API: Allow to change orders (#2552)

2026-05-03 14:54:04 +00:00 · 2022-03-30 17:36:10 +02:00
parent 76475039b5
commit 69375f4092
10 changed files with 5678 additions and 3568 deletions
--- a/src/pretix/api/views/order.py
+++ b/src/pretix/api/views/order.py
@@ -36,7 +36,7 @@ from django.utils.translation import gettext as _
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from django_scopes import scopes_disabled
 from PIL import Image
-from rest_framework import mixins, serializers, status, viewsets
+from rest_framework import serializers, status, viewsets
 from rest_framework.decorators import action
 from rest_framework.exceptions import (
    APIException, NotFound, PermissionDenied, ValidationError,
@@ -53,6 +53,12 @@ from pretix.api.serializers.order import (
    PriceCalcSerializer, RevokedTicketSecretSerializer,
    SimulatedOrderSerializer,
 )
+from pretix.api.serializers.orderchange import (
+    OrderChangeOperationSerializer, OrderFeeChangeSerializer,
+    OrderPositionChangeSerializer,
+    OrderPositionCreateForExistingOrderSerializer,
+    OrderPositionInfoPatchSerializer,
+)
 from pretix.base.i18n import language
 from pretix.base.models import (
    CachedCombinedTicket, CachedTicket, Checkin, Device, Event, Invoice,
@@ -782,6 +788,79 @@ class OrderViewSet(viewsets.ModelViewSet):
        with transaction.atomic():
            self.get_object().gracefully_delete(user=self.request.user if self.request.user.is_authenticated else None, auth=self.request.auth)

+    @action(detail=True, methods=['POST'])
+    def change(self, request, **kwargs):
+        order = self.get_object()
+
+        serializer = OrderChangeOperationSerializer(
+            context={'order': order, **self.get_serializer_context()},
+            data=request.data,
+        )
+        serializer.is_valid(raise_exception=True)
+
+        try:
+            ocm = OrderChangeManager(
+                order=order,
+                user=self.request.user if self.request.user.is_authenticated else None,
+                auth=request.auth,
+                notify=serializer.validated_data.get('send_email', False),
+                reissue_invoice=serializer.validated_data.get('reissue_invoice', True),
+            )
+
+            canceled_positions = set()
+            for r in serializer.validated_data.get('cancel_positions', []):
+                ocm.cancel(r['position'])
+                canceled_positions.add(r['position'])
+
+            for r in serializer.validated_data.get('patch_positions', []):
+                if r['position'] in canceled_positions:
+                    continue
+                pos_serializer = OrderPositionChangeSerializer(
+                    context={'ocm': ocm, 'commit': False, 'event': request.event, **self.get_serializer_context()},
+                    partial=True,
+                )
+                pos_serializer.update(r['position'], r['body'])
+
+            for r in serializer.validated_data.get('split_positions', []):
+                if r['position'] in canceled_positions:
+                    continue
+                ocm.split(r['position'])
+
+            for r in serializer.validated_data.get('create_positions', []):
+                pos_serializer = OrderPositionCreateForExistingOrderSerializer(
+                    context={'ocm': ocm, 'commit': False, 'event': request.event, **self.get_serializer_context()},
+                )
+                pos_serializer.create(r)
+
+            canceled_fees = set()
+            for r in serializer.validated_data.get('cancel_fees', []):
+                ocm.cancel_fee(r['fee'])
+                canceled_fees.add(r['fee'])
+
+            for r in serializer.validated_data.get('patch_fees', []):
+                if r['fee'] in canceled_fees:
+                    continue
+                pos_serializer = OrderFeeChangeSerializer(
+                    context={'ocm': ocm, 'commit': False, 'event': request.event, **self.get_serializer_context()},
+                )
+                pos_serializer.update(r['fee'], r['body'])
+
+            if serializer.validated_data.get('recalculate_taxes') == 'keep_net':
+                ocm.recalculate_taxes(keep='net')
+            elif serializer.validated_data.get('recalculate_taxes') == 'keep_gross':
+                ocm.recalculate_taxes(keep='gross')
+
+            ocm.commit()
+        except OrderError as e:
+            raise ValidationError(str(e))
+
+        order.refresh_from_db()
+        serializer = OrderSerializer(
+            instance=order,
+            context=self.get_serializer_context(),
+        )
+        return Response(serializer.data)
+

 with scopes_disabled():
    class OrderPositionFilter(FilterSet):
@@ -823,7 +902,7 @@ with scopes_disabled():
            }


-class OrderPositionViewSet(mixins.DestroyModelMixin, mixins.UpdateModelMixin, viewsets.ReadOnlyModelViewSet):
+class OrderPositionViewSet(viewsets.ModelViewSet):
    serializer_class = OrderPositionSerializer
    queryset = OrderPosition.all.none()
    filter_backends = (DjangoFilterBackend, OrderingFilter)
@@ -1060,6 +1139,25 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, mixins.UpdateModelMixin, vi
                )
                return resp

+    @action(detail=True, methods=['POST'])
+    def regenerate_secrets(self, request, **kwargs):
+        instance = self.get_object()
+        try:
+            ocm = OrderChangeManager(
+                instance.order,
+                user=self.request.user if self.request.user.is_authenticated else None,
+                auth=self.request.auth,
+                notify=False,
+                reissue_invoice=False,
+            )
+            ocm.regenerate_secret(instance)
+            ocm.commit()
+        except OrderError as e:
+            raise ValidationError(str(e))
+        except Quota.QuotaExceededException as e:
+            raise ValidationError(str(e))
+        return self.retrieve(request, [], **kwargs)
+
    def perform_destroy(self, instance):
        try:
            ocm = OrderChangeManager(
@@ -1075,18 +1173,33 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, mixins.UpdateModelMixin, vi
        except Quota.QuotaExceededException as e:
            raise ValidationError(str(e))

-    def update(self, request, *args, **kwargs):
-        partial = kwargs.get('partial', False)
-        if not partial:
-            return Response(
-                {"detail": "Method \"PUT\" not allowed."},
-                status=status.HTTP_405_METHOD_NOT_ALLOWED,
-            )
-        return super().update(request, *args, **kwargs)
-
-    def perform_update(self, serializer):
+    def create(self, request, *args, **kwargs):
        with transaction.atomic():
-            old_data = self.get_serializer_class()(instance=serializer.instance, context=self.get_serializer_context()).data
+            serializer = OrderPositionCreateForExistingOrderSerializer(
+                data=request.data,
+                context=self.get_serializer_context(),
+            )
+            serializer.is_valid(raise_exception=True)
+            order = serializer.validated_data['order']
+            ocm = OrderChangeManager(
+                order=order,
+                user=self.request.user if self.request.user.is_authenticated else None,
+                auth=request.auth,
+                notify=False,
+                reissue_invoice=False,
+            )
+            serializer.context['ocm'] = ocm
+            serializer.save()
+
+            # Fields that can be easily patched after the position was added
+            old_data = OrderPositionInfoPatchSerializer(instance=serializer.instance, context=self.get_serializer_context()).data
+            serializer = OrderPositionInfoPatchSerializer(
+                instance=serializer.instance,
+                context=self.get_serializer_context(),
+                partial=True,
+                data=request.data
+            )
+            serializer.is_valid(raise_exception=True)
            serializer.save()
            new_data = serializer.data

@@ -1109,9 +1222,77 @@ class OrderPositionViewSet(mixins.DestroyModelMixin, mixins.UpdateModelMixin, vi
                        ]
                    }
                )
+                tickets.invalidate_cache.apply_async(
+                    kwargs={'event': serializer.instance.order.event.pk, 'order': serializer.instance.order.pk})
+                order_modified.send(sender=serializer.instance.order.event, order=serializer.instance.order)
+        return Response(
+            OrderPositionSerializer(serializer.instance, context=self.get_serializer_context()).data,
+            status=status.HTTP_201_CREATED,
+        )

-        tickets.invalidate_cache.apply_async(kwargs={'event': serializer.instance.order.event.pk, 'order': serializer.instance.order.pk})
-        order_modified.send(sender=serializer.instance.order.event, order=serializer.instance.order)
+    def update(self, request, *args, **kwargs):
+        partial = kwargs.get('partial', False)
+        if not partial:
+            return Response(
+                {"detail": "Method \"PUT\" not allowed."},
+                status=status.HTTP_405_METHOD_NOT_ALLOWED,
+            )
+
+        with transaction.atomic():
+            instance = self.get_object()
+            ocm = OrderChangeManager(
+                order=instance.order,
+                user=self.request.user if self.request.user.is_authenticated else None,
+                auth=request.auth,
+                notify=False,
+                reissue_invoice=False,
+            )
+
+            # Field that need to go through OrderChangeManager
+            serializer = OrderPositionChangeSerializer(
+                instance=instance,
+                context={'ocm': ocm, **self.get_serializer_context()},
+                partial=True,
+                data=request.data
+            )
+            serializer.is_valid(raise_exception=True)
+            serializer.save()
+
+            # Fields that can be easily patched
+            old_data = OrderPositionInfoPatchSerializer(instance=instance, context=self.get_serializer_context()).data
+            serializer = OrderPositionInfoPatchSerializer(
+                instance=instance,
+                context=self.get_serializer_context(),
+                partial=True,
+                data=request.data
+            )
+            serializer.is_valid(raise_exception=True)
+            serializer.save()
+            new_data = serializer.data
+
+            if old_data != new_data:
+                log_data = self.request.data
+                if 'answers' in log_data:
+                    for a in new_data['answers']:
+                        log_data[f'question_{a["question"]}'] = a["answer"]
+                    log_data.pop('answers', None)
+                serializer.instance.order.log_action(
+                    'pretix.event.order.modified',
+                    user=self.request.user,
+                    auth=self.request.auth,
+                    data={
+                        'data': [
+                            dict(
+                                position=serializer.instance.pk,
+                                **log_data
+                            )
+                        ]
+                    }
+                )
+                tickets.invalidate_cache.apply_async(kwargs={'event': serializer.instance.order.event.pk, 'order': serializer.instance.order.pk})
+                order_modified.send(sender=serializer.instance.order.event, order=serializer.instance.order)
+
+        return Response(self.get_serializer_class()(instance=serializer.instance, context=self.get_serializer_context()).data)


 class PaymentViewSet(CreateModelMixin, viewsets.ReadOnlyModelViewSet):