API: Writeable methods for vouchers (#639)

2017-10-12 14:09:44 +02:00
parent de086a2b07
commit be6496e569
11 changed files with 1029 additions and 109 deletions
--- a/src/pretix/api/views/voucher.py
+++ b/src/pretix/api/views/voucher.py
@@ -4,10 +4,12 @@ from django_filters.rest_framework import (
    BooleanFilter, DjangoFilterBackend, FilterSet,
 )
 from rest_framework import viewsets
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import OrderingFilter

 from pretix.api.serializers.voucher import VoucherSerializer
 from pretix.base.models import Voucher
+from pretix.base.models.organizer import TeamAPIToken


 class VoucherFilter(FilterSet):
@@ -27,7 +29,7 @@ class VoucherFilter(FilterSet):
                                   (Q(valid_until__isnull=False) & Q(valid_until__lte=now())))


-class VoucherViewSet(viewsets.ReadOnlyModelViewSet):
+class VoucherViewSet(viewsets.ModelViewSet):
    serializer_class = VoucherSerializer
    queryset = Voucher.objects.none()
    filter_backends = (DjangoFilterBackend, OrderingFilter)
@@ -35,6 +37,49 @@ class VoucherViewSet(viewsets.ReadOnlyModelViewSet):
    ordering_fields = ('id', 'code', 'max_usages', 'valid_until', 'value')
    filter_class = VoucherFilter
    permission = 'can_view_vouchers'
+    write_permission = 'can_change_vouchers'

    def get_queryset(self):
        return self.request.event.vouchers.all()
+
+    def create(self, request, *args, **kwargs):
+        with request.event.lock():
+            return super().create(request, *args, **kwargs)
+
+    def perform_create(self, serializer):
+        serializer.save(event=self.request.event)
+        serializer.instance.log_action(
+            'pretix.voucher.added',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            data=self.request.data
+        )
+
+    def get_serializer_context(self):
+        ctx = super().get_serializer_context()
+        ctx['event'] = self.request.event
+        return ctx
+
+    def update(self, request, *args, **kwargs):
+        with request.event.lock():
+            return super().update(request, *args, **kwargs)
+
+    def perform_update(self, serializer):
+        serializer.save(event=self.request.event)
+        serializer.instance.log_action(
+            'pretix.voucher.changed',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            data=self.request.data
+        )
+
+    def perform_destroy(self, instance):
+        if not instance.allow_delete():
+            raise PermissionDenied('This voucher can not be deleted as it has already been used.')
+
+        instance.log_action(
+            'pretix.voucher.deleted',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+        )
+        super().perform_destroy(instance)