Refs #654 -- Writable API methods for waiting list entries (#885)

* Refs #654 -- Writable API methods for waiting list entries

* Update test_waitinglist.py

src/pretix/api/serializers/waitinglist.py

@@ -1,3 +1,5 @@
+from rest_framework.exceptions import ValidationError
+
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.base.models import WaitingListEntry
 
@@ -7,3 +9,27 @@ class WaitingListSerializer(I18nAwareModelSerializer):
     class Meta:
         model = WaitingListEntry
         fields = ('id', 'created', 'email', 'voucher', 'item', 'variation', 'locale', 'subevent')
+        read_only_fields = ('id', 'created', 'voucher')
+
+    def validate(self, data):
+        data = super().validate(data)
+        event = self.context['event']
+
+        full_data = self.to_internal_value(self.to_representation(self.instance)) if self.instance else {}
+        full_data.update(data)
+
+        WaitingListEntry.clean_duplicate(full_data.get('email'), full_data.get('item'), full_data.get('variation'),
+                                         full_data.get('subevent'), self.instance.pk if self.instance else None)
+        WaitingListEntry.clean_itemvar(event, full_data.get('item'), full_data.get('variation'))
+        WaitingListEntry.clean_subevent(event, full_data.get('subevent'))
+
+        if 'item' in data or 'variation' in data:
+            availability = (
+                full_data.get('variation').check_quotas(count_waitinglist=True, subevent=full_data.get('subevent'))
+                if full_data.get('variation')
+                else full_data.get('item').check_quotas(count_waitinglist=True, subevent=full_data.get('subevent'))
+            )
+            if availability[0] == 100:
+                raise ValidationError("This product is currently available.")
+
+        return data

src/pretix/api/views/waitinglist.py

@@ -1,10 +1,14 @@
 import django_filters
 from django_filters.rest_framework import DjangoFilterBackend, FilterSet
 from rest_framework import viewsets
+from rest_framework.decorators import detail_route
+from rest_framework.exceptions import PermissionDenied, ValidationError
 from rest_framework.filters import OrderingFilter
+from rest_framework.response import Response
 
 from pretix.api.serializers.waitinglist import WaitingListSerializer
-from pretix.base.models import WaitingListEntry
+from pretix.base.models import TeamAPIToken, WaitingListEntry
+from pretix.base.models.waitinglist import WaitingListException
 
 
 class WaitingListFilter(FilterSet):
@@ -18,7 +22,7 @@ class WaitingListFilter(FilterSet):
         fields = ['item', 'variation', 'email', 'locale', 'has_voucher', 'subevent']
 
 
-class WaitingListViewSet(viewsets.ReadOnlyModelViewSet):
+class WaitingListViewSet(viewsets.ModelViewSet):
     serializer_class = WaitingListSerializer
     queryset = WaitingListEntry.objects.none()
     filter_backends = (DjangoFilterBackend, OrderingFilter)
@@ -26,6 +30,53 @@ class WaitingListViewSet(viewsets.ReadOnlyModelViewSet):
     ordering_fields = ('id', 'created', 'email', 'item')
     filter_class = WaitingListFilter
     permission = 'can_view_orders'
+    write_permission = 'can_change_orders'
 
     def get_queryset(self):
         return self.request.event.waitinglistentries.all()
+
+    def get_serializer_context(self):
+        ctx = super().get_serializer_context()
+        ctx['event'] = self.request.event
+        return ctx
+
+    def perform_create(self, serializer):
+        serializer.save(event=self.request.event)
+        serializer.instance.log_action(
+            'pretix.event.orders.waitinglist.added',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+        )
+
+    def perform_update(self, serializer):
+        if serializer.instance.voucher:
+            raise PermissionDenied('This entry can not be changed as it has already been assigned a voucher.')
+        serializer.save(event=self.request.event)
+        serializer.instance.log_action(
+            'pretix.event.orders.waitinglist.changed',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+        )
+
+    def perform_destroy(self, instance):
+        if instance.voucher:
+            raise PermissionDenied('This entry can not be deleted as it has already been assigned a voucher.')
+
+        instance.log_action(
+            'pretix.event.orders.waitinglist.deleted',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+        )
+        super().perform_destroy(instance)
+
+    @detail_route(methods=['POST'])
+    def send_voucher(self, *args, **kwargs):
+        try:
+            self.get_object().send_voucher(
+                user=self.request.user,
+                api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            )
+        except WaitingListException as e:
+            raise ValidationError(str(e))
+        else:
+            return Response(status=204)

src/pretix/base/models/waitinglist.py

@@ -73,15 +73,11 @@ class WaitingListEntry(LoggedModel):
         return '%s waits for %s' % (str(self.email), str(self.item))
 
     def clean(self):
-        if WaitingListEntry.objects.filter(
-            item=self.item, variation=self.variation, email=self.email, voucher__isnull=True
-        ).exclude(pk=self.pk).exists():
-            raise ValidationError(_('You are already on this waiting list! We will notify '
-                                    'you as soon as we have a ticket available for you.'))
-        if not self.variation and self.item.has_variations:
-            raise ValidationError(_('Please select a specific variation of this product.'))
+        WaitingListEntry.clean_duplicate(self.email, self.item, self.variation, self.subevent, self.pk)
+        WaitingListEntry.clean_itemvar(self.event, self.item, self.variation)
+        WaitingListEntry.clean_subevent(self.event, self.subevent)
 
-    def send_voucher(self, quota_cache=None, user=None):
+    def send_voucher(self, quota_cache=None, user=None, api_token=None):
         availability = (
             self.variation.check_quotas(count_waitinglist=False, subevent=self.subevent, _cache=quota_cache)
             if self.variation
@@ -116,8 +112,8 @@ class WaitingListEntry(LoggedModel):
                 'email': self.email,
                 'waitinglistentry': self.pk,
                 'subevent': self.subevent.pk if self.subevent else None,
-            }, user=user)
-            self.log_action('pretix.waitinglist.voucher', user=user)
+            }, user=user, api_token=api_token)
+            self.log_action('pretix.waitinglist.voucher', user=user, api_token=api_token)
             self.voucher = v
             self.save()
 
@@ -136,3 +132,29 @@ class WaitingListEntry(LoggedModel):
                 self.event,
                 locale=self.locale
             )
+
+    @staticmethod
+    def clean_itemvar(event, item, variation):
+        if event != item.event:
+            raise ValidationError(_('The selected item does not belong to this event.'))
+        if item.has_variations and (not variation or variation.item != item):
+            raise ValidationError(_('Please select a specific variation of this product.'))
+
+    @staticmethod
+    def clean_subevent(event, subevent):
+        if event.has_subevents:
+            if not subevent:
+                raise ValidationError(_('Subevent cannot be null for event series.'))
+            if event != subevent.event:
+                raise ValidationError(_('The subevent does not belong to this event.'))
+        else:
+            if subevent:
+                raise ValidationError(_('The subevent does not belong to this event.'))
+
+    @staticmethod
+    def clean_duplicate(email, item, variation, subevent, pk):
+        if WaitingListEntry.objects.filter(
+                item=item, variation=variation, email=email, voucher__isnull=True, subevent=subevent
+        ).exclude(pk=pk).exists():
+            raise ValidationError(_('You are already on this waiting list! We will notify '
+                                    'you as soon as we have a ticket available for you.'))

src/pretix/control/logdisplay.py

@@ -239,6 +239,9 @@ def pretixcontrol_logentry_display(sender: Event, logentry: LogEntry, **kwargs):
         'pretix.event.permissions.changed': _('A user\'s permissions have been changed.'),
         'pretix.event.permissions.deleted': _('A user has been removed from the event team.'),
         'pretix.waitinglist.voucher': _('A voucher has been sent to a person on the waiting list.'),
+        'pretix.event.orders.waitinglist.deleted': _('An entry has been removed from the waiting list.'),
+        'pretix.event.orders.waitinglist.changed': _('An entry has been changed on the waiting list.'),
+        'pretix.event.orders.waitinglist.added': _('An entry has been added to the waiting list.'),
         'pretix.team.created': _('The team has been created.'),
         'pretix.team.changed': _('The team settings have been changed.'),
         'pretix.team.deleted': _('The team has been deleted.'),

src/pretix/control/views/waitinglist.py

@@ -157,7 +157,7 @@ class EntryDelete(EventPermissionRequiredMixin, DeleteView):
     def delete(self, request, *args, **kwargs):
         self.object = self.get_object()
         success_url = self.get_success_url()
-        self.object.log_action('pretix.event.orders.waitinglist.delete', user=self.request.user)
+        self.object.log_action('pretix.event.orders.waitinglist.deleted', user=self.request.user)
         self.object.delete()
         messages.success(self.request, _('The selected entry has been deleted.'))
         return HttpResponseRedirect(success_url)