlugin from "@/shared-state-plugin";
 import persistentStatePlugin from "@/persistent-state-plugin";
 
@@ -11,16 +11,17 @@ const store = createStore({
     state: {
         keyIncrement: 0,
         events: [],
-        loadedItems: [],
-        itemCache: {},
+        items: [],
         loadedBoxes: [],
         toasts: [],
-        tickets: [],
         users: [],
         groups: [],
         state_options: [],
         shippingVouchers: [],
 
+        loadedItems: {},
+        loadedTickets: {},
+
         lastEvent: 'all',
         lastUsed: {},
         searchQuery: '',
@@ -62,7 +63,14 @@ const store = createStore({
     },
     getters: {
         route: state => router.currentRoute.value,
+        session: state => http_session(state.user.token),
         getEventSlug: state => router.currentRoute.value.params.event ? router.currentRoute.value.params.event : state.lastEvent,
+        getAllItems: state => Object.values(state.loadedItems).flat(),
+        getAllTickets: state => Object.values(state.loadedTickets).flat(),
+        getEventItems: (state, getters) => getters.getEventSlug === 'all' ? getters.getAllItems : getters.getAllItems.filter(t => t.event === getters.getEventSlug || (t.event == null && getters.getEventSlug === 'none')),
+        getEventTickets: (state, getters) => getters.getEventSlug === 'all' ? getters.getAllTickets : getters.getAllTickets.filter(t => t.event === getters.getEventSlug || (t.event == null && getters.getEventSlug === 'none')),
+        isItemsLoaded: (state, getters) => (getters.getEventSlug === 'all' || getters.getEventSlug === 'none') ? !!state.loadedItems : Object.keys(state.loadedItems).includes(getters.getEventSlug),
+        isTicketsLoaded: (state, getters) => (getters.getEventSlug === 'all' || getters.getEventSlug === 'none') ? !!state.loadedTickets : Object.keys(state.loadedTickets).includes(getters.getEventSlug),
         getActiveView: state => router.currentRoute.value.name || 'items',
         getFilters: state => router.currentRoute.value.query,
         getBoxes: state => state.loadedBoxes,
@@ -130,35 +138,48 @@ const store = createStore({
         changeView(state, {view, slug}) {
             router.push({path: `/${slug}/${view}`});
         },
-        replaceLoadedItems(state, newItems) {
-            state.loadedItems = newItems;
-            state.fetchedData = {...state.fetchedData, items: Date.now()}; // TODO: manage caching items for different events and search results correctly
-        },
-        setItemCache(state, {slug, items}) {
-            state.itemCache[slug] = items;
-        },
         replaceBoxes(state, loadedBoxes) {
             state.loadedBoxes = loadedBoxes;
             state.fetchedData = {...state.fetchedData, boxes: Date.now()};
         },
+        setItems(state, {slug, items}) {
+            state.loadedItems[slug] = items;
+            state.loadedItems = {...state.loadedItems};
+            console.log(state.loadedItems)
+        },
+        replaceItems(state, items) {
+            const groups = Object.groupBy(items, i => i.event ? i.event : 'none')
+            for (const [key, value] of Object.entries(groups)) state.loadedItems[key] = value;
+            state.loadedItems = {...state.loadedItems};
+            console.log(state.loadedItems)
+        },
         updateItem(state, updatedItem) {
-            const item = state.loadedItems.filter(({uid}) => uid === updatedItem.uid)[0];
+            const item = state.loadedItems[updatedItem.event?updatedItem.event:'none'].filter(
+                ({uid}) => uid === updatedItem.uid)[0];
             Object.assign(item, updatedItem);
         },
         removeItem(state, item) {
-            state.loadedItems = state.loadedItems.filter(it => it !== item);
+            state.loadedItems[item.event?item.event:'none'] = state.loadedItems[item.event].filter(it => it !== item);
         },
         appendItem(state, item) {
-            state.loadedItems.push(item);
+            state.loadedItems[item.event?item.event:'none'].push(item);
+        },
+        setTickets(state, {slug, tickets}) {
+            state.loadedTickets[slug] = tickets;
+            state.loadedTickets = {...state.loadedTickets};
+            console.log(state.loadedTickets)
         },
         replaceTickets(state, tickets) {
-            state.tickets = tickets;
-            state.fetchedData = {...state.fetchedData, tickets: Date.now()};
+            const groups = Object.groupBy(tickets, t => t.event ? t.event : 'none')
+            for (const [key, value] of Object.entries(groups)) state.loadedTickets[key] = value;
+            state.loadedTickets = {...state.loadedTickets};
+            console.log(state.loadedTickets)
         },
         updateTicket(state, updatedTicket) {
-            const ticket = state.tickets.filter(({id}) => id === updatedTicket.id)[0];
+            const ticket = state.loadedTickets[updatedTicket.event?updatedTicket.event:'none'].filter(
+                ({id}) => id === updatedTicket.id)[0];
             Object.assign(ticket, updatedTicket);
-            state.tickets = [...state.tickets];
+            state.loadedTickets = {...state.loadedTickets};
         },
         replaceUsers(state, users) {
             state.users = users;
@@ -249,7 +270,7 @@ const store = createStore({
                 return false;
             }
         },
-        async reloadToken({commit, state, getters}) {
+        async reloadToken({commit, state}) {
             try {
                 if (state.user.username && state.user.password) {
                     const data = await fetch('/api/2/login/', {
@@ -297,59 +318,51 @@ const store = createStore({
         async fetchImage({state}, url) {
             return await fetch(url, {headers: {'Authorization': `Token ${state.user.token}`}});
         },
-        async loadUserInfo({commit, state}) {
-            const {data, success} = await http.get('/2/self/', state.user.token);
+        async loadUserInfo({commit, getters}) {
+            const {data, success} = await getters.session.get('/2/self/');
             commit('setPermissions', data.permissions);
         },
-        async loadEvents({commit, state}) {
+        async loadEvents({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.events > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/events/', state.user.token);
-            if (data && success)
-                commit('replaceEvents', data);
+            const {data, success} = await getters.session.get('/2/events/');
+            if (data && success) commit('replaceEvents', data);
         },
-        async createEvent({commit, dispatch, state}, event) {
-            const {data, success} = await http.post('/2/events/', event, state.user.token);
-            if (data && success)
-                commit('replaceEvents', [...state.events, data]);
+        async createEvent({commit, dispatch, state, getters}, event) {
+            const {data, success} = await getters.session.post('/2/events/', event);
+            if (data && success) commit('replaceEvents', [...state.events, data]);
         },
-        async deleteEvent({commit, dispatch, state}, event_id) {
-            const {data, success} = await http.delete(`/2/events/${event_id}/`, state.user.token);
+        async deleteEvent({commit, dispatch, state, getters}, event_id) {
+            const {data, success} = await getters.session.delete(`/2/events/${event_id}/`);
             if (success) {
                 await dispatch('loadEvents')
                 commit('replaceEvents', [...state.events.filter(e => e.eid !== event_id)])
             }
         },
-        async fetchTicketStates({commit, state}) {
+        async fetchTicketStates({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.states > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/tickets/states/', state.user.token);
-            if (data && success)
-                commit('replaceTicketStates', data);
+            const {data, success} = await getters.session.get('/2/tickets/states/');
+            if (data && success) commit('replaceTicketStates', data);
         },
-        changeEvent({dispatch, getters, commit}, eventName) {
-            router.push({path: `/${eventName.slug}/${getters.getActiveView}/`});
-            dispatch('loadEventItems');
+        async changeEvent({dispatch, getters, commit}, eventName) {
+            await router.push({path: `/${eventName.slug}/${getters.getActiveView}/`});
+            //dispatch('loadEventItems');
         },
-        changeView({getters}, link) {
-            router.push({path: `/${getters.getEventSlug}/${link.path}/`});
+        async changeView({getters}, link) {
+            await router.push({path: `/${getters.getEventSlug}/${link.path}/`});
         },
-        showBoxContent({getters}, box) {
-            router.push({path: `/${getters.getEventSlug}/items/`, query: {box}});
+        async showBoxContent({getters}, box) {
+            await router.push({path: `/${getters.getEventSlug}/items/`, query: {box}});
         },
         async loadEventItems({commit, getters, state}) {
             if (!state.user.token) return;
             if (state.fetchedData.items > Date.now() - 1000 * 60 * 60 * 24) return;
             try {
-                commit('replaceLoadedItems', []);
                 const slug = getters.getEventSlug;
-                if (slug in state.itemCache) {
-                    commit('replaceLoadedItems', state.itemCache[slug]);
-                }
-                const {data, success} = await http.get(`/2/${slug}/items/`, state.user.token);
+                const {data, success} = await getters.session.get(`/2/${slug}/items/`);
                 if (data && success) {
-                    commit('replaceLoadedItems', data);
-                    commit('setItemCache', {slug, items: data});
+                    commit('setItems', {slug, items: data});
                 }
             } catch (e) {
                 console.error("Error loading items");
@@ -357,131 +370,124 @@ const store = createStore({
         },
         async searchEventItems({commit, getters, state}, query) {
             const encoded_query = base64.encode(utf8.encode(query));
-
-            const {data, success} = await http.get(`/2/${getters.getEventSlug}/items/${encoded_query}/`,
-                state.user.token);
-            if (data && success)
-                commit('replaceLoadedItems', data);
+            const slug = getters.getEventSlug;
+            const {
+                data, success
+            } = await getters.session.get(`/2/${slug}/items/${encoded_query}/`);
+            if (data && success) {
+                commit('setItems', {slug, items: data});
+            }
         },
-        async loadBoxes({commit, state}) {
+        async loadBoxes({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.boxes > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/boxes/', state.user.token);
-            if (data && success)
-                commit('replaceBoxes', data);
+            const {data, success} = await getters.session.get('/2/boxes/');
+            if (data && success) commit('replaceBoxes', data);
         },
-        async createBox({commit, dispatch, state}, box) {
-            const {data, success} = await http.post('/2/boxes/', box, state.user.token);
+        async createBox({commit, dispatch, state, getters}, box) {
+            const {data, success} = await getters.session.post('/2/boxes/', box);
             commit('replaceBoxes', data);
             dispatch('loadBoxes').then(() => {
                 commit('closeAddBoxModal');
             });
         },
-        async deleteBox({commit, dispatch, state}, box_id) {
-            await http.delete(`/2/boxes/${box_id}/`, state.user.token);
+        async deleteBox({commit, dispatch, state, getters}, box_id) {
+            await getters.session.delete(`/2/boxes/${box_id}/`);
             dispatch('loadBoxes');
         },
         async updateItem({commit, getters, state}, item) {
             const {
-                data,
-                success
-            } = await http.put(`/2/${getters.getEventSlug}/item/${item.uid}/`, item, state.user.token);
+                data, success
+            } = await getters.session.put(`/2/${getters.getEventSlug}/item/${item.uid}/`, item);
             commit('updateItem', data);
         },
         async markItemReturned({commit, getters, state}, item) {
-            await http.patch(`/2/${getters.getEventSlug}/item/${item.uid}/`, {returned: true}, state.user.token);
+            await getters.session.patch(`/2/${getters.getEventSlug}/item/${item.uid}/`, {returned: true},
+                state.user.token);
             commit('removeItem', item);
         },
         async deleteItem({commit, getters, state}, item) {
-            await http.delete(`/2/${getters.getEventSlug}/item/${item.uid}/`, item, state.user.token);
+            await getters.session.delete(`/2/${getters.getEventSlug}/item/${item.uid}/`, item);
             commit('removeItem', item);
         },
         async postItem({commit, getters, state}, item) {
             commit('updateLastUsed', {box: item.box, cid: item.cid});
-            const {data, success} = await http.post(`/2/${getters.getEventSlug}/item/`, item, state.user.token);
+            const {data, success} = await getters.session.post(`/2/${getters.getEventSlug}/item/`, item);
             commit('appendItem', data);
         },
-        async loadTickets({commit, state}) {
+        async loadTickets({commit, state, getters}) {
             if (!state.user.token) return;
-            if (state.fetchedData.tickets > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/tickets/', state.user.token);
-            if (data && success)
-                commit('replaceTickets', data);
+            //if (state.fetchedData.tickets > Date.now() - 1000 * 60 * 60 * 24) return;
+            const {data, success} = await getters.session.get('/2/tickets/');
+            if (data && success) commit('replaceTickets', data);
         },
         async searchEventTickets({commit, getters, state}, query) {
             const encoded_query = base64.encode(utf8.encode(query));
 
-            const {data, success} = await http.get(`/2/${getters.getEventSlug}/tickets/${encoded_query}/`,
-                state.user.token);
-            if (data && success)
-                commit('replaceTickets', data);
+            const {
+                data, success
+            } = await getters.session.get(`/2/${getters.getEventSlug}/tickets/${encoded_query}/`);
+            if (data && success) commit('replaceTickets', data);
         },
-        async sendMail({commit, dispatch, state}, {id, message}) {
-            const {data, success} = await http.post(`/2/tickets/${id}/reply/`, {message}, state.user.token);
+        async sendMail({commit, dispatch, state, getters}, {id, message}) {
+            const {data, success} = await getters.session.post(`/2/tickets/${id}/reply/`, {message},
+                state.user.token);
             if (data && success) {
                 state.fetchedData.tickets = 0;
                 await dispatch('loadTickets');
             }
         },
-        async postManualTicket({commit, dispatch, state}, {sender, message, title,}) {
-            const {data, success} = await http.post(`/2/tickets/manual/`, {
-                name: title,
-                sender,
-                body: message,
-                recipient: 'mail@c3lf.de'
-            }, state.user.token);
+        async postManualTicket({commit, dispatch, state, getters}, {sender, message, title,}) {
+            const {data, success} = await getters.session.post(`/2/tickets/manual/`, {
+                name: title, sender, body: message, recipient: 'mail@c3lf.de'
+            });
             await dispatch('loadTickets');
         },
-        async postComment({commit, dispatch, state}, {id, message}) {
-            const {data, success} = await http.post(`/2/tickets/${id}/comment/`, {comment: message}, state.user.token);
+        async postComment({commit, dispatch, state, getters}, {id, message}) {
+            const {data, success} = await getters.session.post(`/2/tickets/${id}/comment/`, {comment: message});
             if (data && success) {
                 state.fetchedData.tickets = 0;
                 await dispatch('loadTickets');
             }
         },
-        async loadUsers({commit, state}) {
+        async loadUsers({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.users > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/users/', state.user.token);
-            if (data && success)
-                commit('replaceUsers', data);
+            const {data, success} = await getters.session.get('/2/users/');
+            if (data && success) commit('replaceUsers', data);
         },
-        async loadGroups({commit, state}) {
+        async loadGroups({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.groups > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/groups/', state.user.token);
-            if (data && success)
-                commit('replaceGroups', data);
+            const {data, success} = await getters.session.get('/2/groups/');
+            if (data && success) commit('replaceGroups', data);
         },
-        async updateTicket({commit, state}, ticket) {
-            const {data, success} = await http.put(`/2/tickets/${ticket.id}/`, ticket, state.user.token);
+        async updateTicket({commit, state, getters}, ticket) {
+            const {data, success} = await getters.session.put(`/2/tickets/${ticket.id}/`, ticket);
             commit('updateTicket', data);
         },
-        async updateTicketPartial({commit, state}, {id, ...ticket}) {
-            const {data, success} = await http.patch(`/2/tickets/${id}/`, ticket, state.user.token);
+        async updateTicketPartial({commit, state, getters}, {id, ...ticket}) {
+            const {data, success} = await getters.session.patch(`/2/tickets/${id}/`, ticket);
             commit('updateTicket', data);
         },
-        async fetchShippingVouchers({commit, state}) {
+        async fetchShippingVouchers({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.shippingVouchers > Date.now() - 1000 * 60 * 60 * 24) return;
-            const {data, success} = await http.get('/2/shipping_vouchers/', state.user.token);
+            const {data, success} = await getters.session.get('/2/shipping_vouchers/');
             if (data && success) {
                 commit('setShippingVouchers', data);
             }
         },
-        async createShippingVoucher({dispatch, state}, code) {
-            const {data, success} = await http.post('/2/shipping_vouchers/', code, state.user.token);
+        async createShippingVoucher({dispatch, state, getters}, code) {
+            const {data, success} = await getters.session.post('/2/shipping_vouchers/', code);
             if (data && success) {
                 state.fetchedData.shippingVouchers = 0;
                 dispatch('fetchShippingVouchers');
             }
         },
-        async claimShippingVoucher({dispatch, state}, {ticket, shipping_voucher_type}) {
+        async claimShippingVoucher({dispatch, state, getters}, {ticket, shipping_voucher_type}) {
             const id = state.shippingVouchers.filter(voucher => voucher.type === shipping_voucher_type && voucher.issue_thread === null)[0].id;
-            const {
-                data,
-                success
-            } = await http.patch(`/2/shipping_vouchers/${id}/`, {issue_thread: ticket}, state.user.token);
+            const {data, success} = await getters.session.patch(`/2/shipping_vouchers/${id}/`, {issue_thread: ticket});
             if (data && success) {
                 state.fetchedData.shippingVouchers = 0;
                 state.fetchedData.tickets = 0;
@@ -489,58 +495,30 @@ const store = createStore({
             }
         }
     },
-    plugins: [
-        persistentStatePlugin({ // TODO change remember to some kind of enable field
-            prefix: "lf_",
-            debug: false,
-            isLoadedKey: "persistent_loaded",
-            state: [
-                "remember",
-                "user",
-                "events",
-                "lastUsed",
-            ]
-        }),
-        sharedStatePlugin({
-            debug: false,
-            isLoadedKey: "shared_loaded",
-            clearingMutation: "logout",
-            afterInit: "afterSharedInit",
-            state: [
-                "test",
-                "state_options",
-                "fetchedData",
-                "tickets",
-                "users",
-                "groups",
-                "loadedBoxes",
-                "loadedItems",
-                "shippingVouchers",
-            ],
-            watch: [
-                "test",
-                "state_options",
-                "fetchedData",
-                "tickets",
-                "users",
-                "groups",
-                "loadedBoxes",
-                "loadedItems",
-                "shippingVouchers",
-            ],
-            mutations: [
-                //"replaceTickets",
-            ],
-        }),
-    ],
+    plugins: [persistentStatePlugin({ // TODO change remember to some kind of enable field
+        prefix: "lf_",
+        debug: false,
+        isLoadedKey: "persistent_loaded",
+        state: ["remember", "user", "events", "lastUsed",]
+    }), sharedStatePlugin({
+        debug: false,
+        isLoadedKey: "shared_loaded",
+        clearingMutation: "logout",
+        afterInit: "afterSharedInit",
+        state: ["test", "state_options", "fetchedData", "loadedItems", "users", "groups", "loadedBoxes", "loadedTickets", "shippingVouchers",],
+        watch: ["test", "state_options", "fetchedData", "loadedItems", "users", "groups", "loadedBoxes", "loadedTickets", "shippingVouchers",],
+        mutations: [//"replaceTickets",
+        ],
+    }),],
 });
 
 store.watch((state) => state.user, (user) => {
     if (store.getters.isLoggedIn) {
-        if (router.currentRoute.value.name === 'login' && router.currentRoute.value.query.redirect)
+        if (router.currentRoute.value.name === 'login' && router.currentRoute.value.query.redirect) {
             router.push(router.currentRoute.value.query.redirect);
-        else if (router.currentRoute.value.name === 'login')
+        } else if (router.currentRoute.value.name === 'login') {
             router.push('/');
+        }
     } else {
         if (router.currentRoute.value.name !== 'login') {
             router.push({
diff --git a/web/src/utils.js b/web/src/utils.js
index 5910521..ebc911a 100644
--- a/web/src/utils.js
+++ b/web/src/utils.js
@@ -100,4 +100,12 @@ const http = {
     }
 }
 
-export {ticketStateColorLookup, ticketStateIconLookup, http};
\ No newline at end of file
+const http_session = token => ({
+    get: async (url) => await http.get(url, token),
+    post: async (url, data) => await http.post(url, data, token),
+    put: async (url, data) => await http.put(url, data, token),
+    patch: async (url, data) => await http.patch(url, data, token),
+    delete: async (url) => await http.delete(url, token),
+});
+
+export {ticketStateColorLookup, ticketStateIconLookup, http, http_session};
\ No newline at end of file
diff --git a/web/src/views/Items.vue b/web/src/views/Items.vue
index 5abcf5d..2f9e5ed 100644
--- a/web/src/views/Items.vue
+++ b/web/src/views/Items.vue
@@ -1,5 +1,5 @@
 <template>
-    <AsyncLoader :loaded="loadedItems.length > 0">
+    <AsyncLoader :loaded="isItemsLoaded">
         <div class="container-fluid px-xl-5 mt-3">
             <Modal title="Edit Item" v-if="editingItem" @close="closeEditingModal()">
                 <template #body>
@@ -18,7 +18,7 @@
                 <div class="col-xl-8 offset-xl-2">
                     <Table
                         :columns="['uid', 'description', 'box']"
-                        :items="loadedItems"
+                        :items="getEventItems"
                         :keyName="'uid'"
                         @itemActivated="openLightboxModalWith($event)"
                     >
@@ -44,7 +44,7 @@
             <Cards
                 v-if="layout === 'cards'"
                 :columns="['uid', 'description', 'box']"
-                :items="loadedItems"
+                :items="getEventItems"
                 :keyName="'uid'"
                 v-slot="{ item }"
                 @itemActivated="openLightboxModalWith($event)"
@@ -97,8 +97,8 @@ export default {
     }),
     components: {AsyncLoader, AuthenticatedImage, Lightbox, Table, Cards, Modal, EditItem},
     computed: {
-        ...mapState(['loadedItems']),
-        ...mapGetters(['layout']),
+        ...mapState([]),
+        ...mapGetters(['getEventItems', 'isItemsLoaded', 'layout']),
     },
     methods: {
         ...mapActions(['deleteItem', 'markItemReturned', 'loadEventItems', 'updateItem', 'scheduleAfterInit']),
diff --git a/web/src/views/Ticket.vue b/web/src/views/Ticket.vue
index f666ee8..d08fb2e 100644
--- a/web/src/views/Ticket.vue
+++ b/web/src/views/Ticket.vue
@@ -80,11 +80,11 @@ export default {
         }
     },
     computed: {
-        ...mapState(['tickets', 'state_options', 'users']),
-        ...mapGetters(['availableShippingVoucherTypes']),
+        ...mapState(['state_options', 'users']),
+        ...mapGetters(['availableShippingVoucherTypes', 'getAllTickets', 'route']),
         ticket() {
-            const id = parseInt(this.$route.params.id)
-            const ret = this.tickets.find(ticket => ticket.id === id);
+            const id = parseInt(this.route.params.id)
+            const ret = this.getAllTickets.find(ticket => ticket.id === id);
             return ret ? ret : {};
         },
         shippingEmail() {
@@ -124,14 +124,15 @@ export default {
         },
     },
     mounted() {
-		this.scheduleAfterInit(() => [Promise.all([this.fetchTicketStates(), this.loadTickets(), this.loadUsers(), this.fetchShippingVouchers()]).then(()=>{
-			if (this.ticket.state == "pending_new"){
-				this.selected_state = "pending_open";
-				this.changeTicketStatus(this.ticket)
-			};
-			this.selected_state = this.ticket.state;
-			this.selected_assignee = this.ticket.assigned_to
-		})]);
+        this.scheduleAfterInit(() => [Promise.all([this.fetchTicketStates(), this.loadTickets(), this.loadUsers(), this.fetchShippingVouchers()]).then(() => {
+            if (this.ticket.state == "pending_new") {
+                this.selected_state = "pending_open";
+                this.changeTicketStatus(this.ticket)
+            }
+            ;
+            this.selected_state = this.ticket.state;
+            this.selected_assignee = this.ticket.assigned_to
+        })]);
     }
 };
 </script>
diff --git a/web/src/views/Tickets.vue b/web/src/views/Tickets.vue
index 5e971a0..bc288f1 100644
--- a/web/src/views/Tickets.vue
+++ b/web/src/views/Tickets.vue
@@ -1,11 +1,12 @@
 <template>
-    <AsyncLoader :loaded="tickets.length > 0">
+    <AsyncLoader :loaded="isTicketsLoaded">
         <div class="container-fluid px-xl-5 mt-3">
             <div class="row">
                 <div class="col-xl-8 offset-xl-2">
                     <Table
-                        :columns="['id', 'name', 'state', 'last_activity', 'assigned_to', 'actions', 'actions2']"
-                        :items="tickets.map(formatTicket)"
+                        :columns="['id', 'name', 'state', 'last_activity', 'assigned_to',
+                                    ...(getEventSlug==='all'?['event']:[])]"
+                        :items="getEventTickets.map(formatTicket)"
                         :keyName="'id'"
                         v-if="layout === 'table'"
                     >
@@ -21,8 +22,9 @@
                     </Table>
                 </div>
             </div>
-            <CollapsableCards v-if="layout === 'tasks'" :items="tickets"
-                              :columns="['id', 'name', 'last_activity', 'assigned_to']"
+            <CollapsableCards v-if="layout === 'tasks'" :items="getEventTickets"
+                              :columns="['id', 'name', 'last_activity', 'assigned_to',
+                                        ...(getEventSlug==='all'?['event']:[])]"
                               :keyName="'state'" :sections="['pending_new', 'pending_open','pending_shipping',
                           'pending_physical_confirmation','pending_return','pending_postponed'].map(stateInfo)">
                 <template #section_header="{index, section, count}">
@@ -34,6 +36,7 @@
                         <td>{{ item.name }}</td>
                         <td>{{ item.last_activity }}</td>
                         <td>{{ item.assigned_to }}</td>
+                        <td v-if="getEventSlug==='all'">{{ item.event }}</td>
                         <td>
                             <div class="btn-group">
                                 <a class="btn btn-primary" :href="'/'+ getEventSlug + '/ticket/' + item.id" title="view"
@@ -64,8 +67,7 @@ export default {
     name: 'Tickets',
     components: {AsyncLoader, Lightbox, Table, Cards, Modal, EditItem, CollapsableCards},
     computed: {
-        ...mapState(['tickets']),
-        ...mapGetters(['stateInfo', 'getEventSlug', 'layout']),
+        ...mapGetters(['getEventTickets', 'isTicketsLoaded', 'stateInfo', 'getEventSlug', 'layout']),
     },
     methods: {
         ...mapActions(['loadTickets', 'fetchTicketStates', 'scheduleAfterInit']),
@@ -79,7 +81,8 @@ export default {
                 state: this.stateInfo(ticket.state).text,
                 stateColor: this.stateInfo(ticket.state).color,
                 last_activity: ticket.last_activity,
-                assigned_to: ticket.assigned_to
+                assigned_to: ticket.assigned_to,
+                event: ticket.event
             };
         }
     },

From 2fce260ba861a5b85dd553c8edf9444d09ad3153 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Sun, 17 Nov 2024 21:53:12 +0100
Subject: [PATCH 18/22] test on every push

---
 .forgejo/workflows/{testing.yml => deploy_staging.yml} | 0
 .forgejo/workflows/{pull_request.yml => test.yml}      | 1 +
 2 files changed, 1 insertion(+)
 rename .forgejo/workflows/{testing.yml => deploy_staging.yml} (100%)
 rename .forgejo/workflows/{pull_request.yml => test.yml} (98%)

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/deploy_staging.yml
similarity index 100%
rename from .forgejo/workflows/testing.yml
rename to .forgejo/workflows/deploy_staging.yml
diff --git a/.forgejo/workflows/pull_request.yml b/.forgejo/workflows/test.yml
similarity index 98%
rename from .forgejo/workflows/pull_request.yml
rename to .forgejo/workflows/test.yml
index 1171616..480e590 100644
--- a/.forgejo/workflows/pull_request.yml
+++ b/.forgejo/workflows/test.yml
@@ -1,5 +1,6 @@
 on:
   pull_request:
+  push:
 
 jobs:
   test:

From 26255fadecd6551da4b27cf7aa3b0425ab675d79 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Wed, 20 Nov 2024 00:23:20 +0100
Subject: [PATCH 19/22] drop v1 API and rename id columns

---
 core/authentication/api_v2.py                 |  41 +----
 core/authentication/serializers.py            |  32 ++++
 core/core/urls.py                             |   3 -
 core/files/api_v1.py                          |  27 ----
 core/files/media_v1.py                        |  65 --------
 core/files/tests/v1/__init__.py               |   0
 core/files/tests/v1/test_files.py             |  68 --------
 core/inventory/api_v1.py                      | 150 ------------------
 core/inventory/api_v2.py                      |   3 +-
 ...ntainer_id_rename_eid_event_id_and_more.py |  52 ++++++
 .../migrations/0006_alter_event_table.py      |  17 ++
 core/inventory/models.py                      |  29 ++--
 core/inventory/serializers.py                 |  20 +--
 core/inventory/tests/v1/__init__.py           |   0
 core/inventory/tests/v1/test_api.py           |  34 ----
 core/inventory/tests/v1/test_containers.py    |  59 -------
 core/inventory/tests/v1/test_events.py        |  56 -------
 core/inventory/tests/v1/test_items.py         | 133 ----------------
 core/inventory/tests/v2/test_containers.py    |  14 +-
 core/inventory/tests/v2/test_events.py        |   4 +-
 core/inventory/tests/v2/test_items.py         |  58 ++++---
 21 files changed, 179 insertions(+), 686 deletions(-)
 create mode 100644 core/authentication/serializers.py
 delete mode 100644 core/files/api_v1.py
 delete mode 100644 core/files/media_v1.py
 delete mode 100644 core/files/tests/v1/__init__.py
 delete mode 100644 core/files/tests/v1/test_files.py
 delete mode 100644 core/inventory/api_v1.py
 create mode 100644 core/inventory/migrations/0005_rename_cid_container_id_rename_eid_event_id_and_more.py
 create mode 100644 core/inventory/migrations/0006_alter_event_table.py
 delete mode 100644 core/inventory/tests/v1/__init__.py
 delete mode 100644 core/inventory/tests/v1/test_api.py
 delete mode 100644 core/inventory/tests/v1/test_containers.py
 delete mode 100644 core/inventory/tests/v1/test_events.py
 delete mode 100644 core/inventory/tests/v1/test_items.py

diff --git a/core/authentication/api_v2.py b/core/authentication/api_v2.py
index 514a697..2547b6d 100644
--- a/core/authentication/api_v2.py
+++ b/core/authentication/api_v2.py
@@ -12,25 +12,7 @@ from knox.models import AuthToken
 from knox.views import LoginView as KnoxLoginView
 
 from authentication.models import ExtendedUser
-
-
-class UserSerializer(serializers.ModelSerializer):
-    permissions = serializers.SerializerMethodField()
-    groups = serializers.SlugRelatedField(many=True, read_only=True, slug_field='name')
-
-    class Meta:
-        model = ExtendedUser
-        fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions', 'groups')
-        read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions', 'groups')
-
-    def get_permissions(self, obj):
-        return list(set(obj.get_permissions()))
-
-
-@receiver(post_save, sender=ExtendedUser)
-def create_auth_token(sender, instance=None, created=False, **kwargs):
-    if created:
-        AuthToken.objects.create(user=instance)
+from authentication.serializers import UserSerializer, GroupSerializer
 
 
 class UserViewSet(viewsets.ModelViewSet):
@@ -38,26 +20,17 @@ class UserViewSet(viewsets.ModelViewSet):
     serializer_class = UserSerializer
 
 
-class GroupSerializer(serializers.ModelSerializer):
-    permissions = serializers.SerializerMethodField()
-    members = serializers.SerializerMethodField()
-
-    class Meta:
-        model = Group
-        fields = ('id', 'name', 'permissions', 'members')
-
-    def get_permissions(self, obj):
-        return ["*:" + p.codename for p in obj.permissions.all()]
-
-    def get_members(self, obj):
-        return [u.username for u in obj.user_set.all()]
-
-
 class GroupViewSet(viewsets.ModelViewSet):
     queryset = Group.objects.all()
     serializer_class = GroupSerializer
 
 
+@receiver(post_save, sender=ExtendedUser)
+def create_auth_token(sender, instance=None, created=False, **kwargs):
+    if created:
+        AuthToken.objects.create(user=instance)
+
+
 @api_view(['GET'])
 @permission_classes([IsAuthenticated])
 def selfUser(request):
diff --git a/core/authentication/serializers.py b/core/authentication/serializers.py
new file mode 100644
index 0000000..0581865
--- /dev/null
+++ b/core/authentication/serializers.py
@@ -0,0 +1,32 @@
+from rest_framework import serializers
+from django.contrib.auth.models import Group
+
+from authentication.models import ExtendedUser
+
+
+class UserSerializer(serializers.ModelSerializer):
+    permissions = serializers.SerializerMethodField()
+    groups = serializers.SlugRelatedField(many=True, read_only=True, slug_field='name')
+
+    class Meta:
+        model = ExtendedUser
+        fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions', 'groups')
+        read_only_fields = ('id', 'username', 'email', 'first_name', 'last_name', 'permissions', 'groups')
+
+    def get_permissions(self, obj):
+        return list(set(obj.get_permissions()))
+
+
+class GroupSerializer(serializers.ModelSerializer):
+    permissions = serializers.SerializerMethodField()
+    members = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Group
+        fields = ('id', 'name', 'permissions', 'members')
+
+    def get_permissions(self, obj):
+        return ["*:" + p.codename for p in obj.permissions.all()]
+
+    def get_members(self, obj):
+        return [u.username for u in obj.user_set.all()]
diff --git a/core/core/urls.py b/core/core/urls.py
index df6e0d0..1c5f158 100644
--- a/core/core/urls.py
+++ b/core/core/urls.py
@@ -21,9 +21,6 @@ from .version import get_info
 
 urlpatterns = [
     path('djangoadmin/', admin.site.urls),
-    path('api/1/', include('inventory.api_v1')),
-    path('api/1/', include('files.api_v1')),
-    path('api/1/', include('files.media_v1')),
     path('api/2/', include('inventory.api_v2')),
     path('api/2/', include('files.api_v2')),
     path('media/2/', include('files.media_v2')),
diff --git a/core/files/api_v1.py b/core/files/api_v1.py
deleted file mode 100644
index ce9730f..0000000
--- a/core/files/api_v1.py
+++ /dev/null
@@ -1,27 +0,0 @@
-from rest_framework import serializers, viewsets, routers
-
-from files.models import File
-
-
-class FileSerializer(serializers.ModelSerializer):
-    data = serializers.CharField(max_length=1000000, write_only=True)
-
-    class Meta:
-        model = File
-        fields = ['hash', 'data']
-        read_only_fields = ['hash']
-
-
-class FileViewSet(viewsets.ModelViewSet):
-    serializer_class = FileSerializer
-    queryset = File.objects.all()
-    lookup_field = 'hash'
-    permission_classes = []
-    authentication_classes = []
-
-
-router = routers.SimpleRouter(trailing_slash=False)
-router.register(r'files', FileViewSet, basename='files')
-router.register(r'file', FileViewSet, basename='files')
-
-urlpatterns = router.urls
diff --git a/core/files/media_v1.py b/core/files/media_v1.py
deleted file mode 100644
index d80ce64..0000000
--- a/core/files/media_v1.py
+++ /dev/null
@@ -1,65 +0,0 @@
-import os
-from django.http import HttpResponse
-from django.urls import path
-from drf_yasg.utils import swagger_auto_schema
-from rest_framework import status
-from rest_framework.decorators import api_view, permission_classes, authentication_classes
-from rest_framework.response import Response
-
-from core.settings import MEDIA_ROOT
-from files.models import File
-
-
-@swagger_auto_schema(method='GET', auto_schema=None)
-@api_view(['GET'])
-@permission_classes([])
-@authentication_classes([])
-def media_urls(request, hash):
-    try:
-        file = File.objects.get(hash=hash)
-        hash_path = file.file
-        return HttpResponse(status=status.HTTP_200_OK,
-                            content_type=file.mime_type,
-                            headers={
-                                'X-Accel-Redirect': f'/redirect_media/{hash_path}',
-                                'Access-Control-Allow-Origin': '*',
-                            })  # TODO Expires and Cache-Control
-
-    except File.DoesNotExist:
-        return Response(status=status.HTTP_404_NOT_FOUND)
-
-
-@swagger_auto_schema(method='GET', auto_schema=None)
-@api_view(['GET'])
-@permission_classes([])
-@authentication_classes([])
-def thumbnail_urls(request, hash):
-    size = 200
-    try:
-        file = File.objects.get(hash=hash)
-        hash_path = file.file
-        if not os.path.exists(MEDIA_ROOT + f'/thumbnails/{size}/{hash_path}'):
-            from PIL import Image
-            image = Image.open(file.file)
-            image.thumbnail((size, size))
-            rgb_image = image.convert('RGB')
-            thumb_dir = os.path.dirname(MEDIA_ROOT + f'/thumbnails/{size}/{hash_path}')
-            if not os.path.exists(thumb_dir):
-                os.makedirs(thumb_dir)
-            rgb_image.save(MEDIA_ROOT + f'/thumbnails/{size}/{hash_path}', 'jpeg', quality=90)
-
-        return HttpResponse(status=status.HTTP_200_OK,
-                            content_type="image/jpeg",
-                            headers={
-                                'X-Accel-Redirect': f'/redirect_thumbnail/{size}/{hash_path}',
-                                'Access-Control-Allow-Origin': '*',
-                            })  # TODO Expires and Cache-Control
-
-    except File.DoesNotExist:
-        return Response(status=status.HTTP_404_NOT_FOUND)
-
-
-urlpatterns = [
-    path('thumbs/<path:hash>', thumbnail_urls),
-    path('images/<path:hash>', media_urls),
-]
diff --git a/core/files/tests/v1/__init__.py b/core/files/tests/v1/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/core/files/tests/v1/test_files.py b/core/files/tests/v1/test_files.py
deleted file mode 100644
index ce59b2c..0000000
--- a/core/files/tests/v1/test_files.py
+++ /dev/null
@@ -1,68 +0,0 @@
-from django.test import TestCase, Client
-from django.core.files.base import ContentFile
-
-from files.models import File
-from inventory.models import Event, Container, Item
-
-client = Client()
-
-
-class FileTestCase(TestCase):
-
-    def setUp(self):
-        super().setUp()
-        self.event = Event.objects.create(slug='EVENT', name='Event')
-        self.box = Container.objects.create(name='BOX')
-
-    def test_create_file_raw(self):
-        from hashlib import sha256
-        content = b"foo"
-        chash = sha256(content).hexdigest()
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        file = File.objects.create(file=ContentFile(b"foo"), mime_type='text/plain', hash=chash, item=item)
-        file.save()
-        self.assertEqual(1, len(File.objects.all()))
-        self.assertEqual(content, File.objects.all()[0].file.read())
-        self.assertEqual(chash, File.objects.all()[0].hash)
-
-    def test_list_files(self):
-        import base64
-
-        item = File.objects.create(data="data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8'))
-        response = client.get('/api/1/files')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()[0]['hash'], item.hash)
-        self.assertEqual(len(response.json()[0]['hash']), 64)
-        self.assertEqual(len(File.objects.all()), 1)
-        self.assertEqual(File.objects.all()[0].file.read(), b"foo")
-
-    def test_one_file(self):
-        import base64
-        item = File.objects.create(data="data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8'))
-        response = client.get(f'/api/1/file/{item.hash}')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['hash'], item.hash)
-        self.assertEqual(len(response.json()['hash']), 64)
-        self.assertEqual(len(File.objects.all()), 1)
-        self.assertEqual(File.objects.all()[0].file.read(), b"foo")
-
-    def test_create_file(self):
-        import base64
-        Item.objects.create(container=self.box, event=self.event, description='1')
-        item = Item.objects.create(container=self.box, event=self.event, description='2')
-        response = client.post('/api/1/file',
-                               {'data': "data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8')},
-                               content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        self.assertEqual(len(response.json()['hash']), 64)
-        self.assertEqual(len(File.objects.all()), 1)
-        self.assertEqual(File.objects.all()[0].file.read(), b"foo")
-
-    def test_delete_file(self):
-        import base64
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        File.objects.create(item=item, data="data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8'))
-        file = File.objects.create(item=item, data="data:text/plain;base64," + base64.b64encode(b"bar").decode('utf-8'))
-        self.assertEqual(len(File.objects.all()), 2)
-        response = client.delete(f'/api/1/file/{file.hash}')
-        self.assertEqual(response.status_code, 204)
diff --git a/core/inventory/api_v1.py b/core/inventory/api_v1.py
deleted file mode 100644
index e9e670d..0000000
--- a/core/inventory/api_v1.py
+++ /dev/null
@@ -1,150 +0,0 @@
-from django.utils import timezone
-from django.urls import re_path
-from rest_framework import routers, viewsets, serializers
-from rest_framework.decorators import api_view, permission_classes, authentication_classes
-from rest_framework.response import Response
-
-from files.models import File
-from inventory.models import Event, Container, Item
-from inventory.serializers import EventSerializer, ContainerSerializer
-
-
-class EventViewSet(viewsets.ModelViewSet):
-    serializer_class = EventSerializer
-    queryset = Event.objects.all()
-    permission_classes = []
-    authentication_classes = []
-
-
-class ContainerViewSet(viewsets.ModelViewSet):
-    serializer_class = ContainerSerializer
-    queryset = Container.objects.all()
-    permission_classes = []
-    authentication_classes = []
-
-
-class ItemSerializer(serializers.ModelSerializer):
-    dataImage = serializers.CharField(write_only=True, required=False)
-    cid = serializers.SerializerMethodField()
-    box = serializers.SerializerMethodField()
-    file = serializers.SerializerMethodField()
-
-    class Meta:
-        model = Item
-        fields = ['cid', 'box', 'uid', 'description', 'file', 'dataImage']
-        read_only_fields = ['uid']
-
-    def get_cid(self, instance):
-        return instance.container.cid
-
-    def get_box(self, instance):
-        return instance.container.name
-
-    def get_file(self, instance):
-        if len(instance.files.all()) > 0:
-            return instance.files.all().order_by('-created_at')[0].hash
-        return None
-
-    def to_internal_value(self, data):
-        if 'cid' in data:
-            container = Container.objects.get(cid=data['cid'])
-            internal = super().to_internal_value(data)
-            internal['container'] = container
-            return internal
-        return super().to_internal_value(data)
-
-    def validate(self, attrs):
-        return super().validate(attrs)
-
-    def create(self, validated_data):
-        if 'dataImage' in validated_data:
-            file = File.objects.create(data=validated_data['dataImage'])
-            validated_data.pop('dataImage')
-            item = Item.objects.create(**validated_data)
-            item.files.set([file])
-            return item
-        return Item.objects.create(**validated_data)
-
-    def update(self, instance, validated_data):
-        if 'returned' in validated_data:
-            if validated_data['returned']:
-                validated_data['returned_at'] = timezone.now()
-            validated_data.pop('returned')
-        if 'dataImage' in validated_data:
-            file = File.objects.create(data=validated_data['dataImage'])
-            validated_data.pop('dataImage')
-            instance.files.add(file)
-        return super().update(instance, validated_data)
-
-
-@api_view(['GET'])
-@permission_classes([])
-@authentication_classes([])
-def search_items(request, event_slug, query):
-    try:
-        event = Event.objects.get(slug=event_slug)
-        query_tokens = query.split(' ')
-        q = Item.objects.filter(event=event)
-        for token in query_tokens:
-            if token:
-                q = q.filter(description__icontains=token)
-        return Response(ItemSerializer(q, many=True).data)
-    except Event.DoesNotExist:
-        return Response(status=404)
-
-
-@api_view(['GET', 'POST'])
-@permission_classes([])
-@authentication_classes([])
-def item(request, event_slug):
-    try:
-        event = Event.objects.get(slug=event_slug)
-        if request.method == 'GET':
-            return Response(ItemSerializer(Item.objects.filter(event=event), many=True).data)
-        elif request.method == 'POST':
-            validated_data = ItemSerializer(data=request.data)
-            if validated_data.is_valid():
-                validated_data.save(event=event)
-                return Response(validated_data.data, status=201)
-    except Event.DoesNotExist:
-        return Response(status=404)
-
-
-@api_view(['GET', 'PUT', 'DELETE'])
-@permission_classes([])
-@authentication_classes([])
-def item_by_id(request, event_slug, id):
-    try:
-        event = Event.objects.get(slug=event_slug)
-        item = Item.objects.get(event=event, uid=id)
-        if request.method == 'GET':
-            return Response(ItemSerializer(item).data)
-        elif request.method == 'PUT':
-            validated_data = ItemSerializer(item, data=request.data)
-            if validated_data.is_valid():
-                validated_data.save()
-                return Response(validated_data.data)
-        elif request.method == 'DELETE':
-            item.delete()
-            return Response(status=204)
-    except Item.DoesNotExist:
-        return Response(status=404)
-    except Event.DoesNotExist:
-        return Response(status=404)
-
-
-urlpatterns = [
-    re_path('events/?$', EventViewSet.as_view({'get': 'list', 'post': 'create'})),
-    re_path('events/(?P<pk>[0-9]+)/?$',
-            EventViewSet.as_view({'get': 'retrieve', 'put': 'update', 'delete': 'destroy'})),
-    re_path('boxes/?$', ContainerViewSet.as_view({'get': 'list', 'post': 'create'})),
-    re_path('boxes/(?P<pk>[0-9]+)/?$',
-            ContainerViewSet.as_view({'get': 'retrieve', 'put': 'update', 'delete': 'destroy'})),
-    re_path('box/?$', ContainerViewSet.as_view({'get': 'list', 'post': 'create'})),
-    re_path('box/(?P<pk>[0-9]+)/?$',
-            ContainerViewSet.as_view({'get': 'retrieve', 'put': 'update', 'delete': 'destroy'})),
-    re_path('(?P<event_slug>[a-zA-Z0-9]+)/items/?$', item),
-    re_path('(?P<event_slug>[a-zA-Z0-9]+)/items/(?P<query>[^/]+)/?$', search_items),
-    re_path('(?P<event_slug>[a-zA-Z0-9]+)/item/?$', item),
-    re_path('(?P<event_slug>[a-zA-Z0-9]+)/item/(?P<id>[0-9]+)/?$', item_by_id),
-]
diff --git a/core/inventory/api_v2.py b/core/inventory/api_v2.py
index b539e97..f853b47 100644
--- a/core/inventory/api_v2.py
+++ b/core/inventory/api_v2.py
@@ -54,6 +54,7 @@ def item(request, event_slug):
             if validated_data.is_valid():
                 validated_data.save(event=event)
                 return Response(validated_data.data, status=201)
+            return Response(status=400)
     except Event.DoesNotExist:
         return Response(status=404)
 
@@ -63,7 +64,7 @@ def item(request, event_slug):
 def item_by_id(request, event_slug, id):
     try:
         event = Event.objects.get(slug=event_slug)
-        item = Item.objects.get(event=event, uid=id)
+        item = Item.objects.get(event=event, id=id)
         if request.method == 'GET':
             if not request.user.has_event_perm(event, 'view_item'):
                 return Response(status=403)
diff --git a/core/inventory/migrations/0005_rename_cid_container_id_rename_eid_event_id_and_more.py b/core/inventory/migrations/0005_rename_cid_container_id_rename_eid_event_id_and_more.py
new file mode 100644
index 0000000..fcd4b8d
--- /dev/null
+++ b/core/inventory/migrations/0005_rename_cid_container_id_rename_eid_event_id_and_more.py
@@ -0,0 +1,52 @@
+# Generated by Django 4.2.7 on 2024-11-19 22:56
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('inventory', '0004_alter_event_created_at_alter_item_created_at'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='container',
+            old_name='cid',
+            new_name='id',
+        ),
+        migrations.RenameField(
+            model_name='event',
+            old_name='eid',
+            new_name='id',
+        ),
+        migrations.RenameField(
+            model_name='item',
+            old_name='iid',
+            new_name='id',
+        ),
+        migrations.RenameField(
+            model_name='item',
+            old_name='uid',
+            new_name='uid_deprecated',
+        ),
+        migrations.AlterUniqueTogether(
+            name='item',
+            unique_together=set(),
+        ),
+        migrations.AlterField(
+            model_name='item',
+            name='container',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='inventory.container'),
+        ),
+        migrations.AlterField(
+            model_name='item',
+            name='event',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='inventory.event'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='item',
+            unique_together={('uid_deprecated', 'event')},
+        ),
+    ]
diff --git a/core/inventory/migrations/0006_alter_event_table.py b/core/inventory/migrations/0006_alter_event_table.py
new file mode 100644
index 0000000..2fa421a
--- /dev/null
+++ b/core/inventory/migrations/0006_alter_event_table.py
@@ -0,0 +1,17 @@
+# Generated by Django 4.2.7 on 2024-11-20 01:39
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('inventory', '0005_rename_cid_container_id_rename_eid_event_id_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterModelTable(
+            name='event',
+            table='common_event',
+        ),
+    ]
diff --git a/core/inventory/models.py b/core/inventory/models.py
index 8b3d018..5a10202 100644
--- a/core/inventory/models.py
+++ b/core/inventory/models.py
@@ -6,10 +6,10 @@ from django_softdelete.models import SoftDeleteModel, SoftDeleteManager
 class ItemManager(SoftDeleteManager):
 
     def create(self, **kwargs):
-        if 'uid' in kwargs:
-            raise ValueError('uid must not be set manually')
-        uid = Item.all_objects.filter(event=kwargs['event']).count() + 1
-        kwargs['uid'] = uid
+        if 'uid_deprecated' in kwargs:
+            raise ValueError('uid_deprecated must not be set manually')
+        uid_deprecated = Item.all_objects.filter(event=kwargs['event']).count() + 1
+        kwargs['uid_deprecated'] = uid_deprecated
         return super().create(**kwargs)
 
     def get_queryset(self):
@@ -17,11 +17,11 @@ class ItemManager(SoftDeleteManager):
 
 
 class Item(SoftDeleteModel):
-    iid = models.AutoField(primary_key=True)
-    uid = models.IntegerField()
+    id = models.AutoField(primary_key=True)
+    uid_deprecated = models.IntegerField()
     description = models.TextField()
-    event = models.ForeignKey('Event', models.CASCADE, db_column='eid')
-    container = models.ForeignKey('Container', models.CASCADE, db_column='cid')
+    event = models.ForeignKey('Event', models.CASCADE)
+    container = models.ForeignKey('Container', models.CASCADE)
     returned_at = models.DateTimeField(blank=True, null=True)
     created_at = models.DateTimeField(null=True, auto_now_add=True)
     updated_at = models.DateTimeField(blank=True, null=True)
@@ -30,27 +30,27 @@ class Item(SoftDeleteModel):
     all_objects = models.Manager()
 
     class Meta:
-        unique_together = (('uid', 'event'),)
+        unique_together = (('uid_deprecated', 'event'),)
         permissions = [
             ('match_item', 'Can match item')
         ]
 
     def __str__(self):
-        return '[' + str(self.uid) + ']' + self.description
+        return '[' + str(self.id) + ']' + self.description
 
 
 class Container(SoftDeleteModel):
-    cid = models.AutoField(primary_key=True)
+    id = models.AutoField(primary_key=True)
     name = models.CharField(max_length=255)
     created_at = models.DateTimeField(blank=True, null=True)
     updated_at = models.DateTimeField(blank=True, null=True)
 
     def __str__(self):
-        return '[' + str(self.cid) + ']' + self.name
+        return '[' + str(self.id) + ']' + self.name
 
 
 class Event(models.Model):
-    eid = models.AutoField(primary_key=True)
+    id = models.AutoField(primary_key=True)
     name = models.CharField(max_length=255)
     slug = models.CharField(max_length=255, unique=True)
     start = models.DateTimeField(blank=True, null=True)
@@ -62,3 +62,6 @@ class Event(models.Model):
 
     def __str__(self):
         return '[' + str(self.slug) + ']' + self.name
+
+    class Meta:
+        db_table = 'common_event'
\ No newline at end of file
diff --git a/core/inventory/serializers.py b/core/inventory/serializers.py
index 3c0eb7e..0230644 100644
--- a/core/inventory/serializers.py
+++ b/core/inventory/serializers.py
@@ -17,8 +17,8 @@ class EventSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Event
-        fields = ['eid', 'slug', 'name', 'start', 'end', 'pre_start', 'post_end', 'addresses']
-        read_only_fields = ['eid']
+        fields = ['id', 'slug', 'name', 'start', 'end', 'pre_start', 'post_end', 'addresses']
+        read_only_fields = ['id']
 
 
 class ContainerSerializer(serializers.ModelSerializer):
@@ -26,11 +26,11 @@ class ContainerSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Container
-        fields = ['cid', 'name', 'itemCount']
-        read_only_fields = ['cid', 'itemCount']
+        fields = ['id', 'name', 'itemCount']
+        read_only_fields = ['id', 'itemCount']
 
     def get_itemCount(self, instance):
-        return Item.objects.filter(container=instance.cid).count()
+        return Item.objects.filter(container=instance.id).count()
 
 
 class ItemSerializer(serializers.ModelSerializer):
@@ -44,11 +44,11 @@ class ItemSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = Item
-        fields = ['cid', 'box', 'uid', 'description', 'file', 'dataImage', 'returned', 'event']
-        read_only_fields = ['uid']
+        fields = ['cid', 'box', 'id', 'description', 'file', 'dataImage', 'returned', 'event']
+        read_only_fields = ['id']
 
     def get_cid(self, instance):
-        return instance.container.cid
+        return instance.container.id
 
     def get_box(self, instance):
         return instance.container.name
@@ -65,7 +65,7 @@ class ItemSerializer(serializers.ModelSerializer):
         container = None
         returned = False
         if 'cid' in data:
-            container = Container.objects.get(cid=data['cid'])
+            container = Container.objects.get(id=data['cid'])
         if 'returned' in data:
             returned = data['returned']
         internal = super().to_internal_value(data)
@@ -76,6 +76,8 @@ class ItemSerializer(serializers.ModelSerializer):
         return internal
 
     def validate(self, attrs):
+        if not 'container' in attrs and not self.partial:
+            raise serializers.ValidationError("This field cannot be empty.")
         return super().validate(attrs)
 
     def create(self, validated_data):
diff --git a/core/inventory/tests/v1/__init__.py b/core/inventory/tests/v1/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/core/inventory/tests/v1/test_api.py b/core/inventory/tests/v1/test_api.py
deleted file mode 100644
index db1df0a..0000000
--- a/core/inventory/tests/v1/test_api.py
+++ /dev/null
@@ -1,34 +0,0 @@
-from django.test import TestCase, Client
-
-client = Client()
-
-
-class ApiTest(TestCase):
-
-    def test_root(self):
-        from core.settings import SYSTEM3_VERSION
-        response = client.get('/api/')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()["framework_version"], SYSTEM3_VERSION)
-
-    def test_events(self):
-        response = client.get('/api/1/events')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), [])
-
-    def test_containers(self):
-        response = client.get('/api/1/boxes')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), [])
-
-    def test_files(self):
-        response = client.get('/api/1/files')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), [])
-
-    def test_items(self):
-        from inventory.models import Event
-        Event.objects.create(slug='TEST1', name='Event')
-        response = client.get('/api/1/TEST1/items')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), [])
diff --git a/core/inventory/tests/v1/test_containers.py b/core/inventory/tests/v1/test_containers.py
deleted file mode 100644
index 78b82c1..0000000
--- a/core/inventory/tests/v1/test_containers.py
+++ /dev/null
@@ -1,59 +0,0 @@
-from django.test import TestCase, Client
-from inventory.models import Container
-
-client = Client()
-
-
-class ContainerTestCase(TestCase):
-
-    def test_empty(self):
-        response = client.get('/api/1/boxes')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), [])
-
-    def test_members(self):
-        Container.objects.create(name='BOX')
-        response = client.get('/api/1/boxes')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 1)
-        self.assertEqual(response.json()[0]['cid'], 1)
-        self.assertEqual(response.json()[0]['name'], 'BOX')
-        self.assertEqual(response.json()[0]['itemCount'], 0)
-
-    def test_multi_members(self):
-        Container.objects.create(name='BOX 1')
-        Container.objects.create(name='BOX 2')
-        Container.objects.create(name='BOX 3')
-        response = client.get('/api/1/boxes')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 3)
-
-    def test_create_container(self):
-        response = client.post('/api/1/box', {'name': 'BOX'})
-        self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json()['cid'], 1)
-        self.assertEqual(response.json()['name'], 'BOX')
-        self.assertEqual(response.json()['itemCount'], 0)
-        self.assertEqual(len(Container.objects.all()), 1)
-        self.assertEqual(Container.objects.all()[0].cid, 1)
-        self.assertEqual(Container.objects.all()[0].name, 'BOX')
-
-    def test_update_container(self):
-        from rest_framework.test import APIClient
-        box = Container.objects.create(name='BOX 1')
-        response = APIClient().put(f'/api/1/box/{box.cid}', {'name': 'BOX 2'})
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['cid'], 1)
-        self.assertEqual(response.json()['name'], 'BOX 2')
-        self.assertEqual(response.json()['itemCount'], 0)
-        self.assertEqual(len(Container.objects.all()), 1)
-        self.assertEqual(Container.objects.all()[0].cid, 1)
-        self.assertEqual(Container.objects.all()[0].name, 'BOX 2')
-
-    def test_delete_container(self):
-        box = Container.objects.create(name='BOX 1')
-        Container.objects.create(name='BOX 2')
-        self.assertEqual(len(Container.objects.all()), 2)
-        response = client.delete(f'/api/1/box/{box.cid}')
-        self.assertEqual(response.status_code, 204)
-        self.assertEqual(len(Container.objects.all()), 1)
diff --git a/core/inventory/tests/v1/test_events.py b/core/inventory/tests/v1/test_events.py
deleted file mode 100644
index a861f12..0000000
--- a/core/inventory/tests/v1/test_events.py
+++ /dev/null
@@ -1,56 +0,0 @@
-from django.test import TestCase, Client
-from inventory.models import Event
-
-client = Client()
-
-
-class EventTestCase(TestCase):
-
-    def test_empty(self):
-        response = client.get('/api/1/events')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(), [])
-
-    def test_members(self):
-        Event.objects.create(slug='EVENT', name='Event')
-        response = client.get('/api/1/events')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 1)
-        self.assertEqual(response.json()[0]['slug'], 'EVENT')
-        self.assertEqual(response.json()[0]['name'], 'Event')
-
-    def test_multi_members(self):
-        Event.objects.create(slug='EVENT1', name='Event 1')
-        Event.objects.create(slug='EVENT2', name='Event 2')
-        Event.objects.create(slug='EVENT3', name='Event 3')
-        response = client.get('/api/1/events')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 3)
-
-    def test_create_event(self):
-        response = client.post('/api/1/events', {'slug': 'EVENT', 'name': 'Event'})
-        self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json()['slug'], 'EVENT')
-        self.assertEqual(response.json()['name'], 'Event')
-        self.assertEqual(len(Event.objects.all()), 1)
-        self.assertEqual(Event.objects.all()[0].slug, 'EVENT')
-        self.assertEqual(Event.objects.all()[0].name, 'Event')
-
-    def test_update_event(self):
-        from rest_framework.test import APIClient
-        event = Event.objects.create(slug='EVENT1', name='Event 1')
-        response = APIClient().put(f'/api/1/events/{event.eid}', {'slug': 'EVENT2', 'name': 'Event 2 new'})
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['slug'], 'EVENT2')
-        self.assertEqual(response.json()['name'], 'Event 2 new')
-        self.assertEqual(len(Event.objects.all()), 1)
-        self.assertEqual(Event.objects.all()[0].slug, 'EVENT2')
-        self.assertEqual(Event.objects.all()[0].name, 'Event 2 new')
-
-    def test_remove_event(self):
-        event = Event.objects.create(slug='EVENT1', name='Event 1')
-        Event.objects.create(slug='EVENT2', name='Event 2')
-        self.assertEqual(len(Event.objects.all()), 2)
-        response = client.delete(f'/api/1/events/{event.eid}')
-        self.assertEqual(response.status_code, 204)
-        self.assertEqual(len(Event.objects.all()), 1)
diff --git a/core/inventory/tests/v1/test_items.py b/core/inventory/tests/v1/test_items.py
deleted file mode 100644
index e13bcba..0000000
--- a/core/inventory/tests/v1/test_items.py
+++ /dev/null
@@ -1,133 +0,0 @@
-from django.test import TestCase, Client
-
-from files.models import File
-from inventory.models import Event, Container, Item
-
-client = Client()
-
-
-class ItemTestCase(TestCase):
-
-    def setUp(self):
-        super().setUp()
-        self.event = Event.objects.create(slug='EVENT', name='Event')
-        self.box = Container.objects.create(name='BOX')
-
-    def test_empty(self):
-        response = client.get(f'/api/1/{self.event.slug}/item')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.content, b'[]')
-
-    def test_members(self):
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        response = client.get(f'/api/1/{self.event.slug}/item')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(),
-                         [{'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': None}])
-
-    def test_members_with_file(self):
-        import base64
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        file = File.objects.create(item=item, data="data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8'))
-        response = client.get(f'/api/1/{self.event.slug}/item')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(),
-                         [{'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': file.hash}])
-
-    def test_multi_members(self):
-        Item.objects.create(container=self.box, event=self.event, description='1')
-        Item.objects.create(container=self.box, event=self.event, description='2')
-        Item.objects.create(container=self.box, event=self.event, description='3')
-        response = client.get(f'/api/1/{self.event.slug}/item')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 3)
-
-    def test_create_item(self):
-        response = client.post(f'/api/1/{self.event.slug}/item', {'cid': self.box.cid, 'description': '1'})
-        self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json(),
-                         {'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': None})
-        self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
-        self.assertEqual(Item.objects.all()[0].description, '1')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
-
-    def test_create_item_with_file(self):
-        import base64
-        response = client.post(f'/api/1/{self.event.slug}/item',
-                               {'cid': self.box.cid, 'description': '1',
-                                'dataImage': "data:text/plain;base64," + base64.b64encode(b"foo").decode(
-                                    'utf-8')}, content_type='application/json')
-        self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json()['uid'], 1)
-        self.assertEqual(response.json()['description'], '1')
-        self.assertEqual(response.json()['box'], 'BOX')
-        self.assertEqual(response.json()['cid'], self.box.cid)
-        self.assertEqual(len(response.json()['file']), 64)
-        self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
-        self.assertEqual(Item.objects.all()[0].description, '1')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
-        self.assertEqual(len(File.objects.all()), 1)
-
-    def test_update_item(self):
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        response = client.put(f'/api/1/{self.event.slug}/item/{item.uid}', {'description': '2'},
-                              content_type='application/json')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(),
-                         {'uid': 1, 'description': '2', 'box': 'BOX', 'cid': self.box.cid, 'file': None})
-        self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
-        self.assertEqual(Item.objects.all()[0].description, '2')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
-
-    def test_update_item_with_file(self):
-        import base64
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        response = client.put(f'/api/1/{self.event.slug}/item/{item.uid}',
-                              {'description': '2',
-                               'dataImage': "data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8')},
-                              content_type='application/json')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['uid'], 1)
-        self.assertEqual(response.json()['description'], '2')
-        self.assertEqual(response.json()['box'], 'BOX')
-        self.assertEqual(response.json()['cid'], self.box.cid)
-        self.assertEqual(len(response.json()['file']), 64)
-        self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
-        self.assertEqual(Item.objects.all()[0].description, '2')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
-        self.assertEqual(len(File.objects.all()), 1)
-
-    def test_delete_item(self):
-        item = Item.objects.create(container=self.box, event=self.event, description='1')
-        Item.objects.create(container=self.box, event=self.event, description='2')
-        self.assertEqual(len(Item.objects.all()), 2)
-        response = client.delete(f'/api/1/{self.event.slug}/item/{item.uid}')
-        self.assertEqual(response.status_code, 204)
-        self.assertEqual(len(Item.objects.all()), 1)
-
-    def test_delete_item2(self):
-        Item.objects.create(container=self.box, event=self.event, description='1')
-        item2 = Item.objects.create(container=self.box, event=self.event, description='2')
-        self.assertEqual(len(Item.objects.all()), 2)
-        response = client.delete(f'/api/1/{self.event.slug}/item/{item2.uid}')
-        self.assertEqual(response.status_code, 204)
-        self.assertEqual(len(Item.objects.all()), 1)
-        item3 = Item.objects.create(container=self.box, event=self.event, description='3')
-        self.assertEqual(item3.uid, 3)
-        self.assertEqual(len(Item.objects.all()), 2)
-
-    def test_item_count(self):
-        Item.objects.create(container=self.box, event=self.event, description='1')
-        Item.objects.create(container=self.box, event=self.event, description='2')
-        response = client.get('/api/1/boxes')
-        self.assertEqual(response.status_code, 200)
-        self.assertEqual(len(response.json()), 1)
-        self.assertEqual(response.json()[0]['itemCount'], 2)
-
-    def test_item_nonexistent(self):
-        response = client.get(f'/api/1/NOEVENT/item')
-        self.assertEqual(response.status_code, 404)
diff --git a/core/inventory/tests/v2/test_containers.py b/core/inventory/tests/v2/test_containers.py
index 58322cc..b74a4a7 100644
--- a/core/inventory/tests/v2/test_containers.py
+++ b/core/inventory/tests/v2/test_containers.py
@@ -24,7 +24,7 @@ class ContainerTestCase(TestCase):
         response = self.client.get('/api/2/boxes/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.json()), 1)
-        self.assertEqual(response.json()[0]['cid'], 1)
+        self.assertEqual(response.json()[0]['id'], 1)
         self.assertEqual(response.json()[0]['name'], 'BOX')
         self.assertEqual(response.json()[0]['itemCount'], 0)
 
@@ -39,28 +39,28 @@ class ContainerTestCase(TestCase):
     def test_create_container(self):
         response = self.client.post('/api/2/box/', {'name': 'BOX'})
         self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json()['cid'], 1)
+        self.assertEqual(response.json()['id'], 1)
         self.assertEqual(response.json()['name'], 'BOX')
         self.assertEqual(response.json()['itemCount'], 0)
         self.assertEqual(len(Container.objects.all()), 1)
-        self.assertEqual(Container.objects.all()[0].cid, 1)
+        self.assertEqual(Container.objects.all()[0].id, 1)
         self.assertEqual(Container.objects.all()[0].name, 'BOX')
 
     def test_update_container(self):
         box = Container.objects.create(name='BOX 1')
-        response = self.client.put(f'/api/2/box/{box.cid}/', {'name': 'BOX 2'}, content_type='application/json')
+        response = self.client.put(f'/api/2/box/{box.id}/', {'name': 'BOX 2'}, content_type='application/json')
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['cid'], 1)
+        self.assertEqual(response.json()['id'], 1)
         self.assertEqual(response.json()['name'], 'BOX 2')
         self.assertEqual(response.json()['itemCount'], 0)
         self.assertEqual(len(Container.objects.all()), 1)
-        self.assertEqual(Container.objects.all()[0].cid, 1)
+        self.assertEqual(Container.objects.all()[0].id, 1)
         self.assertEqual(Container.objects.all()[0].name, 'BOX 2')
 
     def test_delete_container(self):
         box = Container.objects.create(name='BOX 1')
         Container.objects.create(name='BOX 2')
         self.assertEqual(len(Container.objects.all()), 2)
-        response = self.client.delete(f'/api/2/box/{box.cid}/')
+        response = self.client.delete(f'/api/2/box/{box.id}/')
         self.assertEqual(response.status_code, 204)
         self.assertEqual(len(Container.objects.all()), 1)
diff --git a/core/inventory/tests/v2/test_events.py b/core/inventory/tests/v2/test_events.py
index affbd0e..6d6cadb 100644
--- a/core/inventory/tests/v2/test_events.py
+++ b/core/inventory/tests/v2/test_events.py
@@ -39,7 +39,7 @@ class EventTestCase(TestCase):
     def test_update_event(self):
         from rest_framework.test import APIClient
         event = Event.objects.create(slug='EVENT1', name='Event 1')
-        response = APIClient().put(f'/api/2/events/{event.eid}/', {'slug': 'EVENT2', 'name': 'Event 2 new'})
+        response = APIClient().put(f'/api/2/events/{event.id}/', {'slug': 'EVENT2', 'name': 'Event 2 new'})
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json()['slug'], 'EVENT2')
         self.assertEqual(response.json()['name'], 'Event 2 new')
@@ -51,7 +51,7 @@ class EventTestCase(TestCase):
         event = Event.objects.create(slug='EVENT1', name='Event 1')
         Event.objects.create(slug='EVENT2', name='Event 2')
         self.assertEqual(len(Event.objects.all()), 2)
-        response = client.delete(f'/api/2/events/{event.eid}/')
+        response = client.delete(f'/api/2/events/{event.id}/')
         self.assertEqual(response.status_code, 204)
         self.assertEqual(len(Event.objects.all()), 1)
 
diff --git a/core/inventory/tests/v2/test_items.py b/core/inventory/tests/v2/test_items.py
index a955161..1832872 100644
--- a/core/inventory/tests/v2/test_items.py
+++ b/core/inventory/tests/v2/test_items.py
@@ -29,7 +29,7 @@ class ItemTestCase(TestCase):
         response = self.client.get(f'/api/2/{self.event.slug}/item/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(),
-                         [{'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': None,
+                         [{'id': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.id, 'file': None,
                            'returned': False, 'event': self.event.slug}])
 
     def test_members_with_file(self):
@@ -39,7 +39,7 @@ class ItemTestCase(TestCase):
         response = self.client.get(f'/api/2/{self.event.slug}/item/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(),
-                         [{'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': file.hash,
+                         [{'id': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.id, 'file': file.hash,
                            'returned': False, 'event': self.event.slug}])
 
     def test_multi_members(self):
@@ -51,71 +51,79 @@ class ItemTestCase(TestCase):
         self.assertEqual(len(response.json()), 3)
 
     def test_create_item(self):
-        response = self.client.post(f'/api/2/{self.event.slug}/item/', {'cid': self.box.cid, 'description': '1'})
+        response = self.client.post(f'/api/2/{self.event.slug}/item/', {'cid': self.box.id, 'description': '1'})
         self.assertEqual(response.status_code, 201)
         self.assertEqual(response.json(),
-                         {'uid': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.cid, 'file': None,
+                         {'id': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.id, 'file': None,
                           'returned': False, 'event': self.event.slug})
         self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
+        self.assertEqual(Item.objects.all()[0].id, 1)
         self.assertEqual(Item.objects.all()[0].description, '1')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
+        self.assertEqual(Item.objects.all()[0].container.id, self.box.id)
+
+    def test_create_item_without_container(self):
+        response = self.client.post(f'/api/2/{self.event.slug}/item/', {'description': '1'})
+        self.assertEqual(response.status_code, 400)
+
+    def test_create_item_without_description(self):
+        response = self.client.post(f'/api/2/{self.event.slug}/item/', {'cid': self.box.id})
+        self.assertEqual(response.status_code, 400)
 
     def test_create_item_with_file(self):
         import base64
         response = self.client.post(f'/api/2/{self.event.slug}/item/',
-                                    {'cid': self.box.cid, 'description': '1',
+                                    {'cid': self.box.id, 'description': '1',
                                      'dataImage': "data:text/plain;base64," + base64.b64encode(b"foo").decode(
                                          'utf-8')}, content_type='application/json')
         self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json()['uid'], 1)
+        self.assertEqual(response.json()['id'], 1)
         self.assertEqual(response.json()['description'], '1')
         self.assertEqual(response.json()['box'], 'BOX')
-        self.assertEqual(response.json()['cid'], self.box.cid)
+        self.assertEqual(response.json()['id'], self.box.id)
         self.assertEqual(len(response.json()['file']), 64)
         self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
+        self.assertEqual(Item.objects.all()[0].id, 1)
         self.assertEqual(Item.objects.all()[0].description, '1')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
+        self.assertEqual(Item.objects.all()[0].container.id, self.box.id)
         self.assertEqual(len(File.objects.all()), 1)
 
     def test_update_item(self):
         item = Item.objects.create(container=self.box, event=self.event, description='1')
-        response = self.client.put(f'/api/2/{self.event.slug}/item/{item.uid}/', {'description': '2'},
+        response = self.client.patch(f'/api/2/{self.event.slug}/item/{item.id}/', {'description': '2'},
                                    content_type='application/json')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(),
-                         {'uid': 1, 'description': '2', 'box': 'BOX', 'cid': self.box.cid, 'file': None,
+                         {'id': 1, 'description': '2', 'box': 'BOX', 'cid': self.box.id, 'file': None,
                           'returned': False, 'event': self.event.slug})
         self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
+        self.assertEqual(Item.objects.all()[0].id, 1)
         self.assertEqual(Item.objects.all()[0].description, '2')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
+        self.assertEqual(Item.objects.all()[0].container.id, self.box.id)
 
     def test_update_item_with_file(self):
         import base64
         item = Item.objects.create(container=self.box, event=self.event, description='1')
-        response = self.client.put(f'/api/2/{self.event.slug}/item/{item.uid}/',
+        response = self.client.patch(f'/api/2/{self.event.slug}/item/{item.id}/',
                                    {'description': '2',
                                     'dataImage': "data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8')},
                                    content_type='application/json')
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json()['uid'], 1)
+        self.assertEqual(response.json()['id'], 1)
         self.assertEqual(response.json()['description'], '2')
         self.assertEqual(response.json()['box'], 'BOX')
-        self.assertEqual(response.json()['cid'], self.box.cid)
+        self.assertEqual(response.json()['id'], self.box.id)
         self.assertEqual(len(response.json()['file']), 64)
         self.assertEqual(len(Item.objects.all()), 1)
-        self.assertEqual(Item.objects.all()[0].uid, 1)
+        self.assertEqual(Item.objects.all()[0].id, 1)
         self.assertEqual(Item.objects.all()[0].description, '2')
-        self.assertEqual(Item.objects.all()[0].container.cid, self.box.cid)
+        self.assertEqual(Item.objects.all()[0].container.id, self.box.id)
         self.assertEqual(len(File.objects.all()), 1)
 
     def test_delete_item(self):
         item = Item.objects.create(container=self.box, event=self.event, description='1')
         Item.objects.create(container=self.box, event=self.event, description='2')
         self.assertEqual(len(Item.objects.all()), 2)
-        response = self.client.delete(f'/api/2/{self.event.slug}/item/{item.uid}/')
+        response = self.client.delete(f'/api/2/{self.event.slug}/item/{item.id}/')
         self.assertEqual(response.status_code, 204)
         self.assertEqual(len(Item.objects.all()), 1)
 
@@ -123,11 +131,11 @@ class ItemTestCase(TestCase):
         Item.objects.create(container=self.box, event=self.event, description='1')
         item2 = Item.objects.create(container=self.box, event=self.event, description='2')
         self.assertEqual(len(Item.objects.all()), 2)
-        response = self.client.delete(f'/api/2/{self.event.slug}/item/{item2.uid}/')
+        response = self.client.delete(f'/api/2/{self.event.slug}/item/{item2.id}/')
         self.assertEqual(response.status_code, 204)
         self.assertEqual(len(Item.objects.all()), 1)
         item3 = Item.objects.create(container=self.box, event=self.event, description='3')
-        self.assertEqual(item3.uid, 3)
+        self.assertEqual(item3.id, 3)
         self.assertEqual(len(Item.objects.all()), 2)
 
     def test_item_count(self):
@@ -148,7 +156,7 @@ class ItemTestCase(TestCase):
         response = self.client.get(f'/api/2/{self.event.slug}/item/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.json()), 1)
-        response = self.client.patch(f'/api/2/{self.event.slug}/item/{item.uid}/', {'returned': True},
+        response = self.client.patch(f'/api/2/{self.event.slug}/item/{item.id}/', {'returned': True},
                                      content_type='application/json')
         self.assertEqual(response.status_code, 200)
         item.refresh_from_db()
@@ -168,4 +176,4 @@ class ItemTestCase(TestCase):
         response = self.client.get(f'/api/2/{self.event.slug}/item/')
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.json()), 1)
-        self.assertEqual(response.json()[0]['uid'], item1.uid)
+        self.assertEqual(response.json()[0]['id'], item1.id)

From f2647f0dbd4fc3c95aeee1c8dba9238b6dd87e47 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Thu, 21 Nov 2024 00:58:14 +0100
Subject: [PATCH 20/22] add /matches endpoint ad return match information in
 tickets and /item endpoints

---
 core/core/settings.py                         |   7 +-
 core/inventory/models.py                      |  12 +-
 core/inventory/serializers.py                 |  28 +---
 core/inventory/shared_serializers.py          |  31 ++++
 core/inventory/tests/v2/test_items.py         |  46 ++++--
 core/tickets/api_v2.py                        |  16 +-
 ...move_issuethread_related_items_and_more.py |  29 ++++
 core/tickets/models.py                        |  14 +-
 core/tickets/serializers.py                   |  21 +--
 core/tickets/shared_serializers.py            |  23 +++
 core/tickets/tests/v2/test_matches.py         | 149 ++++++++++++++++++
 core/tickets/tests/v2/test_tickets.py         |  24 ++-
 12 files changed, 339 insertions(+), 61 deletions(-)
 create mode 100644 core/inventory/shared_serializers.py
 create mode 100644 core/tickets/migrations/0012_remove_issuethread_related_items_and_more.py
 create mode 100644 core/tickets/shared_serializers.py
 create mode 100644 core/tickets/tests/v2/test_matches.py

diff --git a/core/core/settings.py b/core/core/settings.py
index 6796112..5a8f20f 100644
--- a/core/core/settings.py
+++ b/core/core/settings.py
@@ -34,7 +34,9 @@ SECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'django-insecure-tm*$w_14iqbiy-!7(8#
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = truthy_str(os.getenv('DEBUG_MODE_ACTIVE', 'False'))
 
-ALLOWED_HOSTS = [os.getenv('HTTP_HOST', 'localhost')]
+PRIMARY_HOST = os.getenv('HTTP_HOST', 'localhost')
+
+ALLOWED_HOSTS = [PRIMARY_HOST]
 
 MAIL_DOMAIN = os.getenv('MAIL_DOMAIN', 'localhost')
 
@@ -144,7 +146,8 @@ else:
             'USER': os.getenv('DB_USER', 'system3'),
             'PASSWORD': os.getenv('DB_PASSWORD', 'system3'),
             'OPTIONS': {
-                'charset': 'utf8mb4'
+                'charset': 'utf8mb4',
+                'init_command': "SET sql_mode='STRICT_TRANS_TABLES'"
             }
         }
     }
diff --git a/core/inventory/models.py b/core/inventory/models.py
index 5a10202..3421680 100644
--- a/core/inventory/models.py
+++ b/core/inventory/models.py
@@ -1,5 +1,6 @@
-from django.core.files.base import ContentFile
-from django.db import models, IntegrityError
+from itertools import groupby
+
+from django.db import models
 from django_softdelete.models import SoftDeleteModel, SoftDeleteManager
 
 
@@ -26,6 +27,13 @@ class Item(SoftDeleteModel):
     created_at = models.DateTimeField(null=True, auto_now_add=True)
     updated_at = models.DateTimeField(blank=True, null=True)
 
+    @property
+    def related_issues(self):
+        groups = groupby(self.issue_relation_changes.all(), lambda rel: rel.issue_thread.id)
+        return [sorted(v, key=lambda r: r.timestamp)[0].issue_thread for k, v in groups]
+
+
+
     objects = ItemManager()
     all_objects = models.Manager()
 
diff --git a/core/inventory/serializers.py b/core/inventory/serializers.py
index 0230644..941e20f 100644
--- a/core/inventory/serializers.py
+++ b/core/inventory/serializers.py
@@ -1,9 +1,12 @@
 from django.utils import timezone
 from rest_framework import serializers
+from rest_framework.relations import SlugRelatedField
 
 from files.models import File
 from inventory.models import Event, Container, Item
+from inventory.shared_serializers import BasicItemSerializer
 from mail.models import EventAddress
+from tickets.shared_serializers import BasicIssueSerializer
 
 
 class EventAdressSerializer(serializers.ModelSerializer):
@@ -33,34 +36,15 @@ class ContainerSerializer(serializers.ModelSerializer):
         return Item.objects.filter(container=instance.id).count()
 
 
-class ItemSerializer(serializers.ModelSerializer):
+class ItemSerializer(BasicItemSerializer):
     dataImage = serializers.CharField(write_only=True, required=False)
-    cid = serializers.SerializerMethodField()
-    box = serializers.SerializerMethodField()
-    file = serializers.SerializerMethodField()
-    returned = serializers.SerializerMethodField(required=False)
-    event = serializers.SlugRelatedField(slug_field='slug', queryset=Event.objects.all(),
-                                         allow_null=True, required=False)
+    related_issues = BasicIssueSerializer(many=True, read_only=True)
 
     class Meta:
         model = Item
-        fields = ['cid', 'box', 'id', 'description', 'file', 'dataImage', 'returned', 'event']
+        fields = ['cid', 'box', 'id', 'description', 'file', 'dataImage', 'returned', 'event', 'related_issues']
         read_only_fields = ['id']
 
-    def get_cid(self, instance):
-        return instance.container.id
-
-    def get_box(self, instance):
-        return instance.container.name
-
-    def get_file(self, instance):
-        if len(instance.files.all()) > 0:
-            return instance.files.all().order_by('-created_at')[0].hash
-        return None
-
-    def get_returned(self, instance):
-        return instance.returned_at is not None
-
     def to_internal_value(self, data):
         container = None
         returned = False
diff --git a/core/inventory/shared_serializers.py b/core/inventory/shared_serializers.py
new file mode 100644
index 0000000..0bd44c3
--- /dev/null
+++ b/core/inventory/shared_serializers.py
@@ -0,0 +1,31 @@
+from rest_framework import serializers
+
+from inventory.models import Event, Item
+
+
+class BasicItemSerializer(serializers.ModelSerializer):
+    cid = serializers.SerializerMethodField()
+    box = serializers.SerializerMethodField()
+    file = serializers.SerializerMethodField()
+    returned = serializers.SerializerMethodField(required=False)
+    event = serializers.SlugRelatedField(slug_field='slug', queryset=Event.objects.all(),
+                                         allow_null=True, required=False)
+
+    class Meta:
+        model = Item
+        fields = ['cid', 'box', 'id', 'description', 'file', 'returned', 'event']
+        read_only_fields = ['id']
+
+    def get_cid(self, instance):
+        return instance.container.id if instance.container else None
+
+    def get_box(self, instance):
+        return instance.container.name if instance.container else None
+
+    def get_file(self, instance):
+        if len(instance.files.all()) > 0:
+            return instance.files.all().order_by('-created_at')[0].hash
+        return None
+
+    def get_returned(self, instance):
+        return instance.returned_at is not None
diff --git a/core/inventory/tests/v2/test_items.py b/core/inventory/tests/v2/test_items.py
index 1832872..953f1a3 100644
--- a/core/inventory/tests/v2/test_items.py
+++ b/core/inventory/tests/v2/test_items.py
@@ -28,9 +28,15 @@ class ItemTestCase(TestCase):
         item = Item.objects.create(container=self.box, event=self.event, description='1')
         response = self.client.get(f'/api/2/{self.event.slug}/item/')
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(),
-                         [{'id': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.id, 'file': None,
-                           'returned': False, 'event': self.event.slug}])
+        self.assertEqual(len(response.json()), 1)
+        self.assertEqual(response.json()[0]['id'], item.id)
+        self.assertEqual(response.json()[0]['description'], '1')
+        self.assertEqual(response.json()[0]['box'], 'BOX')
+        self.assertEqual(response.json()[0]['cid'], self.box.id)
+        self.assertEqual(response.json()[0]['file'], None)
+        self.assertEqual(response.json()[0]['returned'], False)
+        self.assertEqual(response.json()[0]['event'], self.event.slug)
+        self.assertEqual(len(response.json()[0]['related_issues']), 0)
 
     def test_members_with_file(self):
         import base64
@@ -38,9 +44,15 @@ class ItemTestCase(TestCase):
         file = File.objects.create(item=item, data="data:text/plain;base64," + base64.b64encode(b"foo").decode('utf-8'))
         response = self.client.get(f'/api/2/{self.event.slug}/item/')
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(),
-                         [{'id': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.id, 'file': file.hash,
-                           'returned': False, 'event': self.event.slug}])
+        self.assertEqual(len(response.json()), 1)
+        self.assertEqual(response.json()[0]['id'], item.id)
+        self.assertEqual(response.json()[0]['description'], '1')
+        self.assertEqual(response.json()[0]['box'], 'BOX')
+        self.assertEqual(response.json()[0]['cid'], self.box.id)
+        self.assertEqual(response.json()[0]['file'], file.hash)
+        self.assertEqual(response.json()[0]['returned'], False)
+        self.assertEqual(response.json()[0]['event'], self.event.slug)
+        self.assertEqual(len(response.json()[0]['related_issues']), 0)
 
     def test_multi_members(self):
         Item.objects.create(container=self.box, event=self.event, description='1')
@@ -53,9 +65,14 @@ class ItemTestCase(TestCase):
     def test_create_item(self):
         response = self.client.post(f'/api/2/{self.event.slug}/item/', {'cid': self.box.id, 'description': '1'})
         self.assertEqual(response.status_code, 201)
-        self.assertEqual(response.json(),
-                         {'id': 1, 'description': '1', 'box': 'BOX', 'cid': self.box.id, 'file': None,
-                          'returned': False, 'event': self.event.slug})
+        self.assertEqual(response.json()['id'], 1)
+        self.assertEqual(response.json()['description'], '1')
+        self.assertEqual(response.json()['box'], 'BOX')
+        self.assertEqual(response.json()['cid'], self.box.id)
+        self.assertEqual(response.json()['file'], None)
+        self.assertEqual(response.json()['returned'], False)
+        self.assertEqual(response.json()['event'], self.event.slug)
+        self.assertEqual(len(response.json()['related_issues']), 0)
         self.assertEqual(len(Item.objects.all()), 1)
         self.assertEqual(Item.objects.all()[0].id, 1)
         self.assertEqual(Item.objects.all()[0].description, '1')
@@ -92,9 +109,14 @@ class ItemTestCase(TestCase):
         response = self.client.patch(f'/api/2/{self.event.slug}/item/{item.id}/', {'description': '2'},
                                    content_type='application/json')
         self.assertEqual(response.status_code, 200)
-        self.assertEqual(response.json(),
-                         {'id': 1, 'description': '2', 'box': 'BOX', 'cid': self.box.id, 'file': None,
-                          'returned': False, 'event': self.event.slug})
+        self.assertEqual(response.json()['id'], item.id)
+        self.assertEqual(response.json()['description'], '2')
+        self.assertEqual(response.json()['box'], 'BOX')
+        self.assertEqual(response.json()['cid'], self.box.id)
+        self.assertEqual(response.json()['file'], None)
+        self.assertEqual(response.json()['returned'], False)
+        self.assertEqual(response.json()['event'], self.event.slug)
+        self.assertEqual(len(response.json()['related_issues']), 0)
         self.assertEqual(len(Item.objects.all()), 1)
         self.assertEqual(Item.objects.all()[0].id, 1)
         self.assertEqual(Item.objects.all()[0].description, '2')
diff --git a/core/tickets/api_v2.py b/core/tickets/api_v2.py
index 39404f2..b119bd9 100644
--- a/core/tickets/api_v2.py
+++ b/core/tickets/api_v2.py
@@ -1,4 +1,4 @@
-import logging
+from base64 import b64decode
 
 from django.urls import re_path
 from django.contrib.auth.decorators import permission_required
@@ -14,8 +14,9 @@ from inventory.models import Event
 from mail.models import Email
 from mail.protocol import send_smtp, make_reply, collect_references
 from notify_sessions.models import SystemEvent
-from tickets.models import IssueThread, Comment, STATE_CHOICES, ShippingVoucher
+from tickets.models import IssueThread, Comment, STATE_CHOICES, ShippingVoucher, ItemRelation
 from tickets.serializers import IssueSerializer, CommentSerializer, ShippingVoucherSerializer
+from tickets.shared_serializers import RelationSerializer
 
 
 class IssueViewSet(viewsets.ModelViewSet):
@@ -23,6 +24,16 @@ class IssueViewSet(viewsets.ModelViewSet):
     queryset = IssueThread.objects.all()
 
 
+class RelationViewSet(viewsets.ModelViewSet):
+    serializer_class = RelationSerializer
+    queryset = ItemRelation.objects.all()
+
+
+class CommentViewSet(viewsets.ModelViewSet):
+    serializer_class = CommentSerializer
+    queryset = Comment.objects.all()
+
+
 class ShippingVoucherViewSet(viewsets.ModelViewSet):
     serializer_class = ShippingVoucherSerializer
     queryset = ShippingVoucher.objects.all()
@@ -127,6 +138,7 @@ def add_comment(request, pk):
 
 router = routers.SimpleRouter()
 router.register(r'tickets', IssueViewSet, basename='issues')
+router.register(r'matches', RelationViewSet, basename='matches')
 router.register(r'shipping_vouchers', ShippingVoucherViewSet, basename='shipping_vouchers')
 
 urlpatterns = ([
diff --git a/core/tickets/migrations/0012_remove_issuethread_related_items_and_more.py b/core/tickets/migrations/0012_remove_issuethread_related_items_and_more.py
new file mode 100644
index 0000000..d8a24c7
--- /dev/null
+++ b/core/tickets/migrations/0012_remove_issuethread_related_items_and_more.py
@@ -0,0 +1,29 @@
+# Generated by Django 4.2.7 on 2024-11-20 23:58
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('inventory', '0006_alter_event_table'),
+        ('tickets', '0011_train_old_spam'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='issuethread',
+            name='related_items',
+        ),
+        migrations.AlterField(
+            model_name='itemrelation',
+            name='issue_thread',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='item_relation_changes', to='tickets.issuethread'),
+        ),
+        migrations.AlterField(
+            model_name='itemrelation',
+            name='item',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='issue_relation_changes', to='inventory.item'),
+        ),
+    ]
diff --git a/core/tickets/models.py b/core/tickets/models.py
index aff5d6c..2c14687 100644
--- a/core/tickets/models.py
+++ b/core/tickets/models.py
@@ -1,5 +1,7 @@
-from django.db import models
+from itertools import groupby
+
 from django.utils import timezone
+from django.db import models
 from django_softdelete.models import SoftDeleteModel
 
 from authentication.models import ExtendedUser
@@ -43,7 +45,6 @@ class IssueThread(SoftDeleteModel):
     name = models.CharField(max_length=255)
     event = models.ForeignKey(Event, null=True, on_delete=models.SET_NULL, related_name='issue_threads')
     manually_created = models.BooleanField(default=False)
-    related_items = models.ManyToManyField(Item, through='ItemRelation')
 
     def short_uuid(self):
         return self.uuid[:8]
@@ -76,6 +77,11 @@ class IssueThread(SoftDeleteModel):
             return
         self.assignments.create(assigned_to=value)
 
+    @property
+    def related_items(self):
+        groups = groupby(self.item_relation_changes.all(), lambda rel: rel.item.id)
+        return [sorted(v, key=lambda r: r.timestamp)[0].item for k, v in groups]
+
     def __str__(self):
         return '[' + str(self.id) + '][' + self.short_uuid() + '] ' + self.name
 
@@ -132,8 +138,8 @@ class Assignment(models.Model):
 
 class ItemRelation(models.Model):
     id = models.AutoField(primary_key=True)
-    issue_thread = models.ForeignKey(IssueThread, on_delete=models.CASCADE, related_name='item_relations')
-    item = models.ForeignKey(Item, on_delete=models.CASCADE, related_name='issues')
+    issue_thread = models.ForeignKey(IssueThread, on_delete=models.CASCADE, related_name='item_relation_changes')
+    item = models.ForeignKey(Item, on_delete=models.CASCADE, related_name='issue_relation_changes')
     timestamp = models.DateTimeField(auto_now_add=True)
     status = models.CharField(max_length=255, choices=RELATION_STATUS_CHOICES, default='possible')
 
diff --git a/core/tickets/serializers.py b/core/tickets/serializers.py
index 9f14e7e..2778dd2 100644
--- a/core/tickets/serializers.py
+++ b/core/tickets/serializers.py
@@ -2,9 +2,10 @@ from rest_framework import serializers
 
 from authentication.models import ExtendedUser
 from inventory.models import Event
+from inventory.shared_serializers import BasicItemSerializer
 from mail.api_v2 import AttachmentSerializer
 from tickets.models import IssueThread, Comment, STATE_CHOICES, ShippingVoucher
-from inventory.serializers import ItemSerializer
+from tickets.shared_serializers import BasicIssueSerializer
 
 
 class CommentSerializer(serializers.ModelSerializer):
@@ -37,14 +38,10 @@ class ShippingVoucherSerializer(serializers.ModelSerializer):
         read_only_fields = ('id', 'timestamp', 'used_at')
 
 
-class IssueSerializer(serializers.ModelSerializer):
+class IssueSerializer(BasicIssueSerializer):
     timeline = serializers.SerializerMethodField()
     last_activity = serializers.SerializerMethodField()
-    assigned_to = serializers.SlugRelatedField(slug_field='username', queryset=ExtendedUser.objects.all(),
-                                               allow_null=True, required=False)
-    event = serializers.SlugRelatedField(slug_field='slug', queryset=Event.objects.all(),
-                                         allow_null=True, required=False)
-    related_items = ItemSerializer(many=True, read_only=True)
+    related_items = BasicItemSerializer(many=True, read_only=True)
 
     class Meta:
         model = IssueThread
@@ -72,8 +69,8 @@ class IssueSerializer(serializers.ModelSerializer):
             last_mail = self.emails.order_by('-timestamp').first().timestamp if self.emails.count() > 0 else None
             last_assignment = self.assignments.order_by('-timestamp').first().timestamp if \
                 self.assignments.count() > 0 else None
-            last_relation = self.item_relations.order_by('-timestamp').first().timestamp if \
-                self.item_relations.count() > 0 else None
+            last_relation = self.item_relation_changes.order_by('-timestamp').first().timestamp if \
+                self.item_relation_changes.count() > 0 else None
             args = [x for x in [last_state_change, last_comment, last_mail, last_assignment, last_relation] if
                     x is not None]
             return max(args)
@@ -115,13 +112,13 @@ class IssueSerializer(serializers.ModelSerializer):
                 'timestamp': assignment.timestamp,
                 'assigned_to': assignment.assigned_to.username,
             })
-        for relation in obj.item_relations.all():
+        for relation in (obj.item_relation_changes.all()):
             timeline.append({
                 'type': 'item_relation',
                 'id': relation.id,
                 'status': relation.status,
                 'timestamp': relation.timestamp,
-                'item': ItemSerializer(relation.item).data,
+                'item': BasicItemSerializer(relation.item).data,
             })
         for shipping_voucher in obj.shipping_vouchers.all():
             timeline.append({
@@ -133,5 +130,3 @@ class IssueSerializer(serializers.ModelSerializer):
             })
         return sorted(timeline, key=lambda x: x['timestamp'])
 
-    def get_queryset(self):
-        return IssueThread.objects.all().order_by('-last_activity')
diff --git a/core/tickets/shared_serializers.py b/core/tickets/shared_serializers.py
new file mode 100644
index 0000000..ac16d81
--- /dev/null
+++ b/core/tickets/shared_serializers.py
@@ -0,0 +1,23 @@
+from rest_framework import serializers
+
+from authentication.models import ExtendedUser
+from inventory.models import Event
+from tickets.models import IssueThread, ItemRelation
+
+
+class RelationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = ItemRelation
+        fields = ('id', 'status', 'timestamp', 'item', 'issue_thread')
+
+
+class BasicIssueSerializer(serializers.ModelSerializer):
+    assigned_to = serializers.SlugRelatedField(slug_field='username', queryset=ExtendedUser.objects.all(),
+                                               allow_null=True, required=False)
+    event = serializers.SlugRelatedField(slug_field='slug', queryset=Event.objects.all(),
+                                         allow_null=True, required=False)
+
+    class Meta:
+        model = IssueThread
+        fields = ('id', 'name', 'state', 'assigned_to', 'uuid', 'event')
+        read_only_fields = ('id', 'timeline', 'last_activity', 'uuid', 'related_items')
diff --git a/core/tickets/tests/v2/test_matches.py b/core/tickets/tests/v2/test_matches.py
new file mode 100644
index 0000000..7bd7a52
--- /dev/null
+++ b/core/tickets/tests/v2/test_matches.py
@@ -0,0 +1,149 @@
+from datetime import datetime, timedelta
+
+from django.test import TestCase, Client
+
+from authentication.models import ExtendedUser
+from inventory.models import Event, Container, Item
+from mail.models import Email, EmailAttachment
+from tickets.models import IssueThread, StateChange, Comment, ItemRelation
+from django.contrib.auth.models import Permission
+from knox.models import AuthToken
+
+from base64 import b64encode
+
+
+class IssueItemMatchApiTest(TestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
+        self.user.user_permissions.add(*Permission.objects.all())
+        self.user.save()
+        self.event = Event.objects.create(slug='evt')
+        self.box = Container.objects.create(name='box1')
+        self.item = Item.objects.create(container=self.box, description="foo", event=self.event)
+        self.token = AuthToken.objects.create(user=self.user)
+        self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
+        now = datetime.now()
+        self.issue = IssueThread.objects.create(
+            name="test issue",
+            event=self.event,
+        )
+        self.mail1 = Email.objects.create(
+            subject='test',
+            body='test',
+            sender='test',
+            recipient='test',
+            issue_thread=self.issue,
+            timestamp=now,
+        )
+        self.comment = Comment.objects.create(
+            issue_thread=self.issue,
+            comment="test",
+            timestamp=now + timedelta(seconds=3),
+        )
+        self.match = ItemRelation.objects.create(
+            issue_thread=self.issue,
+            item=self.item,
+            timestamp=now + timedelta(seconds=5),
+        )
+
+    def test_issues(self):
+        response = self.client.get('/api/2/tickets/')
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(len(response.json()), 1)
+        self.assertEqual(response.json()[0]['id'], self.issue.id)
+        self.assertEqual(response.json()[0]['name'], "test issue")
+        self.assertEqual(response.json()[0]['state'], "pending_new")
+        self.assertEqual(response.json()[0]['event'], "evt")
+        self.assertEqual(response.json()[0]['assigned_to'], None)
+        self.assertEqual(response.json()[0]['uuid'], self.issue.uuid)
+        self.assertEqual(response.json()[0]['last_activity'], self.match.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(len(response.json()[0]['timeline']), 4)
+        self.assertEqual(response.json()[0]['timeline'][0]['type'], 'state')
+        self.assertEqual(response.json()[0]['timeline'][1]['type'], 'mail')
+        self.assertEqual(response.json()[0]['timeline'][2]['type'], 'comment')
+        self.assertEqual(response.json()[0]['timeline'][1]['id'], self.mail1.id)
+        self.assertEqual(response.json()[0]['timeline'][2]['id'], self.comment.id)
+        self.assertEqual(response.json()[0]['timeline'][0]['state'], 'pending_new')
+        self.assertEqual(response.json()[0]['timeline'][1]['sender'], 'test')
+        self.assertEqual(response.json()[0]['timeline'][1]['recipient'], 'test')
+        self.assertEqual(response.json()[0]['timeline'][1]['subject'], 'test')
+        self.assertEqual(response.json()[0]['timeline'][1]['body'], 'test')
+        self.assertEqual(response.json()[0]['timeline'][1]['timestamp'],
+                         self.mail1.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(response.json()[0]['timeline'][2]['comment'], 'test')
+        self.assertEqual(response.json()[0]['timeline'][2]['timestamp'],
+                         self.comment.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(response.json()[0]['timeline'][3]['status'], 'possible')
+        self.assertEqual(response.json()[0]['timeline'][3]['timestamp'],
+                         self.match.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(response.json()[0]['timeline'][3]['item']['description'], "foo")
+        self.assertEqual(response.json()[0]['timeline'][3]['item']['event'], "evt")
+        self.assertEqual(response.json()[0]['timeline'][3]['item']['box'], "box1")
+        self.assertEqual(response.json()[0]['related_items'][0]['description'], "foo")
+        self.assertEqual(response.json()[0]['related_items'][0]['event'], "evt")
+        self.assertEqual(response.json()[0]['related_items'][0]['box'], "box1")
+
+    def test_members(self):
+        response = self.client.get(f'/api/2/{self.event.slug}/item/')
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(len(response.json()), 1)
+        self.assertEqual(response.json()[0]['id'], self.item.id)
+        self.assertEqual(response.json()[0]['description'], 'foo')
+        self.assertEqual(response.json()[0]['box'], 'box1')
+        self.assertEqual(response.json()[0]['cid'], self.box.id)
+        self.assertEqual(response.json()[0]['file'], None)
+        self.assertEqual(response.json()[0]['returned'], False)
+        self.assertEqual(response.json()[0]['event'], self.event.slug)
+        self.assertEqual(len(response.json()[0]['related_issues']), 1)
+        self.assertEqual(response.json()[0]['related_issues'][0]['id'], self.issue.id)
+        self.assertEqual(response.json()[0]['related_issues'][0]['name'], "test issue")
+
+    def test_add_match(self):
+        response = self.client.get('/api/2/matches/')
+        self.assertEqual(1, len(response.json()))
+        item = Item.objects.create(container=self.box, event=self.event, description='1')
+        issue = IssueThread.objects.create(name="test issue", event=self.event)
+
+        response = self.client.post(f'/api/2/matches/',
+                                    {'item': item.id, 'issue_thread': issue.id},
+                                    content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+
+        response = self.client.get('/api/2/matches/')
+        self.assertEqual(2, len(response.json()))
+
+        response = self.client.get('/api/2/tickets/')
+        self.assertEqual(4, len(response.json()[0]['timeline']))
+        self.assertEqual('item_relation', response.json()[0]['timeline'][3]['type'])
+        self.assertEqual('possible', response.json()[0]['timeline'][3]['status'])
+        self.assertEqual(1, len(response.json()[0]['related_items']))
+
+    def test_change_match_state(self):
+        response = self.client.get('/api/2/matches/')
+        self.assertEqual(1, len(response.json()))
+
+        response = self.client.get('/api/2/tickets/')
+        self.assertEqual(4, len(response.json()[0]['timeline']))
+        self.assertEqual('item_relation', response.json()[0]['timeline'][3]['type'])
+        self.assertEqual('possible', response.json()[0]['timeline'][3]['status'])
+        self.assertEqual(1, len(response.json()[0]['related_items']))
+
+        response = self.client.post(f'/api/2/matches/',
+                                    {'item': self.item.id, 'issue_thread': self.issue.id, 'status': 'confirmed'},
+                                    content_type='application/json')
+        self.assertEqual(response.status_code, 201)
+        self.assertEqual(response.json()['status'], 'confirmed')
+        self.assertEqual(response.json()['id'], 2)
+
+        response = self.client.get('/api/2/matches/')
+        self.assertEqual(2, len(response.json()))
+
+        response = self.client.get('/api/2/tickets/')
+        self.assertEqual(5, len(response.json()[0]['timeline']))
+        self.assertEqual('item_relation', response.json()[0]['timeline'][3]['type'])
+        self.assertEqual('possible', response.json()[0]['timeline'][3]['status'])
+        self.assertEqual('item_relation', response.json()[0]['timeline'][4]['type'])
+        self.assertEqual('confirmed', response.json()[0]['timeline'][4]['status'])
+        self.assertEqual(1, len(response.json()[0]['related_items']))
diff --git a/core/tickets/tests/v2/test_tickets.py b/core/tickets/tests/v2/test_tickets.py
index 9e89ed5..e0fb004 100644
--- a/core/tickets/tests/v2/test_tickets.py
+++ b/core/tickets/tests/v2/test_tickets.py
@@ -3,9 +3,9 @@ from datetime import datetime, timedelta
 from django.test import TestCase, Client
 
 from authentication.models import ExtendedUser
-from inventory.models import Event
+from inventory.models import Event, Container, Item
 from mail.models import Email, EmailAttachment
-from tickets.models import IssueThread, StateChange, Comment
+from tickets.models import IssueThread, StateChange, Comment, ItemRelation
 from django.contrib.auth.models import Permission
 from knox.models import AuthToken
 
@@ -18,6 +18,8 @@ class IssueApiTest(TestCase):
         self.user.user_permissions.add(*Permission.objects.all())
         self.user.save()
         self.event = Event.objects.create(slug='evt')
+        self.box = Container.objects.create(name='box1')
+        self.item = Item.objects.create(container=self.box, description="foo", event=self.event)
         self.token = AuthToken.objects.create(user=self.user)
         self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
 
@@ -54,6 +56,11 @@ class IssueApiTest(TestCase):
             comment="test",
             timestamp=now + timedelta(seconds=3),
         )
+        match = ItemRelation.objects.create(
+            issue_thread=issue,
+            item = self.item,
+            timestamp=now + timedelta(seconds=5),
+        )
         self.assertEqual('pending_new', issue.state)
         self.assertEqual('test issue', issue.name)
         self.assertEqual(None, issue.assigned_to)
@@ -67,8 +74,8 @@ class IssueApiTest(TestCase):
         self.assertEqual(response.json()[0]['event'], "evt")
         self.assertEqual(response.json()[0]['assigned_to'], None)
         self.assertEqual(response.json()[0]['uuid'], issue.uuid)
-        self.assertEqual(response.json()[0]['last_activity'], comment.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
-        self.assertEqual(len(response.json()[0]['timeline']), 4)
+        self.assertEqual(response.json()[0]['last_activity'], match.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(len(response.json()[0]['timeline']), 5)
         self.assertEqual(response.json()[0]['timeline'][0]['type'], 'state')
         self.assertEqual(response.json()[0]['timeline'][1]['type'], 'mail')
         self.assertEqual(response.json()[0]['timeline'][2]['type'], 'mail')
@@ -92,6 +99,15 @@ class IssueApiTest(TestCase):
         self.assertEqual(response.json()[0]['timeline'][3]['comment'], 'test')
         self.assertEqual(response.json()[0]['timeline'][3]['timestamp'],
                          comment.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(response.json()[0]['timeline'][4]['status'], 'possible')
+        self.assertEqual(response.json()[0]['timeline'][4]['timestamp'],
+                         match.timestamp.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))
+        self.assertEqual(response.json()[0]['timeline'][4]['item']['description'], "foo")
+        self.assertEqual(response.json()[0]['timeline'][4]['item']['event'], "evt")
+        self.assertEqual(response.json()[0]['timeline'][4]['item']['box'], "box1")
+        self.assertEqual(response.json()[0]['related_items'][0]['description'], "foo")
+        self.assertEqual(response.json()[0]['related_items'][0]['event'], "evt")
+        self.assertEqual(response.json()[0]['related_items'][0]['box'], "box1")
 
     def test_issues_incomplete_timeline(self):
         now = datetime.now()

From fdf5ab8ad10a44fa55f3041b974eb1c4bf6a9d40 Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Sat, 9 Nov 2024 05:05:05 +0100
Subject: [PATCH 21/22] implement simple backend search for items and tickets

---
 core/inventory/api_v2.py              | 26 +++++++---
 core/inventory/serializers.py         | 11 ++++
 core/inventory/tests/v2/test_items.py | 73 +++++++++++++++++++++++++++
 core/tickets/api_v2.py                | 28 +++++++++-
 core/tickets/serializers.py           | 11 ++++
 core/tickets/tests/v2/test_tickets.py | 20 ++++++++
 6 files changed, 160 insertions(+), 9 deletions(-)

diff --git a/core/inventory/api_v2.py b/core/inventory/api_v2.py
index f853b47..e1f643e 100644
--- a/core/inventory/api_v2.py
+++ b/core/inventory/api_v2.py
@@ -6,7 +6,9 @@ from rest_framework.response import Response
 from rest_framework.permissions import IsAuthenticated
 
 from inventory.models import Event, Container, Item
-from inventory.serializers import EventSerializer, ContainerSerializer, ItemSerializer
+from inventory.serializers import EventSerializer, ContainerSerializer, ItemSerializer, SearchResultSerializer
+
+from base64 import b64decode
 
 
 class EventViewSet(viewsets.ModelViewSet):
@@ -20,18 +22,26 @@ class ContainerViewSet(viewsets.ModelViewSet):
     queryset = Container.objects.all()
 
 
+def filter_items(items, query):
+    query_tokens = query.split(' ')
+    for item in items:
+        value = 0
+        for token in query_tokens:
+            if token in item.description:
+                value += 1
+        if value > 0:
+            yield {'search_score': value, 'item': item}
+
+
 @api_view(['GET'])
 @permission_classes([IsAuthenticated])
-@permission_required('view_item', raise_exception=True)
 def search_items(request, event_slug, query):
     try:
         event = Event.objects.get(slug=event_slug)
-        query_tokens = query.split(' ')
-        q = Item.objects.filter(event=event)
-        for token in query_tokens:
-            if token:
-                q = q.filter(description__icontains=token)
-        return Response(ItemSerializer(q, many=True).data)
+        if not request.user.has_event_perm(event, 'view_item'):
+            return Response(status=403)
+        items = filter_items(Item.objects.filter(event=event), b64decode(query).decode('utf-8'))
+        return Response(SearchResultSerializer(items, many=True).data)
     except Event.DoesNotExist:
         return Response(status=404)
 
diff --git a/core/inventory/serializers.py b/core/inventory/serializers.py
index 941e20f..9a611f6 100644
--- a/core/inventory/serializers.py
+++ b/core/inventory/serializers.py
@@ -83,3 +83,14 @@ class ItemSerializer(BasicItemSerializer):
             validated_data.pop('dataImage')
             instance.files.add(file)
         return super().update(instance, validated_data)
+
+
+class SearchResultSerializer(serializers.Serializer):
+    search_score = serializers.IntegerField()
+    item = ItemSerializer()
+
+    def to_representation(self, instance):
+        return {**ItemSerializer(instance['item']).data, 'search_score': instance['search_score']}
+
+    class Meta:
+        model = Item
diff --git a/core/inventory/tests/v2/test_items.py b/core/inventory/tests/v2/test_items.py
index 953f1a3..59a5a4e 100644
--- a/core/inventory/tests/v2/test_items.py
+++ b/core/inventory/tests/v2/test_items.py
@@ -7,6 +7,8 @@ from authentication.models import ExtendedUser
 from files.models import File
 from inventory.models import Event, Container, Item
 
+from base64 import b64encode
+
 
 class ItemTestCase(TestCase):
 
@@ -199,3 +201,74 @@ class ItemTestCase(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(len(response.json()), 1)
         self.assertEqual(response.json()[0]['id'], item1.id)
+
+
+class ItemSearchTestCase(TestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.event = Event.objects.create(slug='EVENT', name='Event')
+        self.box = Container.objects.create(name='BOX')
+        self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
+        self.user.user_permissions.add(*Permission.objects.all())
+        self.token = AuthToken.objects.create(user=self.user)
+        self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
+        self.item1 = Item.objects.create(container=self.box, event=self.event, description='abc def')
+        self.item2 = Item.objects.create(container=self.box, event=self.event, description='def ghi')
+        self.item3 = Item.objects.create(container=self.box, event=self.event, description='jkl mno pqr')
+        self.item4 = Item.objects.create(container=self.box, event=self.event, description='stu vwx')
+
+    def test_search(self):
+        search_query = b64encode(b'abc').decode('utf-8')
+        response = self.client.get(f'/api/2/{self.event.slug}/items/{search_query}/')
+        self.assertEqual(200, response.status_code)
+        self.assertEqual(1, len(response.json()))
+        self.assertEqual(self.item1.id, response.json()[0]['id'])
+        self.assertEqual('abc def', response.json()[0]['description'])
+        self.assertEqual('BOX', response.json()[0]['box'])
+        self.assertEqual(self.box.id, response.json()[0]['cid'])
+        self.assertEqual(1, response.json()[0]['search_score'])
+
+    def test_search2(self):
+        search_query = b64encode(b'def').decode('utf-8')
+        response = self.client.get(f'/api/2/{self.event.slug}/items/{search_query}/')
+        self.assertEqual(200, response.status_code)
+        self.assertEqual(2, len(response.json()))
+        self.assertEqual(self.item1.id, response.json()[0]['id'])
+        self.assertEqual('abc def', response.json()[0]['description'])
+        self.assertEqual('BOX', response.json()[0]['box'])
+        self.assertEqual(self.box.id, response.json()[0]['cid'])
+        self.assertEqual(1, response.json()[0]['search_score'])
+        self.assertEqual(self.box.id, response.json()[1]['cid'])
+        self.assertEqual('def ghi', response.json()[1]['description'])
+        self.assertEqual('BOX', response.json()[1]['box'])
+        self.assertEqual(self.box.id, response.json()[1]['cid'])
+        self.assertEqual(1, response.json()[0]['search_score'])
+
+    def test_search3(self):
+        search_query = b64encode(b'jkl').decode('utf-8')
+        response = self.client.get(f'/api/2/{self.event.slug}/items/{search_query}/')
+        self.assertEqual(200, response.status_code)
+        self.assertEqual(1, len(response.json()))
+        self.assertEqual(self.item3.id, response.json()[0]['id'])
+        self.assertEqual('jkl mno pqr', response.json()[0]['description'])
+        self.assertEqual('BOX', response.json()[0]['box'])
+        self.assertEqual(self.box.id, response.json()[0]['cid'])
+        self.assertEqual(1, response.json()[0]['search_score'])
+
+    def test_search4(self):
+        search_query = b64encode(b'abc def').decode('utf-8')
+        response = self.client.get(f'/api/2/{self.event.slug}/items/{search_query}/')
+        self.assertEqual(200, response.status_code)
+        self.assertEqual(2, len(response.json()))
+        self.assertEqual(self.item1.id, response.json()[0]['id'])
+        self.assertEqual('abc def', response.json()[0]['description'])
+        self.assertEqual('BOX', response.json()[0]['box'])
+        self.assertEqual(self.box.id, response.json()[0]['cid'])
+        self.assertEqual(2, response.json()[0]['search_score'])
+        self.assertEqual(self.item2.id, response.json()[1]['id'])
+        self.assertEqual('def ghi', response.json()[1]['description'])
+        self.assertEqual('BOX', response.json()[1]['box'])
+        self.assertEqual(self.box.id, response.json()[1]['cid'])
+        self.assertEqual(1, response.json()[1]['search_score'])
+
diff --git a/core/tickets/api_v2.py b/core/tickets/api_v2.py
index b119bd9..1ed7e02 100644
--- a/core/tickets/api_v2.py
+++ b/core/tickets/api_v2.py
@@ -15,7 +15,7 @@ from mail.models import Email
 from mail.protocol import send_smtp, make_reply, collect_references
 from notify_sessions.models import SystemEvent
 from tickets.models import IssueThread, Comment, STATE_CHOICES, ShippingVoucher, ItemRelation
-from tickets.serializers import IssueSerializer, CommentSerializer, ShippingVoucherSerializer
+from tickets.serializers import IssueSerializer, CommentSerializer, ShippingVoucherSerializer, SearchResultSerializer
 from tickets.shared_serializers import RelationSerializer
 
 
@@ -136,6 +136,30 @@ def add_comment(request, pk):
     return Response(CommentSerializer(comment).data, status=status.HTTP_201_CREATED)
 
 
+def filter_issues(issues, query):
+    query_tokens = query.split(' ')
+    for issue in issues:
+        value = 0
+        for token in query_tokens:
+            if token in issue.description:
+                value += 1
+        if value > 0:
+            yield {'search_score': value, 'issue': issue}
+
+
+@api_view(['GET'])
+@permission_classes([])
+# @permission_classes([IsAuthenticated])
+# @permission_required('view_item', raise_exception=True)
+def search_issues(request, event_slug, query):
+    try:
+        event = Event.objects.get(slug=event_slug)
+        items = filter_issues(IssueThread.objects.filter(event=event), b64decode(query).decode('utf-8'))
+        return Response(SearchResultSerializer(items, many=True).data)
+    except Event.DoesNotExist:
+        return Response(status=404)
+
+
 router = routers.SimpleRouter()
 router.register(r'tickets', IssueViewSet, basename='issues')
 router.register(r'matches', RelationViewSet, basename='matches')
@@ -146,4 +170,6 @@ urlpatterns = ([
                    re_path(r'^tickets/(?P<pk>\d+)/reply/$', reply, name='reply'),
                    re_path(r'^tickets/(?P<pk>\d+)/comment/$', add_comment, name='add_comment'),
                    re_path(r'^(?P<event_slug>[\w-]+)/tickets/manual/$', manual_ticket, name='manual_ticket'),
+                   re_path(r'^(?P<event_slug>[\w-]+)/tickets/(?P<query>[-A-Za-z0-9+/]*={0,3})/$', search_issues,
+                            name='search_issues'),
                ] + router.urls)
diff --git a/core/tickets/serializers.py b/core/tickets/serializers.py
index 2778dd2..aae37ba 100644
--- a/core/tickets/serializers.py
+++ b/core/tickets/serializers.py
@@ -130,3 +130,14 @@ class IssueSerializer(BasicIssueSerializer):
             })
         return sorted(timeline, key=lambda x: x['timestamp'])
 
+
+
+class SearchResultSerializer(serializers.Serializer):
+    search_score = serializers.IntegerField()
+    item = IssueSerializer()
+
+    def to_representation(self, instance):
+        return {**IssueSerializer(instance['item']).data, 'search_score': instance['search_score']}
+
+    class Meta:
+        model = IssueThread
diff --git a/core/tickets/tests/v2/test_tickets.py b/core/tickets/tests/v2/test_tickets.py
index e0fb004..105de93 100644
--- a/core/tickets/tests/v2/test_tickets.py
+++ b/core/tickets/tests/v2/test_tickets.py
@@ -9,6 +9,8 @@ from tickets.models import IssueThread, StateChange, Comment, ItemRelation
 from django.contrib.auth.models import Permission
 from knox.models import AuthToken
 
+from base64 import b64encode
+
 
 class IssueApiTest(TestCase):
 
@@ -365,3 +367,21 @@ class IssueApiTest(TestCase):
         self.assertEqual('pending_new', timeline[0]['state'])
         self.assertEqual('assignment', timeline[1]['type'])
         self.assertEqual(self.user.username, timeline[1]['assigned_to'])
+
+
+class IssueSearchTest(TestCase):
+
+    def setUp(self):
+        super().setUp()
+        self.event = Event.objects.create(slug='EVENT', name='Event')
+        self.user = ExtendedUser.objects.create_user('testuser', 'test', 'test')
+        self.user.user_permissions.add(*Permission.objects.all())
+        self.user.save()
+        self.token = AuthToken.objects.create(user=self.user)
+        self.client = Client(headers={'Authorization': 'Token ' + self.token[1]})
+
+    def test_search(self):
+        search_query = b64encode(b'abc').decode('utf-8')
+        response = self.client.get(f'/api/2/{self.event.slug}/tickets/{search_query}/')
+        self.assertEqual(200, response.status_code)
+        self.assertEqual([], response.json())

From 1506509b9ac613b100270f1b94ebce6d373223aa Mon Sep 17 00:00:00 2001
From: jedi <git@m.j3d1.de>
Date: Wed, 6 Nov 2024 21:11:18 +0100
Subject: [PATCH 22/22] add frontend to edit event details

---
 core/inventory/serializers.py          |  33 ++++++-
 core/inventory/tests/v2/test_events.py |  13 ++-
 web/src/components/ExpandableTable.vue | 124 +++++++++++++++++++++++++
 web/src/store.js                       |   7 ++
 web/src/views/admin/Events.vue         | 106 +++++++++++++++------
 5 files changed, 250 insertions(+), 33 deletions(-)
 create mode 100644 web/src/components/ExpandableTable.vue

diff --git a/core/inventory/serializers.py b/core/inventory/serializers.py
index 9a611f6..9ae2bbe 100644
--- a/core/inventory/serializers.py
+++ b/core/inventory/serializers.py
@@ -9,20 +9,43 @@ from mail.models import EventAddress
 from tickets.shared_serializers import BasicIssueSerializer
 
 
-class EventAdressSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = EventAddress
-        fields = ['address']
+#class EventAdressSerializer(serializers.ModelSerializer):
+#    class Meta:
+#        model = EventAddress
+#        fields = ['address']
+
+#    def to_internal_value(self, data):
+#        if not isinstance(data, str):
+#            raise serializers.ValidationError('This field must be a string.')
+#
+#    def create(self, validated_data):
+#        return EventAddress.objects.create(**validated_data)
+#
+#    def validate(self, data):
+#        return isinstance(data, str)
+
 
 
 class EventSerializer(serializers.ModelSerializer):
-    addresses = EventAdressSerializer(many=True, required=False)
+    #addresses = EventAdressSerializer(many=True, required=False)
+    addresses = SlugRelatedField(many=True, slug_field='address', queryset=EventAddress.objects.all())
 
     class Meta:
         model = Event
         fields = ['id', 'slug', 'name', 'start', 'end', 'pre_start', 'post_end', 'addresses']
         read_only_fields = ['id']
 
+#    def update(self, instance, validated_data):
+#        addresses = validated_data.pop('addresses', None)
+#        instance.save(validated_data)
+#        if addresses:
+#            for address in addresses:
+#                nested_instance, created = EventAddress.objects.get_or_create(address=address)
+#                instance.addresses.add(nested_instance)
+#
+#        return instance
+
+
 
 class ContainerSerializer(serializers.ModelSerializer):
     itemCount = serializers.SerializerMethodField()
diff --git a/core/inventory/tests/v2/test_events.py b/core/inventory/tests/v2/test_events.py
index 6d6cadb..55c6b90 100644
--- a/core/inventory/tests/v2/test_events.py
+++ b/core/inventory/tests/v2/test_events.py
@@ -47,6 +47,18 @@ class EventTestCase(TestCase):
         self.assertEqual(Event.objects.all()[0].slug, 'EVENT2')
         self.assertEqual(Event.objects.all()[0].name, 'Event 2 new')
 
+    def test_update_event(self):
+        from rest_framework.test import APIClient
+        event = Event.objects.create(slug='EVENT1', name='Event 1')
+        response = APIClient().patch(f'/api/2/events/{event.eid}/', {'addresses': ['foo@bar.baz', 'foo1@bar.baz']})
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.json()['slug'], 'EVENT1')
+        self.assertEqual(response.json()['name'], 'Event 1')
+        self.assertEqual(len(Event.objects.all()), 1)
+        self.assertEqual(Event.objects.all()[0].slug, 'EVENT1')
+        self.assertEqual(Event.objects.all()[0].name, 'Event 1')
+        self.assertEqual(1, len(response.json()[0]['addresses']))
+
     def test_remove_event(self):
         event = Event.objects.create(slug='EVENT1', name='Event 1')
         Event.objects.create(slug='EVENT2', name='Event 2')
@@ -65,4 +77,3 @@ class EventTestCase(TestCase):
         self.assertEqual('TEST1', response.json()[0]['slug'])
         self.assertEqual('Event', response.json()[0]['name'])
         self.assertEqual(1, len(response.json()[0]['addresses']))
-
diff --git a/web/src/components/ExpandableTable.vue b/web/src/components/ExpandableTable.vue
new file mode 100644
index 0000000..6bd5175
--- /dev/null
+++ b/web/src/components/ExpandableTable.vue
@@ -0,0 +1,124 @@
+<template>
+    <table class="table table-striped table-dark">
+        <thead>
+        <tr>
+            <th>
+            </th>
+            <th scope="col" v-for="(column, index) in columns" :key="index">
+                <div class="input-group">
+                    <div class="input-group-prepend">
+                        <button
+                            :class="[ 'btn', column === sortBy ? 'btn-outline-info' : 'btn-outline-secondary' ]"
+                            @click="toggleSort(column)"
+                        >
+                            {{ column }}
+                            <span :class="{ 'text-info': column === sortBy }">
+                                    <font-awesome-icon :icon="getSortIcon(column)"/>
+                                </span>
+                        </button>
+                    </div>
+                    <input
+                        type="text"
+                        class="form-control"
+                        placeholder="filter"
+                        :value="filters[column]"
+                        @input="changeFilter(column, $event.target.value)"
+                    >
+                </div>
+            </th>
+            <th>
+                <slot name="header_actions"/>
+            </th>
+        </tr>
+        </thead>
+        <tbody v-for="(item, index) in internalItems" :key="item[keyName]" style="border-top: none">
+        <tr @click="toggle(index)">
+            <td>
+                <font-awesome-icon icon="angle-right" style="width: 1em;" v-if="collapsed[index]"/>
+                <font-awesome-icon icon="angle-down" style="width: 1em;" v-else/>
+            </td>
+            <td v-for="(column, index) in columns" :key="index">{{ item[column] }}</td>
+            <td>
+                <slot v-bind:id="index" v-bind:item="item" name="actions"/>
+            </td>
+        </tr>
+        <tr v-if="!collapsed[index]">
+            <td :colspan="columns.length + 2">
+                <slot v-bind:id="index" v-bind:item="item" name="detail"/>
+            </td>
+        </tr>
+        </tbody>
+    </table>
+</template>
+
+<script>
+import DataContainer from '@/mixins/data-container';
+import router from '../router';
+import {mapGetters} from "vuex";
+
+export default {
+    name: 'ExpandableTable',
+    mixins: [DataContainer],
+    created() {
+        this.columns.map(e => ({
+            k: e,
+            v: this.$store.getters.getFilters[e]
+        })).filter(e => e.v).forEach(e => this.setFilter(e.k, e.v));
+
+        const query = this.route ? (this.route.query ? this.route.query.collapsed : null) : null;
+        if (query !== null && query !== undefined) {
+            this.collapsed = this.unpackInt(parseInt(query), this.internalItems.length);
+        } else {
+            this.collapsed = this.internalItems.map(() => true);
+        }
+    },
+    data() {
+        return {
+            collapsed: [],
+        };
+    },
+    computed: {
+        ...mapGetters(['route']),
+    },
+    methods: {
+        changeFilter(col, val) {
+            this.setFilter(col, val);
+            let newquery = Object.entries({
+                ...this.$store.getters.getFilters,
+                [col]: val
+            }).reduce((a, [k, v]) => (v ? {...a, [k]: v} : a), {});
+            router.push({query: newquery});
+        },
+        packInt(arr) {
+            return arr.reduce((a, e, i) => a + (e ? 0 : 2 ** i), 0);
+        },
+        unpackInt(n, l) {
+            return [...Array(l)].map((e, i) => (n & 2 ** i) === 0);
+        },
+        toggle(index) {
+            const collapsed = [...this.collapsed]
+            collapsed[index] = !collapsed[index];
+            this.collapsed = collapsed;
+        },
+    },
+    watch: {
+        collapsed: {
+            handler() {
+                const encoded = this.packInt(this.collapsed).toString()
+                if (this.route.query.collapsed !== encoded)
+                    this.$router.push({
+                        ...this.route,
+                        query: {...this.route.query, collapsed: encoded}
+                    });
+            },
+            deep: true,
+        },
+    },
+};
+</script>
+
+<style>
+.table-body-move {
+    transition: transform 1s;
+}
+</style>
\ No newline at end of file
diff --git a/web/src/store.js b/web/src/store.js
index dcc3aea..60dba61 100644
--- a/web/src/store.js
+++ b/web/src/store.js
@@ -339,6 +339,13 @@ const store = createStore({
                 commit('replaceEvents', [...state.events.filter(e => e.eid !== event_id)])
             }
         },
+        async updateEvent({commit, dispatch, state}, {id, partial_event}){
+            console.log(id, partial_event);
+            const {data, success} = await http.patch(`/2/events/${id}/`, partial_event, state.user.token);
+            if (success) {
+                commit('replaceEvents', [...state.events.filter(e => e.eid !== id), data])
+            }
+        },
         async fetchTicketStates({commit, state, getters}) {
             if (!state.user.token) return;
             if (state.fetchedData.states > Date.now() - 1000 * 60 * 60 * 24) return;
diff --git a/web/src/views/admin/Events.vue b/web/src/views/admin/Events.vue
index 1aab608..e2ff952 100644
--- a/web/src/views/admin/Events.vue
+++ b/web/src/views/admin/Events.vue
@@ -1,50 +1,102 @@
 <template>
-    <Table
-        :columns="['slug', 'name']"
-        :items="events"
-        :keyName="'slug'"
-    >
-        <template v-slot:header_actions>
-            <button class="btn btn-success" @click.prevent="openAddEventModal">
-                <font-awesome-icon icon="plus"/>
-                Create Event
-            </button>
-        </template>
-        <template v-slot:actions="{ item }">
-            <div class="btn-group">
-                <button class="btn btn-secondary" @click.stop="changeEvent(item)">
-                    <font-awesome-icon icon="archive"/>
-                    use
+    <AsyncLoader :loaded="events.length > 0">
+        <ExpandableTable v-if="!!events" :columns="['slug', 'name']" :items="events" :keyName="'slug'">
+            <template v-slot:header_actions>
+                <button class="btn btn-success" @click.prevent="openAddEventModal">
+                    <font-awesome-icon icon="plus"/>
+                    Create Event
                 </button>
-                <button class="btn btn-danger" @click.stop="safeDeleteEvent(item.eid)">
-                    <font-awesome-icon icon="trash"/>
-                    delete
-                </button>
-            </div>
-        </template>
-    </Table>
+            </template>
+            <template v-slot:actions="{ item }">
+                <div class="btn-group">
+                    <button class="btn btn-secondary" @click.stop="changeEvent(item)" style="white-space: nowrap;">
+                        <font-awesome-icon icon="archive"/>&nbsp;use
+                    </button>
+                    <button class="btn btn-danger" @click.stop="safeDeleteEvent(item.eid)" style="white-space: nowrap;">
+                        <font-awesome-icon icon="trash"/>&nbsp;delete
+                    </button>
+                </div>
+            </template>
+            <template v-slot:detail="{id, item }">
+                <div class="row">
+                    <div class="col">
+                        <input type="date" class="form-control form-control-sm" title="Buildup Start"
+                               v-model="item.pre_start" disabled style="opacity: 1"
+                               :max="item.start" @focus="prepare_date_field">
+                    </div>
+                    <div class="col">
+                        <input type="date" class="form-control form-control-sm" title="Official Event Start"
+                               v-model="item.start" disabled style="opacity: 1"
+                               :min="item.pre_start" :max="item.end" @focus="prepare_date_field">
+                    </div>
+                    <div class="col">
+                        <input type="date" class="form-control form-control-sm" title="Official Event End"
+                               v-model="item.end" disabled style="opacity: 1"
+                               :min="item.start" :max="item.post_end" @focus="prepare_date_field">
+                    </div>
+                    <div class="col">
+                        <input type="date" class="form-control form-control-sm" title="Teardown End"
+                               v-model="item.post_end" disabled style="opacity: 1"
+                               :min="item.end" @focus="prepare_date_field">
+                    </div>
+                </div>
+                <div class="mt-3">
+                    <label class="mr-3">Addresses: </label>
+                    <div v-for="(address, a_id) in item.addresses" class="btn-group btn-group-sm mr-3"
+                         @click.stop="deleteAddress(id, a_id)">
+                        <button class="btn btn-secondary" disabled style="opacity: 1">
+                            {{ address }}
+                        </button>
+                        <button class="btn btn-danger">
+                            <font-awesome-icon icon="trash"/>
+                        </button>
+                    </div>
+                    <div class="btn-group btn-group-sm">
+                        <input type="text" v-model="new_address[id]">
+                        <button class="btn btn-secondary" @click.stop="addAddress(id)" style="white-space: nowrap;">
+                            <font-awesome-icon icon="envelope"/>&nbsp;add
+                        </button>
+                    </div>
+                </div>
+            </template>
+        </ExpandableTable>
+    </AsyncLoader>
 </template>
 
 <script>
 import {mapActions, mapMutations, mapState} from 'vuex';
-import Table from '@/components/Table';
+import ExpandableTable from "@/components/ExpandableTable.vue";
+import AsyncLoader from "@/components/AsyncLoader.vue";
 
 export default {
     name: 'Events',
-    components: {Table},
+    components: {AsyncLoader, ExpandableTable},
     computed: mapState(['events']),
+    data() {
+        return {new_address: []}
+    },
     methods: {
-        ...mapActions(['changeEvent', 'deleteEvent']),
+        ...mapActions(['changeEvent', 'deleteEvent', 'updateEvent']),
         ...mapMutations(['openAddEventModal']),
         safeDeleteEvent(id) {
             if (confirm('do you want to completely delete this event and related data?')) {
                 this.deleteEvent(id)
             }
         },
+        addAddress(id) {
+            const a = this.new_address[id];
+            if (!this.events[id].addresses.includes(a))
+                this.events[id].addresses.push(a)
+            this.new_address[id] = ""
+            this.updateEvent({id: this.events[id].eid, partial_event: {addresses: this.events[id].addresses}});
+        },
+        deleteAddress(id, a_id) {
+            this.events[id].addresses = this.events[id].addresses.filter((e, i) => i !== a_id);
+            this.updateEvent({id: this.events[id].eid, partial_event: {addresses: this.events[id].addresses}});
+        }
     },
 };
 </script>
 
 <style scoped>
-
 </style>
\ No newline at end of file