# Changelog All notable changes to the Eventify Backend are documented here. Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), versioning follows [Semantic Versioning](https://semver.org/). --- ## [1.9.0] — 2026-04-07 ### Added - **Lead Manager** — new `Lead` model in `admin_api` for tracking Schedule-a-Call form submissions and sales inquiries - Fields: name, email, phone, event_type, message, status (new/contacted/qualified/converted/closed), source (schedule_call/website/manual), priority (low/medium/high), assigned_to (FK User), notes - Migration `admin_api/0003_lead` with indexes on status, priority, created_at, email - **Consumer endpoint** `POST /api/leads/schedule-call/` — public (AllowAny, CSRF-exempt) endpoint for the Schedule a Call modal; creates Lead with status=new, source=schedule_call - **Admin API endpoints** (all IsAuthenticated): - `GET /api/v1/leads/metrics/` — total, new today, counts per status - `GET /api/v1/leads/` — paginated list with filters (status, priority, source, search, date_from, date_to) - `GET /api/v1/leads//` — single lead detail - `PATCH /api/v1/leads//update/` — update status, priority, assigned_to, notes - **RBAC**: `leads` added to `ALL_MODULES`, `get_allowed_modules()`, and `StaffProfile.SCOPE_TO_MODULE` --- ## [1.8.3] — 2026-04-06 ### Fixed - **`TopEventsAPI` now works without authentication** — `POST /api/events/top-events/` had `AllowAny` permission but still called `validate_token_and_get_user()`, returning `{"status":"error","message":"token and username required"}` for unauthenticated requests - Removed `validate_token_and_get_user()` call entirely - Added `event_status='published'` filter (was `is_top_event=True` only) - Added `event_type_name` field resolution: `e.event_type.event_type if e.event_type else ''` — `model_to_dict()` only returns the FK integer --- ## [1.8.2] — 2026-04-06 ### Fixed - **`FeaturedEventsAPI` now returns `event_type_name` string** — `model_to_dict()` serialises the `event_type` FK as an integer ID; the hero slider frontend reads `ev.event_type_name` to display the category badge, which was always `null` - Added `data_dict['event_type_name'] = e.event_type.event_type if e.event_type else ''` after `model_to_dict(e)` to resolve the FK to its human-readable name (e.g. `"Festivals"`) - No frontend changes required — `fetchHeroSlides()` already falls back to `ev.event_type_name` --- ## [1.8.1] — 2026-04-06 ### Fixed - **`FeaturedEventsAPI` now works without authentication** — `POST /api/events/featured-events/` had `AllowAny` permission but still called `validate_token_and_get_user()`, causing the endpoint to return HTTP 200 + `{"status":"error","message":"token and username required"}` for unauthenticated requests (e.g. the desktop hero slider) - Removed the `validate_token_and_get_user()` call entirely — the endpoint is public by design and requires no token - Also tightened the queryset to `event_status='published'` (was `is_featured=True` only) to match `ConsumerFeaturedEventsView` behaviour and avoid returning draft/cancelled events - Root cause: host Nginx routes `/api/` → `eventify-backend` container (port 3001), not `eventify-django` (port 8085); the `validate_token_and_get_user` gate in this container was silently blocking all hero slider requests --- ## [1.8.0] — 2026-04-04 ### Added - **`BulkUserPublicInfoView`** (`POST /api/user/bulk-public-info/`) - Internal endpoint for the Node.js gamification server to resolve user details - Accepts `{ emails: [...] }` (max 500), returns `{ users: { email: { display_name, district, eventify_id } } }` - Used for leaderboard data bridge (syncing user names/districts into gamification DB) - CSRF-exempt, returns only public-safe fields (no passwords, tokens, or sensitive PII) --- ## [1.7.0] — 2026-04-04 ### Added - **Home District with 6-month cooldown** - `district_changed_at` DateTimeField on User model (migration `0013_user_district_changed_at`) — nullable, no backfill; NULL means "eligible to change immediately" - `VALID_DISTRICTS` constant (14 Kerala districts) in `accounts/models.py` for server-side validation - `WebRegisterForm` now accepts optional `district` field; stamps `district_changed_at` on valid selection during signup - `UpdateProfileView` enforces 183-day (~6 months) cooldown — rejects district changes within the window with a human-readable "Next change: {date}" error - `district_changed_at` included in all relevant API responses: `LoginView`, `WebRegisterView`, `StatusView`, `UpdateProfileView` - `StatusView` now also returns `district` field (was previously missing) --- ## [1.6.2] — 2026-04-03 ### Security - **Internal exceptions no longer exposed to API callers** — all 15 `except Exception as e` blocks across `mobile_api/views/user.py` and `mobile_api/views/events.py` now log the real error via `eventify_logger` and return a generic `"An unexpected server error occurred."` to the caller - Affected views: `RegisterView`, `WebRegisterView`, `LoginView`, `StatusView`, `LogoutView`, `UpdateProfileView`, `EventTypeAPI`, `EventListAPI`, `EventDetailAPI`, `EventImagesListAPI`, `EventsByDateAPI`, `DateSheetAPI`, `PincodeEventsAPI`, `FeaturedEventsAPI`, `TopEventsAPI` - `StatusView` and `UpdateProfileView` were also missing `log(...)` calls entirely — added - `from eventify_logger.services import log` import added to `events.py` (was absent) --- ## [1.6.1] — 2026-04-03 ### Added - **`eventify_id` in `StatusView` response** (`/api/user/status/`) — consumer app uses this to refresh the Eventify ID badge (`EVT-XXXXXXXX`) for sessions that pre-date the `eventify_id` login field - **`accounts` migration `0012_user_eventify_id` deployed to production containers** — backfilled all existing users with unique Eventify IDs; previously the migration existed locally but had not been applied in production --- ## [1.6.0] — 2026-04-02 ### Added - **Unique Eventify ID system** (`EVT-XXXXXXXX` format) - New `eventify_id` field on `User` model — `CharField(max_length=12, unique=True, editable=False, db_index=True)` - Charset `ABCDEFGHJKLMNPQRSTUVWXYZ23456789` (no ambiguous characters I/O/0/1) giving ~1.78T combinations - Auto-generated on first `save()` via a 10-attempt retry loop using `secrets.choice()` - Migration `0012_user_eventify_id`: add nullable → backfill all existing users → make non-null - `eventify_id` exposed in `accounts/api.py` → `_partner_user_to_dict()` fields list - `eventify_id` exposed in `partner/api.py` → `_user_to_dict()` fields list - `eventify_id` exposed in `mobile_api/views/user.py` → `LoginView` response (populates `localStorage.event_user.eventify_id`) - `eventifyId` exposed in `admin_api/views.py` → `_serialize_user()` (camelCase for direct TypeScript compatibility) - Server-side search in `UserListView` now also filters on `eventify_id__icontains` - Synced migration `0011_user_allowed_modules_alter_user_id` (pulled from server, was missing from local repo) ### Changed - `accounts/models.py`: merged `allowed_modules` field + `get_allowed_modules()` + `ALL_MODULES` constant from server (previously only existed on server) --- ## [1.5.0] — 2026-03-31 ### Added - `allowed_modules` TextField on `User` model — comma-separated module slug access control - `get_allowed_modules()` method on `User` — returns list of accessible modules based on role or explicit list - `ALL_MODULES` class constant listing all platform module slugs - Migration `0011_user_allowed_modules_alter_user_id` --- ## [1.4.0] — 2026-03-24 ### Added - Partner portal login/logout APIs (`accounts/api.py`) — `PartnerLoginAPI`, `PartnerLogoutAPI`, `PartnerMeAPI` - `_partner_user_to_dict()` serializer for partner-scoped user data - Partner CRUD, KYC review, and user management endpoints in `partner/api.py` --- ## [1.3.0] — 2026-03-14 ### Changed - User `id` field changed from `AutoField` to `BigAutoField` (migration `0010_alter_user_id`) --- ## [1.2.0] — 2026-03-10 ### Added - `partner` ForeignKey on `User` model linking users to partners (migration `0009_user_partner`) - Profile picture upload support (`ImageField`) with `default.png` fallback (migration `0006–0007`) --- ## [1.1.0] — 2026-02-28 ### Added - Location fields on `User`: `pincode`, `district`, `state`, `country`, `place`, `latitude`, `longitude` - Custom `UserManager` for programmatic user creation --- ## [1.0.0] — 2026-03-01 ### Added - Initial Django project with custom `User` model extending `AbstractUser` - Role choices: `admin`, `manager`, `staff`, `customer`, `partner`, `partner_manager`, `partner_staff`, `partner_customer` - JWT authentication via `djangorestframework-simplejwt` - Admin API foundation: auth, dashboard metrics, partners, users, events - Docker + Gunicorn + PostgreSQL 16 production setup