Approvals

src/pretix/api/serializers/item.py

@@ -79,7 +79,7 @@ class ItemSerializer(I18nAwareModelSerializer):
                   'position', 'picture', 'available_from', 'available_until',
                   'require_voucher', 'hide_without_voucher', 'allow_cancel',
                   'min_per_order', 'max_per_order', 'checkin_attention', 'has_variations',
-                  'variations', 'addons', 'original_price')
+                  'variations', 'addons', 'original_price', 'require_approval')
         read_only_fields = ('has_variations', 'picture')
 
     def get_serializer_context(self):

src/pretix/api/serializers/order.py

@@ -213,7 +213,7 @@ class OrderSerializer(I18nAwareModelSerializer):
         model = Order
         fields = ('code', 'status', 'secret', 'email', 'locale', 'datetime', 'expires', 'payment_date',
                   'payment_provider', 'fees', 'total', 'comment', 'invoice_address', 'positions', 'downloads',
-                  'checkin_attention', 'last_modified', 'payments', 'refunds')
+                  'checkin_attention', 'last_modified', 'payments', 'refunds', 'require_approval')
 
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)

src/pretix/api/views/order.py

@@ -35,7 +35,7 @@ from pretix.base.services.invoices import (
 )
 from pretix.base.services.mail import SendMailException
 from pretix.base.services.orders import (
-    OrderChangeManager, OrderError, cancel_order, extend_order,
+    OrderChangeManager, OrderError, approve_order, cancel_order, deny_order, extend_order,
     mark_order_expired, mark_order_refunded,
 )
 from pretix.base.services.tickets import (
@@ -52,7 +52,7 @@ class OrderFilter(FilterSet):
 
     class Meta:
         model = Order
-        fields = ['code', 'status', 'email', 'locale']
+        fields = ['code', 'status', 'email', 'locale', 'require_approval']
 
 
 class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
@@ -182,6 +182,42 @@ class OrderViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):
         )
         return self.retrieve(request, [], **kwargs)
 
+    @detail_route(methods=['POST'])
+    def approve(self, request, **kwargs):
+        send_mail = request.data.get('send_email', True)
+
+        order = self.get_object()
+        try:
+            approve_order(
+                order,
+                user=request.user if request.user.is_authenticated else None,
+                auth=request.auth if isinstance(request.auth, (TeamAPIToken, OAuthAccessToken)) else None,
+                send_mail=send_mail,
+            )
+        except Quota.QuotaExceededException as e:
+            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        except OrderError as e:
+            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        return self.retrieve(request, [], **kwargs)
+
+    @detail_route(methods=['POST'])
+    def deny(self, request, **kwargs):
+        send_mail = request.data.get('send_email', True)
+        comment = request.data.get('comment', '')
+
+        order = self.get_object()
+        try:
+            deny_order(
+                order,
+                user=request.user if request.user.is_authenticated else None,
+                auth=request.auth if isinstance(request.auth, (TeamAPIToken, OAuthAccessToken)) else None,
+                send_mail=send_mail,
+                comment=comment,
+            )
+        except OrderError as e:
+            return Response({'detail': str(e)}, status=status.HTTP_400_BAD_REQUEST)
+        return self.retrieve(request, [], **kwargs)
+
     @detail_route(methods=['POST'])
     def mark_pending(self, request, **kwargs):
         order = self.get_object()