Implement organizer onboarding process | Pricing/Privacy/Terms Pages

[lcduong]

This PR is part of issue #379 Implement organizer onboarding process
It implement:

1. in Admin area /control/admin, create a new page on left sidebar, allow Admin to create/update content for Pricing/Privacy/Terms page which will be showed on login/register page.

2. In login/register page, add header to show Pricing/Privacy/Terms page

Summary by Sourcery

Implement a new admin page for managing Pricing, Privacy, and Terms content, and integrate Quill Editor for rich text editing.

New Features:

• Add a new admin page in the control panel to create and update content for Pricing, Privacy, and Terms pages, which are displayed on the login/register page.

Enhancements:

• Integrate Quill Editor for rich text editing capabilities in the admin panel for page content management.

Documentation:

• Add documentation for the new admin page functionality, detailing how to create and update Pricing, Privacy, and Terms pages.

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR implements functionality to manage content pages (Pricing/Privacy/Terms) in the admin area and display them on the login/register page. The implementation uses Quill editor for rich text editing and includes proper content sanitization.

Class diagram for the new PageSettingsForm and PageCreate classes

classDiagram
    class PageSettingsForm {
        +GlobalSettingsObject obj
        +String page_name
        +clean() I18nFormField
        +_clean_content_field(content_field) I18nFormField
        +_store_image(image_src) String
    }
    class PageCreate {
        +get_form_kwargs() kwargs
        +get_context_data() ctx
        +form_valid(form) success
        +form_invalid(form) error
        +get_success_url() url
    }
    PageCreate --> PageSettingsForm
    note for PageSettingsForm "Handles form logic for page settings"
    note for PageCreate "View for creating and updating page content"

Loading

File-Level Changes

Change	Details	Files
Added new admin interface for managing content pages	Created new admin navigation menu item for Pages with sub-items for FAQ, Pricing, Privacy and Terms Implemented PageCreate view to handle page content management Added PageSettingsForm to handle page title and content fields with i18n support	src/pretix/control/navigation.py src/pretix/eventyay_common/views/pages.py src/pretix/eventyay_common/forms/page.py
Implemented content display functionality on login/register pages	Added header navigation links to show Pricing/Privacy/Terms pages Created ShowPageView to display page content Added content sanitization using bleach library Implemented context variables to control page visibility	src/pretix/control/templates/pretixcontrol/auth/base.html src/pretix/eventyay_common/views/pages.py
Integrated Quill rich text editor	Added Quill editor JavaScript and CSS files Implemented image upload handling in form processing Added content display styling for rendered pages	src/pretix/static/pages/js/quill.core.js src/pretix/static/pages/css/quill.snow.css src/pretix/static/pages/css/quill-show.css

Possibly linked issues

• Implement organizer onboarding process #379: PR implements organizer onboarding process and related pages, addressing the issue requirements.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey @lcduong - I've reviewed your changes - here's some feedback:

Overall Comments:

• Consider adding access controls to the uploaded images storage to prevent unauthorized access. The current implementation stores them with public access which could be a security concern.

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🟡 Security: 1 issue found
• 🟢 Testing: all looks good
• 🟡 Complexity: 2 issues found
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: Add error handling for HTML parsing

The lxml.html.fragments_fromstring() call should be wrapped in a try-except block to handle malformed HTML gracefully. Invalid input could currently cause uncaught exceptions.

    def _clean_content_field(self, content_field):
        try:
            page_content = self.cleaned_data[content_field]
        except (lxml.etree.ParserError, ValueError) as e:
            raise forms.ValidationError(_('Invalid HTML content')) from e

[sourcery-ai]

🚨 issue (security): Add file size limits and type validation for uploaded images

The image upload functionality should validate file sizes and implement stricter MIME type checking to prevent security issues. Consider adding a cleanup mechanism for old images.

[sourcery-ai]

issue (complexity): Consider refactoring the page content flag setting logic to use a loop over page types.

The content flag setting in get_context_data can be simplified by looping over page types. This reduces duplication and makes the code more maintainable:

def get_context_data(self, **kwargs):
    ctx = super().get_context_data()
    page_title, page_content = self.get_page(page=kwargs.get("page"))
    ctx["page_title"] = str(LazyI18nString(page_title))

    # ... bleach configuration ...

    gs = GlobalSettingsObject()
    page_types = ['faq', 'pricing', 'privacy', 'terms']
    for page_type in page_types:
        ctx[f'{page_type}_content'] = bool(getattr(gs.settings, f'{page_type}_content', False))
    return ctx

This change:

• Reduces code duplication
• Makes adding new page types easier
• Maintains identical functionality
• Improves readability

[sourcery-ai]

issue (complexity): Consider using a list-based approach to generate the navigation structure programmatically

The Pages navigation structure contains unnecessary repetition. Consider generating it from a simple list of page definitions:

ADMIN_PAGES = [
    ('faq', _('FAQ')),
    ('pricing', _('Pricing')),
    ('privacy', _('Privacy')),
    ('terms', _('Terms')),
]

pages_nav = {
    'label': _('Pages'),
    'url': reverse('control:admin.pages.create', kwargs={'page': ADMIN_PAGES[0][0]}),
    'active': False,
    'icon': "file-text",
    'children': [{
        'label': label,
        'url': reverse('control:admin.pages.create', kwargs={'page': page_type}),
        'active': url.kwargs.get('page') == page_type,
    } for page_type, label in ADMIN_PAGES]
}

This approach:

• Makes adding new pages trivial
• Reduces chance of copy-paste errors
• Maintains consistent structure
• Keeps all functionality intact