32 releases 38 tags

RSS feed

• v0.11.4 e319f3d6e3

  Compare

  v0.11.4 Stable

  Fletcher released this 2026-05-03 17:44:32 +00:00 | 15 commits to main since this release

  Added

  • Pledge projects: Track padding in project totals to reflect external contributions (association, grants etc)
  • Pledge projects: Donors can now clarify what happens to their pledge if the project fails
  • Access lists: Add primary group designation to access lists
  • Cards: Toggle primary group membership for configured access lists
  • Cards: Add cards based on recently denied scans submitted by edge clients
  • Login provider: Add suggested login provider via query param
  • SAML: Allow portal to act as SAML IdP
  • Group permissions: Add permissions framework on top of groups 🖥️
  • Training docs: Add analytics and personal todo

  Changed

  • Migrations: Increased Alembic version_num column length 32->255 to allow for more descriptive versions 🖥️
  • Training bookings: Training managers no longer see bookings they're not involved with on their personal booking page
  • Training booking filter: Filter can be preselected with a query parameter
  • Announcement categories: Announcements can be marked as highlighted for all
  • Training docs: Format PPE table
  • Training slot templates: Allow editing of existing slots rather than just additions
  • Training bookings (pending): Assign Booking modal allows end-time overrides when assigning a pending booking

  Fixed

  • Volunteer token prompts: Prompt links with prompt_date now redirect volunteers from the member submit page to the volunteer tool and prefill the same date there (if applicable)
  • Personalised calendar feeds: Upcoming training appears in the feed regardless of RSVP'd events
  • Wiki URL: Wiki URL is no longer hardcoded 🖥️
  • Announcement direct links: Unrestricted announcements are now viewable for all sessions
  • Training lists: Sort induction lists server side
• v0.11.3 454b89f373

  Compare

  v0.11.3 Stable

  Fletcher released this 2026-04-22 08:58:14 +00:00 | 30 commits to main since this release

  Added

  • Notifications dropdown: Added per-notification and "Mark all as read" actions in the navbar dropdown for unread items
  • Volunteer tokens: Added a prompt mode to request users submit hours for a specific day
  • Drawer: Add system to track drawer contents
  • Homepage cards: Upcoming training bookings and RSVP'd events added to home screen
  • Xero connector: Add flow to link Xero tenant and basic tools to map TidyHQ finance categories to the Xero chart of accounts

  Changed

  • Training bookings: Existing bookings moved to the top of booking page
  • DM training: Trainers and trainees have the option of DMing each other

  Fixed

  • Training booking board: Removed UI debug logging 🖥️
  • Training docs: Wiki section matching now handles / in section headers when resolving fragment links
  • Training bookings (pending): Managers can now sign off attended sessions with zero time debt
  • Slack notification button: Ack button press notification from Slack for view notification buttons 🖥️
  • Notification datetimes: Datetime templating fixed for truncated notification bodies in navbar dropdown

  Security

  • OAuth authorisation: Added configurable user-agent blocking for /oauth/authorize requests 🖥️
• v0.11.2 feb069e9e2

  Compare

  v0.11.2 Stable

  Fletcher released this 2026-04-16 06:02:14 +00:00 | 48 commits to main since this release

  Added

  • Edge auth: Helper to facilitate access list authentication
  • API / edge access: Added versioning to access lists to reduce network load on updates 🖥️
  • API / edge access: Log unknown scans
  • Events management: Added a direct publish action for draft events on /events/manage#upcoming
  • Committee pledges: Added manual pledge entry/editing

  Changed

  • OAuth logging: Anonymous 401 requests to /oauth/authorize are now excluded from request warning logs to reduce noise 🖥️
  • Training availability: Allow trainers to confirm availability for all open slots at once

  Fixed

  • Event Slack posts: Slack posts now correctly point to event instances rather than the root event
  • Training slots (committee): Slots in the past are no longer listed
  • Upcoming bookings: Batch load info and process rather than using queries to dramatically speed up load times for slots 🖥️
  • Committee pledges: Increasing a funded project's goal now reopens it when pledged total is below the new goal
  • Pledge project creation: Logging the creation of a project will no longer randomly error out 🖥️
• v0.11.1 22fe7ebbc3

  Compare

  v0.11.1 Stable

  Fletcher released this 2026-03-23 04:09:05 +00:00 | 55 commits to main since this release

  Added

  • Training bookings: Warning when requesting a slot that starts within 24 hours (short notice)
  • Training bookings: Filter upcoming open slots by a specific available induction
  • Training bookings (pending): Prompt for time debt when signing off trainee
  • Training bookings (pending): Add modal to view existing inductions
  • Training bookings: When a booking is confirmed, the assigned trainer receives a portal notification (in addition to the trainee)

  Changed

  • Training bookings (pending): Reduce number of API calls made when prepping a manual booking 🖥️
  • Database schema: Freeze baseline to current state of models.py 🖥️
  • Training bookings: Recent sessions expanded beyond 6h, completed, added cancel button
  • Navigation: Expand (grand)parent navigation items on mobile to aid in submenu navigation (switching between training pages etc)

  Fixed

  • Training bookings (pending): Booking modal does not present past slots or not endorsed trainers as options
  • Concession profile: Template only returned when user held a concession
  • Training bookings (pending): Creating a manual booking now refreshes the Upcoming Bookings section
  • Training bookings (pending): Manager assignments from the pending list now use the same notification and validation helpers as the booking board 🖥️
• v0.11.0 c80f2f4f28

  Compare

  v0.11.0 Stable

  Fletcher released this 2026-03-19 19:13:49 +00:00 | 64 commits to main since this release

  Added

  • Database: Schema changes are now handled through Alembic 🖥️
• v0.10.10 e3a6152db6

  Compare

  v0.10.10 Stable

  Fletcher released this 2026-03-19 19:10:31 +00:00 | 65 commits to main since this release

  Added

  • Material creation: Labels can now be printed directly in the creation flow rather than afterwards
  • Training booking Slack messages: Track post lifecycle (active/passed/deleted), auto-mark posts as passed after 48h, and add an admin tool to mark missing active posts as deleted

  Changed

  • Admin contacts (mobile): Row expansion is now via button instead of row tap (too many other targets)
  • Booking board: Bookings placed from the pending tray are marked as confirmed not assigned
  • Training booking Slack messages: Passed/deleted posts are now hidden by default (with an option to show them)
  • Training bookings: Formatting of upcoming slots adjusted to better show they exist during loading
  • Training bookings: Available inductions are now collapsed by default
  • Training bookings: Notify assigned trainer when booking is cancelled by user
  • Training bookings: Trainee side cancellations <6h from the session time are marked as no shows
  • Training bookings: Requests for training are now posted to the training channel on Slack
  • Training bookings: The UI now makes it clearer that training requests are requests not bookings
  • Navigation: Create new Storage menu, move materials (member side)
  • Lockers: Move to storage section instead of profile
  • Lockers: Add explainer card and membership check
  • Member Work: Move into Storage menu, rename in navigation to Files

  Fixed

  • Volunteer statistics: All sections now respect datetime filters
  • Volunteer statistics: Time debt is sorted by hours
  • Admin contacts: Pagination navigation no longer causes horizontal scrolling on mobile
  • Admin notifications list: Localised datetimes in notifications are translated
  • Training bookings: "Book this slot" buttons correctly fill the form rather than submitting
  • Booking board: Booking cards moved from the pending tray to the board now save
  • Booking board conflict detection: ETag comparison fixed 🖥️
  • Training booking notifications: Start time incorrectly used the requested slot time instead of the scheduled booking time for notifications
  • Training bookings: Assign Booking modal now allows assigning a trainer without selecting a slot
  • Training bookings: Assign Booking modal warns about induction duration mismatches and offers potential fixes
  • Training bookings: Removed the "no slot" suffix from portal-day Slack summaries
  • Training bookings: Slack booking summaries now sort by booking start time instead of slot start time
  • Markdown: Nested lists now render correctly
  • Training endorsements table: Fix bug in alphabetical view that prevented switching
  • Volunteer token entries: Bucket splits with zero hours are now removed before DB write 🖥️
  • Training docs: "View content" wiki modal wraps preformatted text instead of scrolling horizontally
• v0.10.9 99c2c0c825

  Compare

  v0.10.9 Stable

  Fletcher released this 2026-03-15 15:34:05 +00:00 | 84 commits to main since this release

  Added

  • Booking board: Add dynamic board to help arrange bookings
  • Notification datetimes: Added a framework to include localised datetimes in notifications 🖥️

  Changed

  • Committee pending training: Condensed upcoming bookings from cards to tables split by day

  Fixed

  • Linked accounts: Fix styling of passkey buttons (primary->success) 🖥️
  • Training notifications: Training notifications no longer send datetimes as UTC 🖥️
• v0.10.8 281bbf5fa4

  Compare

  v0.10.8 Stable

  Fletcher released this 2026-03-14 00:27:24 +00:00 | 90 commits to main since this release

  Added

  • General calendar feed: Add a general calendar feed that features all public events, page styling/name adjusted to accommodate
  • Training booking messages: Backend page to directly control posting of booking posts to Slack (including refreshing the post)

  Changed

  • Slack auth: Migrate from OAuth2 to OpenID, including scheduled token refresh task 🖥️
  • Training booking suggestions: Suggested training weighting now factors in bookings -14d +30d and endorsement breadth (wider=lower ranking)
  • Manual booking: UI streamlined, options now restrict based on selected dropdowns
  • Manual Training Slack messages: Posting selector improved, added support for whole day posts
  • General calendar feed: Presented as alternate info source on all event lists 🖥️

  Fixed

  • Training in calendar feeds: Fixed error with description generation 🖥️
  • Manual training bookings: Bookings created at the confirmed stage no longer send assigned notifications as well
  • Training booking notifications: Assigned notifications no longer ask users to confirm bookings
  • Notification drafts: Added missing short_text column to NotificationDraft model so draft list and save use the attribute correctly 🖥️
  • Committee training pending bookings: Fix the "Use this" button
  • Training post: Rendering is now triggered on all relevant changes 🖥️
  • Merge accounts tool: The merge tool now correctly transfers training bookings 🖥️

  Security

  • Event feeds (subscriptions): Force https for ics url regardless of proxy config 🖥️
• v0.10.7 b5f8e378a1

  Compare

  v0.10.7 Stable

  Fletcher released this 2026-03-11 16:40:46 +00:00 | 105 commits to main since this release

  Added

  • SSO account creation: Shared helper to create User + OAuthAccount from a provider identity; used by OAuth callbacks and Slack App Home, and reusable for other SSO routes 🖥️
  • UserProfile from OAuth: New users created via the provider-identity helper now get a Celery task enqueued to populate UserProfile from their OAuth account profile data (TidyHQ, Slack, etc.) 🖥️

  Changed

  • Committee training pending bookings: Added delete button, restyled assign buttons, removed placeholder bulk assign
  • Training bookings: Trim available slot display in booking modal for readability
  • Material scan mode: Add camera border and modal to reflect scanner status
  • Material scan mode: Add an optional "Also update last used date" toggle (off by default)
  • Material scan mode: Add a scan history table showing recently scanned items with status colouring
  • Committee materials: Allow manual updates of last seen/used timestamps from the view/edit modal, plus quick actions to mark as used/consumed and reprint labels

  Fixed

  • Committee materials: Delete confirmation modal deletes the material rather than opening another modal
  • User settings: Don't create user_settings for user IDs that aren't in the users table (fixes FK violations for stale or Slack-only sessions) Underlying cause fixed below but change added to prevent issues in core functionality in the future 🖥️
  • Slack App Home: User ID is no longer half created if the first interaction with the portal is generating a Slack app home 🖥️
  • Committee tokens cumulative chart: Removed leading zero-padding in "Total individual hours over time" so each line begins at the first recorded contribution
  • Material scan mode: Treat organisation-owned material as member-owned for scan status colouring, and skip unused-threshold warnings for organisation-owned material
  • Committee material creation: Fix transparency on user search results
  • Material scan mode: Only log location changes when the location actually changes; otherwise log a "committee scanned" audit entry
  • Training bookings: Only show competency check indicator on inductions that have it enabled
  • Training bookings waitlist: Exclude incompatible events from request list
• v0.10.6 153931c09b

  Compare

  v0.10.6 Stable

  Fletcher released this 2026-03-09 20:02:49 +00:00 | 114 commits to main since this release

  This release focuses on preparing the application for wider usage within the test org.

  Security

  • Clickjacking: Prevent iframes 🖥️
  • Image endpoint: Implement access control for image endpoint based on reference keys 🖥️
  • Volunteer tokens approval UI: Escape entry descriptions when rendering to prevent stored XSS for approvers viewing the tokens page 🖥️
  • Admin concessions CRN: Sanitise CRN to alphanumeric only before display and copy to prevent XSS 🖥️
  • Forgejo webhook: Reject webhook requests when no secret is configured instead of skipping verification 🖥️
  • Post-login redirect: Further restrict post-login redirect targets 🖥️
  • Form statistics charts: Escaped chart titles in bar charts so user-controlled text cannot break out of script context 🖥️
  • Volunteer token authorisation: Restricted token user search endpoints to volunteer and approval roles, and blocked non-approvers from reassigning token entries 🖥️
  • Notification tracking links: Encrypted notification tracking tokens to prevent exposing notification IDs in forwarded emails 🖥️
  • Remote image fetching: Blocked private-network and non-public image URLs during server-side image imports to reduce SSRF risk 🖥️
  • Training wiki rendering: Removed Jinja template evaluation from wiki content responses to reduce server-side template injection risk 🖥️
  • Markdown rendering: Added nh3 sanitisation to rendered markdown 🖥️
  • OAuth login flow: Added state protection for SSO sign in and linking flows 🖥️
  • API key authentication: Remove query support for api keys 🖥️
  • Request forgery protection: Added CSRF protection for browser-based mutating requests and changed logout to use POST 🖥️