Refs #314 -- Read-only REST API (#513)

* initial commit

* API auth

* Hierarchical URLs

* Add session auth

* Strong hierarchy

* Add filters

* Add i18n fields, questions

* More viewsets and serializers

* Ticket download

* Add OrderPosition serializer

* View-level permissions

* More tests

* More tests

* Add basic API docs

* Add REST API to docs frontpage

* Tests for order endpoints

* Add invoice tests

* Voucher and waitinglist tests

* Doc draft

* order docs

* Docs on all viewsets

* Disable DRF docs, style sphinx, style browsable API

* Fix tests

* deprecated imports

* Test foo

* Attendee names

* Fix migration problems

* Remove browsable API, plugin integration

* Doc fixes

src/pretix/api/auth/permission.py

@@ -0,0 +1,43 @@
+from rest_framework.permissions import SAFE_METHODS, BasePermission
+
+from pretix.base.models import Event
+from pretix.base.models.organizer import Organizer, TeamAPIToken
+
+
+class EventPermission(BasePermission):
+    model = TeamAPIToken
+
+    def has_permission(self, request, view):
+        if not request.user.is_authenticated and not isinstance(request.auth, TeamAPIToken):
+            if request.method in SAFE_METHODS and request.path.startswith('/api/v1/docs/'):
+                return True
+            return False
+
+        perm_holder = (request.auth if isinstance(request.auth, TeamAPIToken)
+                       else request.user)
+        if 'event' in request.resolver_match.kwargs and 'organizer' in request.resolver_match.kwargs:
+            request.event = Event.objects.filter(
+                slug=request.resolver_match.kwargs['event'],
+                organizer__slug=request.resolver_match.kwargs['organizer'],
+            ).select_related('organizer').first()
+            if not request.event or not perm_holder.has_event_permission(request.event.organizer, request.event):
+                return False
+            request.organizer = request.event.organizer
+            request.eventpermset = perm_holder.get_event_permission_set(request.organizer, request.event)
+
+            if hasattr(view, 'permission'):
+                if view.permission and view.permission not in request.eventpermset:
+                    return False
+
+        elif 'organizer' in request.resolver_match.kwargs:
+            request.organizer = Organizer.objects.filter(
+                slug=request.resolver_match.kwargs['organizer'],
+            ).first()
+            if not request.organizer or not perm_holder.has_organizer_permission(request.organizer):
+                return False
+            request.orgapermset = perm_holder.get_organizer_permission_set(request.organizer)
+
+            if hasattr(view, 'permission'):
+                if view.permission and view.permission not in request.orgapermset:
+                    return False
+        return True

src/pretix/api/auth/token.py

@@ -0,0 +1,21 @@
+from django.contrib.auth.models import AnonymousUser
+from rest_framework import exceptions
+from rest_framework.authentication import TokenAuthentication
+
+from pretix.base.models.organizer import TeamAPIToken
+
+
+class TeamTokenAuthentication(TokenAuthentication):
+    model = TeamAPIToken
+
+    def authenticate_credentials(self, key):
+        model = self.get_model()
+        try:
+            token = model.objects.select_related('team', 'team__organizer').get(token=key)
+        except model.DoesNotExist:
+            raise exceptions.AuthenticationFailed('Invalid token.')
+
+        if not token.active:
+            raise exceptions.AuthenticationFailed('Token inactive or deleted.')
+
+        return AnonymousUser(), token

src/pretix/api/serializers/event.py

@@ -0,0 +1,10 @@
+from pretix.api.serializers.i18n import I18nAwareModelSerializer
+from pretix.base.models import Event
+
+
+class EventSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = Event
+        fields = ('name', 'slug', 'live', 'currency', 'date_from',
+                  'date_to', 'date_admission', 'is_public', 'presale_start',
+                  'presale_end', 'location')

src/pretix/api/serializers/i18n.py

@@ -0,0 +1,31 @@
+from django.conf import settings
+from i18nfield.fields import I18nCharField, I18nTextField
+from rest_framework.fields import Field
+from rest_framework.serializers import ModelSerializer
+
+
+class I18nField(Field):
+    def __init__(self, **kwargs):
+        self.allow_blank = kwargs.pop('allow_blank', False)
+        self.trim_whitespace = kwargs.pop('trim_whitespace', True)
+        self.max_length = kwargs.pop('max_length', None)
+        self.min_length = kwargs.pop('min_length', None)
+        super().__init__(**kwargs)
+
+    def to_representation(self, value):
+        if value is None or value.data is None:
+            return None
+        if isinstance(value.data, dict):
+            return value.data
+        else:
+            return {
+                settings.LANGUAGE_CODE: str(value.data)
+            }
+
+
+class I18nAwareModelSerializer(ModelSerializer):
+    pass
+
+
+I18nAwareModelSerializer.serializer_field_mapping[I18nCharField] = I18nField
+I18nAwareModelSerializer.serializer_field_mapping[I18nTextField] = I18nField

src/pretix/api/serializers/item.py

@@ -0,0 +1,64 @@
+from rest_framework import serializers
+
+from pretix.api.serializers.i18n import I18nAwareModelSerializer
+from pretix.base.models import (
+    Item, ItemAddOn, ItemCategory, ItemVariation, Question, QuestionOption,
+    Quota,
+)
+
+
+class InlineItemVariationSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = ItemVariation
+        fields = ('id', 'value', 'active', 'description',
+                  'position', 'default_price', 'price')
+
+
+class InlineItemAddOnSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = ItemAddOn
+        fields = ('addon_category', 'min_count', 'max_count',
+                  'position')
+
+
+class ItemSerializer(I18nAwareModelSerializer):
+    addons = InlineItemAddOnSerializer(many=True)
+    variations = InlineItemVariationSerializer(many=True)
+
+    class Meta:
+        model = Item
+        fields = ('id', 'category', 'name', 'active', 'description',
+                  'default_price', 'free_price', 'tax_rate', 'admission',
+                  'position', 'picture', 'available_from', 'available_until',
+                  'require_voucher', 'hide_without_voucher', 'allow_cancel',
+                  'min_per_order', 'max_per_order', 'has_variations',
+                  'variations', 'addons')
+
+
+class ItemCategorySerializer(I18nAwareModelSerializer):
+
+    class Meta:
+        model = ItemCategory
+        fields = ('id', 'name', 'description', 'position', 'is_addon')
+
+
+class InlineQuestionOptionSerializer(I18nAwareModelSerializer):
+
+    class Meta:
+        model = QuestionOption
+        fields = ('id', 'answer')
+
+
+class QuestionSerializer(I18nAwareModelSerializer):
+    options = InlineQuestionOptionSerializer(many=True)
+
+    class Meta:
+        model = Question
+        fields = ('id', 'question', 'type', 'required', 'items', 'options', 'position')
+
+
+class QuotaSerializer(I18nAwareModelSerializer):
+
+    class Meta:
+        model = Quota
+        fields = ('id', 'name', 'size', 'items', 'variations')

src/pretix/api/serializers/order.py

@@ -0,0 +1,110 @@
+from rest_framework import serializers
+from rest_framework.reverse import reverse
+
+from pretix.api.serializers.i18n import I18nAwareModelSerializer
+from pretix.base.models import (
+    Checkin, Invoice, InvoiceAddress, InvoiceLine, Order, OrderPosition,
+)
+from pretix.base.signals import register_ticket_outputs
+
+
+class InvoiceAdddressSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = InvoiceAddress
+        fields = ('last_modified', 'company', 'name', 'street', 'zipcode', 'city', 'country', 'vat_id')
+
+
+class CheckinSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = Checkin
+        fields = ('datetime',)
+
+
+class OrderDownloadsField(serializers.Field):
+    def to_representation(self, instance: Order):
+        if instance.status != Order.STATUS_PAID:
+            return []
+
+        request = self.context['request']
+        res = []
+        responses = register_ticket_outputs.send(instance.event)
+        for receiver, response in responses:
+            provider = response(instance.event)
+            if provider.is_enabled:
+                res.append({
+                    'output': provider.identifier,
+                    'url': reverse('api-v1:order-download', kwargs={
+                        'organizer': instance.event.organizer.slug,
+                        'event': instance.event.slug,
+                        'code': instance.code,
+                        'output': provider.identifier,
+                    }, request=request)
+                })
+        return res
+
+
+class PositionDownloadsField(serializers.Field):
+    def to_representation(self, instance: OrderPosition):
+        if instance.order.status != Order.STATUS_PAID:
+            return []
+        if instance.addon_to_id and not instance.order.event.settings.ticket_download_addons:
+            return []
+        if not instance.item.admission and not instance.order.event.settings.ticket_download_nonadm:
+            return []
+
+        request = self.context['request']
+        res = []
+        responses = register_ticket_outputs.send(instance.order.event)
+        for receiver, response in responses:
+            provider = response(instance.order.event)
+            if provider.is_enabled:
+                res.append({
+                    'output': provider.identifier,
+                    'url': reverse('api-v1:orderposition-download', kwargs={
+                        'organizer': instance.order.event.organizer.slug,
+                        'event': instance.order.event.slug,
+                        'pk': instance.pk,
+                        'output': provider.identifier,
+                    }, request=request)
+                })
+        return res
+
+
+class OrderPositionSerializer(I18nAwareModelSerializer):
+    checkins = CheckinSerializer(many=True)
+    downloads = PositionDownloadsField(source='*')
+    order = serializers.SlugRelatedField(slug_field='code', read_only=True)
+
+    class Meta:
+        model = OrderPosition
+        fields = ('id', 'order', 'positionid', 'item', 'variation', 'price', 'attendee_name', 'attendee_email',
+                  'voucher', 'tax_rate', 'tax_value', 'secret', 'addon_to', 'checkins', 'downloads')
+
+
+class OrderSerializer(I18nAwareModelSerializer):
+    invoice_address = InvoiceAdddressSerializer()
+    positions = OrderPositionSerializer(many=True)
+    downloads = OrderDownloadsField(source='*')
+
+    class Meta:
+        model = Order
+        fields = ('code', 'status', 'secret', 'email', 'locale', 'datetime', 'expires', 'payment_date',
+                  'payment_provider', 'payment_fee', 'payment_fee_tax_rate', 'payment_fee_tax_value',
+                  'total', 'comment', 'invoice_address', 'positions', 'downloads')
+
+
+class InlineInvoiceLineSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = InvoiceLine
+        fields = ('description', 'gross_value', 'tax_value', 'tax_rate')
+
+
+class InvoiceSerializer(I18nAwareModelSerializer):
+    order = serializers.SlugRelatedField(slug_field='code', read_only=True)
+    refers = serializers.SlugRelatedField(slug_field='invoice_no', read_only=True)
+    lines = InlineInvoiceLineSerializer(many=True)
+
+    class Meta:
+        model = Invoice
+        fields = ('order', 'invoice_no', 'is_cancellation', 'invoice_from', 'invoice_to', 'date', 'refers', 'locale',
+                  'introductory_text', 'additional_text', 'payment_provider_text', 'footer_text', 'lines')

src/pretix/api/serializers/organizer.py

@@ -0,0 +1,8 @@
+from pretix.api.serializers.i18n import I18nAwareModelSerializer
+from pretix.base.models import Organizer
+
+
+class OrganizerSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = Organizer
+        fields = ('name', 'slug')

src/pretix/api/serializers/voucher.py

@@ -0,0 +1,10 @@
+from pretix.api.serializers.i18n import I18nAwareModelSerializer
+from pretix.base.models import Voucher
+
+
+class VoucherSerializer(I18nAwareModelSerializer):
+    class Meta:
+        model = Voucher
+        fields = ('id', 'code', 'max_usages', 'redeemed', 'valid_until', 'block_quota',
+                  'allow_ignore_quota', 'price_mode', 'value', 'item', 'variation', 'quota',
+                  'tag', 'comment')

src/pretix/api/serializers/waitinglist.py

@@ -0,0 +1,9 @@
+from pretix.api.serializers.i18n import I18nAwareModelSerializer
+from pretix.base.models import WaitingListEntry
+
+
+class WaitingListSerializer(I18nAwareModelSerializer):
+
+    class Meta:
+        model = WaitingListEntry
+        fields = ('id', 'created', 'email', 'voucher', 'item', 'variation', 'locale')

src/pretix/api/templates/rest_framework/api.html

@@ -0,0 +1,19 @@
+{% extends "rest_framework/base.html" %}
+{% load staticfiles %}
+{% load compress %}
+
+{% block bootstrap_theme %}
+    {% compress css %}
+        <link rel="stylesheet" type="text/x-scss" href="{% static "rest_framework/scss/main.scss" %}" />
+    {% endcompress %}
+{% endblock %}
+{% block branding %}
+    <a class="navbar-brand" href="/api/v1/">pretix REST API</a>
+{% endblock %}
+{% block description %}
+    <div class="alert alert-info alert-docs-link">
+        <a href="https://docs.pretix.eu/en/latest/api/index.html">
+            You can find documentation on our REST API on docs.pretix.eu.
+        </a>
+    </div>
+{% endblock %}

src/pretix/api/urls.py

@@ -0,0 +1,36 @@
+import importlib
+
+from django.apps import apps
+from django.conf.urls import include, url
+from rest_framework import routers
+
+from .views import event, item, order, organizer, voucher, waitinglist
+
+router = routers.DefaultRouter()
+router.register(r'organizers', organizer.OrganizerViewSet)
+
+orga_router = routers.DefaultRouter()
+orga_router.register(r'events', event.EventViewSet)
+
+event_router = routers.DefaultRouter()
+event_router.register(r'items', item.ItemViewSet)
+event_router.register(r'categories', item.ItemCategoryViewSet)
+event_router.register(r'questions', item.QuestionViewSet)
+event_router.register(r'quotas', item.QuotaViewSet)
+event_router.register(r'vouchers', voucher.VoucherViewSet)
+event_router.register(r'orders', order.OrderViewSet)
+event_router.register(r'orderpositions', order.OrderPositionViewSet)
+event_router.register(r'invoices', order.InvoiceViewSet)
+event_router.register(r'waitinglistentries', waitinglist.WaitingListViewSet)
+
+# Force import of all plugins to give them a chance to register URLs with the router
+for app in apps.get_app_configs():
+    if hasattr(app, 'PretixPluginMeta'):
+        if importlib.util.find_spec(app.name + '.urls'):
+            importlib.import_module(app.name + '.urls')
+
+urlpatterns = [
+    url(r'^', include(router.urls)),
+    url(r'^organizers/(?P<organizer>[^/]+)/', include(orga_router.urls)),
+    url(r'^organizers/(?P<organizer>[^/]+)/events/(?P<event>[^/]+)/', include(event_router.urls)),
+]

src/pretix/api/views/event.py

@@ -0,0 +1,14 @@
+from rest_framework import viewsets
+
+from pretix.api.serializers.event import EventSerializer
+from pretix.base.models import Event
+
+
+class EventViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = EventSerializer
+    queryset = Event.objects.none()
+    lookup_field = 'slug'
+    lookup_url_kwarg = 'event'
+
+    def get_queryset(self):
+        return self.request.organizer.events.all()

src/pretix/api/views/item.py

@@ -0,0 +1,67 @@
+from django_filters.rest_framework import DjangoFilterBackend, FilterSet
+from rest_framework import viewsets
+from rest_framework.filters import OrderingFilter
+
+from pretix.api.serializers.item import (
+    ItemCategorySerializer, ItemSerializer, QuestionSerializer,
+    QuotaSerializer,
+)
+from pretix.base.models import Item, ItemCategory, Question, Quota
+
+
+class ItemFilter(FilterSet):
+    class Meta:
+        model = Item
+        fields = ['active', 'category', 'admission', 'tax_rate', 'free_price']
+
+
+class ItemViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = ItemSerializer
+    queryset = Item.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    ordering_fields = ('id', 'position')
+    ordering = ('position', 'id')
+    filter_class = ItemFilter
+
+    def get_queryset(self):
+        return self.request.event.items.prefetch_related('variations', 'addons').all()
+
+
+class ItemCategoryFilter(FilterSet):
+    class Meta:
+        model = ItemCategory
+        fields = ['is_addon']
+
+
+class ItemCategoryViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = ItemCategorySerializer
+    queryset = ItemCategory.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    filter_class = ItemCategoryFilter
+    ordering_fields = ('id', 'position')
+    ordering = ('position', 'id')
+
+    def get_queryset(self):
+        return self.request.event.categories.all()
+
+
+class QuestionViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = QuestionSerializer
+    queryset = Question.objects.none()
+    filter_backends = (OrderingFilter,)
+    ordering_fields = ('id', 'position')
+    ordering = ('position', 'id')
+
+    def get_queryset(self):
+        return self.request.event.questions.prefetch_related('options').all()
+
+
+class QuotaViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = QuotaSerializer
+    queryset = Quota.objects.none()
+    filter_backends = (OrderingFilter,)
+    ordering_fields = ('id', 'size')
+    ordering = ('id',)
+
+    def get_queryset(self):
+        return self.request.event.quotas.all()

src/pretix/api/views/order.py

@@ -0,0 +1,181 @@
+import django_filters
+from django.db.models import Q
+from django.http import FileResponse
+from django_filters.rest_framework import DjangoFilterBackend, FilterSet
+from rest_framework import viewsets
+from rest_framework.decorators import detail_route
+from rest_framework.exceptions import APIException, NotFound, PermissionDenied
+from rest_framework.filters import OrderingFilter
+
+from pretix.api.serializers.order import (
+    InvoiceSerializer, OrderPositionSerializer, OrderSerializer,
+)
+from pretix.base.models import Invoice, Order, OrderPosition
+from pretix.base.services.invoices import invoice_pdf
+from pretix.base.services.tickets import (
+    get_cachedticket_for_order, get_cachedticket_for_position,
+)
+from pretix.base.signals import register_ticket_outputs
+
+
+class OrderFilter(FilterSet):
+    class Meta:
+        model = Order
+        fields = ['code', 'status', 'email', 'locale']
+
+
+class OrderViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = OrderSerializer
+    queryset = Order.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    ordering = ('datetime',)
+    ordering_fields = ('datetime', 'code', 'status')
+    filter_class = OrderFilter
+    lookup_field = 'code'
+    permission = 'can_view_orders'
+
+    def get_queryset(self):
+        return self.request.event.orders.prefetch_related(
+            'positions', 'positions__checkins', 'positions__item',
+        ).select_related(
+            'invoice_address'
+        )
+
+    def _get_output_provider(self, identifier):
+        responses = register_ticket_outputs.send(self.request.event)
+        for receiver, response in responses:
+            prov = response(self.request.event)
+            if prov.identifier == identifier:
+                return prov
+        raise NotFound('Unknown output provider.')
+
+    @detail_route(url_name='download', url_path='download/(?P<output>[^/]+)')
+    def download(self, request, output, **kwargs):
+        provider = self._get_output_provider(output)
+        order = self.get_object()
+
+        if order.status != Order.STATUS_PAID:
+            raise PermissionDenied("Downloads are not available for unpaid orders.")
+
+        ct = get_cachedticket_for_order(order, provider.identifier)
+
+        if not ct.file:
+            raise RetryException()
+        else:
+            resp = FileResponse(ct.file.file, content_type=ct.type)
+            resp['Content-Disposition'] = 'attachment; filename="{}-{}-{}{}"'.format(
+                self.request.event.slug.upper(), order.code,
+                provider.identifier, ct.extension
+            )
+            return resp
+
+
+class OrderPositionFilter(FilterSet):
+    order = django_filters.CharFilter(name='order', lookup_expr='code')
+    has_checkin = django_filters.rest_framework.BooleanFilter(method='has_checkin_qs')
+    attendee_name = django_filters.CharFilter(method='attendee_name_qs')
+
+    def has_checkin_qs(self, queryset, name, value):
+        return queryset.filter(checkins__isnull=not value)
+
+    def attendee_name_qs(self, queryset, name, value):
+        return queryset.filter(Q(attendee_name=value) | Q(addon_to__attendee_name=value))
+
+    class Meta:
+        model = OrderPosition
+        fields = ['item', 'variation', 'attendee_name', 'secret', 'order', 'order__status', 'has_checkin',
+                  'addon_to']
+
+
+class OrderPositionViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = OrderPositionSerializer
+    queryset = OrderPosition.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    ordering = ('order__datetime', 'positionid')
+    ordering_fields = ('order__code', 'order__datetime', 'positionid', 'attendee_name', 'order__status',)
+    filter_class = OrderPositionFilter
+    permission = 'can_view_orders'
+
+    def get_queryset(self):
+        return OrderPosition.objects.filter(order__event=self.request.event).prefetch_related(
+            'checkins',
+        ).select_related(
+            'item', 'order', 'order__event', 'order__event__organizer'
+        )
+
+    def _get_output_provider(self, identifier):
+        responses = register_ticket_outputs.send(self.request.event)
+        for receiver, response in responses:
+            prov = response(self.request.event)
+            if prov.identifier == identifier:
+                return prov
+        raise NotFound('Unknown output provider.')
+
+    @detail_route(url_name='download', url_path='download/(?P<output>[^/]+)')
+    def download(self, request, output, **kwargs):
+        provider = self._get_output_provider(output)
+        pos = self.get_object()
+
+        if pos.order.status != Order.STATUS_PAID:
+            raise PermissionDenied("Downloads are not available for unpaid orders.")
+        if pos.addon_to_id and not request.event.settings.ticket_download_addons:
+            raise PermissionDenied("Downloads are not enabled for add-on products.")
+        if not pos.item.admission and not request.event.settings.ticket_download_nonadm:
+            raise PermissionDenied("Downloads are not enabled for non-admission products.")
+
+        ct = get_cachedticket_for_position(pos, provider.identifier)
+
+        if not ct.file:
+            raise RetryException()
+        else:
+            resp = FileResponse(ct.file.file, content_type=ct.type)
+            resp['Content-Disposition'] = 'attachment; filename="{}-{}-{}-{}{}"'.format(
+                self.request.event.slug.upper(), pos.order.code, pos.positionid,
+                provider.identifier, ct.extension
+            )
+            return resp
+
+
+class InvoiceFilter(FilterSet):
+    refers = django_filters.CharFilter(name='refers', lookup_expr='invoice_no__iexact')
+    order = django_filters.CharFilter(name='order', lookup_expr='code__iexact')
+
+    class Meta:
+        model = Invoice
+        fields = ['order', 'invoice_no', 'is_cancellation', 'refers', 'locale']
+
+
+class RetryException(APIException):
+    status_code = 409
+    default_detail = 'The requested resource is not ready, please retry later.'
+    default_code = 'retry_later'
+
+
+class InvoiceViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = InvoiceSerializer
+    queryset = Invoice.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    ordering = ('invoice_no',)
+    ordering_fields = ('invoice_no', 'date')
+    filter_class = InvoiceFilter
+    lookup_field = 'invoice_no'
+    lookup_url_kwarg = 'invoice_no'
+    permission = 'can_view_orders'
+
+    def get_queryset(self):
+        return self.request.event.invoices.prefetch_related('lines').select_related('order')
+
+    @detail_route()
+    def download(self, request, **kwargs):
+        invoice = self.get_object()
+
+        if not invoice.file:
+            invoice_pdf(invoice.pk)
+            invoice.refresh_from_db()
+
+        if not invoice.file:
+            raise RetryException()
+
+        resp = FileResponse(invoice.file.file, content_type='application/pdf')
+        resp['Content-Disposition'] = 'attachment; filename="{}.pdf"'.format(invoice.number)
+        return resp

src/pretix/api/views/organizer.py

@@ -0,0 +1,20 @@
+from rest_framework import viewsets
+
+from pretix.api.serializers.organizer import OrganizerSerializer
+from pretix.base.models import Organizer
+
+
+class OrganizerViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = OrganizerSerializer
+    queryset = Organizer.objects.none()
+    lookup_field = 'slug'
+    lookup_url_kwarg = 'organizer'
+
+    def get_queryset(self):
+        if self.request.user.is_authenticated():
+            if self.request.user.is_superuser:
+                return Organizer.objects.all()
+            else:
+                return Organizer.objects.filter(pk__in=self.request.user.teams.values_list('organizer', flat=True))
+        else:
+            return Organizer.objects.filter(pk=self.request.auth.team.organizer_id)

src/pretix/api/views/voucher.py

@@ -0,0 +1,40 @@
+from django.db.models import F, Q
+from django.utils.timezone import now
+from django_filters.rest_framework import (
+    BooleanFilter, DjangoFilterBackend, FilterSet,
+)
+from rest_framework import viewsets
+from rest_framework.filters import OrderingFilter
+
+from pretix.api.serializers.voucher import VoucherSerializer
+from pretix.base.models import Voucher
+
+
+class VoucherFilter(FilterSet):
+    active = BooleanFilter(method='filter_active')
+
+    class Meta:
+        model = Voucher
+        fields = ['code', 'max_usages', 'redeemed', 'block_quota', 'allow_ignore_quota',
+                  'price_mode', 'value', 'item', 'variation', 'quota', 'tag']
+
+    def filter_active(self, queryset, name, value):
+        if value:
+            return queryset.filter(Q(redeemed__lt=F('max_usages')) &
+                                   (Q(valid_until__isnull=True) | Q(valid_until__gt=now())))
+        else:
+            return queryset.filter(Q(redeemed__gte=F('max_usages')) |
+                                   (Q(valid_until__isnull=False) & Q(valid_until__lte=now())))
+
+
+class VoucherViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = VoucherSerializer
+    queryset = Voucher.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    ordering = ('id',)
+    ordering_fields = ('id', 'code', 'max_usages', 'valid_until', 'value')
+    filter_class = VoucherFilter
+    permission = 'can_view_vouchers'
+
+    def get_queryset(self):
+        return self.request.event.vouchers.all()

src/pretix/api/views/waitinglist.py

@@ -0,0 +1,31 @@
+import django_filters
+from django_filters.rest_framework import DjangoFilterBackend, FilterSet
+from rest_framework import viewsets
+from rest_framework.filters import OrderingFilter
+
+from pretix.api.serializers.waitinglist import WaitingListSerializer
+from pretix.base.models import WaitingListEntry
+
+
+class WaitingListFilter(FilterSet):
+    has_voucher = django_filters.rest_framework.BooleanFilter(method='has_voucher_qs')
+
+    def has_voucher_qs(self, queryset, name, value):
+        return queryset.filter(voucher__isnull=not value)
+
+    class Meta:
+        model = WaitingListEntry
+        fields = ['item', 'variation', 'email', 'locale', 'has_voucher']
+
+
+class WaitingListViewSet(viewsets.ReadOnlyModelViewSet):
+    serializer_class = WaitingListSerializer
+    queryset = WaitingListEntry.objects.none()
+    filter_backends = (DjangoFilterBackend, OrderingFilter)
+    ordering = ('created',)
+    ordering_fields = ('id', 'created', 'email', 'item')
+    filter_class = WaitingListFilter
+    permission = 'can_view_orders'
+
+    def get_queryset(self):
+        return self.request.event.waitinglistentries.all()