feat(email): implement an outbox for ticketing mails with multiple receivers

[Gagan-Ram]

Fixes: #658

Video:

email_outbox.webm

Summary by Sourcery

Implement an outbox system for ticketing emails to allow queuing, managing, and sending batch mails to attendees, orders, or team members.

New Features:

• Introduce EmailQueue, EmailQueueFilter, and EmailQueueToUser models to store and structure queued emails with recipient metadata
• Add outbox management views and templates (list, edit, delete, purge, sent) for queued mails
• Implement send_queued_mail Celery task with retry and error handling to process queued emails asynchronously
• Support team-based email composition through a dedicated TeamMailForm and associated views
• Provide a compose choice view to select between attendee/order emails and team emails

Enhancements:

• Refactor SenderView to queue emails into the outbox instead of sending immediately
• Add CopyDraftMixin to preload existing queued mails as drafts and QueryFilterOrderingMixin for searchable and orderable listings
• Extend the mail service to respect per-queue BCC and Reply-To overrides
• Update control navigation to include outbox and sent emails sections under Mails

[sourcery-ai]

Reviewer's Guide

This PR implements an outbox-based system for ticketing emails by replacing direct mail sending with a persistent queue (EmailQueue) that stores filter criteria and recipients, and introduces new models, tasks, views, forms, templates, and mixins to compose, manage, preview, and dispatch queued emails—including support for team-based mailings and UI enhancements for drafts, search, and ordering.

Sequence diagram for composing and sending an email to outbox

sequenceDiagram
    actor Organizer
    participant WebUI
    participant SenderView
    participant EmailQueue
    participant EmailQueueFilter
    participant EmailQueueToUser
    participant CeleryTask
    participant MailService

    Organizer->>WebUI: Fill compose email form and submit
    WebUI->>SenderView: POST form data
    SenderView->>EmailQueue: Create EmailQueue instance
    SenderView->>EmailQueueFilter: Create EmailQueueFilter with filter criteria
    SenderView->>EmailQueue: Call populate_to_users()
    EmailQueue->>EmailQueueToUser: Create recipient entries
    SenderView->>WebUI: Redirect to outbox list
    Organizer->>WebUI: Click 'Send' on queued mail
    WebUI->>CeleryTask: POST to send_queued_mail
    CeleryTask->>EmailQueue: Load queued mail
    CeleryTask->>EmailQueueToUser: Iterate recipients
    CeleryTask->>MailService: Send email for each recipient
    MailService-->>CeleryTask: Success/failure per recipient
    CeleryTask->>EmailQueue: Update sent_at if all sent

Loading

Class diagram for new and updated email queue models

classDiagram
    class EmailQueue {
        +Event event
        +User user
        +ComposingFor composing_for
        +I18nTextField subject
        +I18nTextField message
        +String reply_to
        +Text bcc
        +String locale
        +UUID[] attachments
        +DateTime created_at
        +DateTime updated_at
        +DateTime sent_at
        +get_recipient_emails()
        +populate_to_users()
        +send()
    }
    class EmailQueueFilter {
        +EmailQueue mail
        +String recipients
        +String[] sendto
        +Integer[] products
        +Integer[] checkin_lists
        +Boolean filter_checkins
        +Boolean not_checked_in
        +Integer subevent
        +DateTime subevents_from
        +DateTime subevents_to
        +DateTime created_from
        +DateTime created_to
        +Integer[] orders
        +Integer[] teams
    }
    class EmailQueueToUser {
        +EmailQueue mail
        +Email email
        +String[] orders
        +String[] positions
        +String[] products
        +Integer team
        +Boolean sent
        +Text error
    }
    EmailQueue "1" --o "1" EmailQueueFilter : has
    EmailQueue "1" --o "*" EmailQueueToUser : recipients
    EmailQueueFilter "1" --o "1" EmailQueue : mail
    EmailQueueToUser "*" --o "1" EmailQueue : mail

Loading

File-Level Changes

Change	Details	Files
Implement persistent EmailQueue model and send_queued_mail backend to support outbox and deferred sending	Introduced EmailQueue, EmailQueueFilter, and EmailQueueToUser models Added initial migration to create queue tables Created send_queued_mail Celery task with retry and logging Extended mail service signature to handle event_bcc and event_reply_to Enhanced get_email_context to skip invalid placeholders	plugins/sendmail/models.py plugins/sendmail/migrations/0001_initial.py plugins/sendmail/tasks.py base/services/mail.py base/email.py
Refactor SenderView to enqueue mails instead of sending immediately	Removed direct send_mails calls and legacy LogEntry handling Integrated CopyDraftMixin for draft-based initial data Created EmailQueue and EmailQueueFilter on valid form submission Called populate_to_users to generate per-recipient entries	plugins/sendmail/views.py
Add Outbox and Sent mail management UI with create, list, edit, send, delete, and purge operations	Added OutboxListView, SentMailView, EditEmailQueueView, SendEmailQueueView, DeleteEmailQueueView, PurgeEmailQueuesView Updated URL patterns and navigation signals for all outbox endpoints Developed templates for outbox list, edit form, sent list, delete and purge confirmations Provided sendmail_extras template filter to assist listing and splitting	plugins/sendmail/views.py plugins/sendmail/urls.py plugins/sendmail/signals.py plugins/sendmail/templates/pretixplugins/sendmail/outbox_list.html plugins/sendmail/templates/pretixplugins/sendmail/outbox_form.html plugins/sendmail/templates/pretixplugins/sendmail/sent_list.html plugins/sendmail/templates/pretixplugins/sendmail/delete_confirmation.html plugins/sendmail/templates/pretixplugins/sendmail/purge_confirmation.html plugins/sendmail/templatetags/sendmail_extras.py
Support team-based email composition with choice screen and TeamMailForm	Added ComposeMailChoice and ComposeTeamsMail views for multi-mode composition Introduced TeamMailForm for selecting teams and previewing content Created templates for compose choice and team mail form Updated URLs and nav items to link team composition paths	plugins/sendmail/views.py plugins/sendmail/forms.py plugins/sendmail/urls.py plugins/sendmail/templates/pretixplugins/sendmail/compose_choice.html plugins/sendmail/templates/pretixplugins/sendmail/send_team_form.html
Introduce mixins for draft copying and query/filter/ordering functionality	Created CopyDraftMixin to preload queued mail data into compose forms Added QueryFilterOrderingMixin to support q search and dynamic ordering in list views	plugins/sendmail/mixins.py

Assessment against linked issues

Issue	Objective	Addressed	Explanation
#658	Implement an Outbox for emails in eventyay-tickets, allowing organisers to review emails before sending, with functionality and UI similar to eventyay-talk.	✅
#658	Add an Outbox menu tab below 'Mails' in the event navigation, as per the prerequisite.	✅
#658	Ensure the Outbox allows organisers to view, edit, send, and discard queued emails, and supports multiple receivers.	✅

Possibly linked issues

• Implement an Outbox for Emails #658: The PR implements an email outbox with queuing, editing, and sending functionalities, and adds an outbox menu tab, directly fulfilling the issue's requirements.
• Implement an Outbox for Emails #658: The PR renames email tabs to 'Mails', 'Compose emails', and 'Sent emails', and moves 'Templates' under 'Mails', directly addressing the issue's UI and naming fixes.
• Implement an Outbox for Emails #658: The PR implements an email outbox and queuing system, allowing emails to be held and sent later via a background task, which is a key part of the email scheduling feature, and lays the groundwork for setting future send times.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

Blocking issues:

• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)
• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)
• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)
• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)

General comments:

• Consider wrapping the EmailQueue creation, EmailQueueFilter creation, and populate_to_users call in a single atomic transaction to avoid orphaned records if any step fails.
• The form_valid methods in SenderView and ComposeTeamsMail are quite long and mix filtering, queueing, and rendering logic; extracting the queue‐building and recipient resolution into service or model methods would improve readability and testability.
• Since outbox listing and search filter by subject and recipient email, adding database indexes on EmailQueue.subject and EmailQueueToUser.email (or a materialized first_recipient_email field) could help maintain performance at scale.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider wrapping the EmailQueue creation, EmailQueueFilter creation, and populate_to_users call in a single atomic transaction to avoid orphaned records if any step fails.
- The form_valid methods in SenderView and ComposeTeamsMail are quite long and mix filtering, queueing, and rendering logic; extracting the queue‐building and recipient resolution into service or model methods would improve readability and testability.
- Since outbox listing and search filter by subject and recipient email, adding database indexes on EmailQueue.subject and EmailQueueToUser.email (or a materialized first_recipient_email field) could help maintain performance at scale.

## Individual Comments

### Comment 1
<location> `app/eventyay/plugins/sendmail/forms.py:515-519` </location>
<code_context>
+            if email.strip()
+        ]
+
+        if len(updated_emails) > len(self.recipient_objects):
+            raise ValidationError(
+                _("You cannot add new recipients. Only editing existing email addresses is allowed.")
</code_context>

<issue_to_address>
**suggestion (bug_risk):** EmailQueueEditForm prevents adding new recipients but not removing all.

Please add validation to ensure at least one recipient remains after editing to prevent emails from being queued without recipients.

```suggestion
        if len(updated_emails) > len(self.recipient_objects):
            raise ValidationError(
                _("You cannot add new recipients. Only editing existing email addresses is allowed.")
            )
        if len(updated_emails) == 0:
            raise ValidationError(
                _("At least one recipient must remain. You cannot remove all recipients.")
            )
        return updated_emails
```
</issue_to_address>

### Comment 2
<location> `app/eventyay/plugins/sendmail/forms.py:526` </location>
<code_context>
+
+        updated_emails = self.cleaned_data['emails']
+
+        for i, email in enumerate(updated_emails):
+            self.recipient_objects[i].email = email
+            if commit:
</code_context>

<issue_to_address>
**issue:** Potential index error if fewer emails are provided than recipients.

Currently, extra recipient objects remain unchanged if fewer emails are provided. Please handle this case by either removing the extra recipients or raising a validation error.
</issue_to_address>

### Comment 3
<location> `app/eventyay/base/services/mail.py:174-177` </location>
<code_context>
         if event:
             timezone = event.timezone
             renderer = event.get_html_mail_renderer()
-            if event.settings.mail_bcc:
+            if not auto_email:
+                if event_bcc is not None and event_bcc != '':  # The organizer may edit the BCC field in the EmailQueue editor to either specify a different BCC address or remove it entirely.
+                    for bcc_mail in event_bcc.split(','):
</code_context>

<issue_to_address>
**suggestion:** BCC and Reply-To logic is duplicated for auto_email and not auto_email.

Refactor BCC and Reply-To handling to avoid duplication and ensure headers are set consistently regardless of auto_email state.
</issue_to_address>

### Comment 4
<location> `app/eventyay/base/email.py:424-425` </location>
<code_context>
         for v in val:
-            if all(rp in kwargs for rp in v.required_context):
-                ctx[v.identifier] = v.render(kwargs)
+            try:
+                if all(rp in kwargs for rp in v.required_context):
+                    ctx[v.identifier] = v.render(kwargs)
+            except (KeyError, AttributeError, TypeError, ValueError) as e:
+                logger.warning("Skipping placeholder %s due to error: %s", v.identifier, e)
     logger.info('Email context: %s', ctx)
     return ctx
</code_context>

<issue_to_address>
**🚨 suggestion (security):** Logging skipped placeholders may leak sensitive context.

Sanitize log messages or reduce verbosity to avoid exposing sensitive user data from errors.

```suggestion
            except (KeyError, AttributeError, TypeError, ValueError) as e:
                logger.warning(
                    "Skipping placeholder %s due to error type: %s",
                    v.identifier,
                    type(e).__name__
                )
```
</issue_to_address>

### Comment 5
<location> `app/eventyay/plugins/sendmail/templates/pretixplugins/sendmail/outbox_form.html:133` </location>
<code_context>
                                    <strong>{{ out.subject|safe }}</strong><br><br>
</code_context>

<issue_to_address>
**security (python.flask.security.xss.audit.template-unescaped-with-safe):** Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability.

*Source: opengrep*
</issue_to_address>

### Comment 6
<location> `app/eventyay/plugins/sendmail/templates/pretixplugins/sendmail/outbox_form.html:134` </location>
<code_context>
                                    {{ out.html|safe }}
</code_context>

<issue_to_address>
**security (python.flask.security.xss.audit.template-unescaped-with-safe):** Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability.

*Source: opengrep*
</issue_to_address>

### Comment 7
<location> `app/eventyay/plugins/sendmail/templates/pretixplugins/sendmail/send_team_form.html:45` </location>
<code_context>
                        <strong>{{ out.subject|safe }}</strong><br><br>
</code_context>

<issue_to_address>
**security (python.flask.security.xss.audit.template-unescaped-with-safe):** Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability.

*Source: opengrep*
</issue_to_address>

### Comment 8
<location> `app/eventyay/plugins/sendmail/templates/pretixplugins/sendmail/send_team_form.html:46` </location>
<code_context>
                        {{ out.html|safe }}
</code_context>

<issue_to_address>
**security (python.flask.security.xss.audit.template-unescaped-with-safe):** Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability.

*Source: opengrep*
</issue_to_address>

### Comment 9
<location> `app/eventyay/plugins/sendmail/forms.py:503` </location>
<code_context>
    def _set_field_placeholders(self, fn, base_parameters):
        phs = ['{%s}' % p for p in sorted(get_available_placeholders(self.event, base_parameters).keys())]
        ht = _('Available placeholders: {list}').format(list=', '.join(phs))
        if self.fields[fn].help_text:
            self.fields[fn].help_text += ' ' + str(ht)
        else:
            self.fields[fn].help_text = ht
        self.fields[fn].validators.append(PlaceholderValidator(phs))

</code_context>

<issue_to_address>
**suggestion (code-quality):** Use f-string instead of string concatenation ([`use-fstring-for-concatenation`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/use-fstring-for-concatenation/))

```suggestion
            self.fields[fn].help_text += f' {str(ht)}'
```
</issue_to_address>

### Comment 10
<location> `app/eventyay/plugins/sendmail/mixins.py:20` </location>
<code_context>
    def load_copy_draft(self, request, form_kwargs, team_mode=False):
        if copy_id := request.GET.get('copyToDraft'):
            try:
                mail_id = int(copy_id)
                qm = EmailQueue.objects.get(id=mail_id, event=request.event)
                form_kwargs['initial'] = form_kwargs.get('initial', {})

                subject = qm.subject
                message = qm.message

                attachment = CachedFile.objects.filter(id__in=qm.attachments).first()

                try:
                    qmf = EmailQueueFilter.objects.get(mail=qm)
                except EmailQueueFilter.DoesNotExist:
                    qmf = None

                form_kwargs['initial'].update({
                    'subject': subject,
                    'message': message,
                    'reply_to': qm.reply_to,
                    'bcc': qm.bcc,
                })

                if attachment:
                    form_kwargs['initial']['attachment'] = attachment

                if qmf:
                    if team_mode:
                        form_kwargs['initial']['teams'] = qmf.teams or []
                    else:
                        form_kwargs['initial'].update({
                            'recipients': qmf.recipients or [],
                            'sendto': qmf.sendto or ['p', 'na'],
                            'filter_checkins': qmf.filter_checkins,
                            'not_checked_in': qmf.not_checked_in,
                        })

                        if qmf.products:
                            form_kwargs['initial']['products'] = request.event.products.filter(id__in=qmf.products)

                        if qmf.checkin_lists:
                            form_kwargs['initial']['checkin_lists'] = request.event.checkin_lists.filter(
                                id__in=qmf.checkin_lists
                            )

                        if qmf.subevent:
                            try:
                                form_kwargs['initial']['subevent'] = request.event.subevents.get(id=qmf.subevent)
                            except SubEvent.DoesNotExist:
                                pass

                        for field in ['subevents_from', 'subevents_to', 'created_from', 'created_to']:
                            value = getattr(qmf, field, None)
                            if value:
                                form_kwargs['initial'][field] = dateutil.parser.isoparse(value) if isinstance(value, str) else value

            except (EmailQueue.DoesNotExist, ValueError, TypeError) as e:
                logger.warning('Failed to load EmailQueue for copyToDraft: %s' % e)

</code_context>

<issue_to_address>
**issue (code-quality):** We've found these issues:

- Add guard clause ([`last-if-guard`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/last-if-guard/))
- Extract code out into method ([`extract-method`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/extract-method/))
- Use named expression to simplify assignment and conditional ([`use-named-expression`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/use-named-expression/))
- Replace interpolated string formatting with f-string ([`replace-interpolation-with-fstring`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/replace-interpolation-with-fstring/))
</issue_to_address>

### Comment 11
<location> `app/eventyay/plugins/sendmail/models.py:142-145` </location>
<code_context>
    def _finalize_send_status(self):
        if all(r.sent for r in self.recipients.all()):
            self.sent_at = now()
        else:
            self.sent_at = None
        self.save(update_fields=["sent_at"])

</code_context>

<issue_to_address>
**suggestion (code-quality):** Replace if statement with if expression ([`assign-if-exp`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/assign-if-exp/))

```suggestion
        self.sent_at = now() if all(r.sent for r in self.recipients.all()) else None
```
</issue_to_address>

### Comment 12
<location> `app/eventyay/plugins/sendmail/models.py:208` </location>
<code_context>
    def get_recipient_emails(self):
        """
        Resolve and return the full list of unique email addresses
        this queued mail will send to.
        """
        return sorted(set(r.email.strip().lower() for r in self.recipients.all() if r.email))

</code_context>

<issue_to_address>
**suggestion (code-quality):** Replace list(), dict() or set() with comprehension ([`collection-builtin-to-comprehension`](https://docs.sourcery.ai/Reference/Default-Rules/refactorings/collection-builtin-to-comprehension/))

```suggestion
        return sorted(
            {r.email.strip().lower() for r in self.recipients.all() if r.email}
        )
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[mariobehling]

• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)
• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)
• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)
• Detected a segment of a Flask template where autoescaping is explicitly disabled with '| safe' filter. This allows rendering of raw HTML in this segment. Ensure no user data is rendered here, otherwise this is a cross-site scripting (XSS) vulnerability. (link)

@sourcery-ai

Thanks for the heads-up. Two clarifications and actions from our side:

1. Framework misclassification
   This is a Django project, not Flask. The |safe filter here is the Django template filter (not Jinja/Flask). The rule is still useful though, because it flags potential XSS whenever auto-escaping is bypassed.

2. Why |safe appears here & how we mitigate XSS
   The flagged lines render HTML previews (e.g., email body preview and helper snippets). These can contain markup by design. To prevent XSS, we will/do ensure only sanitized HTML is passed to templates:

• ✔️ Server-side sanitization before render:

  • We sanitize email body/help HTML using an allow-list (e.g. bleach.clean(..., tags=ALLOWED_TAGS, attributes=ALLOWED_ATTRS, protocols=ALLOWED_PROTOCOLS, strip=True)), removing <script>, on*-Handler etc.
  • Any placeholder values originating from user input are escaped during placeholder rendering; only system-generated/trusted fragments can be marked as safe.

• ✔️ Template hardening adjustments (follow-up patch):

  • Subjects/titles will not use |safe (they should be plain text); we’ll remove |safe there.
  • For the HTML body preview, we will render a distinct context var like body_html_trusted that is only set after sanitization; only that var is used with |safe.
  • We will add an inline template comment explaining why |safe is safe at that exact line.

• ✔️ Tests:

  • Add unit tests with payloads like <img src=x onerror=alert(1)> and <a href="javascript:..."> to assert they are neutralized in previews.
  • Add a regression test ensuring placeholders that include user data are escaped unless explicitly whitelisted.

Net result: The “Flask” label is a mis-ID, but the underlying XSS concern is addressed. We’ll keep |safe only for sanitized, trusted HTML (email body preview), and remove it where not needed (e.g., subject).

How to scope your rule to Django (or paths) to avoid Flask-specific wording going forward?

[Copilot]

Pull Request Overview

This PR refactors the sendmail plugin to introduce a queue-based email system, replacing the previous immediate send approach. Instead of sending emails directly, messages are now queued in an outbox for review and manual sending, with comprehensive recipient tracking and error handling.

Key Changes

• Introduces new models (EmailQueue, EmailQueueFilter, EmailQueueToUser) for email queue management
• Replaces EmailHistoryView with new views: OutboxListView, SentMailView, EditEmailQueueView
• Adds support for composing emails to team members in addition to attendees
• Implements draft copying functionality and improved email preview system

Reviewed Changes

Copilot reviewed 20 out of 22 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
views.py	Refactored email composition to use queue system; added outbox management views
models.py	New models for email queue, recipient tracking, and filter data
tasks.py	Added send_queued_mail task for asynchronous email sending
forms.py	New forms for team emails and email queue editing
urls.py	Updated URL patterns to support outbox and team email composition
signals.py	Updated navigation structure and log entry action types
templates/	New templates for outbox, sent mail lists, and composition forms
mixins.py	New mixins for draft copying and query filtering
mail.py	Enhanced with event_bcc and event_reply_to parameters

Comments suppressed due to low confidence (3)

app/eventyay/plugins/sendmail/tasks.py:127

• This assignment to 'event' is unnecessary as it is redefined before this value is used.

        event = event_id

app/eventyay/plugins/sendmail/tasks.py:130

• This assignment to 'event' is unnecessary as it is redefined before this value is used.

        event = Event.objects.get(id=original_event_id)

app/eventyay/plugins/sendmail/views.py:255

• This assignment to 'get_queryset' is unnecessary as it is redefined before this value is used.

    def get_queryset(self):

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[mariobehling]

Thanks, please add screenshots or a video.

[Copilot]

Pull Request Overview

Copilot reviewed 21 out of 23 changed files in this pull request and generated 10 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Gagan-Ram]

I have tested this PR against multiple Localization too. This works as expected.

[Gagan-Ram]

Thanks, please add screenshots or a video.

Added in description.
Thanks

[hongquan]

Any reason why the ordering parameter is not inside encoded_query?

[Gagan-Ram]

When generating the sorting arrows (the ▲/▼ links), you are creating new ordering options.
If encoded_query already included the current ordering parameter, clicking one of those arrows would produce a URL like this:

?q=foo&ordering=-subject&ordering=subject

That would lead to duplicate ordering parameters, and Django would only use the first one, effectively ignoring the new sort you just clicked.

[hongquan]

It means that the "the ▲/▼ links" are dumb, they should overwrite the ordering parameter, instead of appending. Those links should be fixed.

[Copilot]

Pull Request Overview

Copilot reviewed 21 out of 23 changed files in this pull request and generated 21 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The thumbnail filenames are also changed to "pretixbase" paths, which is inconsistent with the rest of the codebase that uses "eventyay" paths. These should be "eventyay/email/thumb.png" and "eventyay/email/thumb_simple_logo.png" to maintain consistency.

[Copilot]

The condition event_bcc != '' is redundant. In Python, an empty string is falsy, so event_bcc is not None and event_bcc would be sufficient and more idiomatic. The same applies to the event_reply_to check on line 187.

[Copilot]

The docstring type annotation :type raw_composing_for: str doesn't match the actual field name composing_for. This should be :type composing_for: str.

Suggested change

	:type raw_composing_for: str
	:type composing_for: str

[Copilot]

The variable changed is set but never used meaningfully. It's set to changed or result on line 126, but the final value is never checked or returned. This variable should either be used to track changes or removed.

Suggested change

	changed = False
	for recipient in recipients:
	if recipient.sent:
	continue
	result = self._send_to_recipient(recipient, subject, message)
	changed = changed or result
	for recipient in recipients:
	if recipient.sent:
	continue
	self._send_to_recipient(recipient, subject, message)

[Copilot]

The task checks if event_id is an Event instance (line 16), but Celery tasks serialize their arguments, so event_id will always be an integer when the task is executed asynchronously. This check will never be True in actual async execution. If this is for testing purposes, it should be documented; otherwise, this code path is dead code and should be removed.

Suggested change

	if isinstance(event_id, Event):
	original_event_id = event_id.pk
	event = event_id
	else:
	original_event_id = event_id
	event = Event.objects.get(id=original_event_id)
	original_event_id = event_id
	event = Event.objects.get(id=original_event_id)

[Gagan-Ram]

@hongquan any comments

[Copilot]

The condition event_reply_to != '' is redundant. An empty string is falsy in Python, so event_reply_to is not None and event_reply_to would be more idiomatic.

Suggested change

	and event_reply_to != ''
	and event_reply_to

[Copilot]

[nitpick] Using a walrus operator (:=) in an if condition is valid in Python 3.8+, but for consistency with the rest of the codebase and better readability, consider extracting this to a separate line: copy_id = request.GET.get('copyToDraft') followed by if copy_id:.

Suggested change

	if copy_id := request.GET.get('copyToDraft'):
	copy_id = request.GET.get('copyToDraft')
	if copy_id:

[Copilot]

The success message says "The mail has been sent" but the mail is actually being queued for asynchronous sending via Celery. The message should be "The mail has been queued for sending" to accurately reflect what's happening.

Suggested change

	_('The mail has been sent.')
	_('The mail has been queued for sending.')

[Copilot]

The question() method is defined but never called. Similar to the issue in DeleteEmailQueueView, this should either be decorated with @property or the template should call it with parentheses.

[Copilot]

Pull Request Overview

Copilot reviewed 22 out of 24 changed files in this pull request and generated 19 comments.

Comments suppressed due to low confidence (2)

app/eventyay/plugins/sendmail/views.py:3

• Import of 'uuid' is not used.

import uuid

app/eventyay/plugins/sendmail/views.py:14

• Import of 'urlencode' is not used.

from urllib.parse import urlencode

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Unused import. The uuid import is not used anywhere in this file.

Suggested change

import uuid

[Copilot]

Inefficient query pattern. The method calls self.recipients.all() multiple times (lines 114, 147, 269). Consider fetching recipients once and storing them in a variable to avoid multiple database queries.

[Copilot]

Trailing whitespace on line 7. Remove the trailing space after the comma.

Suggested change

	'control/event/<str:organizer>/<str:event>/mails/compose/',
	'control/event/<str:organizer>/<str:event>/mails/compose/',

[Copilot]

Trailing whitespace on line 22. Remove the trailing space after the comma.

Suggested change

	'control/event/<str:organizer>/<str:event>/mails/<int:pk>/',
	'control/event/<str:organizer>/<str:event>/mails/<int:pk>/',

[Copilot]

Trailing whitespace on line 42. Remove the trailing space after the comma.

Suggested change

	'control/event/<str:organizer>/<str:event>/mails/compose/teams/',
	'control/event/<str:organizer>/<str:event>/mails/compose/teams/',

[Copilot]

Unused import. The urlencode import is not used anywhere in this file.

Suggested change

from urllib.parse import urlencode

[Copilot]

The question() method doesn't have a return statement. It should return the translated string instead of just calling _() without returning it.

[Copilot]

Missing docstring. The send_queued_mail function should have a docstring explaining its parameters, return value, and error handling behavior, especially since it's a Celery task with retry logic.

Suggested change

	def send_queued_mail(self, event_id: int, queued_mail_id: int):
	def send_queued_mail(self, event_id: int, queued_mail_id: int):
	"""
	Celery task to send a queued email for a specific event.
	Parameters:
	self: The Celery task instance.
	event_id (int or Event): The ID of the event or an Event instance.
	queued_mail_id (int): The ID of the queued email to send.
	Returns:
	None
	Error Handling:
	- Logs an error if the event or email queue does not exist.
	- Logs warnings for partial or unsuccessful sends.
	- Retries the task up to 3 times on unexpected exceptions.
	- Logs an error if maximum retries are exceeded.
	"""

[Copilot]

Trailing whitespace on line 17. Remove the trailing space after the comma.

Suggested change

	'control/event/<str:organizer>/<str:event>/outbox/send/<int:pk>/',
	'control/event/<str:organizer>/<str:event>/outbox/send/<int:pk>/',

[Copilot]

Trailing whitespace on line 27. Remove the trailing space after the comma.

Suggested change

	'control/event/<str:organizer>/<str:event>/outbox/delete/<int:pk>/',
	'control/event/<str:organizer>/<str:event>/outbox/delete/<int:pk>/',