starred/WYGIWYH
1
0
Fork 0
mirror of https://github.com/eitchtee/WYGIWYH.git synced 2026-02-25 08:54:52 +01:00
Code Issues 14 Packages Projects Releases 10 Wiki Activity

Compare commits

base: starred:0.18.3
Branches Tags
starred:main starred:weblate starred:dev starred:feat/replace-webpack+bootstrap starred:internal_port starred:add-mcp-server-mention starred:feat/networth-chart starred:feat/better-rules starred:feature/untrack-account starred:feat/setup-screen starred:feat/sidebar starred:feat/auto-refresh starred:fix/amount-input-doesnt-update-on-delete starred:feature/add-django-tests starred:tests
starred:0.19.1 starred:0.19.0 starred:0.18.3 starred:0.18.2 starred:0.18.1 starred:0.18.0 starred:0.17.5 starred:0.17.4 starred:0.17.3 starred:0.17.2 starred:0.17.1 starred:0.17.0 starred:0.16.2 starred:0.16.1 starred:0.16.0 starred:0.15.1 starred:0.15.0 starred:0.14.1 starred:0.14.0 starred:0.13.1 starred:0.13.0 starred:0.12.11 starred:0.12.10 starred:0.12.9 starred:0.12.8 starred:0.12.7 starred:0.12.6 starred:0.12.5 starred:0.12.4 starred:0.12.3 starred:0.12.2 starred:0.12.1 starred:0.12.0 starred:0.11.8 starred:0.11.7 starred:0.11.6 starred:0.11.5 starred:0.11.4 starred:0.11.3 starred:0.11.2 starred:0.11.1 starred:0.11.0 starred:0.10.1 starred:0.10.0 starred:0.9.4 starred:0.9.3 starred:0.9.2 starred:0.9.1 starred:0.9.0 starred:0.8.6 starred:0.8.5 starred:0.8.4 starred:0.8.3 starred:0.8.2 starred:0.8.1 starred:0.8.0 starred:0.7.8 starred:0.7.7 starred:0.7.6 starred:0.7.5 starred:0.7.4 starred:0.7.3 starred:0.7.2 starred:0.7.1 starred:0.7.0 starred:0.6.0 starred:0.5.0 starred:0.4.0 starred:0.3.6 starred:0.3.5 starred:0.3.4 starred:0.3.3 starred:0.3.2 starred:0.3.1 starred:0.3.0 starred:0.2.0 starred:0.1.9 starred:0.1.8 starred:0.1.7 starred:0.1.6 starred:0.1.5 starred:0.1.4 starred:0.1.3 starred:0.1.2 starred:0.1.1 starred:0.1.0
..
compare: starred:weblate
Branches Tags
starred:weblate starred:main starred:dev starred:feat/replace-webpack+bootstrap starred:internal_port starred:add-mcp-server-mention starred:feat/networth-chart starred:feat/better-rules starred:feature/untrack-account starred:feat/setup-screen starred:feat/sidebar starred:feat/auto-refresh starred:fix/amount-input-doesnt-update-on-delete starred:feature/add-django-tests starred:tests
starred:0.19.1 starred:0.19.0 starred:0.18.3 starred:0.18.2 starred:0.18.1 starred:0.18.0 starred:0.17.5 starred:0.17.4 starred:0.17.3 starred:0.17.2 starred:0.17.1 starred:0.17.0 starred:0.16.2 starred:0.16.1 starred:0.16.0 starred:0.15.1 starred:0.15.0 starred:0.14.1 starred:0.14.0 starred:0.13.1 starred:0.13.0 starred:0.12.11 starred:0.12.10 starred:0.12.9 starred:0.12.8 starred:0.12.7 starred:0.12.6 starred:0.12.5 starred:0.12.4 starred:0.12.3 starred:0.12.2 starred:0.12.1 starred:0.12.0 starred:0.11.8 starred:0.11.7 starred:0.11.6 starred:0.11.5 starred:0.11.4 starred:0.11.3 starred:0.11.2 starred:0.11.1 starred:0.11.0 starred:0.10.1 starred:0.10.0 starred:0.9.4 starred:0.9.3 starred:0.9.2 starred:0.9.1 starred:0.9.0 starred:0.8.6 starred:0.8.5 starred:0.8.4 starred:0.8.3 starred:0.8.2 starred:0.8.1 starred:0.8.0 starred:0.7.8 starred:0.7.7 starred:0.7.6 starred:0.7.5 starred:0.7.4 starred:0.7.3 starred:0.7.2 starred:0.7.1 starred:0.7.0 starred:0.6.0 starred:0.5.0 starred:0.4.0 starred:0.3.6 starred:0.3.5 starred:0.3.4 starred:0.3.3 starred:0.3.2 starred:0.3.1 starred:0.3.0 starred:0.2.0 starred:0.1.9 starred:0.1.8 starred:0.1.7 starred:0.1.6 starred:0.1.5 starred:0.1.4 starred:0.1.3 starred:0.1.2 starred:0.1.1 starred:0.1.0

133 Commits
0.18.3 ... weblate

Author SHA1 Message Date
Juan David Afanador
de2881ffd4 locale(Spanish): update translation 
Currently translated at 100.0% (724 of 724 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/es/
 2026-02-24 01:24:32 +00:00
Erwan Colin
838bf22498 locale(French): update translation 
Currently translated at 99.0% (717 of 724 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/fr/
 2026-02-23 08:24:31 +00:00
Pawel Augustyn
d3797ae4a5 locale(Polish): update translation 
Currently translated at 72.6% (526 of 724 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-02-18 11:24:31 +00:00
Dimitri Decrock
0532397afd locale(Dutch): update translation 
Currently translated at 100.0% (724 of 724 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/nl/
 2026-02-17 18:24:31 +00:00
Pawel Augustyn
8106dc58e5 locale(Polish): update translation 
Currently translated at 70.4% (510 of 724 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-02-16 07:24:31 +00:00
Herculino Trotta
5986cf675b Merge pull request #519 
fix: pulltorefresh enabled globally
 2026-02-15 23:37:42 -03:00
Herculino Trotta
80da9142f1 fix: pulltorefresh enabled globally 2026-02-15 23:36:23 -03:00
eitchtee
766516d248 chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2026-02-16 02:24:31 +00:00
Herculino Trotta
3fd0fba1b8 Merge pull request #513 from pawelaugustyn/feat/default-account 
feat: default account for new transactions
 2026-02-15 23:24:08 -03:00
Herculino Trotta
c787565c04 refactor: move help_text to model definition 2026-02-15 23:22:52 -03:00
Herculino Trotta
0413921dbe fix: migrations set default as 0 instead of null 2026-02-15 23:22:10 -03:00
pawelaugustyn
9ecf8279b4 feat: default account for new transactions 2026-02-15 22:59:18 +01:00
Herculino Trotta
86cf625158 Merge pull request #518 from eitchtee/dev 
feat(auth): trust OIDC connections and automatically connect them with local accounts
 2026-02-15 14:43:33 -03:00
Herculino Trotta
ea097ab6f0 feat(auth): trust OIDC connections and connect them with local accounts 2026-02-15 14:41:45 -03:00
eitchtee
b1201b51bb chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2026-02-15 14:37:18 +00:00
Herculino Trotta
4c1d20215c Merge pull request #517 from eitchtee/dev 
feat(frontend): add pull to refresh for iOS PWA
 2026-02-15 11:36:59 -03:00
Herculino Trotta
27e85c4776 feat(frontend): add pull to refresh for iOS PWA 2026-02-15 11:34:28 -03:00
Herculino Trotta
5a73cd20da Merge pull request #516 from eitchtee/dependabot/uv/cryptography-46.0.5 
build(deps): bump cryptography from 46.0.3 to 46.0.5
 2026-02-11 21:47:14 -03:00
dependabot[bot]
e305fab300 build(deps): bump cryptography from 46.0.3 to 46.0.5 
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.3 to 46.0.5.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.3...46.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-12 00:44:59 +00:00
Herculino Trotta
c11f525373 Merge pull request #515 from eitchtee/dev 
add allauth logging and fix allauth not sending https redirect_uri
 2026-02-11 21:43:12 -03:00
Herculino Trotta
ea5d86dbf8 fix: allauth not sending https redirect_uri 2026-02-11 21:42:00 -03:00
Herculino Trotta
a1d3539e3c feat: add allauth logging 2026-02-11 21:41:17 -03:00
Herculino Trotta
1028a11c8b Merge pull request #511 from eitchtee/dependabot/uv/django-5.2.11 
build(deps): bump django from 5.2.9 to 5.2.11
 2026-02-11 21:18:05 -03:00
Herculino Trotta
e387a5e2a8 Merge pull request #510 from eitchtee/weblate 
Translations update from Weblate
 2026-02-11 21:17:18 -03:00
dependabot[bot]
624dc382cf build(deps): bump django from 5.2.9 to 5.2.11 
Bumps [django](https://github.com/django/django) from 5.2.9 to 5.2.11.
- [Commits](https://github.com/django/django/compare/5.2.9...5.2.11)

---
updated-dependencies:
- dependency-name: django
  dependency-version: 5.2.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-03 23:24:38 +00:00
Pawel Augustyn
f88699b333 locale(Polish): update translation 
Currently translated at 69.6% (500 of 718 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-02-03 11:24:30 +00:00
Dimitri Decrock
ca98dc073b locale(Dutch): update translation 
Currently translated at 100.0% (718 of 718 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/nl/
 2026-02-03 05:24:31 +00:00
eitchtee
63ba7af3c8 chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2026-02-02 01:28:27 +00:00
Herculino Trotta
2d0dee4a9b Merge pull request #509 from eitchtee/dev 
feat: add reload button to the HTMX error popup
 2026-02-01 22:28:03 -03:00
Herculino Trotta
0000a9ee03 Merge pull request #507 from eitchtee/weblate 
Translations update from Weblate
 2026-02-01 22:27:06 -03:00
Herculino Trotta
41adb37fdb feat: add reload button to the HTMX error popup 2026-02-01 22:25:47 -03:00
Pawel Augustyn
496651173e locale(Polish): update translation 
Currently translated at 69.4% (498 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-01-31 09:24:30 +00:00
Pawel Augustyn
8836f06b80 locale(Polish): update translation 
Currently translated at 68.6% (492 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-01-31 08:24:31 +00:00
Herculino Trotta
e98a48b3a7 Merge pull request #505 from eitchtee/weblate 
Translations update from Weblate
 2026-01-30 10:37:50 -03:00
obervinov
f9bc9f449b locale(Russian): update translation 
Currently translated at 27.4% (197 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/ru/
 2026-01-30 10:24:30 +00:00
Pawel Augustyn
26eb1ae813 locale(Polish): update translation 
Currently translated at 62.9% (451 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-01-28 12:24:31 +00:00
Pawel Augustyn
29a2cb9813 locale(Polish): update translation 
Currently translated at 52.5% (377 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-01-27 21:24:32 +00:00
Pawel Augustyn
be79e1b25a locale(Polish): update translation 
Currently translated at 22.3% (160 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-01-27 20:24:31 +00:00
obervinov
3fd08466a7 locale(Russian): update translation 
Currently translated at 26.4% (190 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/ru/
 2026-01-27 09:24:30 +00:00
obervinov
6896cdcdca locale(Russian): update translation 
Currently translated at 25.2% (181 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/ru/
 2026-01-27 08:24:30 +00:00
Pawel Augustyn
2532930a64 locale(Polish): update translation 
Currently translated at 15.2% (109 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pl/
 2026-01-25 21:24:31 +00:00
Herculino Trotta
24a1ef2d0a fix: add encoding to qif preset 2026-01-25 16:57:00 -03:00
Herculino Trotta
163f2f4e5b Merge pull request #504 from eitchtee/dev 
feat: add QIF import
 2026-01-25 16:54:02 -03:00
Herculino Trotta
ede63acf5f Merge pull request #503 from eitchtee/dependabot/uv/urllib3-2.6.3 
build(deps): bump urllib3 from 2.6.2 to 2.6.3
 2026-01-25 16:53:41 -03:00
Herculino Trotta
a8ba3d8754 Merge pull request #500 from eitchtee/weblate 
Translations update from Weblate
 2026-01-25 16:53:09 -03:00
dependabot[bot]
e2f1156264 build(deps): bump urllib3 from 2.6.2 to 2.6.3 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.2 to 2.6.3.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.6.2...2.6.3)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.6.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-25 19:49:42 +00:00
Herculino Trotta
d5bbad7887 feat: add QIF import 2026-01-25 16:46:56 -03:00
Andrei Kamianets
7ebacff6e4 locale(Russian): update translation 
Currently translated at 25.1% (180 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/ru/
 2026-01-19 10:24:31 +00:00
Andrei Kamianets
df8ef5d04c locale(Russian): update translation 
Currently translated at 12.6% (91 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/ru/
 2026-01-19 09:24:31 +00:00
Andrei Kamianets
fa2a8b8c65 locale((Russian)): added translation using Weblate 2026-01-19 08:57:52 +00:00
Juan David Afanador
e44ac5dab6 locale(Spanish): update translation 
Currently translated at 100.0% (717 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/es/
 2026-01-18 21:24:30 +00:00
Ebrahim Tayabali
f9261d1283 locale(Swahili): update translation 
Currently translated at 0.9% (7 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/sw/
 2026-01-18 19:24:30 +00:00
Ebrahim Tayabali
4c73c1cae5 locale(Swahili): update translation 
Currently translated at 0.0% (0 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/sw/
 2026-01-15 21:24:30 +00:00
Ebrahim Tayabali
0315a56f88 locale((Swahili)): added translation using Weblate 2026-01-15 20:56:34 +00:00
sorcierwax
44d6b8b53c locale(French): update translation 
Currently translated at 100.0% (717 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/fr/
 2026-01-14 22:24:30 +00:00
Herculino Trotta
3e4d7c6b1f Merge pull request #497 from icovada/pagination_simplification 
refactor(api): apply CustomNumberPagination to all API views
 2026-01-11 13:58:57 -03:00
Herculino Trotta
63868514f9 Merge pull request #499 from eitchtee/weblate 
Translations update from Weblate
 2026-01-11 13:55:39 -03:00
Herculino Trotta
9055a24327 locale(Portuguese (Brazil)): update translation 
Currently translated at 100.0% (717 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pt_BR/
 2026-01-11 16:55:26 +00:00
Dimitri Decrock
9dc963ed7b locale(Dutch): update translation 
Currently translated at 100.0% (717 of 717 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/nl/
 2026-01-11 13:24:30 +00:00
Herculino Trotta
49cac0588e add tests and fix missing get_queryset 2026-01-11 12:20:27 +01:00
icovada
3b2b6d6473 Query all DCA Strategies 2026-01-11 12:19:57 +01:00
icovada
db30bcbeb7 Remove filtering function superseesed by search_fields 2026-01-11 12:19:57 +01:00
icovada
a122733a47 Enable filtering and sorting on all API views 2026-01-11 12:19:30 +01:00
eitchtee
37f3e4d99a chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2026-01-10 20:50:08 +00:00
Herculino Trotta
d756286135 Merge pull request #496 from eitchtee/dev 
feat(automatic-exchange-rate): track and display unsuccessful runs
 2026-01-10 17:49:44 -03:00
Herculino Trotta
06a7378fd8 Merge pull request #491 from icovada/rest_filtering 
feat(api): filtering
 2026-01-10 17:46:04 -03:00
Herculino Trotta
ab4075c500 fix: missing list close 2026-01-10 17:44:57 -03:00
Herculino Trotta
96318f003d Merge branch 'main' into rest_filtering 2026-01-10 17:43:45 -03:00
Herculino Trotta
1a0412264a add tests and fix missing get_queryset 2026-01-10 17:42:37 -03:00
icovada
2588404876 Merge branch 'main' into pagination_simplification 2026-01-10 18:16:34 +01:00
Herculino Trotta
fdc273103b Merge pull request #485 from icovada/token_authentication 
feat(api): add token authentication
 2026-01-10 14:15:28 -03:00
icovada
c015b78cd6 Apply CustomNumberPagination to all API views 2026-01-10 17:14:53 +00:00
Herculino Trotta
50e5492ea1 feat(automatic-exchange-rate): track unsuccessful runs 2026-01-10 14:10:21 -03:00
eitchtee
796089cdb3 chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2026-01-10 05:54:02 +00:00
Herculino Trotta
c83b1bf2d6 Merge pull request #495 from eitchtee/dev 
feat: add late section to monthly and all views (w/ default ordering)
 2026-01-10 02:53:30 -03:00
Herculino Trotta
b074ef7929 feat: add late section to monthly and all views (w/ default ordering) 2026-01-10 02:52:46 -03:00
Herculino Trotta
ec7e33b3b0 Merge pull request #494 from eitchtee/weblate 
Translations update from Weblate
 2026-01-10 00:10:03 -03:00
Herculino Trotta
72fedea0db locale(Hungarian): update translation 
Currently translated at 21.6% (155 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/hu/
 2026-01-10 03:09:45 +00:00
Herculino Trotta
0a03745ce6 Merge pull request #493 from eitchtee/dev 
fix(dca): strategy api endpoint returns nothing
 2026-01-09 23:53:04 -03:00
Herculino Trotta
ff4bd79634 fix(dca): strategy api endpoint returns nothing 2026-01-09 23:51:31 -03:00
eitchtee
383b42e26d chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2026-01-10 02:27:25 +00:00
Herculino Trotta
48e43ac031 Merge pull request #492 from eitchtee/dev 
fix(transactions): empty internal_id raises duplicate error when editing via django admin
 2026-01-09 23:27:01 -03:00
Herculino Trotta
21c60c4059 Merge pull request #483 from eitchtee/weblate 
Translations update from Weblate
 2026-01-09 23:26:22 -03:00
Herculino Trotta
dd6a390e6b fix(transactions): empty internal_id raises duplicate error when editing via django admin 2026-01-09 23:25:13 -03:00
icovada
0c961a8250 Query all DCA Strategies 2026-01-08 22:51:50 +01:00
icovada
e28c651973 Remove filtering function superseesed by search_fields 2026-01-08 22:51:50 +01:00
icovada
7687ff81c3 Enable filtering and sorting on all API views 2026-01-08 22:51:49 +01:00
Janez
b2d78c9190 locale(Hungarian): update translation 
Currently translated at 21.6% (155 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/hu/
 2026-01-02 13:24:30 +00:00
icovada
b0815e00c7 Add token authentication to the API 2026-01-02 13:56:15 +01:00
Janez
fbe9726338 locale(Hungarian): update translation 
Currently translated at 19.4% (139 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/hu/
 2026-01-02 12:30:11 +00:00
Janez
0df3a57a33 locale(Hungarian): update translation 
Currently translated at 17.6% (126 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/hu/
 2026-01-02 12:24:31 +00:00
Janez
f86613b17a locale(Hungarian): update translation 
Currently translated at 4.6% (33 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/hu/
 2026-01-02 11:24:30 +00:00
Herculino Trotta
ffa4644e1b Merge pull request #482 from eitchtee/dev 
fix(import_restore): unable to restore installment plans when there's multiple accounts with the same name
 2025-12-30 22:00:33 -03:00
eitchtee
6611559696 chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2025-12-31 00:59:30 +00:00
Herculino Trotta
b455a0251a fix(import_restore): unable to restore installment plans when there's multiple accounts with the same name 2025-12-30 21:59:29 -03:00
Herculino Trotta
9d7c3212f1 Merge pull request #481 from eitchtee/dev 
refactor: improve month by month and year by year value display
 2025-12-30 21:59:04 -03:00
Herculino Trotta
0da3185996 Merge pull request #479 from eitchtee/weblate 
Translations update from Weblate
 2025-12-30 21:58:42 -03:00
Herculino Trotta
6c90e1bb7f refactor: improve month by month and year by year value display 2025-12-30 21:58:12 -03:00
Dimitri Decrock
c6543c0841 locale(Dutch): update translation 
Currently translated at 100.0% (715 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/nl/
 2025-12-29 07:24:30 +00:00
Herculino Trotta
d4740b8406 locale(Portuguese (Brazil)): update translation 
Currently translated at 100.0% (715 of 715 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/pt_BR/
 2025-12-29 02:24:30 +00:00
eitchtee
5a51795e6a chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2025-12-29 01:59:20 +00:00
Herculino Trotta
64d7765357 Merge pull request #478 from eitchtee/dev 
feat(insights): new month by month insight
 2025-12-28 22:58:56 -03:00
eitchtee
070e11ca77 chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2025-12-29 01:57:39 +00:00
Herculino Trotta
39f66b620a feat(insights): new month by month insight 2025-12-28 22:57:29 -03:00
Herculino Trotta
ad164866e0 Merge pull request #477 from eitchtee/dev 
feat(insights): new year by year insight
 2025-12-28 22:57:16 -03:00
Herculino Trotta
05c465cb34 Merge pull request #476 from eitchtee/weblate 
Translations update from Weblate
 2025-12-28 22:56:32 -03:00
Herculino Trotta
92cf526b76 feat(insights): new year by year insight 2025-12-28 22:55:58 -03:00
icovada
639236b890 locale(Italian): update translation 
Currently translated at 99.4% (694 of 698 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/it/
 2025-12-28 22:24:30 +00:00
Herculino Trotta
519a85d256 Merge pull request #474 from eitchtee/dev 
feat(tests): add tests for monthly summaries
 2025-12-28 13:36:54 -03:00
Herculino Trotta
700d35b5d5 feat(tests): add tests for monthly summaries 2025-12-28 13:36:21 -03:00
eitchtee
10e51971db chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2025-12-28 16:22:23 +00:00
Herculino Trotta
ec0d5fc121 Merge pull request #473 from eitchtee/dev 
feat(transactions:filter): make monthly summary filter-aware
 2025-12-28 13:21:55 -03:00
Herculino Trotta
01f91352d6 feat(transactions:filter): make montlhy summary filter-aware 2025-12-28 13:20:25 -03:00
eitchtee
63ce57a315 chore(locale): update translation files 
[skip ci] Automatically generated by Django makemessages workflow
 2025-12-28 16:11:03 +00:00
Herculino Trotta
eadeb649a1 Merge pull request #470 from eitchtee/dev 
feat(transactions:filter): add filter for muted and unmuted transactions
 2025-12-28 13:10:39 -03:00
Herculino Trotta
a2871d5289 feat(transactions:filter): add filter for muted and unmuted transactions 2025-12-28 13:09:41 -03:00
Herculino Trotta
f2a362bc0f Merge pull request #469 from eitchtee/dev 
feat(app): add sanity checks for env variables & refactor: order management lists by name instead of id
 2025-12-27 23:47:04 -03:00
Herculino Trotta
2076903740 refactor: order management lists by name instead of id 2025-12-27 23:43:57 -03:00
Herculino Trotta
c752c0b16e Merge pull request #468 from icovada/migrate-to-uv 
Manage dependencies with `uv`
 2025-12-27 20:18:20 -03:00
Herculino Trotta
1674766253 Merge pull request #467 from eitchtee/weblate 
Translations update from Weblate
 2025-12-27 20:18:00 -03:00
Herculino Trotta
7ea9d56132 docs: update uv.lock 2025-12-27 20:11:36 -03:00
Herculino Trotta
3699c6c671 docs: remove version from pyproject.yml 2025-12-27 19:58:46 -03:00
Herculino Trotta
d7c255aa14 refactor: remove build context from production image 2025-12-27 19:53:57 -03:00
Herculino Trotta
d17b9d5736 fix: dev image fails due to the environment being overwritten at runtime 2025-12-26 10:30:22 -03:00
Herculino Trotta
c7ff6db0bf feat(app): add sanity checks for env variables 2025-12-26 09:55:57 -03:00
Federico Tabbò
a4c7753f69 Configure setuptools to filter folders 2025-12-26 10:14:45 +01:00
icovada
7e08028557 use uv in GH actions 2025-12-21 17:28:45 +01:00
icovada
5eaf5086d2 build prod image with uv 2025-12-21 17:28:39 +01:00
icovada
c949c6cea0 add build instructions to prod docker-compose 2025-12-21 17:28:24 +01:00
icovada
71c0e9a271 locale(Italian): update translation 
Currently translated at 99.5% (694 of 697 strings)

Translation: WYGIWYH/App
Translate-URL: https://translations.herculino.com/projects/wygiwyh/app/it/
 2025-12-21 15:24:30 +00:00
icovada
bc65980511 migrate dev dockerfile to uv 2025-12-21 16:12:18 +01:00
icovada
ecdb1a52cc stop docker copying pycache in images 2025-12-21 16:10:50 +01:00
icovada
afc06582b4 set up dependencies in uv 2025-12-21 16:09:12 +01:00
88 changed files with 18994 additions and 3899 deletions
Expand all files Collapse all files

1
.dockerignore Normal file
View File

@@ -0,0 +1 @@
__pycache__/

15
.github/workflows/translations.yml vendored
View File

@@ -32,15 +32,16 @@ jobs:
token: ${{ secrets.PAT }}
ref: ${{ github.head_ref }}
- name: Set up Python 3.11
uses: actions/setup-python@v4
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
python-version: '3.11'
enable-cache: true
- name: Set up Python 3.11
run: uv python install 3.11
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
run: uv sync --frozen --no-dev
- name: Install gettext
run: sudo apt-get install -y gettext
@@ -48,7 +49,7 @@ jobs:
- name: Run makemessages
run: |
cd app
python manage.py makemessages -a
uv run python manage.py makemessages -a
- name: Check for changes
id: check_changes

7
README.md
View File

@@ -157,6 +157,13 @@ WYGIWYH supports login via OpenID Connect (OIDC) through `django-allauth`. This
> [!NOTE]
> Currently only OpenID Connect is supported as a provider, open an issue if you need something else.
> [!Caution]
> WYGIWYH automatically connects OIDC accounts to existing local accounts with matching email addresses.
> This means if a user already exists with email `user@example.com` and someone logs in via OIDC with the same email, the OIDC account will be automatically linked to the existing account without requiring user confirmation.
> This is only recommended for trusted OIDC providers that verify email addresses and where you control who can create accounts.
### Configuration
To configure OIDC, you need to set the following environment variables:
| Variable | Description |

53
app/WYGIWYH/settings.py
View File

@@ -70,6 +70,7 @@ INSTALLED_APPS = [
"apps.api.apps.ApiConfig",
"cachalot",
"rest_framework",
"rest_framework.authtoken",
"drf_spectacular",
"django_cotton",
"apps.rules.apps.RulesConfig",
@@ -375,8 +376,10 @@ ACCOUNT_EMAIL_VERIFICATION = "none"
SOCIALACCOUNT_LOGIN_ON_GET = True
SOCIALACCOUNT_ONLY = True
SOCIALACCOUNT_AUTO_SIGNUP = os.getenv("OIDC_ALLOW_SIGNUP", "true").lower() == "true"
SOCIALACCOUNT_EMAIL_AUTHENTICATION = True
SOCIALACCOUNT_EMAIL_AUTHENTICATION_AUTO_CONNECT = True
ACCOUNT_ADAPTER = "allauth.account.adapter.DefaultAccountAdapter"
SOCIALACCOUNT_ADAPTER = "allauth.socialaccount.adapter.DefaultSocialAccountAdapter"
SOCIALACCOUNT_ADAPTER = "apps.users.adapters.AutoConnectSocialAccountAdapter"
# CRISPY FORMS
CRISPY_ALLOWED_TEMPLATE_PACKS = [
@@ -389,6 +392,10 @@ SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_COOKIE_AGE = int(os.getenv("SESSION_EXPIRY_TIME", 2678400)) # 31 days
SESSION_COOKIE_SECURE = os.getenv("HTTPS_ENABLED", "false").lower() == "true"
HTTPS_ENABLED = os.getenv("HTTPS_ENABLED", "false").lower() == "true"
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" if HTTPS_ENABLED else "http"
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") if HTTPS_ENABLED else None
DEBUG_TOOLBAR_CONFIG = {
"ROOT_TAG_EXTRA_ATTRS": "hx-preserve",
# "SHOW_TOOLBAR_CALLBACK": lambda r: False, # disables it
@@ -433,8 +440,16 @@ REST_FRAMEWORK = {
"apps.api.permissions.NotInDemoMode",
"rest_framework.permissions.DjangoModelPermissions",
],
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
"PAGE_SIZE": 10,
'DEFAULT_FILTER_BACKENDS': [
'django_filters.rest_framework.DjangoFilterBackend',
'rest_framework.filters.OrderingFilter',
],
'DEFAULT_AUTHENTICATION_CLASSES': [
'rest_framework.authentication.BasicAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.TokenAuthentication',
],
"DEFAULT_PAGINATION_CLASS": "apps.api.custom.pagination.CustomPageNumberPagination",
"DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema",
}
@@ -449,7 +464,7 @@ SPECTACULAR_SETTINGS = {
if "procrastinate" in sys.argv:
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"disable_existing_loggers": True,
"formatters": {
"standard": {
"format": "[%(asctime)s] - %(levelname)s - %(name)s - %(message)s",
@@ -457,26 +472,19 @@ if "procrastinate" in sys.argv:
},
},
"handlers": {
"procrastinate": {
"level": "INFO",
"class": "logging.StreamHandler",
"formatter": "standard",
},
"console": {
"class": "logging.StreamHandler",
"formatter": "standard",
"level": "INFO",
},
},
"root": {
"handlers": ["console"],
"level": "INFO",
},
"loggers": {
"procrastinate": {
"handlers": ["procrastinate"],
"propagate": False,
},
"root": {
"handlers": ["console"],
"level": "INFO",
"propagate": False,
},
},
}
@@ -496,19 +504,20 @@ else:
"formatter": "standard",
"level": "INFO",
},
"procrastinate": {
"level": "INFO",
"class": "logging.StreamHandler",
},
},
"root": {
"handlers": ["console"],
"level": "INFO",
},
"loggers": {
"procrastinate": {
"handlers": None,
"handlers": [],
"propagate": False,
},
"root": {
"allauth": {
"handlers": ["console"],
"level": "INFO",
"level": "DEBUG",
"propagate": False,
},
},
}

2
app/apps/accounts/views/account_groups.py
View File

@@ -25,7 +25,7 @@ def account_groups_index(request):
@login_required
@require_http_methods(["GET"])
def account_groups_list(request):
account_groups = AccountGroup.objects.all().order_by("id")
account_groups = AccountGroup.objects.all().order_by("name")
return render(
request,
"account_groups/fragments/list.html",

2
app/apps/accounts/views/accounts.py
View File

@@ -25,7 +25,7 @@ def accounts_index(request):
@login_required
@require_http_methods(["GET"])
def accounts_list(request):
accounts = Account.objects.all().order_by("id")
accounts = Account.objects.all().order_by("name")
return render(
request,
"accounts/fragments/list.html",

3
app/apps/api/tests/__init__.py
View File

@@ -1,4 +1,5 @@
# Import all test classes for Django test discovery
from .test_imports import *
from .test_accounts import *
from .test_data_isolation import *
from .test_shared_access import *

719
app/apps/api/tests/test_data_isolation.py Normal file
View File

@@ -0,0 +1,719 @@
from datetime import date
from decimal import Decimal
from django.contrib.auth import get_user_model
from django.test import TestCase, override_settings
from rest_framework import status
from rest_framework.test import APIClient
from apps.accounts.models import Account, AccountGroup
from apps.currencies.models import Currency
from apps.dca.models import DCAStrategy, DCAEntry
from apps.transactions.models import (
Transaction,
TransactionCategory,
TransactionTag,
TransactionEntity,
InstallmentPlan,
RecurringTransaction,
)
ACCESS_DENIED_CODES = [status.HTTP_403_FORBIDDEN, status.HTTP_404_NOT_FOUND]
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class AccountDataIsolationTests(TestCase):
"""Tests to ensure users cannot access other users' accounts."""
def setUp(self):
"""Set up test data with two distinct users."""
User = get_user_model()
# User 1 - the requester
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
# User 2 - owner of data that user1 should NOT access
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.client2 = APIClient()
self.client2.force_authenticate(user=self.user2)
# Shared currency
self.currency = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's account
self.user1_account_group = AccountGroup.all_objects.create(
name="User1 Group", owner=self.user1
)
self.user1_account = Account.all_objects.create(
name="User1 Account",
group=self.user1_account_group,
currency=self.currency,
owner=self.user1,
)
# User 2's account (private, should be invisible to user1)
self.user2_account_group = AccountGroup.all_objects.create(
name="User2 Group", owner=self.user2
)
self.user2_account = Account.all_objects.create(
name="User2 Account",
group=self.user2_account_group,
currency=self.currency,
owner=self.user2,
)
def test_user_cannot_see_other_users_accounts_in_list(self):
"""GET /api/accounts/ should only return user's own accounts."""
response = self.client1.get("/api/accounts/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
# User1 should only see their own account
account_ids = [acc["id"] for acc in response.data["results"]]
self.assertIn(self.user1_account.id, account_ids)
self.assertNotIn(self.user2_account.id, account_ids)
def test_user_cannot_access_other_users_account_detail(self):
"""GET /api/accounts/{id}/ should deny access to other user's account."""
response = self.client1.get(f"/api/accounts/{self.user2_account.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_modify_other_users_account(self):
"""PATCH on other user's account should deny access."""
response = self.client1.patch(
f"/api/accounts/{self.user2_account.id}/",
{"name": "Hacked Account"},
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
# Verify account name wasn't changed
self.user2_account.refresh_from_db()
self.assertEqual(self.user2_account.name, "User2 Account")
def test_user_cannot_delete_other_users_account(self):
"""DELETE on other user's account should deny access."""
response = self.client1.delete(f"/api/accounts/{self.user2_account.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
# Verify account still exists
self.assertTrue(Account.all_objects.filter(id=self.user2_account.id).exists())
def test_user_cannot_get_balance_of_other_users_account(self):
"""Balance action on other user's account should deny access."""
response = self.client1.get(f"/api/accounts/{self.user2_account.id}/balance/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_can_access_own_account(self):
"""User can access their own account normally."""
response = self.client1.get(f"/api/accounts/{self.user1_account.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "User1 Account")
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class AccountGroupDataIsolationTests(TestCase):
"""Tests to ensure users cannot access other users' account groups."""
def setUp(self):
"""Set up test data with two distinct users."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
# User 1's account group
self.user1_group = AccountGroup.all_objects.create(
name="User1 Group", owner=self.user1
)
# User 2's account group
self.user2_group = AccountGroup.all_objects.create(
name="User2 Group", owner=self.user2
)
def test_user_cannot_see_other_users_account_groups(self):
"""GET /api/account-groups/ should only return user's own groups."""
response = self.client1.get("/api/account-groups/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
group_ids = [grp["id"] for grp in response.data["results"]]
self.assertIn(self.user1_group.id, group_ids)
self.assertNotIn(self.user2_group.id, group_ids)
def test_user_cannot_access_other_users_account_group_detail(self):
"""GET /api/account-groups/{id}/ should deny access to other user's group."""
response = self.client1.get(f"/api/account-groups/{self.user2_group.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_modify_other_users_account_group(self):
"""PATCH on other user's account group should deny access."""
response = self.client1.patch(
f"/api/account-groups/{self.user2_group.id}/",
{"name": "Hacked Group"},
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.user2_group.refresh_from_db()
self.assertEqual(self.user2_group.name, "User2 Group")
def test_user_cannot_delete_other_users_account_group(self):
"""DELETE on other user's account group should deny access."""
response = self.client1.delete(f"/api/account-groups/{self.user2_group.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.assertTrue(
AccountGroup.all_objects.filter(id=self.user2_group.id).exists()
)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class TransactionDataIsolationTests(TestCase):
"""Tests to ensure users cannot access other users' transactions."""
def setUp(self):
"""Set up test data with transactions for two distinct users."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.currency = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's account and transaction
self.user1_account = Account.all_objects.create(
name="User1 Account", currency=self.currency, owner=self.user1
)
self.user1_transaction = Transaction.userless_all_objects.create(
account=self.user1_account,
type=Transaction.Type.INCOME,
amount=Decimal("100.00"),
is_paid=True,
date=date(2025, 1, 1),
description="User1 Income",
owner=self.user1,
)
# User 2's account and transaction
self.user2_account = Account.all_objects.create(
name="User2 Account", currency=self.currency, owner=self.user2
)
self.user2_transaction = Transaction.userless_all_objects.create(
account=self.user2_account,
type=Transaction.Type.EXPENSE,
amount=Decimal("50.00"),
is_paid=True,
date=date(2025, 1, 1),
description="User2 Expense",
owner=self.user2,
)
def test_user_cannot_see_other_users_transactions_in_list(self):
"""GET /api/transactions/ should only return user's own transactions."""
response = self.client1.get("/api/transactions/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
transaction_ids = [t["id"] for t in response.data["results"]]
self.assertIn(self.user1_transaction.id, transaction_ids)
self.assertNotIn(self.user2_transaction.id, transaction_ids)
def test_user_cannot_access_other_users_transaction_detail(self):
"""GET /api/transactions/{id}/ should deny access to other user's transaction."""
response = self.client1.get(f"/api/transactions/{self.user2_transaction.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_modify_other_users_transaction(self):
"""PATCH on other user's transaction should deny access."""
response = self.client1.patch(
f"/api/transactions/{self.user2_transaction.id}/",
{"description": "Hacked Transaction"},
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.user2_transaction.refresh_from_db()
self.assertEqual(self.user2_transaction.description, "User2 Expense")
def test_user_cannot_delete_other_users_transaction(self):
"""DELETE on other user's transaction should deny access."""
response = self.client1.delete(
f"/api/transactions/{self.user2_transaction.id}/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.assertTrue(
Transaction.userless_all_objects.filter(
id=self.user2_transaction.id
).exists()
)
def test_user_cannot_create_transaction_in_other_users_account(self):
"""POST /api/transactions/ with other user's account should fail."""
response = self.client1.post(
"/api/transactions/",
{
"account": self.user2_account.id,
"type": "IN",
"amount": "100.00",
"date": "2025-01-15",
"description": "Sneaky transaction",
},
format="json",
)
# Should deny access - 400 (validation error), 403, or 404
self.assertIn(
response.status_code,
ACCESS_DENIED_CODES + [status.HTTP_400_BAD_REQUEST],
)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class CategoryTagEntityIsolationTests(TestCase):
"""Tests for isolation of categories, tags, and entities between users."""
def setUp(self):
"""Set up test data."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
# User 1's categories, tags, entities
self.user1_category = TransactionCategory.all_objects.create(
name="User1 Category", owner=self.user1
)
self.user1_tag = TransactionTag.all_objects.create(
name="User1 Tag", owner=self.user1
)
self.user1_entity = TransactionEntity.all_objects.create(
name="User1 Entity", owner=self.user1
)
# User 2's categories, tags, entities
self.user2_category = TransactionCategory.all_objects.create(
name="User2 Category", owner=self.user2
)
self.user2_tag = TransactionTag.all_objects.create(
name="User2 Tag", owner=self.user2
)
self.user2_entity = TransactionEntity.all_objects.create(
name="User2 Entity", owner=self.user2
)
def test_user_cannot_see_other_users_categories(self):
"""GET /api/categories/ should only return user's own categories."""
response = self.client1.get("/api/categories/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
category_ids = [c["id"] for c in response.data["results"]]
self.assertIn(self.user1_category.id, category_ids)
self.assertNotIn(self.user2_category.id, category_ids)
def test_user_cannot_access_other_users_category_detail(self):
"""GET /api/categories/{id}/ should deny access to other user's category."""
response = self.client1.get(f"/api/categories/{self.user2_category.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_see_other_users_tags(self):
"""GET /api/tags/ should only return user's own tags."""
response = self.client1.get("/api/tags/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
tag_ids = [t["id"] for t in response.data["results"]]
self.assertIn(self.user1_tag.id, tag_ids)
self.assertNotIn(self.user2_tag.id, tag_ids)
def test_user_cannot_access_other_users_tag_detail(self):
"""GET /api/tags/{id}/ should deny access to other user's tag."""
response = self.client1.get(f"/api/tags/{self.user2_tag.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_see_other_users_entities(self):
"""GET /api/entities/ should only return user's own entities."""
response = self.client1.get("/api/entities/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
entity_ids = [e["id"] for e in response.data["results"]]
self.assertIn(self.user1_entity.id, entity_ids)
self.assertNotIn(self.user2_entity.id, entity_ids)
def test_user_cannot_access_other_users_entity_detail(self):
"""GET /api/entities/{id}/ should deny access to other user's entity."""
response = self.client1.get(f"/api/entities/{self.user2_entity.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_modify_other_users_category(self):
"""PATCH on other user's category should deny access."""
response = self.client1.patch(
f"/api/categories/{self.user2_category.id}/",
{"name": "Hacked Category"},
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_delete_other_users_tag(self):
"""DELETE on other user's tag should deny access."""
response = self.client1.delete(f"/api/tags/{self.user2_tag.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.assertTrue(
TransactionTag.all_objects.filter(id=self.user2_tag.id).exists()
)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class DCADataIsolationTests(TestCase):
"""Tests to ensure users cannot access other users' DCA strategies and entries."""
def setUp(self):
"""Set up test data."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.currency1 = Currency.objects.create(
code="BTC", name="Bitcoin", decimal_places=8, prefix=""
)
self.currency2 = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's DCA strategy and entry
self.user1_strategy = DCAStrategy.all_objects.create(
name="User1 BTC Strategy",
target_currency=self.currency1,
payment_currency=self.currency2,
owner=self.user1,
)
self.user1_entry = DCAEntry.objects.create(
strategy=self.user1_strategy,
date=date(2025, 1, 1),
amount_paid=Decimal("100.00"),
amount_received=Decimal("0.001"),
)
# User 2's DCA strategy and entry
self.user2_strategy = DCAStrategy.all_objects.create(
name="User2 BTC Strategy",
target_currency=self.currency1,
payment_currency=self.currency2,
owner=self.user2,
)
self.user2_entry = DCAEntry.objects.create(
strategy=self.user2_strategy,
date=date(2025, 1, 1),
amount_paid=Decimal("200.00"),
amount_received=Decimal("0.002"),
)
def test_user_cannot_see_other_users_dca_strategies(self):
"""GET /api/dca/strategies/ should only return user's own strategies."""
response = self.client1.get("/api/dca/strategies/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
strategy_ids = [s["id"] for s in response.data["results"]]
self.assertIn(self.user1_strategy.id, strategy_ids)
self.assertNotIn(self.user2_strategy.id, strategy_ids)
def test_user_cannot_access_other_users_dca_strategy_detail(self):
"""GET /api/dca/strategies/{id}/ should deny access to other user's strategy."""
response = self.client1.get(f"/api/dca/strategies/{self.user2_strategy.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_access_other_users_dca_entries(self):
"""GET /api/dca/entries/ filtered by other user's strategy should return empty."""
response = self.client1.get(
f"/api/dca/entries/?strategy={self.user2_strategy.id}"
)
# Either OK with empty results or error
if response.status_code == status.HTTP_200_OK:
entry_ids = [e["id"] for e in response.data["results"]]
self.assertNotIn(self.user2_entry.id, entry_ids)
def test_user_cannot_access_other_users_dca_entry_detail(self):
"""GET /api/dca/entries/{id}/ should deny access to other user's entry."""
response = self.client1.get(f"/api/dca/entries/{self.user2_entry.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_access_other_users_strategy_investment_frequency(self):
"""investment_frequency action on other user's strategy should deny access."""
response = self.client1.get(
f"/api/dca/strategies/{self.user2_strategy.id}/investment_frequency/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_access_other_users_strategy_price_comparison(self):
"""price_comparison action on other user's strategy should deny access."""
response = self.client1.get(
f"/api/dca/strategies/{self.user2_strategy.id}/price_comparison/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_access_other_users_strategy_current_price(self):
"""current_price action on other user's strategy should deny access."""
response = self.client1.get(
f"/api/dca/strategies/{self.user2_strategy.id}/current_price/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_modify_other_users_dca_strategy(self):
"""PATCH on other user's DCA strategy should deny access."""
response = self.client1.patch(
f"/api/dca/strategies/{self.user2_strategy.id}/",
{"name": "Hacked Strategy"},
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_delete_other_users_dca_entry(self):
"""DELETE on other user's DCA entry should deny access."""
response = self.client1.delete(f"/api/dca/entries/{self.user2_entry.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.assertTrue(DCAEntry.objects.filter(id=self.user2_entry.id).exists())
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class InstallmentRecurringIsolationTests(TestCase):
"""Tests for isolation of installment plans and recurring transactions."""
def setUp(self):
"""Set up test data."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.currency = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's account
self.user1_account = Account.all_objects.create(
name="User1 Account", currency=self.currency, owner=self.user1
)
# User 2's account
self.user2_account = Account.all_objects.create(
name="User2 Account", currency=self.currency, owner=self.user2
)
# User 1's installment plan
self.user1_installment = InstallmentPlan.all_objects.create(
account=self.user1_account,
type=Transaction.Type.EXPENSE,
description="User1 Installment",
number_of_installments=12,
start_date=date(2025, 1, 1),
installment_amount=Decimal("100.00"),
)
# User 2's installment plan
self.user2_installment = InstallmentPlan.all_objects.create(
account=self.user2_account,
type=Transaction.Type.EXPENSE,
description="User2 Installment",
number_of_installments=6,
start_date=date(2025, 1, 1),
installment_amount=Decimal("200.00"),
)
# User 1's recurring transaction
self.user1_recurring = RecurringTransaction.all_objects.create(
account=self.user1_account,
type=Transaction.Type.EXPENSE,
amount=Decimal("50.00"),
description="User1 Recurring",
start_date=date(2025, 1, 1),
recurrence_type=RecurringTransaction.RecurrenceType.MONTH,
recurrence_interval=1,
)
# User 2's recurring transaction
self.user2_recurring = RecurringTransaction.all_objects.create(
account=self.user2_account,
type=Transaction.Type.INCOME,
amount=Decimal("1000.00"),
description="User2 Recurring",
start_date=date(2025, 1, 1),
recurrence_type=RecurringTransaction.RecurrenceType.MONTH,
recurrence_interval=1,
)
def test_user_cannot_see_other_users_installment_plans(self):
"""GET /api/installment-plans/ should only return user's own plans."""
response = self.client1.get("/api/installment-plans/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
plan_ids = [p["id"] for p in response.data["results"]]
self.assertIn(self.user1_installment.id, plan_ids)
self.assertNotIn(self.user2_installment.id, plan_ids)
def test_user_cannot_access_other_users_installment_plan_detail(self):
"""GET /api/installment-plans/{id}/ should deny access to other user's plan."""
response = self.client1.get(
f"/api/installment-plans/{self.user2_installment.id}/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_see_other_users_recurring_transactions(self):
"""GET /api/recurring-transactions/ should only return user's own recurring."""
response = self.client1.get("/api/recurring-transactions/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
recurring_ids = [r["id"] for r in response.data["results"]]
self.assertIn(self.user1_recurring.id, recurring_ids)
self.assertNotIn(self.user2_recurring.id, recurring_ids)
def test_user_cannot_access_other_users_recurring_transaction_detail(self):
"""GET /api/recurring-transactions/{id}/ should deny access to other user's recurring."""
response = self.client1.get(
f"/api/recurring-transactions/{self.user2_recurring.id}/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_modify_other_users_installment_plan(self):
"""PATCH on other user's installment plan should deny access."""
response = self.client1.patch(
f"/api/installment-plans/{self.user2_installment.id}/",
{"description": "Hacked Installment"},
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_cannot_delete_other_users_recurring_transaction(self):
"""DELETE on other user's recurring transaction should deny access."""
response = self.client1.delete(
f"/api/recurring-transactions/{self.user2_recurring.id}/"
)
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
self.assertTrue(
RecurringTransaction.all_objects.filter(id=self.user2_recurring.id).exists()
)

587
app/apps/api/tests/test_shared_access.py Normal file
View File

@@ -0,0 +1,587 @@
from datetime import date
from decimal import Decimal
from django.contrib.auth import get_user_model
from django.test import TestCase, override_settings
from rest_framework import status
from rest_framework.test import APIClient
from apps.accounts.models import Account, AccountGroup
from apps.currencies.models import Currency
from apps.dca.models import DCAStrategy, DCAEntry
from apps.transactions.models import (
Transaction,
TransactionCategory,
TransactionTag,
TransactionEntity,
)
ACCESS_DENIED_CODES = [status.HTTP_403_FORBIDDEN, status.HTTP_404_NOT_FOUND]
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class SharedAccountAccessTests(TestCase):
"""Tests for shared account access via shared_with field."""
def setUp(self):
"""Set up test data with shared accounts."""
User = get_user_model()
# User 1 - owner
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
# User 2 - will have shared access
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.client2 = APIClient()
self.client2.force_authenticate(user=self.user2)
# User 3 - no shared access
self.user3 = User.objects.create_user(
email="user3@test.com", password="testpass123"
)
self.client3 = APIClient()
self.client3.force_authenticate(user=self.user3)
self.currency = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's account shared with user 2
self.shared_account = Account.all_objects.create(
name="Shared Account",
currency=self.currency,
owner=self.user1,
visibility="private",
)
self.shared_account.shared_with.add(self.user2)
# User 1's private account (not shared)
self.private_account = Account.all_objects.create(
name="Private Account",
currency=self.currency,
owner=self.user1,
visibility="private",
)
# Transaction in shared account
self.shared_transaction = Transaction.userless_all_objects.create(
account=self.shared_account,
type=Transaction.Type.INCOME,
amount=Decimal("100.00"),
is_paid=True,
date=date(2025, 1, 1),
description="Shared Transaction",
owner=self.user1,
)
# Transaction in private account
self.private_transaction = Transaction.userless_all_objects.create(
account=self.private_account,
type=Transaction.Type.EXPENSE,
amount=Decimal("50.00"),
is_paid=True,
date=date(2025, 1, 1),
description="Private Transaction",
owner=self.user1,
)
def test_user_can_see_accounts_shared_with_them(self):
"""User2 should see the account shared with them."""
response = self.client2.get("/api/accounts/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
account_ids = [acc["id"] for acc in response.data["results"]]
self.assertIn(self.shared_account.id, account_ids)
def test_user_cannot_see_accounts_not_shared_with_them(self):
"""User2 should NOT see user1's private (non-shared) account."""
response = self.client2.get("/api/accounts/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
account_ids = [acc["id"] for acc in response.data["results"]]
self.assertNotIn(self.private_account.id, account_ids)
def test_user_can_access_shared_account_detail(self):
"""User2 should be able to access shared account details."""
response = self.client2.get(f"/api/accounts/{self.shared_account.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Shared Account")
def test_user_without_share_cannot_access_shared_account(self):
"""User3 should NOT be able to access the shared account."""
response = self.client3.get(f"/api/accounts/{self.shared_account.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_can_see_transactions_in_shared_account(self):
"""User2 should see transactions in the shared account."""
response = self.client2.get("/api/transactions/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
transaction_ids = [t["id"] for t in response.data["results"]]
self.assertIn(self.shared_transaction.id, transaction_ids)
self.assertNotIn(self.private_transaction.id, transaction_ids)
def test_user_can_access_transaction_in_shared_account(self):
"""User2 should be able to access transaction details in shared account."""
response = self.client2.get(f"/api/transactions/{self.shared_transaction.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["description"], "Shared Transaction")
def test_user_cannot_access_transaction_in_non_shared_account(self):
"""User2 should NOT access transactions in user1's private account."""
response = self.client2.get(f"/api/transactions/{self.private_transaction.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)
def test_user_can_get_balance_of_shared_account(self):
"""User2 should be able to get balance of shared account."""
response = self.client2.get(f"/api/accounts/{self.shared_account.id}/balance/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn("current_balance", response.data)
def test_sharing_works_with_multiple_users(self):
"""Account shared with multiple users should be accessible by all."""
# Add user3 to shared_with
self.shared_account.shared_with.add(self.user3)
# User2 still has access
response2 = self.client2.get(f"/api/accounts/{self.shared_account.id}/")
self.assertEqual(response2.status_code, status.HTTP_200_OK)
# User3 now has access
response3 = self.client3.get(f"/api/accounts/{self.shared_account.id}/")
self.assertEqual(response3.status_code, status.HTTP_200_OK)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class PublicVisibilityTests(TestCase):
"""Tests for public visibility access."""
def setUp(self):
"""Set up test data with public accounts."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.client2 = APIClient()
self.client2.force_authenticate(user=self.user2)
self.currency = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's public account
self.public_account = Account.all_objects.create(
name="Public Account",
currency=self.currency,
owner=self.user1,
visibility="public",
)
# User 1's private account
self.private_account = Account.all_objects.create(
name="Private Account",
currency=self.currency,
owner=self.user1,
visibility="private",
)
# Transaction in public account
self.public_transaction = Transaction.userless_all_objects.create(
account=self.public_account,
type=Transaction.Type.INCOME,
amount=Decimal("100.00"),
is_paid=True,
date=date(2025, 1, 1),
description="Public Transaction",
owner=self.user1,
)
def test_user_can_see_public_accounts(self):
"""User2 should see user1's public account."""
response = self.client2.get("/api/accounts/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
account_ids = [acc["id"] for acc in response.data["results"]]
self.assertIn(self.public_account.id, account_ids)
self.assertNotIn(self.private_account.id, account_ids)
def test_user_can_access_public_account_detail(self):
"""User2 should be able to access public account details."""
response = self.client2.get(f"/api/accounts/{self.public_account.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Public Account")
def test_user_can_see_transactions_in_public_accounts(self):
"""User2 should see transactions in public accounts."""
response = self.client2.get("/api/transactions/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
transaction_ids = [t["id"] for t in response.data["results"]]
self.assertIn(self.public_transaction.id, transaction_ids)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class SharedCategoryTagEntityTests(TestCase):
"""Tests for shared categories, tags, and entities."""
def setUp(self):
"""Set up test data with shared categories/tags/entities."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.client2 = APIClient()
self.client2.force_authenticate(user=self.user2)
self.user3 = User.objects.create_user(
email="user3@test.com", password="testpass123"
)
self.client3 = APIClient()
self.client3.force_authenticate(user=self.user3)
# User 1's category shared with user 2
self.shared_category = TransactionCategory.all_objects.create(
name="Shared Category", owner=self.user1
)
self.shared_category.shared_with.add(self.user2)
# User 1's private category
self.private_category = TransactionCategory.all_objects.create(
name="Private Category", owner=self.user1
)
# User 1's public category
self.public_category = TransactionCategory.all_objects.create(
name="Public Category", owner=self.user1, visibility="public"
)
# User 1's tag shared with user 2
self.shared_tag = TransactionTag.all_objects.create(
name="Shared Tag", owner=self.user1
)
self.shared_tag.shared_with.add(self.user2)
# User 1's entity shared with user 2
self.shared_entity = TransactionEntity.all_objects.create(
name="Shared Entity", owner=self.user1
)
self.shared_entity.shared_with.add(self.user2)
def test_user_can_see_shared_categories(self):
"""User2 should see categories shared with them."""
response = self.client2.get("/api/categories/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
category_ids = [c["id"] for c in response.data["results"]]
self.assertIn(self.shared_category.id, category_ids)
self.assertNotIn(self.private_category.id, category_ids)
def test_user_can_access_shared_category_detail(self):
"""User2 should be able to access shared category details."""
response = self.client2.get(f"/api/categories/{self.shared_category.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Shared Category")
def test_user_can_see_public_categories(self):
"""User3 should see public categories."""
response = self.client3.get("/api/categories/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
category_ids = [c["id"] for c in response.data["results"]]
self.assertIn(self.public_category.id, category_ids)
def test_user_without_share_cannot_see_shared_category(self):
"""User3 should NOT see category shared only with user2."""
response = self.client3.get("/api/categories/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
category_ids = [c["id"] for c in response.data["results"]]
self.assertNotIn(self.shared_category.id, category_ids)
def test_user_can_see_shared_tags(self):
"""User2 should see tags shared with them."""
response = self.client2.get("/api/tags/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
tag_ids = [t["id"] for t in response.data["results"]]
self.assertIn(self.shared_tag.id, tag_ids)
def test_user_can_access_shared_tag_detail(self):
"""User2 should be able to access shared tag details."""
response = self.client2.get(f"/api/tags/{self.shared_tag.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Shared Tag")
def test_user_can_see_shared_entities(self):
"""User2 should see entities shared with them."""
response = self.client2.get("/api/entities/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
entity_ids = [e["id"] for e in response.data["results"]]
self.assertIn(self.shared_entity.id, entity_ids)
def test_user_can_access_shared_entity_detail(self):
"""User2 should be able to access shared entity details."""
response = self.client2.get(f"/api/entities/{self.shared_entity.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Shared Entity")
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class SharedDCAAccessTests(TestCase):
"""Tests for shared DCA strategy access."""
def setUp(self):
"""Set up test data with shared DCA strategies."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.client2 = APIClient()
self.client2.force_authenticate(user=self.user2)
self.user3 = User.objects.create_user(
email="user3@test.com", password="testpass123"
)
self.client3 = APIClient()
self.client3.force_authenticate(user=self.user3)
self.currency1 = Currency.objects.create(
code="BTC", name="Bitcoin", decimal_places=8, prefix=""
)
self.currency2 = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
# User 1's DCA strategy shared with user 2
self.shared_strategy = DCAStrategy.all_objects.create(
name="Shared BTC Strategy",
target_currency=self.currency1,
payment_currency=self.currency2,
owner=self.user1,
)
self.shared_strategy.shared_with.add(self.user2)
# Entry in shared strategy
self.shared_entry = DCAEntry.objects.create(
strategy=self.shared_strategy,
date=date(2025, 1, 1),
amount_paid=Decimal("100.00"),
amount_received=Decimal("0.001"),
)
# User 1's private strategy
self.private_strategy = DCAStrategy.all_objects.create(
name="Private BTC Strategy",
target_currency=self.currency1,
payment_currency=self.currency2,
owner=self.user1,
)
def test_user_can_see_shared_dca_strategies(self):
"""User2 should see DCA strategies shared with them."""
response = self.client2.get("/api/dca/strategies/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
strategy_ids = [s["id"] for s in response.data["results"]]
self.assertIn(self.shared_strategy.id, strategy_ids)
self.assertNotIn(self.private_strategy.id, strategy_ids)
def test_user_can_access_shared_dca_strategy_detail(self):
"""User2 should be able to access shared strategy details."""
response = self.client2.get(f"/api/dca/strategies/{self.shared_strategy.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Shared BTC Strategy")
def test_user_without_share_cannot_see_shared_strategy(self):
"""User3 should NOT see strategy shared only with user2."""
response = self.client3.get("/api/dca/strategies/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
strategy_ids = [s["id"] for s in response.data["results"]]
self.assertNotIn(self.shared_strategy.id, strategy_ids)
def test_user_can_access_shared_strategy_actions(self):
"""User2 should be able to access actions on shared strategy."""
# investment_frequency
response1 = self.client2.get(
f"/api/dca/strategies/{self.shared_strategy.id}/investment_frequency/"
)
self.assertEqual(response1.status_code, status.HTTP_200_OK)
# price_comparison
response2 = self.client2.get(
f"/api/dca/strategies/{self.shared_strategy.id}/price_comparison/"
)
self.assertEqual(response2.status_code, status.HTTP_200_OK)
# current_price
response3 = self.client2.get(
f"/api/dca/strategies/{self.shared_strategy.id}/current_price/"
)
self.assertEqual(response3.status_code, status.HTTP_200_OK)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class SharedAccountGroupTests(TestCase):
"""Tests for shared account group access."""
def setUp(self):
"""Set up test data with shared account groups."""
User = get_user_model()
self.user1 = User.objects.create_user(
email="user1@test.com", password="testpass123"
)
self.client1 = APIClient()
self.client1.force_authenticate(user=self.user1)
self.user2 = User.objects.create_user(
email="user2@test.com", password="testpass123"
)
self.client2 = APIClient()
self.client2.force_authenticate(user=self.user2)
self.user3 = User.objects.create_user(
email="user3@test.com", password="testpass123"
)
self.client3 = APIClient()
self.client3.force_authenticate(user=self.user3)
# User 1's account group shared with user 2
self.shared_group = AccountGroup.all_objects.create(
name="Shared Group", owner=self.user1
)
self.shared_group.shared_with.add(self.user2)
# User 1's private account group
self.private_group = AccountGroup.all_objects.create(
name="Private Group", owner=self.user1
)
# User 1's public account group
self.public_group = AccountGroup.all_objects.create(
name="Public Group", owner=self.user1, visibility="public"
)
def test_user_can_see_shared_account_groups(self):
"""User2 should see account groups shared with them."""
response = self.client2.get("/api/account-groups/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
group_ids = [g["id"] for g in response.data["results"]]
self.assertIn(self.shared_group.id, group_ids)
self.assertNotIn(self.private_group.id, group_ids)
def test_user_can_access_shared_account_group_detail(self):
"""User2 should be able to access shared account group details."""
response = self.client2.get(f"/api/account-groups/{self.shared_group.id}/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["name"], "Shared Group")
def test_user_can_see_public_account_groups(self):
"""User3 should see public account groups."""
response = self.client3.get("/api/account-groups/")
self.assertEqual(response.status_code, status.HTTP_200_OK)
group_ids = [g["id"] for g in response.data["results"]]
self.assertIn(self.public_group.id, group_ids)
def test_user_without_share_cannot_access_shared_group(self):
"""User3 should NOT be able to access shared account group."""
response = self.client3.get(f"/api/account-groups/{self.shared_group.id}/")
self.assertIn(response.status_code, ACCESS_DENIED_CODES)

55
app/apps/api/views/accounts.py
View File

@@ -6,8 +6,11 @@ from rest_framework.response import Response
from apps.accounts.models import AccountGroup, Account
from apps.accounts.services import get_account_balance
from apps.api.custom.pagination import CustomPageNumberPagination
from apps.api.serializers import AccountGroupSerializer, AccountSerializer, AccountBalanceSerializer
from apps.api.serializers import (
AccountGroupSerializer,
AccountSerializer,
AccountBalanceSerializer,
)
class AccountGroupViewSet(viewsets.ModelViewSet):
@@ -15,10 +18,16 @@ class AccountGroupViewSet(viewsets.ModelViewSet):
queryset = AccountGroup.objects.all()
serializer_class = AccountGroupSerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"name": ["exact", "icontains"],
"owner": ["exact"],
}
search_fields = ["name"]
ordering_fields = "__all__"
ordering = ["id"]
def get_queryset(self):
return AccountGroup.objects.all().order_by("id")
return AccountGroup.objects.all()
@extend_schema_view(
@@ -33,28 +42,38 @@ class AccountViewSet(viewsets.ModelViewSet):
queryset = Account.objects.all()
serializer_class = AccountSerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"name": ["exact", "icontains"],
"group": ["exact", "isnull"],
"currency": ["exact"],
"exchange_currency": ["exact", "isnull"],
"is_asset": ["exact"],
"is_archived": ["exact"],
"owner": ["exact"],
}
search_fields = ["name"]
ordering_fields = "__all__"
ordering = ["id"]
def get_queryset(self):
return (
Account.objects.all()
.order_by("id")
.select_related("group", "currency", "exchange_currency")
return Account.objects.all().select_related(
"group", "currency", "exchange_currency"
)
@action(detail=True, methods=["get"], permission_classes=[IsAuthenticated])
def balance(self, request, pk=None):
"""Get current and projected balance for an account."""
account = self.get_object()
current_balance = get_account_balance(account, paid_only=True)
projected_balance = get_account_balance(account, paid_only=False)
serializer = AccountBalanceSerializer({
"current_balance": current_balance,
"projected_balance": projected_balance,
"currency": account.currency,
})
return Response(serializer.data)
serializer = AccountBalanceSerializer(
{
"current_balance": current_balance,
"projected_balance": projected_balance,
"currency": account.currency,
}
)
return Response(serializer.data)

20
app/apps/api/views/currencies.py
View File

@@ -9,8 +9,28 @@ from apps.currencies.models import ExchangeRate
class CurrencyViewSet(viewsets.ModelViewSet):
queryset = Currency.objects.all()
serializer_class = CurrencySerializer
filterset_fields = {
'name': ['exact', 'icontains'],
'code': ['exact', 'icontains'],
'decimal_places': ['exact', 'gte', 'lte', 'gt', 'lt'],
'prefix': ['exact', 'icontains'],
'suffix': ['exact', 'icontains'],
'exchange_currency': ['exact'],
'is_archived': ['exact'],
}
search_fields = '__all__'
ordering_fields = '__all__'
class ExchangeRateViewSet(viewsets.ModelViewSet):
queryset = ExchangeRate.objects.all()
serializer_class = ExchangeRateSerializer
filterset_fields = {
'from_currency': ['exact'],
'to_currency': ['exact'],
'rate': ['exact', 'gte', 'lte', 'gt', 'lt'],
'date': ['exact', 'gte', 'lte', 'gt', 'lt'],
'automatic': ['exact'],
}
search_fields = '__all__'
ordering_fields = '__all__'

35
app/apps/api/views/dca.py
View File

@@ -8,6 +8,19 @@ from apps.api.serializers import DCAStrategySerializer, DCAEntrySerializer
class DCAStrategyViewSet(viewsets.ModelViewSet):
queryset = DCAStrategy.objects.all()
serializer_class = DCAStrategySerializer
filterset_fields = {
"name": ["exact", "icontains"],
"target_currency": ["exact"],
"payment_currency": ["exact"],
"notes": ["exact", "icontains"],
"created_at": ["exact", "gte", "lte", "gt", "lt"],
"updated_at": ["exact", "gte", "lte", "gt", "lt"],
}
search_fields = ["name", "notes"]
ordering_fields = "__all__"
def get_queryset(self):
return DCAStrategy.objects.all()
@action(detail=True, methods=["get"])
def investment_frequency(self, request, pk=None):
@@ -32,10 +45,22 @@ class DCAStrategyViewSet(viewsets.ModelViewSet):
class DCAEntryViewSet(viewsets.ModelViewSet):
queryset = DCAEntry.objects.all()
serializer_class = DCAEntrySerializer
filterset_fields = {
"strategy": ["exact"],
"date": ["exact", "gte", "lte", "gt", "lt"],
"amount_paid": ["exact", "gte", "lte", "gt", "lt"],
"amount_received": ["exact", "gte", "lte", "gt", "lt"],
"expense_transaction": ["exact", "isnull"],
"income_transaction": ["exact", "isnull"],
"notes": ["exact", "icontains"],
"created_at": ["exact", "gte", "lte", "gt", "lt"],
"updated_at": ["exact", "gte", "lte", "gt", "lt"],
}
search_fields = ["notes"]
ordering_fields = "__all__"
ordering = ["-date"]
def get_queryset(self):
queryset = DCAEntry.objects.all()
strategy_id = self.request.query_params.get("strategy", None)
if strategy_id is not None:
queryset = queryset.filter(strategy_id=strategy_id)
return queryset
# Filter entries by strategies the user has access to
accessible_strategies = DCAStrategy.objects.all()
return DCAEntry.objects.filter(strategy__in=accessible_strategies)

24
app/apps/api/views/imports.py
View File

@@ -28,6 +28,14 @@ class ImportProfileViewSet(viewsets.ReadOnlyModelViewSet):
queryset = ImportProfile.objects.all()
serializer_class = ImportProfileSerializer
permission_classes = [IsAuthenticated]
filterset_fields = {
'name': ['exact', 'icontains'],
'yaml_config': ['exact', 'icontains'],
'version': ['exact'],
}
search_fields = ['name', 'yaml_config']
ordering_fields = '__all__'
ordering = ['name']
@extend_schema_view(
@@ -55,6 +63,22 @@ class ImportRunViewSet(viewsets.ReadOnlyModelViewSet):
queryset = ImportRun.objects.all().order_by("-id")
serializer_class = ImportRunSerializer
permission_classes = [IsAuthenticated]
filterset_fields = {
'status': ['exact'],
'profile': ['exact'],
'file_name': ['exact', 'icontains'],
'logs': ['exact', 'icontains'],
'processed_rows': ['exact', 'gte', 'lte', 'gt', 'lt'],
'total_rows': ['exact', 'gte', 'lte', 'gt', 'lt'],
'successful_rows': ['exact', 'gte', 'lte', 'gt', 'lt'],
'skipped_rows': ['exact', 'gte', 'lte', 'gt', 'lt'],
'failed_rows': ['exact', 'gte', 'lte', 'gt', 'lt'],
'started_at': ['exact', 'gte', 'lte', 'gt', 'lt', 'isnull'],
'finished_at': ['exact', 'gte', 'lte', 'gt', 'lt', 'isnull'],
}
search_fields = ['file_name', 'logs']
ordering_fields = '__all__'
ordering = ['-id']
def get_queryset(self):
queryset = super().get_queryset()

115
app/apps/api/views/transactions.py
View File

@@ -2,7 +2,6 @@ from copy import deepcopy
from rest_framework import viewsets
from apps.api.custom.pagination import CustomPageNumberPagination
from apps.api.serializers import (
TransactionSerializer,
TransactionCategorySerializer,
@@ -25,7 +24,34 @@ from apps.rules.signals import transaction_updated, transaction_created
class TransactionViewSet(viewsets.ModelViewSet):
queryset = Transaction.objects.all()
serializer_class = TransactionSerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"account": ["exact"],
"type": ["exact"],
"is_paid": ["exact"],
"date": ["exact", "gte", "lte", "gt", "lt"],
"reference_date": ["exact", "gte", "lte", "gt", "lt"],
"mute": ["exact"],
"amount": ["exact", "gte", "lte", "gt", "lt"],
"description": ["exact", "icontains"],
"notes": ["exact", "icontains"],
"category": ["exact", "isnull"],
"installment_plan": ["exact", "isnull"],
"installment_id": ["exact", "gte", "lte"],
"recurring_transaction": ["exact", "isnull"],
"internal_note": ["exact", "icontains"],
"internal_id": ["exact"],
"deleted": ["exact"],
"created_at": ["exact", "gte", "lte", "gt", "lt"],
"updated_at": ["exact", "gte", "lte", "gt", "lt"],
"deleted_at": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"owner": ["exact"],
}
search_fields = ["description", "notes", "internal_note"]
ordering_fields = "__all__"
ordering = ["-id"]
def get_queryset(self):
return Transaction.objects.all()
def perform_create(self, serializer):
instance = serializer.save()
@@ -40,50 +66,109 @@ class TransactionViewSet(viewsets.ModelViewSet):
kwargs["partial"] = True
return self.update(request, *args, **kwargs)
def get_queryset(self):
return Transaction.objects.all().order_by("-id")
class TransactionCategoryViewSet(viewsets.ModelViewSet):
queryset = TransactionCategory.objects.all()
serializer_class = TransactionCategorySerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"name": ["exact", "icontains"],
"mute": ["exact"],
"active": ["exact"],
"owner": ["exact"],
}
search_fields = ["name"]
ordering_fields = "__all__"
ordering = ["id"]
def get_queryset(self):
return TransactionCategory.objects.all().order_by("id")
return TransactionCategory.objects.all()
class TransactionTagViewSet(viewsets.ModelViewSet):
queryset = TransactionTag.objects.all()
serializer_class = TransactionTagSerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"name": ["exact", "icontains"],
"active": ["exact"],
"owner": ["exact"],
}
search_fields = ["name"]
ordering_fields = "__all__"
ordering = ["id"]
def get_queryset(self):
return TransactionTag.objects.all().order_by("id")
return TransactionTag.objects.all()
class TransactionEntityViewSet(viewsets.ModelViewSet):
queryset = TransactionEntity.objects.all()
serializer_class = TransactionEntitySerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"name": ["exact", "icontains"],
"active": ["exact"],
"owner": ["exact"],
}
search_fields = ["name"]
ordering_fields = "__all__"
ordering = ["id"]
def get_queryset(self):
return TransactionEntity.objects.all().order_by("id")
return TransactionEntity.objects.all()
class InstallmentPlanViewSet(viewsets.ModelViewSet):
queryset = InstallmentPlan.objects.all()
serializer_class = InstallmentPlanSerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"account": ["exact"],
"type": ["exact"],
"description": ["exact", "icontains"],
"number_of_installments": ["exact", "gte", "lte", "gt", "lt"],
"installment_start": ["exact", "gte", "lte", "gt", "lt"],
"installment_total_number": ["exact", "gte", "lte", "gt", "lt"],
"start_date": ["exact", "gte", "lte", "gt", "lt"],
"reference_date": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"end_date": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"recurrence": ["exact"],
"installment_amount": ["exact", "gte", "lte", "gt", "lt"],
"category": ["exact", "isnull"],
"notes": ["exact", "icontains"],
"add_description_to_transaction": ["exact"],
"add_notes_to_transaction": ["exact"],
}
search_fields = ["description", "notes"]
ordering_fields = "__all__"
ordering = ["-id"]
def get_queryset(self):
return InstallmentPlan.objects.all().order_by("-id")
return InstallmentPlan.objects.all()
class RecurringTransactionViewSet(viewsets.ModelViewSet):
queryset = RecurringTransaction.objects.all()
serializer_class = RecurringTransactionSerializer
pagination_class = CustomPageNumberPagination
filterset_fields = {
"is_paused": ["exact"],
"account": ["exact"],
"type": ["exact"],
"amount": ["exact", "gte", "lte", "gt", "lt"],
"description": ["exact", "icontains"],
"category": ["exact", "isnull"],
"notes": ["exact", "icontains"],
"reference_date": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"start_date": ["exact", "gte", "lte", "gt", "lt"],
"end_date": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"recurrence_type": ["exact"],
"recurrence_interval": ["exact", "gte", "lte", "gt", "lt"],
"keep_at_most": ["exact", "gte", "lte", "gt", "lt"],
"last_generated_date": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"last_generated_reference_date": ["exact", "gte", "lte", "gt", "lt", "isnull"],
"add_description_to_transaction": ["exact"],
"add_notes_to_transaction": ["exact"],
}
search_fields = ["description", "notes"]
ordering_fields = "__all__"
ordering = ["-id"]
def get_queryset(self):
return RecurringTransaction.objects.all().order_by("-id")
return RecurringTransaction.objects.all()

3
app/apps/common/apps.py
View File

@@ -23,3 +23,6 @@ class CommonConfig(AppConfig):
# Delete the cache for update checks to prevent false-positives when the app is restarted
# this will be recreated by the check_for_updates task
cache.delete("update_check")
# Register system checks for required environment variables
from apps.common import checks # noqa: F401

103
app/apps/common/checks.py Normal file
View File

@@ -0,0 +1,103 @@
"""
Django System Checks for required environment variables.
This module validates that required environment variables (those without defaults)
are present before the application starts.
"""
import os
from django.core.checks import Error, register
# List of environment variables that are required (no default values)
# Based on the README.md documentation
REQUIRED_ENV_VARS = [
("SECRET_KEY", "This is used to provide cryptographic signing."),
("SQL_DATABASE", "The name of your postgres database."),
]
# List of environment variables that must be valid integers if set
INT_ENV_VARS = [
("TASK_WORKERS", "How many workers to have for async tasks."),
("SESSION_EXPIRY_TIME", "The age of session cookies, in seconds."),
("INTERNAL_PORT", "The port on which the app listens on."),
("DJANGO_VITE_DEV_SERVER_PORT", "The port where Vite's dev server is running"),
]
@register()
def check_required_env_vars(app_configs, **kwargs):
"""
Check that all required environment variables are set.
Returns a list of Error objects for any missing required variables.
"""
errors = []
for var_name, description in REQUIRED_ENV_VARS:
value = os.getenv(var_name)
if not value:
errors.append(
Error(
f"Required environment variable '{var_name}' is not set.",
hint=f"{description} Please set this variable in your .env file or environment.",
id="wygiwyh.E001",
)
)
return errors
@register()
def check_int_env_vars(app_configs, **kwargs):
"""
Check that environment variables that should be integers are valid.
Returns a list of Error objects for any invalid integer variables.
"""
errors = []
for var_name, description in INT_ENV_VARS:
value = os.getenv(var_name)
if value is not None:
try:
int(value)
except ValueError:
errors.append(
Error(
f"Environment variable '{var_name}' must be a valid integer, got '{value}'.",
hint=f"{description}",
id="wygiwyh.E002",
)
)
return errors
@register()
def check_soft_delete_config(app_configs, **kwargs):
"""
Check that KEEP_DELETED_TRANSACTIONS_FOR is a valid integer when ENABLE_SOFT_DELETE is enabled.
Returns a list of Error objects if the configuration is invalid.
"""
errors = []
enable_soft_delete = os.getenv("ENABLE_SOFT_DELETE", "false").lower() == "true"
if enable_soft_delete:
keep_deleted_for = os.getenv("KEEP_DELETED_TRANSACTIONS_FOR")
if keep_deleted_for is not None:
try:
int(keep_deleted_for)
except ValueError:
errors.append(
Error(
f"Environment variable 'KEEP_DELETED_TRANSACTIONS_FOR' must be a valid integer when ENABLE_SOFT_DELETE is enabled, got '{keep_deleted_for}'.",
hint="Time in days to keep soft deleted transactions for. Set to 0 to keep all transactions indefinitely.",
id="wygiwyh.E003",
)
)
return errors

4
app/apps/currencies/exchange_rates/fetcher.py
View File

@@ -1,5 +1,4 @@
import logging
from datetime import timedelta
from django.db.models import QuerySet
from django.utils import timezone
@@ -258,7 +257,10 @@ class ExchangeRateFetcher:
processed_pairs.add((from_currency.id, to_currency.id))
service.last_fetch = timezone.now()
service.failure_count = 0
service.save()
except Exception as e:
logger.error(f"Error fetching rates for {service.name}: {e}")
service.failure_count += 1
service.save()

18
app/apps/currencies/migrations/0023_add_failure_count.py Normal file
View File

@@ -0,0 +1,18 @@
# Generated by Django 5.2.10 on 2026-01-10 06:08
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('currencies', '0022_currency_is_archived'),
]
operations = [
migrations.AddField(
model_name='exchangerateservice',
name='failure_count',
field=models.PositiveIntegerField(default=0),
),
]

6
app/apps/currencies/models.py
View File

@@ -136,6 +136,8 @@ class ExchangeRateService(models.Model):
null=True, blank=True, verbose_name=_("Last Successful Fetch")
)
failure_count = models.PositiveIntegerField(default=0)
target_currencies = models.ManyToManyField(
Currency,
verbose_name=_("Target Currencies"),
@@ -237,7 +239,7 @@ class ExchangeRateService(models.Model):
hours = self._parse_hour_ranges(self.fetch_interval)
# Store in normalized format (optional)
self.fetch_interval = ",".join(str(h) for h in sorted(hours))
except ValueError as e:
except ValueError:
raise ValidationError(
{
"fetch_interval": _(
@@ -248,7 +250,7 @@ class ExchangeRateService(models.Model):
)
except ValidationError:
raise
except Exception as e:
except Exception:
raise ValidationError(
{
"fetch_interval": _(

1
app/apps/currencies/tests/__init__.py Normal file
View File

@@ -0,0 +1 @@
# Tests package for currencies app

109
app/apps/currencies/tests/test_automatic_exchange_rates.py Normal file
View File

@@ -0,0 +1,109 @@
from decimal import Decimal
from unittest.mock import patch, MagicMock
from django.test import TestCase
from django.utils import timezone
from apps.currencies.models import Currency, ExchangeRateService
from apps.currencies.exchange_rates.fetcher import ExchangeRateFetcher
class ExchangeRateServiceFailureTrackingTests(TestCase):
"""Tests for the failure count tracking functionality."""
def setUp(self):
"""Set up test data."""
self.usd = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
self.eur = Currency.objects.create(
code="EUR", name="Euro", decimal_places=2, prefix=""
)
self.eur.exchange_currency = self.usd
self.eur.save()
self.service = ExchangeRateService.objects.create(
name="Test Service",
service_type=ExchangeRateService.ServiceType.FRANKFURTER,
is_active=True,
)
self.service.target_currencies.add(self.eur)
def test_failure_count_increments_on_provider_error(self):
"""Test that failure_count increments when provider raises an exception."""
self.assertEqual(self.service.failure_count, 0)
with patch.object(
self.service, "get_provider", side_effect=Exception("API Error")
):
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertEqual(self.service.failure_count, 1)
def test_failure_count_resets_on_success(self):
"""Test that failure_count resets to 0 on successful fetch."""
# Set initial failure count
self.service.failure_count = 5
self.service.save()
# Mock a successful provider
mock_provider = MagicMock()
mock_provider.requires_api_key.return_value = False
mock_provider.get_rates.return_value = [(self.usd, self.eur, Decimal("0.85"))]
mock_provider.rates_inverted = False
with patch.object(self.service, "get_provider", return_value=mock_provider):
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertEqual(self.service.failure_count, 0)
def test_failure_count_accumulates_across_fetches(self):
"""Test that failure_count accumulates with consecutive failures."""
self.assertEqual(self.service.failure_count, 0)
with patch.object(
self.service, "get_provider", side_effect=Exception("API Error")
):
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertEqual(self.service.failure_count, 1)
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertEqual(self.service.failure_count, 2)
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertEqual(self.service.failure_count, 3)
def test_last_fetch_not_updated_on_failure(self):
"""Test that last_fetch is NOT updated when a failure occurs."""
original_last_fetch = self.service.last_fetch
self.assertIsNone(original_last_fetch)
with patch.object(
self.service, "get_provider", side_effect=Exception("API Error")
):
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertIsNone(self.service.last_fetch)
self.assertEqual(self.service.failure_count, 1)
def test_last_fetch_updated_on_success(self):
"""Test that last_fetch IS updated when fetch succeeds."""
self.assertIsNone(self.service.last_fetch)
mock_provider = MagicMock()
mock_provider.requires_api_key.return_value = False
mock_provider.get_rates.return_value = [(self.usd, self.eur, Decimal("0.85"))]
mock_provider.rates_inverted = False
with patch.object(self.service, "get_provider", return_value=mock_provider):
ExchangeRateFetcher._fetch_service_rates(self.service)
self.service.refresh_from_db()
self.assertIsNotNone(self.service.last_fetch)
self.assertEqual(self.service.failure_count, 0)

2
app/apps/currencies/views/currencies.py
View File

@@ -23,7 +23,7 @@ def currencies_index(request):
@login_required
@require_http_methods(["GET"])
def currencies_list(request):
currencies = Currency.objects.all().order_by("id")
currencies = Currency.objects.all().order_by("name")
return render(
request,
"currencies/fragments/list.html",

5
app/apps/dca/views.py
View File

@@ -1,4 +1,3 @@
# apps/dca_tracker/views.py
from django.contrib import messages
from django.contrib.auth.decorators import login_required
from django.db.models import Sum, Avg
@@ -23,7 +22,7 @@ def strategy_index(request):
@only_htmx
@login_required
def strategy_list(request):
strategies = DCAStrategy.objects.all().order_by("created_at")
strategies = DCAStrategy.objects.all().order_by("name")
return render(
request, "dca/fragments/strategy/list.html", {"strategies": strategies}
)
@@ -234,7 +233,7 @@ def strategy_entry_add(request, strategy_id):
if request.method == "POST":
form = DCAEntryForm(request.POST, strategy=strategy)
if form.is_valid():
entry = form.save()
form.save()
messages.success(request, _("Entry added successfully"))
return HttpResponse(

20
app/apps/export_app/resources/transactions.py
View File

@@ -1,8 +1,10 @@
from import_export import fields, resources
from import_export.widgets import ForeignKeyWidget
from apps.accounts.models import Account
from apps.export_app.widgets.foreign_key import AutoCreateForeignKeyWidget
from apps.export_app.widgets.foreign_key import (
AllObjectsForeignKeyWidget,
AutoCreateForeignKeyWidget,
)
from apps.export_app.widgets.many_to_many import AutoCreateManyToManyWidget
from apps.export_app.widgets.string import EmptyStringToNoneField
from apps.transactions.models import (
@@ -20,7 +22,7 @@ class TransactionResource(resources.ModelResource):
account = fields.Field(
attribute="account",
column_name="account",
widget=ForeignKeyWidget(Account, "name"),
widget=AllObjectsForeignKeyWidget(Account, "name"),
)
category = fields.Field(
@@ -86,7 +88,7 @@ class RecurringTransactionResource(resources.ModelResource):
account = fields.Field(
attribute="account",
column_name="account",
widget=ForeignKeyWidget(Account, "name"),
widget=AllObjectsForeignKeyWidget(Account, "name"),
)
category = fields.Field(
@@ -119,12 +121,16 @@ class RecurringTransactionResource(resources.ModelResource):
def get_queryset(self):
return RecurringTransaction.all_objects.all()
def dehydrate_account_owner(self, obj):
"""Export the account's owner ID for proper import matching."""
return obj.account.owner_id if obj.account else None
class InstallmentPlanResource(resources.ModelResource):
account = fields.Field(
attribute="account",
column_name="account",
widget=ForeignKeyWidget(Account, "name"),
widget=AllObjectsForeignKeyWidget(Account, "name"),
)
category = fields.Field(
@@ -156,3 +162,7 @@ class InstallmentPlanResource(resources.ModelResource):
def get_queryset(self):
return InstallmentPlan.all_objects.all()
def dehydrate_account_owner(self, obj):
"""Export the account's owner ID for proper import matching."""
return obj.account.owner_id if obj.account else None

54
app/apps/export_app/widgets/foreign_key.py
View File

@@ -1,6 +1,60 @@
from import_export.widgets import ForeignKeyWidget
class AllObjectsForeignKeyWidget(ForeignKeyWidget):
"""
ForeignKeyWidget that uses 'all_objects' manager for lookups,
bypassing user-filtered managers like SharedObjectManager.
Also filters by owner if available in the row data.
"""
def get_queryset(self, value, row, *args, **kwargs):
# Use all_objects manager if available, otherwise fall back to default
if hasattr(self.model, "all_objects"):
qs = self.model.all_objects.all()
# Filter by owner if the row has an owner field and the model has owner
if row:
# Check for direct owner field first
owner_id = row.get("owner") if "owner" in row else None
# Fall back to account_owner for models like InstallmentPlan
if not owner_id and "account_owner" in row:
owner_id = row.get("account_owner")
# If still no owner, try to get it from the existing record's account
# This handles backward compatibility with older exports
if not owner_id and "id" in row and row.get("id"):
try:
# Try to find the existing record and get owner from its account
from apps.transactions.models import (
InstallmentPlan,
RecurringTransaction,
)
record_id = row.get("id")
# Try to find the existing InstallmentPlan or RecurringTransaction
for model_class in [InstallmentPlan, RecurringTransaction]:
try:
existing = model_class.all_objects.get(id=record_id)
if existing.account:
owner_id = existing.account.owner_id
break
except model_class.DoesNotExist:
continue
except Exception:
pass
# Final fallback: use the current logged-in user
# This handles restoring to a fresh database with older exports
if not owner_id:
from apps.common.middleware.thread_local import get_current_user
user = get_current_user()
if user and user.is_authenticated:
owner_id = user.id
if owner_id:
qs = qs.filter(owner_id=owner_id)
return qs
return super().get_queryset(value, row, *args, **kwargs)
class AutoCreateForeignKeyWidget(ForeignKeyWidget):
def clean(self, value, row=None, *args, **kwargs):
if value:

13
app/apps/import_app/schemas/v1.py
View File

@@ -106,6 +106,17 @@ class ExcelImportSettings(BaseModel):
sheets: list[str] | str = "*"
class QIFImportSettings(BaseModel):
skip_errors: bool = Field(
default=False,
description="If True, errors during import will be logged and skipped",
)
file_type: Literal["qif"] = "qif"
importing: Literal["transactions"] = "transactions"
encoding: str = Field(default="utf-8", description="File encoding")
date_format: str = Field(..., description="Date format (e.g. %d/%m/%Y)")
class ColumnMapping(BaseModel):
source: Optional[str] | Optional[list[str]] = Field(
default=None,
@@ -342,7 +353,7 @@ class CurrencyExchangeMapping(ColumnMapping):
class ImportProfileSchema(BaseModel):
settings: CSVImportSettings | ExcelImportSettings
settings: CSVImportSettings | ExcelImportSettings | QIFImportSettings
mapping: Dict[
str,
TransactionAccountMapping

217
app/apps/import_app/services/v1.py
View File

@@ -3,6 +3,8 @@ import hashlib
import logging
import os
import re
import zipfile
from django.db import transaction
from datetime import datetime, date
from decimal import Decimal, InvalidOperation
from typing import Dict, Any, Literal, Union
@@ -845,6 +847,219 @@ class ImportService:
f"Invalid {self.settings.file_type.upper()} file format: {str(e)}"
)
def _parse_and_import_qif(self, content_lines: list[str], filename: str) -> None:
# Infer account from filename (remove extension)
account_name = os.path.splitext(os.path.basename(filename))[0]
current_transaction = {}
raw_lines_buffer = []
account = Account.objects.filter(name=account_name).first()
if not account:
raise ValueError(f"Account '{account_name}' not found.")
row_number = 0
for line in content_lines:
row_number += 1
line = line.strip()
if not line:
continue
raw_lines_buffer.append(line)
if line == "^":
if current_transaction:
# Deduplication using hash of raw lines
raw_content = "".join(raw_lines_buffer)
internal_id = hashlib.sha256(
raw_content.encode("utf-8")
).hexdigest()
# Reset buffer for next transaction
raw_lines_buffer = []
try:
with transaction.atomic():
if Transaction.objects.filter(
internal_id=internal_id
).exists():
self._increment_totals("skipped", 1)
self._log(
"info",
f"Skipped duplicate transaction from {filename}",
)
current_transaction = {}
continue
# Handle Account
if account:
current_transaction["account"] = account
else:
acc = Account.objects.filter(name=account_name).first()
if acc:
current_transaction["account"] = acc
else:
raise ValueError(
f"Account '{account_name}' not found."
)
current_transaction["internal_id"] = internal_id
# Handle Description/Memo mapping
if "memo" in current_transaction:
current_transaction["description"] = (
current_transaction.pop("memo")
)
# Handle Payee mapping
entities = []
if "payee" in current_transaction:
payee_name = current_transaction.pop("payee")
# "Treat the payee (P) as the entity. Use existing or create"
entity, _ = TransactionEntity.objects.get_or_create(
name=payee_name
)
entities.append(entity)
# Handle Label/Category
category = None
tags = []
if "label" in current_transaction:
label = current_transaction.pop("label")
if label.startswith("[") and label.endswith("]"):
# Transfer: set label as description, ignore category/tags
clean_label = label[1:-1]
current_transaction["description"] = clean_label
else:
parts = label.split(":")
if parts:
cat_name = parts[0].strip()
if cat_name:
category, _ = (
TransactionCategory.objects.get_or_create(
name=cat_name
)
)
if len(parts) > 1:
for tag_name in parts[1:]:
tag_name = tag_name.strip()
if tag_name:
tag, _ = (
TransactionTag.objects.get_or_create(
name=tag_name
)
)
tags.append(tag)
current_transaction["category"] = category
# Create transaction
new_trans = Transaction.objects.create(
**current_transaction
)
if entities:
new_trans.entities.set(entities)
if tags:
new_trans.tags.set(tags)
self.import_run.transactions.add(new_trans)
self._increment_totals("successful", 1)
except Exception as e:
if not self.settings.skip_errors:
raise e
self._log(
"warning",
f"Error processing transaction in {filename}: {str(e)}",
)
self._increment_totals("failed", 1)
# Reset for next transaction
current_transaction = {}
else:
# Empty transaction record (orphaned ^)
raw_lines_buffer = []
pass
self._increment_totals("processed", 1)
continue
if line.startswith("!"):
continue
code = line[0]
value = line[1:]
if code == "D":
try:
current_transaction["date"] = datetime.strptime(
value, self.settings.date_format
).date()
except ValueError:
self._log(
"warning",
f"Could not parse date '{value}' using format '{self.settings.date_format}' in {filename}",
)
if not self.settings.skip_errors:
raise ValueError(f"Invalid date format '{value}'")
elif code == "T":
try:
cleaned_value = value.replace(",", "")
amount = Decimal(cleaned_value)
if amount < 0:
current_transaction["type"] = Transaction.Type.EXPENSE
current_transaction["amount"] = abs(amount)
else:
current_transaction["type"] = Transaction.Type.INCOME
current_transaction["amount"] = amount
except InvalidOperation:
self._log(
"warning", f"Could not parse amount '{value}' in {filename}"
)
if not self.settings.skip_errors:
raise ValueError(f"Invalid amount format '{value}'")
elif code == "P":
current_transaction["payee"] = value
elif code == "M":
current_transaction["memo"] = value
elif code == "L":
current_transaction["label"] = value
elif code == "N":
pass
def _process_qif(self, file_path):
def process_logic():
if zipfile.is_zipfile(file_path):
try:
with zipfile.ZipFile(file_path, "r") as zf:
for filename in zf.namelist():
if filename.lower().endswith(
".qif"
) and not filename.startswith("__MACOSX"):
self._log(
"info", f"Processing QIF from ZIP: {filename}"
)
with zf.open(filename) as f:
content = f.read().decode(self.settings.encoding)
self._parse_and_import_qif(
content.splitlines(), filename
)
except Exception as e:
raise ValueError(f"Error processing ZIP file: {str(e)}")
else:
with open(file_path, "r", encoding=self.settings.encoding) as f:
self._parse_and_import_qif(
f.readlines(), os.path.basename(file_path)
)
if not self.settings.skip_errors:
with transaction.atomic():
process_logic()
else:
process_logic()
def _validate_file_path(self, file_path: str) -> str:
"""
Validates that the file path is within the allowed temporary directory.
@@ -871,6 +1086,8 @@ class ImportService:
self._process_csv(file_path)
elif isinstance(self.settings, version_1.ExcelImportSettings):
self._process_excel(file_path)
elif isinstance(self.settings, version_1.QIFImportSettings):
self._process_qif(file_path)
self._update_status("FINISHED")
self._log(

1
app/apps/import_app/tests/test_import_service_v1.py
View File

@@ -8,7 +8,6 @@ is only used for string fields (not dates, decimals, etc.).
from datetime import date
from decimal import Decimal
from unittest.mock import MagicMock, patch
from django.test import TestCase

259
app/apps/import_app/tests/test_qif_import.py Normal file
View File

@@ -0,0 +1,259 @@
from decimal import Decimal
import os
import shutil
from django.test import TestCase
from django.contrib.auth import get_user_model
from apps.accounts.models import Account, AccountGroup
from apps.currencies.models import Currency
from apps.common.middleware.thread_local import write_current_user, delete_current_user
from apps.import_app.models import ImportProfile, ImportRun
from apps.import_app.services.v1 import ImportService
from apps.transactions.models import (
Transaction,
)
class QIFImportTests(TestCase):
def setUp(self):
# Patch TEMP_DIR for testing
self.original_temp_dir = ImportService.TEMP_DIR
self.test_dir = os.path.abspath("temp_test_import")
ImportService.TEMP_DIR = self.test_dir
os.makedirs(self.test_dir, exist_ok=True)
# Create user and set context
User = get_user_model()
self.user = User.objects.create_user(
email="test@example.com", password="password"
)
write_current_user(self.user)
self.currency = Currency.objects.create(
code="BRL", name="Real", decimal_places=2, prefix="R$ "
)
self.group = AccountGroup.objects.create(name="Test Group", owner=self.user)
self.account = Account.objects.create(
name="bradesco-checking",
group=self.group,
currency=self.currency,
owner=self.user,
)
def tearDown(self):
delete_current_user()
ImportService.TEMP_DIR = self.original_temp_dir
if os.path.exists(self.test_dir):
shutil.rmtree(self.test_dir)
def test_import_single_qif_valid_mapping(self):
content = """!Type:Bank
D04/01/2015
T8069.46
PMy Payee -> Entity
MNote -> Desc
LOld Cat:New Tag
^
D05/01/2015
T-100.00
PSupermarket
MWeekly shopping
L[Transfer]
^
"""
filename = "bradesco-checking.qif"
file_path = os.path.join(self.test_dir, filename)
with open(file_path, "w", encoding="utf-8") as f:
f.write(content)
yaml_config = """
settings:
file_type: qif
importing: transactions
date_format: "%d/%m/%Y"
mapping: {}
"""
profile = ImportProfile.objects.create(
name="QIF Profile",
yaml_config=yaml_config,
version=ImportProfile.Versions.VERSION_1,
)
run = ImportRun.objects.create(profile=profile, file_name=filename)
service = ImportService(run)
service.process_file(file_path)
self.assertEqual(Transaction.objects.count(), 2)
# Transaction 1: Income, Category+Tag
t1 = Transaction.objects.get(description="Note -> Desc")
self.assertEqual(t1.amount, Decimal("8069.46"))
self.assertEqual(t1.type, Transaction.Type.INCOME)
self.assertEqual(t1.category.name, "Old Cat")
self.assertTrue(t1.tags.filter(name="New Tag").exists())
self.assertTrue(t1.entities.filter(name="My Payee -> Entity").exists())
self.assertEqual(t1.account, self.account)
# Transaction 2: Expense, Transfer ([Transfer] -> Description)
t2 = Transaction.objects.get(description="Transfer")
self.assertEqual(t2.amount, Decimal("100.00"))
self.assertEqual(t2.type, Transaction.Type.EXPENSE)
self.assertIsNone(t2.category)
self.assertFalse(t2.tags.exists())
self.assertTrue(t2.entities.filter(name="Supermarket").exists())
self.assertEqual(t2.description, "Transfer")
def test_import_deduplication_hash(self):
# Same content twice. Should result in only 1 transaction due to hash deduplication.
content = """!Type:Bank
D04/01/2015
T100.00
POK
^
"""
filename = "bradesco-checking.qif"
file_path = os.path.join(self.test_dir, filename)
with open(file_path, "w", encoding="utf-8") as f:
f.write(content)
yaml_config = """
settings:
file_type: qif
importing: transactions
date_format: "%d/%m/%Y"
mapping: {}
"""
profile = ImportProfile.objects.create(
name="QIF Profile",
yaml_config=yaml_config,
version=ImportProfile.Versions.VERSION_1,
)
run = ImportRun.objects.create(profile=profile, file_name=filename)
service = ImportService(run)
# First run
service.process_file(file_path)
self.assertEqual(Transaction.objects.count(), 1)
# Service deletes file after processing, so recreate it for second run
with open(file_path, "w", encoding="utf-8") as f:
f.write(content)
# Second run - Duplicate content
service.process_file(file_path)
self.assertEqual(Transaction.objects.count(), 1)
def test_import_strict_error_rollback(self):
# atomic check.
# Transaction 1 valid, Transaction 2 invalid date.
content = """!Type:Bank
D04/01/2015
T100.00
POK
^
DINVALID
T100.00
PBad
^
"""
filename = "bradesco-checking.qif"
file_path = os.path.join(self.test_dir, filename)
with open(file_path, "w", encoding="utf-8") as f:
f.write(content)
yaml_config = """
settings:
file_type: qif
importing: transactions
date_format: "%d/%m/%Y"
skip_errors: false
mapping: {}
"""
profile = ImportProfile.objects.create(
name="QIF Profile",
yaml_config=yaml_config,
version=ImportProfile.Versions.VERSION_1,
)
run = ImportRun.objects.create(profile=profile, file_name=filename)
service = ImportService(run)
with self.assertRaises(Exception) as cm:
service.process_file(file_path)
self.assertEqual(str(cm.exception), "Import failed")
# Should be 0 transactions because of atomic rollback
self.assertEqual(Transaction.objects.count(), 0)
def test_import_missing_account(self):
# File with account name that doesn't exist
content = """!Type:Bank
D04/01/2015
T100.00
POK
^
"""
filename = "missing-account.qif"
file_path = os.path.join(self.test_dir, filename)
with open(file_path, "w", encoding="utf-8") as f:
f.write(content)
yaml_config = """
settings:
file_type: qif
importing: transactions
date_format: "%d/%m/%Y"
mapping: {}
"""
profile = ImportProfile.objects.create(
name="QIF Profile",
yaml_config=yaml_config,
version=ImportProfile.Versions.VERSION_1,
)
run = ImportRun.objects.create(profile=profile, file_name=filename)
service = ImportService(run)
# Should fail because account doesn't exist
with self.assertRaises(Exception) as cm:
service.process_file(file_path)
self.assertEqual(str(cm.exception), "Import failed")
def test_import_skip_errors(self):
# skip_errors: true.
# Transaction 1 valid, Transaction 2 invalid date.
content = """!Type:Bank
D04/01/2015
T100.00
POK
^
DINVALID
T100.00
PBad
^
"""
filename = "bradesco-checking.qif"
file_path = os.path.join(self.test_dir, filename)
with open(file_path, "w", encoding="utf-8") as f:
f.write(content)
yaml_config = """
settings:
file_type: qif
importing: transactions
date_format: "%d/%m/%Y"
skip_errors: true
mapping: {}
"""
profile = ImportProfile.objects.create(
name="QIF Profile",
yaml_config=yaml_config,
version=ImportProfile.Versions.VERSION_1,
)
run = ImportRun.objects.create(profile=profile, file_name=filename)
service = ImportService(run)
service.process_file(file_path)
# Should be 1 transaction (valid one)
self.assertEqual(Transaction.objects.count(), 1)
self.assertEqual(
Transaction.objects.first().description, ""
) # empty desc if no memo

10
app/apps/insights/urls.py
View File

@@ -49,4 +49,14 @@ urlpatterns = [
views.emergency_fund,
name="insights_emergency_fund",
),
path(
"insights/year-by-year/",
views.year_by_year,
name="insights_year_by_year",
),
path(
"insights/month-by-month/",
views.month_by_month,
name="insights_month_by_month",
),
]

316
app/apps/insights/utils/month_by_month.py Normal file
View File

@@ -0,0 +1,316 @@
from collections import OrderedDict
from decimal import Decimal
from django.db import models
from django.db.models import Sum, Case, When, Value
from django.db.models.functions import Coalesce
from django.utils import timezone
from apps.currencies.models import Currency
from apps.currencies.utils.convert import convert
from apps.transactions.models import Transaction
def get_month_by_month_data(year=None, group_by="categories"):
"""
Aggregate transaction totals by month for a specific year, grouped by categories, tags, or entities.
Args:
year: The year to filter transactions (defaults to current year)
group_by: One of "categories", "tags", or "entities"
Returns:
{
"year": 2025,
"available_years": [2025, 2024, ...],
"months": [1, 2, 3, ..., 12],
"items": {
item_id: {
"name": "Item Name",
"month_totals": {
1: {"currencies": {...}},
...
},
"total": {"currencies": {...}}
},
...
},
"month_totals": {...},
"grand_total": {"currencies": {...}}
}
"""
if year is None:
year = timezone.localdate(timezone.now()).year
# Base queryset - all paid transactions, non-muted
transactions = Transaction.objects.filter(
is_paid=True,
account__is_archived=False,
).exclude(account__currency__is_archived=True)
# Get available years for the selector
available_years = list(
transactions.values_list("reference_date__year", flat=True)
.distinct()
.order_by("-reference_date__year")
)
# Filter by the selected year
transactions = transactions.filter(reference_date__year=year)
# Define grouping fields based on group_by parameter
if group_by == "tags":
group_field = "tags"
name_field = "tags__name"
elif group_by == "entities":
group_field = "entities"
name_field = "entities__name"
else: # Default to categories
group_field = "category"
name_field = "category__name"
# Months 1-12
months = list(range(1, 13))
if not available_years:
return {
"year": year,
"available_years": [],
"months": months,
"items": {},
"month_totals": {},
"grand_total": {"currencies": {}},
}
# Aggregate by group, month, and currency
metrics = (
transactions.values(
group_field,
name_field,
"reference_date__month",
"account__currency",
"account__currency__code",
"account__currency__name",
"account__currency__decimal_places",
"account__currency__prefix",
"account__currency__suffix",
"account__currency__exchange_currency",
)
.annotate(
expense_total=Coalesce(
Sum(
Case(
When(type=Transaction.Type.EXPENSE, then="amount"),
default=Value(0),
output_field=models.DecimalField(),
)
),
Decimal("0"),
),
income_total=Coalesce(
Sum(
Case(
When(type=Transaction.Type.INCOME, then="amount"),
default=Value(0),
output_field=models.DecimalField(),
)
),
Decimal("0"),
),
)
.order_by(name_field, "reference_date__month")
)
# Build result structure
result = {
"year": year,
"available_years": available_years,
"months": months,
"items": OrderedDict(),
"month_totals": {},
"grand_total": {"currencies": {}},
}
# Store currency info for later use in totals
currency_info = {}
for metric in metrics:
item_id = metric[group_field]
item_name = metric[name_field]
month = metric["reference_date__month"]
currency_id = metric["account__currency"]
# Use a consistent key for None (uncategorized/untagged/no entity)
item_key = item_id if item_id is not None else "__none__"
if item_key not in result["items"]:
result["items"][item_key] = {
"name": item_name,
"month_totals": {},
"total": {"currencies": {}},
}
if month not in result["items"][item_key]["month_totals"]:
result["items"][item_key]["month_totals"][month] = {"currencies": {}}
# Calculate final total (income - expense)
final_total = metric["income_total"] - metric["expense_total"]
# Store currency info for totals calculation
if currency_id not in currency_info:
currency_info[currency_id] = {
"code": metric["account__currency__code"],
"name": metric["account__currency__name"],
"decimal_places": metric["account__currency__decimal_places"],
"prefix": metric["account__currency__prefix"],
"suffix": metric["account__currency__suffix"],
"exchange_currency_id": metric["account__currency__exchange_currency"],
}
currency_data = {
"currency": {
"code": metric["account__currency__code"],
"name": metric["account__currency__name"],
"decimal_places": metric["account__currency__decimal_places"],
"prefix": metric["account__currency__prefix"],
"suffix": metric["account__currency__suffix"],
},
"final_total": final_total,
"income_total": metric["income_total"],
"expense_total": metric["expense_total"],
}
# Handle currency conversion if exchange currency is set
if metric["account__currency__exchange_currency"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=metric["account__currency__exchange_currency"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=final_total,
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
currency_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
result["items"][item_key]["month_totals"][month]["currencies"][currency_id] = (
currency_data
)
# Accumulate item total (across all months for this item)
if currency_id not in result["items"][item_key]["total"]["currencies"]:
result["items"][item_key]["total"]["currencies"][currency_id] = {
"currency": currency_data["currency"].copy(),
"final_total": Decimal("0"),
}
result["items"][item_key]["total"]["currencies"][currency_id][
"final_total"
] += final_total
# Accumulate month total (across all items for this month)
if month not in result["month_totals"]:
result["month_totals"][month] = {"currencies": {}}
if currency_id not in result["month_totals"][month]["currencies"]:
result["month_totals"][month]["currencies"][currency_id] = {
"currency": currency_data["currency"].copy(),
"final_total": Decimal("0"),
}
result["month_totals"][month]["currencies"][currency_id]["final_total"] += (
final_total
)
# Accumulate grand total
if currency_id not in result["grand_total"]["currencies"]:
result["grand_total"]["currencies"][currency_id] = {
"currency": currency_data["currency"].copy(),
"final_total": Decimal("0"),
}
result["grand_total"]["currencies"][currency_id]["final_total"] += final_total
# Add currency conversion for item totals
for item_key, item_data in result["items"].items():
for currency_id, total_data in item_data["total"]["currencies"].items():
if currency_info[currency_id]["exchange_currency_id"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=currency_info[currency_id]["exchange_currency_id"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=total_data["final_total"],
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
total_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
# Add currency conversion for month totals
for month, month_data in result["month_totals"].items():
for currency_id, total_data in month_data["currencies"].items():
if currency_info[currency_id]["exchange_currency_id"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=currency_info[currency_id]["exchange_currency_id"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=total_data["final_total"],
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
total_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
# Add currency conversion for grand total
for currency_id, total_data in result["grand_total"]["currencies"].items():
if currency_info[currency_id]["exchange_currency_id"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=currency_info[currency_id]["exchange_currency_id"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=total_data["final_total"],
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
total_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
return result

303
app/apps/insights/utils/year_by_year.py Normal file
View File

@@ -0,0 +1,303 @@
from collections import OrderedDict
from decimal import Decimal
from django.db import models
from django.db.models import Sum, Case, When, Value
from django.db.models.functions import Coalesce
from apps.currencies.models import Currency
from apps.currencies.utils.convert import convert
from apps.transactions.models import Transaction
def get_year_by_year_data(group_by="categories"):
"""
Aggregate transaction totals by year for categories, tags, or entities.
Args:
group_by: One of "categories", "tags", or "entities"
Returns:
{
"years": [2025, 2024, ...], # Sorted descending
"items": {
item_id: {
"name": "Item Name",
"year_totals": {
2025: {"currencies": {...}},
...
},
"total": {"currencies": {...}} # Sum across all years
},
...
},
"year_totals": { # Sum across all items for each year
2025: {"currencies": {...}},
...
},
"grand_total": {"currencies": {...}} # Sum of everything
}
"""
# Base queryset - all paid transactions, non-muted
transactions = Transaction.objects.filter(
is_paid=True,
account__is_archived=False,
).exclude(account__currency__is_archived=True)
# Define grouping fields based on group_by parameter
if group_by == "tags":
group_field = "tags"
name_field = "tags__name"
elif group_by == "entities":
group_field = "entities"
name_field = "entities__name"
else: # Default to categories
group_field = "category"
name_field = "category__name"
# Get all unique years with transactions
years = (
transactions.values_list("reference_date__year", flat=True)
.distinct()
.order_by("-reference_date__year")
)
years = list(years)
if not years:
return {
"years": [],
"items": {},
"year_totals": {},
"grand_total": {"currencies": {}},
}
# Aggregate by group, year, and currency
metrics = (
transactions.values(
group_field,
name_field,
"reference_date__year",
"account__currency",
"account__currency__code",
"account__currency__name",
"account__currency__decimal_places",
"account__currency__prefix",
"account__currency__suffix",
"account__currency__exchange_currency",
)
.annotate(
expense_total=Coalesce(
Sum(
Case(
When(type=Transaction.Type.EXPENSE, then="amount"),
default=Value(0),
output_field=models.DecimalField(),
)
),
Decimal("0"),
),
income_total=Coalesce(
Sum(
Case(
When(type=Transaction.Type.INCOME, then="amount"),
default=Value(0),
output_field=models.DecimalField(),
)
),
Decimal("0"),
),
)
.order_by(name_field, "-reference_date__year")
)
# Build result structure
result = {
"years": years,
"items": OrderedDict(),
"year_totals": {}, # Totals per year across all items
"grand_total": {"currencies": {}}, # Grand total across everything
}
# Store currency info for later use in totals
currency_info = {}
for metric in metrics:
item_id = metric[group_field]
item_name = metric[name_field]
year = metric["reference_date__year"]
currency_id = metric["account__currency"]
# Use a consistent key for None (uncategorized/untagged/no entity)
item_key = item_id if item_id is not None else "__none__"
if item_key not in result["items"]:
result["items"][item_key] = {
"name": item_name,
"year_totals": {},
"total": {"currencies": {}}, # Total for this item across all years
}
if year not in result["items"][item_key]["year_totals"]:
result["items"][item_key]["year_totals"][year] = {"currencies": {}}
# Calculate final total (income - expense)
final_total = metric["income_total"] - metric["expense_total"]
# Store currency info for totals calculation
if currency_id not in currency_info:
currency_info[currency_id] = {
"code": metric["account__currency__code"],
"name": metric["account__currency__name"],
"decimal_places": metric["account__currency__decimal_places"],
"prefix": metric["account__currency__prefix"],
"suffix": metric["account__currency__suffix"],
"exchange_currency_id": metric["account__currency__exchange_currency"],
}
currency_data = {
"currency": {
"code": metric["account__currency__code"],
"name": metric["account__currency__name"],
"decimal_places": metric["account__currency__decimal_places"],
"prefix": metric["account__currency__prefix"],
"suffix": metric["account__currency__suffix"],
},
"final_total": final_total,
"income_total": metric["income_total"],
"expense_total": metric["expense_total"],
}
# Handle currency conversion if exchange currency is set
if metric["account__currency__exchange_currency"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=metric["account__currency__exchange_currency"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=final_total,
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
currency_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
result["items"][item_key]["year_totals"][year]["currencies"][currency_id] = (
currency_data
)
# Accumulate item total (across all years for this item)
if currency_id not in result["items"][item_key]["total"]["currencies"]:
result["items"][item_key]["total"]["currencies"][currency_id] = {
"currency": currency_data["currency"].copy(),
"final_total": Decimal("0"),
}
result["items"][item_key]["total"]["currencies"][currency_id][
"final_total"
] += final_total
# Accumulate year total (across all items for this year)
if year not in result["year_totals"]:
result["year_totals"][year] = {"currencies": {}}
if currency_id not in result["year_totals"][year]["currencies"]:
result["year_totals"][year]["currencies"][currency_id] = {
"currency": currency_data["currency"].copy(),
"final_total": Decimal("0"),
}
result["year_totals"][year]["currencies"][currency_id]["final_total"] += (
final_total
)
# Accumulate grand total
if currency_id not in result["grand_total"]["currencies"]:
result["grand_total"]["currencies"][currency_id] = {
"currency": currency_data["currency"].copy(),
"final_total": Decimal("0"),
}
result["grand_total"]["currencies"][currency_id]["final_total"] += final_total
# Add currency conversion for item totals
for item_key, item_data in result["items"].items():
for currency_id, total_data in item_data["total"]["currencies"].items():
if currency_info[currency_id]["exchange_currency_id"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=currency_info[currency_id]["exchange_currency_id"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=total_data["final_total"],
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
total_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
# Add currency conversion for year totals
for year, year_data in result["year_totals"].items():
for currency_id, total_data in year_data["currencies"].items():
if currency_info[currency_id]["exchange_currency_id"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=currency_info[currency_id]["exchange_currency_id"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=total_data["final_total"],
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
total_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
# Add currency conversion for grand total
for currency_id, total_data in result["grand_total"]["currencies"].items():
if currency_info[currency_id]["exchange_currency_id"]:
from_currency = Currency.objects.get(id=currency_id)
exchange_currency = Currency.objects.get(
id=currency_info[currency_id]["exchange_currency_id"]
)
converted_amount, prefix, suffix, decimal_places = convert(
amount=total_data["final_total"],
from_currency=from_currency,
to_currency=exchange_currency,
)
if converted_amount is not None:
total_data["exchanged"] = {
"final_total": converted_amount,
"currency": {
"prefix": prefix,
"suffix": suffix,
"decimal_places": decimal_places,
"code": exchange_currency.code,
"name": exchange_currency.name,
},
}
return result

70
app/apps/insights/views.py
View File

@@ -26,6 +26,8 @@ from apps.insights.utils.sankey import (
generate_sankey_data_by_currency,
)
from apps.insights.utils.transactions import get_transactions
from apps.insights.utils.year_by_year import get_year_by_year_data
from apps.insights.utils.month_by_month import get_month_by_month_data
from apps.transactions.models import TransactionCategory, Transaction
from apps.transactions.utils.calculations import calculate_currency_totals
@@ -306,3 +308,71 @@ def emergency_fund(request):
"insights/fragments/emergency_fund.html",
{"data": currency_net_worth},
)
@only_htmx
@login_required
@require_http_methods(["GET"])
def year_by_year(request):
if "group_by" in request.GET:
group_by = request.GET["group_by"]
request.session["insights_year_by_year_group_by"] = group_by
else:
group_by = request.session.get("insights_year_by_year_group_by", "categories")
# Validate group_by value
if group_by not in ("categories", "tags", "entities"):
group_by = "categories"
data = get_year_by_year_data(group_by=group_by)
return render(
request,
"insights/fragments/year_by_year.html",
{
"data": data,
"group_by": group_by,
},
)
@only_htmx
@login_required
@require_http_methods(["GET"])
def month_by_month(request):
# Handle year selection
if "year" in request.GET:
try:
year = int(request.GET["year"])
request.session["insights_month_by_month_year"] = year
except (ValueError, TypeError):
year = request.session.get(
"insights_month_by_month_year", timezone.localdate(timezone.now()).year
)
else:
year = request.session.get(
"insights_month_by_month_year", timezone.localdate(timezone.now()).year
)
# Handle group_by selection
if "group_by" in request.GET:
group_by = request.GET["group_by"]
request.session["insights_month_by_month_group_by"] = group_by
else:
group_by = request.session.get("insights_month_by_month_group_by", "categories")
# Validate group_by value
if group_by not in ("categories", "tags", "entities"):
group_by = "categories"
data = get_month_by_month_data(year=year, group_by=group_by)
return render(
request,
"insights/fragments/month_by_month.html",
{
"data": data,
"group_by": group_by,
"selected_year": year,
},
)

0
app/apps/monthly_overview/tests/__init__.py Normal file
View File

331
app/apps/monthly_overview/tests/test_summary.py Normal file
View File

@@ -0,0 +1,331 @@
from datetime import date
from decimal import Decimal
from django.contrib.auth import get_user_model
from django.test import TestCase, override_settings
from apps.accounts.models import Account, AccountGroup
from apps.currencies.models import Currency
from apps.transactions.models import (
Transaction,
TransactionCategory,
TransactionTag,
)
@override_settings(
STORAGES={
"default": {"BACKEND": "django.core.files.storage.FileSystemStorage"},
"staticfiles": {
"BACKEND": "django.contrib.staticfiles.storage.StaticFilesStorage"
},
},
WHITENOISE_AUTOREFRESH=True,
)
class MonthlySummaryFilterBehaviorTests(TestCase):
"""Tests for monthly summary views filter behavior.
These tests verify that:
1. Views work correctly without any filters
2. Views work correctly with filters applied
3. The filter detection logic properly uses different querysets
4. Calculated values reflect the applied filters
"""
def setUp(self):
"""Set up test data"""
User = get_user_model()
self.user = User.objects.create_user(
email="testuser@test.com", password="testpass123"
)
self.client.login(username="testuser@test.com", password="testpass123")
self.currency = Currency.objects.create(
code="USD", name="US Dollar", decimal_places=2, prefix="$ "
)
self.account_group = AccountGroup.objects.create(name="Test Group")
self.account = Account.objects.create(
name="Test Account",
group=self.account_group,
currency=self.currency,
is_asset=False,
)
self.category = TransactionCategory.objects.create(
name="Test Category", owner=self.user
)
self.tag = TransactionTag.objects.create(name="TestTag", owner=self.user)
# Create test transactions for December 2025
# Income: 1000 (paid)
self.income_transaction = Transaction.objects.create(
account=self.account,
type=Transaction.Type.INCOME,
is_paid=True,
date=date(2025, 12, 10),
reference_date=date(2025, 12, 1),
amount=Decimal("1000.00"),
description="December Income",
owner=self.user,
)
# Expense: 200 (paid)
self.expense_transaction = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
is_paid=True,
date=date(2025, 12, 15),
reference_date=date(2025, 12, 1),
amount=Decimal("200.00"),
description="December Expense",
category=self.category,
owner=self.user,
)
self.expense_transaction.tags.add(self.tag)
# Expense: 150 (projected/unpaid)
self.projected_expense = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
is_paid=False,
date=date(2025, 12, 20),
reference_date=date(2025, 12, 1),
amount=Decimal("150.00"),
description="Projected Expense",
owner=self.user,
)
def _get_currency_data(self, context_dict):
"""Helper to extract data for our test currency from context dict.
The context dict is keyed by currency ID, so we need to find
the entry for our currency.
"""
if not context_dict:
return None
for currency_id, data in context_dict.items():
if data.get("currency", {}).get("code") == "USD":
return data
return None
# --- monthly_summary view tests ---
def test_monthly_summary_no_filter_returns_200(self):
"""Test that monthly_summary returns 200 without filters"""
response = self.client.get(
"/monthly/12/2025/summary/",
HTTP_HX_REQUEST="true",
)
self.assertEqual(response.status_code, 200)
def test_monthly_summary_no_filter_includes_all_transactions(self):
"""Without filters, summary should include all transactions"""
response = self.client.get(
"/monthly/12/2025/summary/",
HTTP_HX_REQUEST="true",
)
context = response.context
# income_current should have the income: 1000
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["income_current"], Decimal("1000.00"))
# expense_current should have paid expense: 200
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_current"], Decimal("200.00"))
# expense_projected should have unpaid expense: 150
expense_projected = context.get("expense_projected", {})
usd_data = self._get_currency_data(expense_projected)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_projected"], Decimal("150.00"))
def test_monthly_summary_type_filter_only_income(self):
"""With type=IN filter, summary should only include income"""
response = self.client.get(
"/monthly/12/2025/summary/?type=IN",
HTTP_HX_REQUEST="true",
)
context = response.context
# income_current should still have 1000
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["income_current"], Decimal("1000.00"))
# expense_current should be empty/zero (filtered out)
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
if usd_data:
self.assertEqual(usd_data.get("expense_current", 0), Decimal("0"))
# expense_projected should be empty/zero (filtered out)
expense_projected = context.get("expense_projected", {})
usd_data = self._get_currency_data(expense_projected)
if usd_data:
self.assertEqual(usd_data.get("expense_projected", 0), Decimal("0"))
def test_monthly_summary_type_filter_only_expenses(self):
"""With type=EX filter, summary should only include expenses"""
response = self.client.get(
"/monthly/12/2025/summary/?type=EX",
HTTP_HX_REQUEST="true",
)
context = response.context
# income_current should be empty/zero (filtered out)
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
if usd_data:
self.assertEqual(usd_data.get("income_current", 0), Decimal("0"))
# expense_current should have 200
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_current"], Decimal("200.00"))
# expense_projected should have 150
expense_projected = context.get("expense_projected", {})
usd_data = self._get_currency_data(expense_projected)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_projected"], Decimal("150.00"))
def test_monthly_summary_is_paid_filter_only_paid(self):
"""With is_paid=1 filter, summary should only include paid transactions"""
response = self.client.get(
"/monthly/12/2025/summary/?is_paid=1",
HTTP_HX_REQUEST="true",
)
context = response.context
# income_current should have 1000 (paid)
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["income_current"], Decimal("1000.00"))
# expense_current should have 200 (paid)
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_current"], Decimal("200.00"))
# expense_projected should be empty/zero (filtered out - unpaid)
expense_projected = context.get("expense_projected", {})
usd_data = self._get_currency_data(expense_projected)
if usd_data:
self.assertEqual(usd_data.get("expense_projected", 0), Decimal("0"))
def test_monthly_summary_is_paid_filter_only_unpaid(self):
"""With is_paid=0 filter, summary should only include unpaid transactions"""
response = self.client.get(
"/monthly/12/2025/summary/?is_paid=0",
HTTP_HX_REQUEST="true",
)
context = response.context
# income_current should be empty/zero (filtered out - paid)
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
if usd_data:
self.assertEqual(usd_data.get("income_current", 0), Decimal("0"))
# expense_current should be empty/zero (filtered out - paid)
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
if usd_data:
self.assertEqual(usd_data.get("expense_current", 0), Decimal("0"))
# expense_projected should have 150 (unpaid)
expense_projected = context.get("expense_projected", {})
usd_data = self._get_currency_data(expense_projected)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_projected"], Decimal("150.00"))
def test_monthly_summary_description_filter(self):
"""With description filter, summary should only include matching transactions"""
response = self.client.get(
"/monthly/12/2025/summary/?description=Income",
HTTP_HX_REQUEST="true",
)
context = response.context
# Only income matches "Income" description
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["income_current"], Decimal("1000.00"))
# Expenses should be filtered out
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
if usd_data:
self.assertEqual(usd_data.get("expense_current", 0), Decimal("0"))
def test_monthly_summary_amount_filter(self):
"""With amount filter, summary should only include transactions in range"""
# Filter to only get transactions between 100 and 250 (should get 200 and 150)
response = self.client.get(
"/monthly/12/2025/summary/?from_amount=100&to_amount=250",
HTTP_HX_REQUEST="true",
)
context = response.context
# Income (1000) should be filtered out
income_current = context.get("income_current", {})
usd_data = self._get_currency_data(income_current)
if usd_data:
self.assertEqual(usd_data.get("income_current", 0), Decimal("0"))
# expense_current should have 200
expense_current = context.get("expense_current", {})
usd_data = self._get_currency_data(expense_current)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_current"], Decimal("200.00"))
# expense_projected should have 150
expense_projected = context.get("expense_projected", {})
usd_data = self._get_currency_data(expense_projected)
self.assertIsNotNone(usd_data)
self.assertEqual(usd_data["expense_projected"], Decimal("150.00"))
# --- monthly_account_summary view tests ---
def test_monthly_account_summary_no_filter_returns_200(self):
"""Test that monthly_account_summary returns 200 without filters"""
response = self.client.get(
"/monthly/12/2025/summary/accounts/",
HTTP_HX_REQUEST="true",
)
self.assertEqual(response.status_code, 200)
def test_monthly_account_summary_with_filter_returns_200(self):
"""Test that monthly_account_summary returns 200 with filter"""
response = self.client.get(
"/monthly/12/2025/summary/accounts/?type=IN",
HTTP_HX_REQUEST="true",
)
self.assertEqual(response.status_code, 200)
# --- monthly_currency_summary view tests ---
def test_monthly_currency_summary_no_filter_returns_200(self):
"""Test that monthly_currency_summary returns 200 without filters"""
response = self.client.get(
"/monthly/12/2025/summary/currencies/",
HTTP_HX_REQUEST="true",
)
self.assertEqual(response.status_code, 200)
def test_monthly_currency_summary_with_filter_returns_200(self):
"""Test that monthly_currency_summary returns 200 with filter"""
response = self.client.get(
"/monthly/12/2025/summary/currencies/?type=EX",
HTTP_HX_REQUEST="true",
)
self.assertEqual(response.status_code, 200)

149
app/apps/monthly_overview/views.py
View File

@@ -2,7 +2,8 @@ from django.contrib.auth.decorators import login_required
from django.db.models import (
Q,
)
from django.http import HttpResponse
from django.http import HttpResponse, Http404
from django.shortcuts import render, redirect
from django.utils import timezone
from django.views.decorators.http import require_http_methods
@@ -36,8 +37,6 @@ def monthly_overview(request, month: int, year: int):
summary_tab = request.session.get("monthly_summary_tab", "summary")
if month < 1 or month > 12:
from django.http import Http404
raise Http404("Month is out of range")
next_month = 1 if month == 12 else month + 1
@@ -76,6 +75,8 @@ def transactions_list(request, month: int, year: int):
if order != request.session.get("monthly_transactions_order", "default"):
request.session["monthly_transactions_order"] = order
today = timezone.localdate(timezone.now())
f = TransactionsFilter(request.GET)
transactions_filtered = f.qs.filter(
reference_date__year=year,
@@ -93,12 +94,28 @@ def transactions_list(request, month: int, year: int):
"dca_income_entries",
)
# Late transactions: date < today and is_paid = False (only shown for default ordering)
late_transactions = None
if order == "default":
late_transactions = transactions_filtered.filter(
date__lt=today,
is_paid=False,
).order_by("date", "id")
# Exclude late transactions from the main list
transactions_filtered = transactions_filtered.exclude(
date__lt=today,
is_paid=False,
)
transactions_filtered = default_order(transactions_filtered, order=order)
return render(
request,
"monthly_overview/fragments/list.html",
context={"transactions": transactions_filtered},
context={
"transactions": transactions_filtered,
"late_transactions": late_transactions,
},
)
@@ -107,17 +124,48 @@ def transactions_list(request, month: int, year: int):
@require_http_methods(["GET"])
def monthly_summary(request, month: int, year: int):
# Base queryset with all required filters
base_queryset = (
Transaction.objects.filter(
reference_date__year=year,
reference_date__month=month,
account__is_asset=False,
)
.exclude(Q(Q(category__mute=True) & ~Q(category=None)) | Q(mute=True))
.exclude(account__in=request.user.untracked_accounts.all())
base_queryset = Transaction.objects.filter(
reference_date__year=year,
reference_date__month=month,
)
data = calculate_currency_totals(base_queryset, ignore_empty=True)
# Apply filters and check if any are active
f = TransactionsFilter(request.GET, queryset=base_queryset)
# Check if any filter has a non-default value
# Default values are: type=['IN', 'EX'], is_paid=['1', '0'], everything else empty
has_active_filter = False
if f.form.is_valid():
for name, value in f.form.cleaned_data.items():
# Skip fields with default/empty values
if not value:
continue
# Skip type if it has both default values
if name == "type" and set(value) == {"IN", "EX"}:
continue
# Skip is_paid if it has both default values (values are strings)
if name == "is_paid" and set(value) == {"1", "0"}:
continue
# Skip mute_status if it has both default values
if name == "mute_status" and set(value) == {"active", "muted"}:
continue
# If we get here, there's an active filter
has_active_filter = True
break
if has_active_filter:
queryset = f.qs
else:
queryset = (
base_queryset.exclude(
Q(Q(category__mute=True) & ~Q(category=None)) | Q(mute=True)
)
.exclude(account__in=request.user.untracked_accounts.all())
.exclude(account__is_asset=True)
)
data = calculate_currency_totals(queryset, ignore_empty=True)
percentages = calculate_percentage_distribution(data)
context = {
@@ -132,6 +180,7 @@ def monthly_summary(request, month: int, year: int):
currency_totals=data, month=month, year=year
),
"percentages": percentages,
"has_active_filter": has_active_filter,
}
return render(
@@ -149,9 +198,38 @@ def monthly_account_summary(request, month: int, year: int):
base_queryset = Transaction.objects.filter(
reference_date__year=year,
reference_date__month=month,
).exclude(Q(Q(category__mute=True) & ~Q(category=None)) | Q(mute=True))
)
account_data = calculate_account_totals(transactions_queryset=base_queryset.all())
# Apply filters and check if any are active
f = TransactionsFilter(request.GET, queryset=base_queryset)
# Check if any filter has a non-default value
has_active_filter = False
if f.form.is_valid():
for name, value in f.form.cleaned_data.items():
if not value:
continue
if name == "type" and set(value) == {"IN", "EX"}:
continue
if name == "is_paid" and set(value) == {"1", "0"}:
continue
if name == "mute_status" and set(value) == {"active", "muted"}:
continue
has_active_filter = True
break
if has_active_filter:
queryset = f.qs
else:
queryset = (
base_queryset.exclude(
Q(Q(category__mute=True) & ~Q(category=None)) | Q(mute=True)
)
.exclude(account__in=request.user.untracked_accounts.all())
.exclude(account__is_asset=True)
)
account_data = calculate_account_totals(transactions_queryset=queryset.all())
account_percentages = calculate_percentage_distribution(account_data)
context = {
@@ -171,16 +249,41 @@ def monthly_account_summary(request, month: int, year: int):
@require_http_methods(["GET"])
def monthly_currency_summary(request, month: int, year: int):
# Base queryset with all required filters
base_queryset = (
Transaction.objects.filter(
reference_date__year=year,
reference_date__month=month,
)
.exclude(Q(Q(category__mute=True) & ~Q(category=None)) | Q(mute=True))
.exclude(account__in=request.user.untracked_accounts.all())
base_queryset = Transaction.objects.filter(
reference_date__year=year,
reference_date__month=month,
)
currency_data = calculate_currency_totals(base_queryset.all(), ignore_empty=True)
# Apply filters and check if any are active
f = TransactionsFilter(request.GET, queryset=base_queryset)
# Check if any filter has a non-default value
has_active_filter = False
if f.form.is_valid():
for name, value in f.form.cleaned_data.items():
if not value:
continue
if name == "type" and set(value) == {"IN", "EX"}:
continue
if name == "is_paid" and set(value) == {"1", "0"}:
continue
if name == "mute_status" and set(value) == {"active", "muted"}:
continue
has_active_filter = True
break
if has_active_filter:
queryset = f.qs
else:
queryset = (
base_queryset.exclude(
Q(Q(category__mute=True) & ~Q(category=None)) | Q(mute=True)
)
.exclude(account__in=request.user.untracked_accounts.all())
.exclude(account__is_asset=True)
)
currency_data = calculate_currency_totals(queryset.all(), ignore_empty=True)
currency_percentages = calculate_percentage_distribution(currency_data)
context = {

50
app/apps/transactions/filters.py
View File

@@ -23,6 +23,11 @@ SITUACAO_CHOICES = (
("0", _("Projected")),
)
MUTE_STATUS_CHOICES = (
("active", _("Active")),
("muted", _("Muted")),
)
def content_filter(queryset, name, value):
queryset = queryset.filter(
@@ -78,6 +83,11 @@ class TransactionsFilter(django_filters.FilterSet):
choices=SITUACAO_CHOICES,
field_name="is_paid",
)
mute_status = django_filters.MultipleChoiceFilter(
choices=MUTE_STATUS_CHOICES,
method="filter_mute_status",
label=_("Mute Status"),
)
date_start = django_filters.DateFilter(
field_name="date",
lookup_expr="gte",
@@ -140,6 +150,9 @@ class TransactionsFilter(django_filters.FilterSet):
if data.get("is_paid") is None:
data.setlist("is_paid", ["1", "0"])
if data.get("mute_status") is None:
data.setlist("mute_status", ["active", "muted"])
super().__init__(data, *args, **kwargs)
self.form.helper = FormHelper()
@@ -155,6 +168,10 @@ class TransactionsFilter(django_filters.FilterSet):
"is_paid",
template="transactions/widgets/transaction_type_filter_buttons.html",
),
Field(
"mute_status",
template="transactions/widgets/transaction_type_filter_buttons.html",
),
Field("description"),
Row(Column("date_start"), Column("date_end")),
Row(
@@ -268,3 +285,36 @@ class TransactionsFilter(django_filters.FilterSet):
return queryset.filter(q).distinct()
return queryset
@staticmethod
def filter_mute_status(queryset, name, value):
from apps.common.middleware.thread_local import get_current_user
if not value:
return queryset
value = list(value)
# If both are selected, return all
if "active" in value and "muted" in value:
return queryset
user = get_current_user()
# Only Active selected: exclude muted transactions
if "active" in value:
return (
queryset.exclude(account__untracked_by=user)
.filter(
mute=False,
)
.filter(Q(category__mute=False) | Q(category__isnull=True))
)
# Only Muted selected: include only muted transactions
if "muted" in value:
return queryset.filter(
Q(account__untracked_by=user) | Q(category__mute=True) | Q(mute=True)
)
return queryset

11
app/apps/transactions/forms.py
View File

@@ -5,6 +5,7 @@ from apps.common.fields.forms.dynamic_select import (
DynamicModelChoiceField,
DynamicModelMultipleChoiceField,
)
from apps.common.middleware.thread_local import get_current_user
from apps.common.widgets.crispy.daisyui import Switch
from apps.common.widgets.crispy.submit import NoClassSubmit
from apps.common.widgets.datepicker import AirDatePickerInput, AirMonthYearPickerInput
@@ -116,6 +117,9 @@ class TransactionForm(forms.ModelForm):
self.fields["account"].queryset = Account.objects.filter(
is_archived=False,
)
user_settings = get_current_user().settings
if user_settings.default_account:
self.fields["account"].initial = user_settings.default_account
self.fields["category"].queryset = TransactionCategory.objects.filter(
active=True
@@ -768,6 +772,9 @@ class InstallmentPlanForm(forms.ModelForm):
).distinct()
else:
self.fields["account"].queryset = Account.objects.filter(is_archived=False)
user_settings = get_current_user().settings
if user_settings.default_account:
self.fields["account"].initial = user_settings.default_account
self.fields["category"].queryset = TransactionCategory.objects.filter(
active=True
@@ -1010,6 +1017,10 @@ class RecurringTransactionForm(forms.ModelForm):
).distinct()
else:
self.fields["account"].queryset = Account.objects.filter(is_archived=False)
user_settings = get_current_user().settings
if user_settings.default_account:
self.fields["account"].initial = user_settings.default_account
self.fields["category"].queryset = TransactionCategory.objects.filter(
active=True

4
app/apps/transactions/models.py
View File

@@ -383,6 +383,10 @@ class Transaction(OwnedObject):
def clean(self):
super().clean()
# Convert empty internal_id to None to allow multiple "empty" values with unique constraint
if self.internal_id == "":
self.internal_id = None
# Only process amount and reference_date if account exists
# If account is missing, Django's required field validation will handle it
try:

64
app/apps/transactions/tests/test_models.py
View File

@@ -125,6 +125,70 @@ class TransactionTests(TestCase):
datetime.datetime(day=1, month=2, year=2000).date(),
)
def test_empty_internal_id_converts_to_none(self):
"""Test that empty string internal_id is converted to None"""
transaction = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
date=timezone.now().date(),
amount=Decimal("100.00"),
description="Test transaction",
internal_id="", # Empty string should become None
)
self.assertIsNone(transaction.internal_id)
def test_unique_internal_id_works(self):
"""Test that unique non-empty internal_id values work correctly"""
transaction1 = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
date=timezone.now().date(),
amount=Decimal("100.00"),
description="Test transaction 1",
internal_id="unique-id-123",
)
transaction2 = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
date=timezone.now().date(),
amount=Decimal("100.00"),
description="Test transaction 2",
internal_id="unique-id-456",
)
self.assertEqual(transaction1.internal_id, "unique-id-123")
self.assertEqual(transaction2.internal_id, "unique-id-456")
def test_multiple_transactions_with_empty_internal_id(self):
"""Test that multiple transactions can have empty/None internal_id"""
transaction1 = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
date=timezone.now().date(),
amount=Decimal("100.00"),
description="Test transaction 1",
internal_id="",
)
transaction2 = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
date=timezone.now().date(),
amount=Decimal("100.00"),
description="Test transaction 2",
internal_id="",
)
transaction3 = Transaction.objects.create(
account=self.account,
type=Transaction.Type.EXPENSE,
date=timezone.now().date(),
amount=Decimal("100.00"),
description="Test transaction 3",
internal_id=None,
)
# All should be saved successfully with None internal_id
self.assertIsNone(transaction1.internal_id)
self.assertIsNone(transaction2.internal_id)
self.assertIsNone(transaction3.internal_id)
class InstallmentPlanTests(TestCase):
def setUp(self):

4
app/apps/transactions/views/categories.py
View File

@@ -35,7 +35,7 @@ def categories_list(request):
@login_required
@require_http_methods(["GET"])
def categories_table_active(request):
categories = TransactionCategory.objects.filter(active=True).order_by("id")
categories = TransactionCategory.objects.filter(active=True).order_by("name")
return render(
request,
"categories/fragments/table.html",
@@ -47,7 +47,7 @@ def categories_table_active(request):
@login_required
@require_http_methods(["GET"])
def categories_table_archived(request):
categories = TransactionCategory.objects.filter(active=False).order_by("id")
categories = TransactionCategory.objects.filter(active=False).order_by("name")
return render(
request,
"categories/fragments/table.html",

4
app/apps/transactions/views/entities.py
View File

@@ -35,7 +35,7 @@ def entities_list(request):
@login_required
@require_http_methods(["GET"])
def entities_table_active(request):
entities = TransactionEntity.objects.filter(active=True).order_by("id")
entities = TransactionEntity.objects.filter(active=True).order_by("name")
return render(
request,
"entities/fragments/table.html",
@@ -47,7 +47,7 @@ def entities_table_active(request):
@login_required
@require_http_methods(["GET"])
def entities_table_archived(request):
entities = TransactionEntity.objects.filter(active=False).order_by("id")
entities = TransactionEntity.objects.filter(active=False).order_by("name")
return render(
request,
"entities/fragments/table.html",

4
app/apps/transactions/views/tags.py
View File

@@ -35,7 +35,7 @@ def tags_list(request):
@login_required
@require_http_methods(["GET"])
def tags_table_active(request):
tags = TransactionTag.objects.filter(active=True).order_by("id")
tags = TransactionTag.objects.filter(active=True).order_by("name")
return render(
request,
"tags/fragments/table.html",
@@ -47,7 +47,7 @@ def tags_table_active(request):
@login_required
@require_http_methods(["GET"])
def tags_table_archived(request):
tags = TransactionTag.objects.filter(active=False).order_by("id")
tags = TransactionTag.objects.filter(active=False).order_by("name")
return render(
request,
"tags/fragments/table.html",

44
app/apps/transactions/views/transactions.py
View File

@@ -152,7 +152,9 @@ def transaction_simple_add(request):
date_param = request.GET.get("date")
if date_param:
try:
initial_data["date"] = datetime.datetime.strptime(date_param, "%Y-%m-%d").date()
initial_data["date"] = datetime.datetime.strptime(
date_param, "%Y-%m-%d"
).date()
except ValueError:
pass
@@ -160,7 +162,9 @@ def transaction_simple_add(request):
reference_date_param = request.GET.get("reference_date")
if reference_date_param:
try:
initial_data["reference_date"] = datetime.datetime.strptime(reference_date_param, "%Y-%m-%d").date()
initial_data["reference_date"] = datetime.datetime.strptime(
reference_date_param, "%Y-%m-%d"
).date()
except ValueError:
pass
@@ -172,7 +176,10 @@ def transaction_simple_add(request):
except (ValueError, TypeError):
# Try to find by name
from apps.accounts.models import Account
account = Account.objects.filter(name__iexact=account_param, is_archived=False).first()
account = Account.objects.filter(
name__iexact=account_param, is_archived=False
).first()
if account:
initial_data["account"] = account.pk
@@ -207,7 +214,10 @@ def transaction_simple_add(request):
except (ValueError, TypeError):
# Try to find by name
from apps.transactions.models import TransactionCategory
category = TransactionCategory.objects.filter(name__iexact=category_param, active=True).first()
category = TransactionCategory.objects.filter(
name__iexact=category_param, active=True
).first()
if category:
initial_data["category"] = category.pk
@@ -457,7 +467,7 @@ def transaction_pay(request, transaction_id):
context={"transaction": transaction, **request.GET},
)
response.headers["HX-Trigger"] = (
f'{"paid" if new_is_paid else "unpaid"}, selective_update'
f"{'paid' if new_is_paid else 'unpaid'}, selective_update"
)
return response
@@ -552,6 +562,8 @@ def transaction_all_list(request):
if order != request.session.get("all_transactions_order", "default"):
request.session["all_transactions_order"] = order
today = timezone.localdate(timezone.now())
transactions = Transaction.objects.prefetch_related(
"account",
"account__group",
@@ -565,12 +577,27 @@ def transaction_all_list(request):
"dca_income_entries",
).all()
transactions = default_order(transactions, order=order)
f = TransactionsFilter(request.GET, queryset=transactions)
# Late transactions: date < today and is_paid = False (only shown for default ordering on first page)
late_transactions = None
page_number = request.GET.get("page", 1)
paginator = Paginator(f.qs, 100)
if order == "default" and str(page_number) == "1":
late_transactions = f.qs.filter(
date__lt=today,
is_paid=False,
).order_by("date", "id")
# Exclude late transactions from the main paginated list
main_transactions = f.qs.exclude(
date__lt=today,
is_paid=False,
)
else:
main_transactions = f.qs
main_transactions = default_order(main_transactions, order=order)
paginator = Paginator(main_transactions, 100)
page_obj = paginator.get_page(page_number)
return render(
@@ -579,6 +606,7 @@ def transaction_all_list(request):
{
"page_obj": page_obj,
"paginator": paginator,
"late_transactions": late_transactions,
},
)

75
app/apps/users/adapters.py Normal file
View File

@@ -0,0 +1,75 @@
import logging
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter
from django.contrib.auth import get_user_model
User = get_user_model()
logger = logging.getLogger(__name__)
class AutoConnectSocialAccountAdapter(DefaultSocialAccountAdapter):
"""
Custom adapter to automatically connect social accounts to existing users
with the same email address.
SECURITY WARNING:
This adapter automatically connects OIDC accounts to existing local accounts
based on email matching.
If your OIDC provider allows unverified emails, this could lead to
ACCOUNT TAKEOVER attacks where an attacker creates an OIDC account
with someone else's email and gains access to their account.
"""
def pre_social_login(self, request, sociallogin):
"""
Invoked just after a user successfully authenticates via a
social provider, but before the login is actually processed.
If a user with the same email already exists, connect the social
account to that existing user instead of creating a new account.
"""
# If the social account is already connected to a user, do nothing
if sociallogin.is_existing:
return
# Check if we have an email from the social provider
if not sociallogin.email_addresses:
logger.warning(
"OIDC login attempted without email address. "
f"Provider: {sociallogin.account.provider}"
)
return
# Get the email from the social login
email = sociallogin.email_addresses[0].email.lower()
# Try to find an existing user with this email
try:
user = User.objects.get(email__iexact=email)
# Log this connection for security audit trail
logger.info(
f"Auto-connecting OIDC account to existing user. "
f"Email: {email}, Provider: {sociallogin.account.provider}, "
f"User ID: {user.id}"
)
# Connect the social account to the existing user
sociallogin.connect(request, user)
except User.DoesNotExist:
# No user with this email exists, proceed with normal signup flow
logger.debug(
f"No existing user found for email {email}. "
"Proceeding with new account creation."
)
pass
except User.MultipleObjectsReturned:
# Multiple users with the same email (shouldn't happen with unique constraint)
logger.error(
f"Multiple users found with email {email}. "
"This should not happen with unique constraint. "
"Blocking auto-connect."
)
# Let the default behavior handle this
pass

20
app/apps/users/forms.py
View File

@@ -1,6 +1,8 @@
from apps.common.middleware.thread_local import get_current_user
from apps.common.widgets.crispy.submit import NoClassSubmit
from apps.common.widgets.tom_select import TomSelect
from apps.users.models import UserSettings
from apps.accounts.models import Account
from crispy_forms.bootstrap import (
FormActions,
)
@@ -116,6 +118,15 @@ class UserSettingsForm(forms.ModelForm):
label=_("Number Format"),
)
default_account = forms.ModelChoiceField(
queryset=Account.objects.filter(
is_archived=False,
),
label=_("Default Account"),
widget=TomSelect(clear_button=False, group_by="group"),
required=False,
)
class Meta:
model = UserSettings
fields = [
@@ -126,11 +137,19 @@ class UserSettingsForm(forms.ModelForm):
"datetime_format",
"number_format",
"volume",
"default_account",
]
widgets = {
"default_account": TomSelect(clear_button=False, group_by="group"),
}
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.fields["default_account"].queryset = Account.objects.filter(
is_archived=False,
)
self.helper = FormHelper()
self.helper.form_tag = False
self.helper.form_method = "post"
@@ -143,6 +162,7 @@ class UserSettingsForm(forms.ModelForm):
"number_format",
HTML('<hr class="hr my-3" />'),
"start_page",
"default_account",
HTML('<hr class="hr my-3" />'),
"volume",
FormActions(

25
app/apps/users/migrations/0024_usersettings_default_account.py Normal file
View File

@@ -0,0 +1,25 @@
# Generated by Django 5.2.9 on 2026-02-15 21:35
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("accounts", "0016_account_untracked_by"),
("users", "0023_alter_usersettings_timezone"),
]
operations = [
migrations.AddField(
model_name="usersettings",
name="default_account",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
to="accounts.account",
verbose_name="Default account",
),
),
]

20
app/apps/users/migrations/0025_alter_usersettings_default_account.py Normal file
View File

@@ -0,0 +1,20 @@
# Generated by Django 5.2.9 on 2026-02-16 01:32
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('accounts', '0016_account_untracked_by'),
('users', '0024_usersettings_default_account'),
]
operations = [
migrations.AlterField(
model_name='usersettings',
name='default_account',
field=models.ForeignKey(blank=True, help_text='Selects the account by default when creating new transactions', null=True, on_delete=django.db.models.deletion.SET_NULL, to='accounts.account', verbose_name='Default account'),
),
]

8
app/apps/users/models.py
View File

@@ -510,6 +510,14 @@ class UserSettings(models.Model):
default=StartPage.MONTHLY,
verbose_name=_("Start page"),
)
default_account = models.ForeignKey(
"accounts.Account",
on_delete=models.SET_NULL,
verbose_name=_("Default account"),
help_text=_("Selects the account by default when creating new transactions"),
blank=True,
null=True,
)
def __str__(self):
return f"{self.user.email}'s settings"

10
app/import_presets/qif_standard/config.yml Normal file
View File

@@ -0,0 +1,10 @@
settings:
file_type: qif
importing: transactions
encoding: cp1252
date_format: "%d/%m/%Y"
skip_errors: true
mapping: {}
deduplicate: []

7
app/import_presets/qif_standard/manifest.json Normal file
View File

@@ -0,0 +1,7 @@
{
"author": "eitchtee",
"description": "Standard QIF Import. Mapping is automatic.",
"schema_version": 1,
"name": "Standard QIF",
"message": "Account is inferred from filename (e.g., 'Checking.qif' -> Account 'Checking').\nYou might need to change the date format to match the date format on your file."
}

625
app/locale/de/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

601
app/locale/en/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

601
app/locale/es/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

637
app/locale/fr/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

943
app/locale/hu/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

600
app/locale/id/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

670
app/locale/it/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

605
app/locale/nl/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

1644
app/locale/pl/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

615
app/locale/pt_BR/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

3605
app/locale/ru/LC_MESSAGES/django.po Normal file
View File

File diff suppressed because it is too large Load Diff

601
app/locale/sv/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

3577
app/locale/sw/LC_MESSAGES/django.po Normal file
View File

File diff suppressed because it is too large Load Diff

613
app/locale/uk/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

622
app/locale/zh_Hant/LC_MESSAGES/django.po
View File

File diff suppressed because it is too large Load Diff

10
app/templates/exchange_rates_services/fragments/list.html
View File

@@ -56,7 +56,15 @@
</td>
<td class="table-col-auto">{% if service.is_active %}<i class="fa-solid fa-circle text-success"></i>{% else %}
<i class="fa-solid fa-circle text-error"></i>{% endif %}</td>
<td class="table-col-auto">{{ service.name }}</td>
<td>
{{ service.name }}
{% if service.failure_count > 0 %}
<span class="badge badge-error gap-1" data-tippy-content="{% blocktrans count counter=service.failure_count %}{{ counter }} consecutive failure{% plural %}{{ counter }} consecutive failures{% endblocktrans %}">
<i class="fa-solid fa-triangle-exclamation fa-fw"></i>
{{ service.failure_count }}
</span>
{% endif %}
</td>
<td>{{ service.get_service_type_display }}</td>
<td>{{ service.target_currencies.count }} {% trans 'currencies' %}, {{ service.target_accounts.count }} {% trans 'accounts' %}</td>
<td>{{ service.last_fetch|date:"SHORT_DATETIME_FORMAT" }}</td>

3
app/templates/includes/scripts.html
View File

@@ -9,9 +9,10 @@
{% include 'includes/scripts/hyperscript/sounds.html' %}
{% include 'includes/scripts/hyperscript/swal.html' %}
{% include 'includes/scripts/hyperscript/autosize.html' %}
{% include 'includes/scripts/pull_to_refresh_i18n.html' %}
<script defer>
let tz = Intl.DateTimeFormat().resolvedOptions().timeZone;
var tz = Intl.DateTimeFormat().resolvedOptions().timeZone;
if (!tz) {
tz = "UTC"
}

11
app/templates/includes/scripts/hyperscript/htmx_error_handler.html
View File

@@ -20,11 +20,16 @@ behavior htmx_error_handler
text: '{% trans "Try reloading the page or check the console for more information." %}',
icon: 'error',
timer: 60000,
showDenyButton: true,
denyButtonText: '{% trans "Reload" %}',
customClass: {
confirmButton: 'btn btn-primary'
confirmButton: 'btn btn-primary',
denyButton: 'btn btn-error',
actions: 'gap-2'
},
buttonsStyling: false
})
buttonsStyling: false,
reverseButtons: true
}) then if it.isDenied call location.reload()
end
then log event
then halt the event

6
app/templates/includes/scripts/pull_to_refresh_i18n.html Normal file
View File

@@ -0,0 +1,6 @@
{% load i18n %}
<span id="ptr-i18n"
class="hidden"
data-pull="{% translate 'Pull down to refresh' %}"
data-release="{% translate 'Release to refresh' %}"
data-refreshing="{% translate 'Refreshing' %}"></span>

250
app/templates/insights/fragments/month_by_month.html Normal file
View File

@@ -0,0 +1,250 @@
{% load i18n %}
<div hx-get="{% url 'insights_month_by_month' %}" hx-trigger="updated from:window" class="show-loading"
hx-swap="outerHTML" hx-include="#year-selector, #group-by-selector-month">
{# Hidden input to hold the year value #}
<input type="hidden" name="year" id="year-selector" value="{{ selected_year }}" _="on change trigger updated">
{# Tabs for Categories/Tags/Entities #}
<div class="h-full text-center mb-4">
<div class="tabs tabs-box mx-auto w-fit" role="group" id="group-by-selector-month" _="on change trigger updated">
<label class="tab">
<input type="radio"
name="group_by"
id="categories-view-month"
autocomplete="off"
value="categories"
aria-label="{% trans 'Categories' %}"
{% if group_by == "categories" %}checked{% endif %}>
<i class="fa-solid fa-icons fa-fw me-2"></i>
{% trans 'Categories' %}
</label>
<label class="tab">
<input type="radio"
name="group_by"
id="tags-view-month"
autocomplete="off"
value="tags"
aria-label="{% trans 'Tags' %}"
{% if group_by == "tags" %}checked{% endif %}>
<i class="fa-solid fa-hashtag fa-fw me-2"></i>
{% trans 'Tags' %}
</label>
<label class="tab">
<input type="radio"
name="group_by"
id="entities-view-month"
autocomplete="off"
value="entities"
aria-label="{% trans 'Entities' %}"
{% if group_by == "entities" %}checked{% endif %}>
<i class="fa-solid fa-user-group fa-fw me-2"></i>
{% trans 'Entities' %}
</label>
</div>
</div>
{% if data.items %}
<div class="card bg-base-100 card-border">
<div class="card-body">
{# Year dropdown - left aligned #}
{% if data.available_years %}
<div class="mb-4">
<div>
<button class="btn btn-ghost" type="button"
data-bs-toggle="dropdown" aria-expanded="false">
<i class="fa-solid fa-calendar fa-fw me-1"></i>
{{ selected_year }}
<i class="fa-solid fa-chevron-down fa-fw ms-1"></i>
</button>
<ul class="dropdown-menu menu">
{% for year in data.available_years %}
<li>
<button class="{% if year == selected_year %}menu-active{% endif %}" type="button"
_="on click remove .menu-active from <li > button/> in the closest <ul/>
then add .menu-active to me
then set the value of #year-selector to '{{ year }}'
then trigger change on #year-selector">
{{ year }}
</button>
</li>
{% endfor %}
</ul>
</div>
</div>
{% endif %}
<div class="overflow-x-auto">
<table class="table">
<thead>
<tr>
<th scope="col" class="sticky left-0 bg-base-100 z-10">
{% if group_by == "categories" %}
{% trans 'Category' %}
{% elif group_by == "tags" %}
{% trans 'Tag' %}
{% else %}
{% trans 'Entity' %}
{% endif %}
</th>
<th scope="col" class="font-bold">{% trans 'Total' %}</th>
{% for month in data.months %}
<th scope="col">
{% if month == 1 %}{% trans 'Jan' %}
{% elif month == 2 %}{% trans 'Feb' %}
{% elif month == 3 %}{% trans 'Mar' %}
{% elif month == 4 %}{% trans 'Apr' %}
{% elif month == 5 %}{% trans 'May' %}
{% elif month == 6 %}{% trans 'Jun' %}
{% elif month == 7 %}{% trans 'Jul' %}
{% elif month == 8 %}{% trans 'Aug' %}
{% elif month == 9 %}{% trans 'Sep' %}
{% elif month == 10 %}{% trans 'Oct' %}
{% elif month == 11 %}{% trans 'Nov' %}
{% elif month == 12 %}{% trans 'Dec' %}
{% endif %}
</th>
{% endfor %}
</tr>
</thead>
<tbody>
{% for item_id, item in data.items.items %}
<tr>
<th class="text-nowrap sticky left-0 bg-base-100 z-10">
{% if item.name %}
{{ item.name }}
{% else %}
{% if group_by == "categories" %}
{% trans 'Uncategorized' %}
{% elif group_by == "tags" %}
{% trans 'Untagged' %}
{% else %}
{% trans 'No entity' %}
{% endif %}
{% endif %}
</th>
{# Total column for this item #}
<td class="text-nowrap font-semibold bg-base-200">
{% for currency_id, currency_data in item.total.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
</td>
{# Month columns #}
{% for month in data.months %}
<td class="text-nowrap">
{% with month_data=item.month_totals %}
{% for m, m_data in month_data.items %}
{% if m == month %}
{% for currency_id, currency_data in m_data.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
{% endif %}
{% empty %}
-
{% endfor %}
{% endwith %}
</td>
{% endfor %}
</tr>
{% endfor %}
</tbody>
<tfoot>
<tr class="font-bold bg-base-200">
<th class="sticky left-0 bg-base-200 z-10">{% trans 'Total' %}</th>
{# Grand total #}
<td class="text-nowrap bg-base-300">
{% for currency_id, currency_data in data.grand_total.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
</td>
{# Month totals #}
{% for month in data.months %}
<td class="text-nowrap">
{% with month_total=data.month_totals %}
{% for m, m_data in month_total.items %}
{% if m == month %}
{% for currency_id, currency_data in m_data.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
{% endif %}
{% empty %}
-
{% endfor %}
{% endwith %}
</td>
{% endfor %}
</tr>
</tfoot>
</table>
</div>
</div>
</div>
{% else %}
<c-msg.empty title="{% translate 'No transactions for this year' %}"></c-msg.empty>
{% endif %}
</div>

204
app/templates/insights/fragments/year_by_year.html Normal file
View File

@@ -0,0 +1,204 @@
{% load i18n %}
<div hx-get="{% url 'insights_year_by_year' %}" hx-trigger="updated from:window" class="show-loading"
hx-swap="outerHTML" hx-include="#group-by-selector">
<div class="h-full text-center mb-4">
<div class="tabs tabs-box mx-auto w-fit" role="group" id="group-by-selector" _="on change trigger updated">
<label class="tab">
<input type="radio"
name="group_by"
id="categories-view"
autocomplete="off"
value="categories"
aria-label="{% trans 'Categories' %}"
{% if group_by == "categories" %}checked{% endif %}>
<i class="fa-solid fa-icons fa-fw me-2"></i>
{% trans 'Categories' %}
</label>
<label class="tab">
<input type="radio"
name="group_by"
id="tags-view"
autocomplete="off"
value="tags"
aria-label="{% trans 'Tags' %}"
{% if group_by == "tags" %}checked{% endif %}>
<i class="fa-solid fa-hashtag fa-fw me-2"></i>
{% trans 'Tags' %}
</label>
<label class="tab">
<input type="radio"
name="group_by"
id="entities-view"
autocomplete="off"
value="entities"
aria-label="{% trans 'Entities' %}"
{% if group_by == "entities" %}checked{% endif %}>
<i class="fa-solid fa-user-group fa-fw me-2"></i>
{% trans 'Entities' %}
</label>
</div>
</div>
{% if data.years %}
<div class="card bg-base-100 card-border">
<div class="card-body">
<div class="overflow-x-auto">
<table class="table">
<thead>
<tr>
<th scope="col" class="sticky left-0 bg-base-100 z-10">
{% if group_by == "categories" %}
{% trans 'Category' %}
{% elif group_by == "tags" %}
{% trans 'Tag' %}
{% else %}
{% trans 'Entity' %}
{% endif %}
</th>
<th scope="col" class="font-bold">{% trans 'Total' %}</th>
{% for year in data.years %}
<th scope="col">{{ year }}</th>
{% endfor %}
</tr>
</thead>
<tbody>
{% for item_id, item in data.items.items %}
<tr>
<th class="text-nowrap sticky left-0 bg-base-100 z-10">
{% if item.name %}
{{ item.name }}
{% else %}
{% if group_by == "categories" %}
{% trans 'Uncategorized' %}
{% elif group_by == "tags" %}
{% trans 'Untagged' %}
{% else %}
{% trans 'No entity' %}
{% endif %}
{% endif %}
</th>
{# Total column for this item #}
<td class="text-nowrap font-semibold bg-base-200">
{% for currency_id, currency_data in item.total.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
</td>
{# Year columns #}
{% for year in data.years %}
<td class="text-nowrap">
{% with year_data=item.year_totals %}
{% for y, y_data in year_data.items %}
{% if y == year %}
{% for currency_id, currency_data in y_data.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
{% endif %}
{% empty %}
-
{% endfor %}
{% endwith %}
</td>
{% endfor %}
</tr>
{% endfor %}
</tbody>
<tfoot>
<tr class="font-bold bg-base-200">
<th class="sticky left-0 bg-base-200 z-10">{% trans 'Total' %}</th>
{# Grand total #}
<td class="text-nowrap bg-base-300">
{% for currency_id, currency_data in data.grand_total.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
</td>
{# Year totals #}
{% for year in data.years %}
<td class="text-nowrap">
{% with year_total=data.year_totals %}
{% for y, y_data in year_total.items %}
{% if y == year %}
{% for currency_id, currency_data in y_data.currencies.items %}
<c-amount.display
:amount="currency_data.final_total"
:prefix="currency_data.currency.prefix"
:suffix="currency_data.currency.suffix"
:decimal_places="currency_data.currency.decimal_places"
color="{% if currency_data.final_total < 0 %}red{% elif currency_data.final_total > 0 %}green{% endif %}"></c-amount.display>
{% if currency_data.exchanged %}
<div class="text-xs text-base-content/60">
<c-amount.display
:amount="currency_data.exchanged.final_total"
:prefix="currency_data.exchanged.currency.prefix"
:suffix="currency_data.exchanged.currency.suffix"
:decimal_places="currency_data.exchanged.currency.decimal_places"></c-amount.display>
</div>
{% endif %}
{% empty %}
-
{% endfor %}
{% endif %}
{% empty %}
-
{% endfor %}
{% endwith %}
</td>
{% endfor %}
</tr>
</tfoot>
</table>
</div>
</div>
</div>
{% else %}
<c-msg.empty title="{% translate 'No transactions' %}"></c-msg.empty>
{% endif %}
</div>

10
app/templates/insights/pages/index.html
View File

@@ -121,6 +121,16 @@
hx-get="{% url 'insights_emergency_fund' %}">
{% trans 'Emergency Fund' %}
</button>
<button class="btn btn-ghost btn-free justify-start text-start" data-bs-target="#v-pills-content"
type="button" role="tab" aria-controls="v-pills-content" aria-selected="false"
hx-get="{% url 'insights_year_by_year' %}">
{% trans 'Year by Year' %}
</button>
<button class="btn btn-ghost btn-free justify-start text-start" data-bs-target="#v-pills-content"
type="button" role="tab" aria-controls="v-pills-content" aria-selected="false"
hx-get="{% url 'insights_month_by_month' %}">
{% trans 'Month by Month' %}
</button>
</div>
</div>
</div>

28
app/templates/monthly_overview/fragments/list.html
View File

@@ -3,6 +3,31 @@
{% regroup transactions by date|customnaturaldate as transactions_by_date %}
<div id="transactions-list">
{% if late_transactions %}
<div id="late-transactions" class="transactions-divider"
x-data="{ open: sessionStorage.getItem('late-transactions') !== 'false' }"
x-init="if (sessionStorage.getItem('late-transactions') === null) sessionStorage.setItem('late-transactions', 'true')">
<div class="mt-3 mb-1 w-full border-b border-b-error/50 transactions-divider-title cursor-pointer">
<a class="no-underline inline-block w-full text-error font-semibold"
role="button"
@click="open = !open; sessionStorage.setItem('late-transactions', open)"
:aria-expanded="open">
<i class="fa-solid fa-circle-exclamation me-1"></i>{% translate "late" %}
</a>
</div>
<div class="transactions-divider-collapse overflow-visible isolation-auto"
x-show="open"
x-collapse>
<div class="flex flex-col">
{% for transaction in late_transactions %}
<c-transaction.item
:transaction="transaction"></c-transaction.item>
{% endfor %}
</div>
</div>
</div>
{% endif %}
{% for x in transactions_by_date %}
<div id="{{ x.grouper|slugify }}" class="transactions-divider"
x-data="{ open: sessionStorage.getItem('{{ x.grouper|slugify }}') !== 'false' }"
@@ -28,10 +53,13 @@
</div>
{% empty %}
{% if not late_transactions %}
<c-msg.empty
title="{% translate 'No transactions this month' %}"
subtitle="{% translate "Try adding one" %}"></c-msg.empty>
{% endif %}
{% endfor %}
{# Floating bar #}
<c-ui.transactions-action-bar></c-ui.transactions-action-bar>
</div>

2
app/templates/monthly_overview/fragments/monthly_summary.html
View File

@@ -1,6 +1,7 @@
{% load i18n %}
{% load currency_display %}
<div class="grid grid-cols-1 gap-4 mt-1 mb-3">
{% if not has_active_filter %}
{# Daily Spending#}
<div>
<c-ui.info-card color="yellow" icon="fa-solid fa-calendar-day" title="{% trans 'Daily Spending Allowance' %}" help_text={% trans "This is the final total divided by the remaining days in the month" %}>
@@ -34,6 +35,7 @@
</div>
</c-ui.info-card>
</div>
{% endif %}
{# Income#}
<div>
<c-ui.info-card color="green" icon="fa-solid fa-arrow-right-to-bracket" title="{% trans 'Income' %}">

116
app/templates/monthly_overview/pages/overview.html
View File

@@ -50,12 +50,13 @@
role="tab"
{% if summary_tab == 'summary' or not summary_tab %}checked="checked"{% endif %}
_="on click fetch {% url 'monthly_summary_select' selected='summary' %}"
aria-controls="summary-tab-pane" />
aria-controls="summary-tab-pane"/>
<div class="tab-content" id="summary-tab-pane" role="tabpanel">
<div id="summary"
hx-get="{% url 'monthly_summary' month=month year=year %}"
class="show-loading"
hx-trigger="load, updated from:window, selective_update from:window, every 10m">
hx-trigger="load, updated from:window, selective_update from:window, every 10m"
hx-include="#filter">
</div>
</div>
@@ -68,7 +69,8 @@
<div id="currency-summary"
hx-get="{% url 'monthly_currency_summary' month=month year=year %}"
class="show-loading"
hx-trigger="load, updated from:window, selective_update from:window, every 10m">
hx-trigger="load, updated from:window, selective_update from:window, every 10m"
hx-include="#filter">
</div>
</div>
@@ -81,7 +83,8 @@
<div id="account-summary"
hx-get="{% url 'monthly_account_summary' month=month year=year %}"
class="show-loading"
hx-trigger="load, updated from:window, selective_update from:window, every 10m">
hx-trigger="load, updated from:window, selective_update from:window, every 10m"
hx-include="#filter">
</div>
</div>
</div>
@@ -100,11 +103,112 @@
{# Main control bar with filter, search, and ordering #}
<div class="join w-full">
<button class="btn btn-secondary join-item relative" type="button"
<button class="btn btn-secondary join-item relative z-1" type="button"
@click="filterOpen = !filterOpen"
:aria-expanded="filterOpen" id="filter-button"
title="{% translate 'Filter transactions' %}">
title="{% translate 'Filter transactions' %}"
_="on load or change from #filter
-- Check if any filter has a non-default value
set hasActiveFilter to false
-- Check type (default is both IN and EX checked)
set typeInputs to <input[name='type']:checked/> in #filter
if typeInputs.length is not 2
set hasActiveFilter to true
end
-- Check is_paid (default is both 1 and 0 checked)
set isPaidInputs to <input[name='is_paid']:checked/> in #filter
if isPaidInputs.length is not 2
set hasActiveFilter to true
end
-- Check mute_status (default is both active and muted checked)
set muteStatusInputs to <input[name='mute_status']:checked/> in #filter
if muteStatusInputs.length is not 2
set hasActiveFilter to true
end
-- Check description
set descInput to #id_description
if descInput exists and descInput.value is not ''
set hasActiveFilter to true
end
-- Check date_start
set dateStartInput to #id_date_start
if dateStartInput exists and dateStartInput.value is not ''
set hasActiveFilter to true
end
-- Check date_end
set dateEndInput to #id_date_end
if dateEndInput exists and dateEndInput.value is not ''
set hasActiveFilter to true
end
-- Check reference_date_start
set refDateStartInput to #id_reference_date_start
if refDateStartInput exists and refDateStartInput.value is not ''
set hasActiveFilter to true
end
-- Check reference_date_end
set refDateEndInput to #id_reference_date_end
if refDateEndInput exists and refDateEndInput.value is not ''
set hasActiveFilter to true
end
-- Check from_amount
set fromAmountInput to #id_from_amount
if fromAmountInput exists and fromAmountInput.value is not ''
set hasActiveFilter to true
end
-- Check to_amount
set toAmountInput to #id_to_amount
if toAmountInput exists and toAmountInput.value is not ''
set hasActiveFilter to true
end
-- Check account (TomSelect stores values differently)
set accountInput to #id_account
if accountInput exists and accountInput.value is not ''
set hasActiveFilter to true
end
-- Check currency
set currencyInput to #id_currency
if currencyInput exists and currencyInput.value is not ''
set hasActiveFilter to true
end
-- Check category
set categoryInput to #id_category
if categoryInput exists and categoryInput.value is not ''
set hasActiveFilter to true
end
-- Check tags
set tagsInput to #id_tags
if tagsInput exists and tagsInput.value is not ''
set hasActiveFilter to true
end
-- Check entities
set entitiesInput to #id_entities
if entitiesInput exists and entitiesInput.value is not ''
set hasActiveFilter to true
end
-- Show or hide the indicator
if hasActiveFilter
remove .hidden from #filter-active-indicator
else
add .hidden to #filter-active-indicator
end">
<i class="fa-solid fa-filter fa-fw"></i>
<span id="filter-active-indicator" class="absolute -top-1 -right-1 w-3 h-3 bg-error rounded-full hidden z-10"></span>
</button>
{# Search box #}

27
app/templates/transactions/fragments/list_all.html
View File

@@ -3,6 +3,31 @@
{% regroup page_obj by date|customnaturaldate as transactions_by_date %}
<div id="transactions-list" class="show-loading">
{% if late_transactions %}
<div id="late-transactions" class="transactions-divider"
x-data="{ open: sessionStorage.getItem('late-transactions') !== 'false' }"
x-init="if (sessionStorage.getItem('late-transactions') === null) sessionStorage.setItem('late-transactions', 'true')">
<div class="mt-3 mb-1 w-full border-b border-b-error/50 transactions-divider-title cursor-pointer">
<a class="no-underline inline-block w-full text-error font-semibold"
role="button"
@click="open = !open; sessionStorage.setItem('late-transactions', open)"
:aria-expanded="open">
<i class="fa-solid fa-circle-exclamation me-1"></i>{% translate "late" %}
</a>
</div>
<div class="transactions-divider-collapse overflow-visible isolation-auto"
x-show="open"
x-collapse>
<div class="flex flex-col">
{% for transaction in late_transactions %}
<c-transaction.item
:transaction="transaction"></c-transaction.item>
{% endfor %}
</div>
</div>
</div>
{% endif %}
{% for x in transactions_by_date %}
<div id="{{ x.grouper|slugify }}" class="transactions-divider"
x-data="{ open: sessionStorage.getItem('{{ x.grouper|slugify }}') !== 'false' }"
@@ -28,9 +53,11 @@
</div>
{% empty %}
{% if not late_transactions %}
<c-msg.empty
title="{% translate "No transactions found" %}"
subtitle="{% translate "Try adding one" %}"></c-msg.empty>
{% endif %}
{% endfor %}
{# Floating bar #}

105
app/templates/transactions/pages/transactions.html
View File

@@ -52,11 +52,112 @@
{# Main control bar with filter, search, and ordering #}
<div class="join w-full">
<button class="btn btn-secondary join-item relative" type="button"
<button class="btn btn-secondary join-item relative z-1" type="button"
@click="filterOpen = !filterOpen"
:aria-expanded="filterOpen" id="filter-button"
title="{% translate 'Filter transactions' %}">
title="{% translate 'Filter transactions' %}"
_="on load or change from #filter
-- Check if any filter has a non-default value
set hasActiveFilter to false
-- Check type (default is both IN and EX checked)
set typeInputs to <input[name='type']:checked/> in #filter
if typeInputs.length is not 2
set hasActiveFilter to true
end
-- Check is_paid (default is both 1 and 0 checked)
set isPaidInputs to <input[name='is_paid']:checked/> in #filter
if isPaidInputs.length is not 2
set hasActiveFilter to true
end
-- Check mute_status (default is both active and muted checked)
set muteStatusInputs to <input[name='mute_status']:checked/> in #filter
if muteStatusInputs.length is not 2
set hasActiveFilter to true
end
-- Check description
set descInput to #id_description
if descInput exists and descInput.value is not ''
set hasActiveFilter to true
end
-- Check date_start
set dateStartInput to #id_date_start
if dateStartInput exists and dateStartInput.value is not ''
set hasActiveFilter to true
end
-- Check date_end
set dateEndInput to #id_date_end
if dateEndInput exists and dateEndInput.value is not ''
set hasActiveFilter to true
end
-- Check reference_date_start
set refDateStartInput to #id_reference_date_start
if refDateStartInput exists and refDateStartInput.value is not ''
set hasActiveFilter to true
end
-- Check reference_date_end
set refDateEndInput to #id_reference_date_end
if refDateEndInput exists and refDateEndInput.value is not ''
set hasActiveFilter to true
end
-- Check from_amount
set fromAmountInput to #id_from_amount
if fromAmountInput exists and fromAmountInput.value is not ''
set hasActiveFilter to true
end
-- Check to_amount
set toAmountInput to #id_to_amount
if toAmountInput exists and toAmountInput.value is not ''
set hasActiveFilter to true
end
-- Check account (TomSelect stores values differently)
set accountInput to #id_account
if accountInput exists and accountInput.value is not ''
set hasActiveFilter to true
end
-- Check currency
set currencyInput to #id_currency
if currencyInput exists and currencyInput.value is not ''
set hasActiveFilter to true
end
-- Check category
set categoryInput to #id_category
if categoryInput exists and categoryInput.value is not ''
set hasActiveFilter to true
end
-- Check tags
set tagsInput to #id_tags
if tagsInput exists and tagsInput.value is not ''
set hasActiveFilter to true
end
-- Check entities
set entitiesInput to #id_entities
if entitiesInput exists and entitiesInput.value is not ''
set hasActiveFilter to true
end
-- Show or hide the indicator
if hasActiveFilter
remove .hidden from #filter-active-indicator
else
add .hidden to #filter-active-indicator
end">
<i class="fa-solid fa-filter fa-fw"></i>
<span id="filter-active-indicator" class="absolute -top-1 -right-1 w-3 h-3 bg-error rounded-full hidden z-10"></span>
</button>
{# Search box #}

1
docker-compose.dev.yml
View File

@@ -2,6 +2,7 @@ volumes:
wygiwyh_dev_postgres_data: {}
wygiwyh_temp:
services:
web:
build:

29
docker/dev/django/Dockerfile
View File

@@ -1,14 +1,4 @@
FROM python:3.11-slim-bookworm AS python-build-stage
RUN apt-get update && apt-get install --no-install-recommends -y \
build-essential \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
COPY ../requirements.txt .
RUN pip wheel --wheel-dir /usr/src/app/wheels -r requirements.txt
FROM python:3.11-slim-bookworm AS python-run-stage
FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim
ARG VERSION=dev
ENV APP_VERSION=$VERSION
@@ -16,16 +6,17 @@ ENV APP_VERSION=$VERSION
WORKDIR /usr/src/app
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
COPY --from=python-build-stage /usr/src/app/wheels /wheels/
PYTHONUNBUFFERED=1 \
UV_COMPILE_BYTECODE=1 \
UV_LINK_MODE=copy \
UV_PROJECT_ENVIRONMENT=/opt/venv
RUN apt-get update && \
apt-get install --no-install-recommends -y gettext supervisor && \
rm -rf /var/lib/apt/lists/* && \
pip install --upgrade pip && \
pip install --no-cache-dir --no-index --find-links=/wheels/ /wheels/* && \
rm -rf /wheels/ ~/.cache/pip/*
rm -rf /var/lib/apt/lists/*
COPY pyproject.toml uv.lock ./
RUN uv sync --frozen --no-install-project --no-dev
COPY ./docker/dev/django/start /start
COPY ./docker/dev/procrastinate/start /start-procrastinate
@@ -40,6 +31,8 @@ RUN sed -i 's/\r$//g' /start && \
sed -i 's/\r$//g' /start-supervisor && \
chmod +x /start-supervisor
ENV PATH="/opt/venv/bin:$PATH"
COPY ./app .
CMD ["/start-supervisor"]

22
docker/prod/django/Dockerfile
View File

@@ -1,17 +1,19 @@
FROM python:3.11-slim-bookworm AS python-build-stage
FROM ghcr.io/astral-sh/uv:python3.11-bookworm-slim AS python-build-stage
WORKDIR /app
ENV UV_COMPILE_BYTECODE=1 \
UV_LINK_MODE=copy
RUN apt-get update && apt-get install --no-install-recommends -y \
build-essential \
libpq-dev \
curl \
&& rm -rf /var/lib/apt/lists/*
# Install uv for faster package resolution
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
COPY uv.lock pyproject.toml ./
COPY ./requirements.txt .
RUN --mount=type=cache,target=/root/.cache/uv \
uv pip install --system --compile-bytecode -r requirements.txt
uv sync --frozen --no-install-project --no-dev
FROM node:lts-alpine AS vite_build
WORKDIR /usr/src/frontend
@@ -33,9 +35,8 @@ ENV APP_VERSION=$VERSION
COPY --from=vite_build /usr/src/frontend/build /usr/src/frontend/build
# Copy Python packages from build stage
COPY --from=python-build-stage /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=python-build-stage /usr/local/bin /usr/local/bin
# Copy virtual environment from build stage
COPY --from=python-build-stage /app/.venv /app/.venv
WORKDIR /usr/src/app
@@ -43,7 +44,8 @@ RUN addgroup --system app && \
adduser --system --ingroup app app
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1
PYTHONUNBUFFERED=1 \
PATH="/app/.venv/bin:$PATH"
# Install runtime dependencies
RUN --mount=type=cache,target=/root/.cache/apt \

7
frontend/package-lock.json generated
View File

@@ -28,6 +28,7 @@
"hyperscript.org": "^0.9.14",
"mathjs": "^15.1.0",
"postcss": "^8.5.6",
"pulltorefreshjs": "^0.1.22",
"sass": "^1.94.0",
"sweetalert2": "^11.26.3",
"tailwindcss": "^4.1.17",
@@ -2309,6 +2310,12 @@
"version": "4.2.0",
"license": "MIT"
},
"node_modules/pulltorefreshjs": {
"version": "0.1.22",
"resolved": "https://registry.npmjs.org/pulltorefreshjs/-/pulltorefreshjs-0.1.22.tgz",
"integrity": "sha512-haxNVEHnS4NCQA7NeG7TSV69z4uqy/N7nfPRuc4dPWe8H6ygUrMjdNeohE+6v0lVVX/ukSjbLYwPUGUYtFKfvQ==",
"license": "MIT"
},
"node_modules/readdirp": {
"version": "4.1.2",
"license": "MIT",

1
frontend/package.json
View File

@@ -35,6 +35,7 @@
"hyperscript.org": "^0.9.14",
"mathjs": "^15.1.0",
"postcss": "^8.5.6",
"pulltorefreshjs": "^0.1.22",
"sass": "^1.94.0",
"sweetalert2": "^11.26.3",
"tailwindcss": "^4.1.17",

112
frontend/src/js/pulltorefresh.js Normal file
View File

@@ -0,0 +1,112 @@
import PullToRefresh from 'pulltorefreshjs';
const isOverlayOpen = () => !!document.querySelector('.offcanvas.show, .swal2-container');
const isIosPwa = () => {
const ua = window.navigator.userAgent.toLowerCase();
const isIos = /iphone|ipad|ipod/.test(ua) || (navigator.platform === 'MacIntel' && navigator.maxTouchPoints > 1);
const isStandalone = window.navigator.standalone === true || window.matchMedia('(display-mode: standalone)').matches;
return isIos && isStandalone;
};
const ptrMarkup = `
<div class="__PREFIX__box">
<div class="__PREFIX__content">
<div class="__PREFIX__icon"></div>
<div class="__PREFIX__text"></div>
</div>
</div>
`;
const ptrStyles = `
.__PREFIX__ptr {
box-shadow: inset 0 -3px 5px rgba(0, 0, 0, 0.12);
pointer-events: none;
font-size: 0.85em;
font-weight: bold;
top: 0;
height: 0;
transition: height 0.3s, min-height 0.3s;
text-align: center;
width: 100%;
overflow: hidden;
display: flex;
align-items: flex-end;
align-content: stretch;
}
.__PREFIX__box {
padding: 10px;
flex-basis: 100%;
}
.__PREFIX__pull {
transition: none;
}
.__PREFIX__text {
margin-top: .33em;
color: var(--color-base-content);
}
.__PREFIX__icon {
color: var(--color-base-content);
transition: transform .3s;
}
/*
When at the top of the page, disable vertical overscroll so passive touch
listeners can take over.
*/
.__PREFIX__top {
touch-action: pan-x pan-down pinch-zoom;
}
.__PREFIX__release .__PREFIX__icon {
transform: rotate(180deg);
}
`;
const getPtrStrings = () => {
const ptrStringsEl = document.querySelector('#ptr-i18n');
return {
pull: ptrStringsEl?.dataset.pull,
release: ptrStringsEl?.dataset.release,
refreshing: ptrStringsEl?.dataset.refreshing
};
};
const initPullToRefresh = () => {
const ptrStrings = getPtrStrings();
PullToRefresh.destroyAll();
let ptr = PullToRefresh.init({
mainElement: 'body',
triggerElement: '#content',
getMarkup() {
return ptrMarkup;
},
getStyles() {
return ptrStyles;
},
instructionsPullToRefresh: ptrStrings.pull || 'Pull down to refresh',
instructionsReleaseToRefresh: ptrStrings.release || 'Release to refresh',
instructionsRefreshing: ptrStrings.refreshing || 'Refreshing',
shouldPullToRefresh() {
return isIosPwa() && !isOverlayOpen() && window.scrollY === 0;
},
onRefresh() {
window.location.reload();
}
});
};
if (isIosPwa()) {
initPullToRefresh();
document.body.addEventListener('htmx:afterSwap', (event) => {
if (event.detail.target === document.body) {
initPullToRefresh();
}
});
}

1
frontend/src/main.js
View File

@@ -10,3 +10,4 @@ import './js/sweetalert2.js';
import './js/style.js';
import './js/_utils.js';
import './js/hide_amounts.js';
import './js/pulltorefresh.js';

40
pyproject.toml Normal file
View File

@@ -0,0 +1,40 @@
[project]
name = "wygiwyh"
dynamic = ["version"]
description = "An opinionated and powerful finance tracker."
readme = "README.md"
requires-python = ">=3.11"
dependencies = [
"crispy-bootstrap5==2025.6",
"django~=5.2.9",
"django-allauth[socialaccount]~=65.13.1",
"django-browser-reload==1.21.0",
"django-cachalot~=2.8.0",
"django-cotton<2.3.0",
"django-crispy-forms==2.5",
"django-debug-toolbar==6.1.0",
"django-filter==25.2",
"django-hijack==3.7.4",
"django-import-export~=4.3.9",
"django-pwa~=2.0.1",
"django-vite==3.1.0",
"djangorestframework~=3.16.0",
"drf-spectacular~=0.29.0",
"gunicorn==23.0.0",
"mistune~=3.1.3",
"openpyxl~=3.1.5",
"procrastinate[django]~=3.5.3",
"psycopg[binary,pool]==3.2.9",
"pydantic~=2.12.3",
"python-dateutil~=2.9.0.post0",
"pytz>=2025.2",
"pyyaml~=6.0.2",
"requests~=2.32.5",
"simpleeval~=1.0.3",
"watchfiles==1.1.1",
"whitenoise[brotli]==6.11.0",
"xlrd~=2.0.1",
]
[tool.setuptools]
packages = ["app"]

33
requirements.txt
View File

@@ -1,33 +0,0 @@
Django~=5.2.9
psycopg[binary,pool]==3.2.9
django-vite==3.1.0
django-crispy-forms==2.5
crispy-bootstrap5==2025.6
django-browser-reload==1.21.0
django-hijack==3.7.4
django-filter==25.2
django-debug-toolbar==6.1.0
django-cachalot~=2.8.0
django-cotton<2.3.0
django-pwa~=2.0.1
djangorestframework~=3.16.0
drf-spectacular~=0.29.0
django-import-export~=4.3.9
gunicorn==23.0.0
whitenoise[brotli]==6.11.0
watchfiles==1.1.1
procrastinate[django]~=3.5.3
requests~=2.32.5
django-allauth[socialaccount]~=65.13.1
pytz
python-dateutil~=2.9.0.post0
simpleeval~=1.0.3
pydantic~=2.12.3
PyYAML~=6.0.2
mistune~=3.1.3
openpyxl~=3.1.5
xlrd~=2.0.1

1334
uv.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff