From a0e7bd3996e3c079cdf68ca2140268c4184fc2b2 Mon Sep 17 00:00:00 2001 From: Raphael Michel Date: Wed, 11 Oct 2017 00:09:53 +0200 Subject: [PATCH] API: Add write operations to taxrules resource --- doc/api/resources/taxrules.rst | 133 +++++++++++++++++++++++++++++- src/pretix/api/views/event.py | 33 +++++++- src/pretix/base/models/tax.py | 10 +++ src/pretix/control/views/event.py | 16 +--- src/tests/api/conftest.py | 1 + src/tests/api/test_permissions.py | 4 + src/tests/api/test_taxrules.py | 60 ++++++++++++++ 7 files changed, 239 insertions(+), 18 deletions(-) diff --git a/doc/api/resources/taxrules.rst b/doc/api/resources/taxrules.rst index c5b5a9f868..57bde9364a 100644 --- a/doc/api/resources/taxrules.rst +++ b/doc/api/resources/taxrules.rst @@ -25,6 +25,10 @@ home_country string Merchant countr This resource has been added. +.. versionchanged:: 1.9 + + The write operations ``POST``, ``PATCH``, ``PUT``, and ``DELETE`` have been added. + Endpoints --------- @@ -47,7 +51,7 @@ Endpoints HTTP/1.1 200 OK Vary: Accept - Content-Type: text/javascript + Content-Type: application/json { "count": 1, @@ -90,7 +94,7 @@ Endpoints HTTP/1.1 200 OK Vary: Accept - Content-Type: text/javascript + Content-Type: application/json { "id": 1, @@ -103,7 +107,128 @@ Endpoints :param organizer: The ``slug`` field of the organizer to fetch :param event: The ``slug`` field of the event to fetch - :param id: The ``slug`` field of the sub-event to fetch + :param id: The ``id`` field of the tax rule to fetch :statuscode 200: no error :statuscode 401: Authentication failure - :statuscode 403: The requested organizer/event does not exist **or** you have no permission to view it. + :statuscode 403: The requested organizer/event/rule does not exist **or** you have no permission to view it. + +.. http:post:: /api/v1/organizers/(organizer)/events/(event)/taxrules/ + + Create a new tax rule. + + **Example request**: + + .. sourcecode:: http + + POST /api/v1/organizers/bigevents/events/sampleconf/taxrules/ HTTP/1.1 + Host: pretix.eu + Accept: application/json, text/javascript + Content-Type: application/json + Content-Length: 166 + + { + "name": {"en": "VAT"}, + "rate": "19.00", + "price_includes_tax": true, + "eu_reverse_charge": false, + "home_country": "DE" + } + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 201 Created + Vary: Accept + Content-Type: application/json + + { + "id": 1, + "name": {"en": "VAT"}, + "rate": "19.00", + "price_includes_tax": true, + "eu_reverse_charge": false, + "home_country": "DE" + } + + :param organizer: The ``slug`` field of the organizer to create a tax rule for + :param event: The ``slug`` field of the event to create a tax rule for + :statuscode 200: no error + :statuscode 401: Authentication failure + :statuscode 403: The requested organizer/event does not exist **or** you have no permission to create tax rules. + + +.. http:patch:: /api/v1/organizers/(organizer)/events/(event)/taxrules/(id)/ + + Update a tax rule. You can also use ``PUT`` instead of ``PATCH``. With ``PUT``, you have to provide all fields of + the resource, other fields will be resetted to defaukt. With ``PATCH``, you only need to provide the fields that you + want to change. + + **Example request**: + + .. sourcecode:: http + + PATCH /api/v1/organizers/bigevents/events/sampleconf/taxrules/1/ HTTP/1.1 + Host: pretix.eu + Accept: application/json, text/javascript + Content-Type: application/json + Content-Length: 34 + + { + "rate": "20.00", + } + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 200 OK + Vary: Accept + Content-Type: text/javascript + + { + "id": 1, + "name": {"en": "VAT"}, + "rate": "20.00", + "price_includes_tax": true, + "eu_reverse_charge": false, + "home_country": "DE" + } + + :param organizer: The ``slug`` field of the organizer to modify + :param event: The ``slug`` field of the event to modify + :param id: The ``id`` field of the tax rule to modify + :statuscode 200: no error + :statuscode 401: Authentication failure + :statuscode 403: The requested organizer/event/rule does not exist **or** you have no permission to change it. + + +.. http:delete:: /api/v1/organizers/(organizer)/events/(event)/taxrules/(id)/ + + Delete a tax rule. Note that tax rules can only be deleted if they are not in use for any products, settings + or orders. If you cannot delete a tax rule, this method will return a ``403`` status code and you can only + discontinue using it everywhere else. + + **Example request**: + + .. sourcecode:: http + + DELETE /api/v1/organizers/bigevents/events/sampleconf/taxrules/1/ HTTP/1.1 + Host: pretix.eu + Accept: application/json, text/javascript + + **Example response**: + + .. sourcecode:: http + + HTTP/1.1 204 No Content + Vary: Accept + Content-Type: text/javascript + + :param organizer: The ``slug`` field of the organizer to modify + :param event: The ``slug`` field of the event to modify + :param id: The ``id`` field of the tax rule to delete + :statuscode 200: no error + :statuscode 401: Authentication failure + :statuscode 403: The requested organizer/event/rule does not exist **or** you have no permission to change it + **or** this tax rule cannot be deleted since it is currently in use. diff --git a/src/pretix/api/views/event.py b/src/pretix/api/views/event.py index 5fd6518179..d8ea999ab6 100644 --- a/src/pretix/api/views/event.py +++ b/src/pretix/api/views/event.py @@ -1,11 +1,13 @@ from django_filters.rest_framework import DjangoFilterBackend, FilterSet from rest_framework import filters, viewsets +from rest_framework.exceptions import PermissionDenied from pretix.api.serializers.event import ( EventSerializer, SubEventSerializer, TaxRuleSerializer, ) from pretix.base.models import Event, ItemCategory, TaxRule from pretix.base.models.event import SubEvent +from pretix.base.models.organizer import TeamAPIToken class EventViewSet(viewsets.ReadOnlyModelViewSet): @@ -36,10 +38,39 @@ class SubEventViewSet(viewsets.ReadOnlyModelViewSet): ) -class TaxRuleViewSet(viewsets.ReadOnlyModelViewSet): +class TaxRuleViewSet(viewsets.ModelViewSet): serializer_class = TaxRuleSerializer queryset = TaxRule.objects.none() write_permission = 'can_change_event_settings' def get_queryset(self): return self.request.event.tax_rules.all() + + def perform_update(self, serializer): + super().perform_update(serializer) + serializer.instance.log_action( + 'pretix.event.taxrule.changed', + user=self.request.user, + api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None), + data=self.request.data + ) + + def perform_create(self, serializer): + serializer.save(event=self.request.event) + serializer.instance.log_action( + 'pretix.event.taxrule.added', + user=self.request.user, + api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None), + data=self.request.data + ) + + def perform_destroy(self, instance): + if not instance.allow_delete(): + raise PermissionDenied('This tax rule can not be deleted as it is currently in use.') + + instance.log_action( + 'pretix.event.taxrule.deleted', + user=self.request.user, + api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None), + ) + super().perform_destroy(instance) diff --git a/src/pretix/base/models/tax.py b/src/pretix/base/models/tax.py index b2fe0efe88..275e5cf950 100644 --- a/src/pretix/base/models/tax.py +++ b/src/pretix/base/models/tax.py @@ -81,6 +81,16 @@ class TaxRule(LoggedModel): 'if configured above.'), ) + def allow_delete(self): + from pretix.base.models.orders import OrderFee, OrderPosition + + return ( + not OrderFee.objects.filter(tax_rule=self, order__event=self.event).exists() + and not OrderPosition.objects.filter(tax_rule=self, order__event=self.event).exists() + and not self.event.items.filter(tax_rule=self).exists() + and self.event.settings.tax_rate_default != self + ) + @classmethod def zero(cls): return cls( diff --git a/src/pretix/control/views/event.py b/src/pretix/control/views/event.py index 02d4a35e0b..0ef0d6d725 100644 --- a/src/pretix/control/views/event.py +++ b/src/pretix/control/views/event.py @@ -26,10 +26,9 @@ from pytz import timezone from pretix.base.models import ( CachedCombinedTicket, CachedTicket, Event, Item, ItemVariation, LogEntry, - Order, OrderPosition, RequiredAction, TaxRule, Voucher, + Order, RequiredAction, TaxRule, Voucher, ) from pretix.base.models.event import EventMetaValue -from pretix.base.models.orders import OrderFee from pretix.base.services import tickets from pretix.base.services.invoices import build_preview_invoice_pdf from pretix.base.signals import event_live_issues, register_ticket_outputs @@ -972,7 +971,7 @@ class TaxDelete(EventSettingsViewMixin, EventPermissionRequiredMixin, DeleteView def delete(self, request, *args, **kwargs): self.object = self.get_object() success_url = self.get_success_url() - if self.is_allowed(): + if self.object.allow_delete(): self.object.log_action(action='pretix.event.taxrule.deleted', user=request.user) self.object.delete() messages.success(self.request, _('The selected tax rule has been deleted.')) @@ -986,16 +985,7 @@ class TaxDelete(EventSettingsViewMixin, EventPermissionRequiredMixin, DeleteView 'event': self.request.event.slug, }) - def is_allowed(self) -> bool: - o = self.object - return ( - not OrderFee.objects.filter(tax_rule=o, order__event=self.request.event).exists() - and not OrderPosition.objects.filter(tax_rule=o, order__event=self.request.event).exists() - and not self.request.event.items.filter(tax_rule=o).exists() - and self.request.event.settings.tax_rate_default != o - ) - def get_context_data(self, *args, **kwargs) -> dict: context = super().get_context_data(*args, **kwargs) - context['possible'] = self.is_allowed() + context['possible'] = self.object.allow_delete() return context diff --git a/src/tests/api/conftest.py b/src/tests/api/conftest.py index 04e97094e1..7c7810f6e8 100644 --- a/src/tests/api/conftest.py +++ b/src/tests/api/conftest.py @@ -38,6 +38,7 @@ def team(organizer): return Team.objects.create( organizer=organizer, can_change_items=True, + can_change_event_settings=True ) diff --git a/src/tests/api/test_permissions.py b/src/tests/api/test_permissions.py index 3a7179ef34..2e258dd0e4 100644 --- a/src/tests/api/test_permissions.py +++ b/src/tests/api/test_permissions.py @@ -26,6 +26,10 @@ event_permission_urls = [ ('get', 'can_change_items', 'items/', 200), ('get', 'can_change_items', 'questions/', 200), ('get', 'can_change_items', 'quotas/', 200), + ('post', 'can_change_event_settings', 'taxrules/', 400), + ('put', 'can_change_event_settings', 'taxrules/1/', 404), + ('patch', 'can_change_event_settings', 'taxrules/1/', 404), + ('delete', 'can_change_event_settings', 'taxrules/1/', 404), ] diff --git a/src/tests/api/test_taxrules.py b/src/tests/api/test_taxrules.py index d790c48960..7bab472be7 100644 --- a/src/tests/api/test_taxrules.py +++ b/src/tests/api/test_taxrules.py @@ -1,5 +1,9 @@ +from decimal import Decimal + import pytest +from pretix.base.models import TaxRule + TEST_TAXRULE_RES = { 'name': {'en': 'VAT'}, 'rate': '19.00', @@ -26,3 +30,59 @@ def test_rule_detail(token_client, organizer, event, taxrule): taxrule.pk)) assert resp.status_code == 200 assert res == resp.data + + +@pytest.mark.django_db +def test_rule_create(token_client, organizer, event): + resp = token_client.post( + '/api/v1/organizers/{}/events/{}/taxrules/'.format(organizer.slug, event.slug), + { + "name": {"en": "VAT", "de": "MwSt"}, + "rate": "19.00", + "price_includes_tax": True, + "eu_reverse_charge": False, + "home_country": "DE" + }, + format='json' + ) + assert resp.status_code == 201 + rule = TaxRule.objects.get(pk=resp.data['id']) + assert rule.name.data == {"en": "VAT", "de": "MwSt"} + assert rule.rate == Decimal("19.00") + assert rule.price_includes_tax is True + assert rule.eu_reverse_charge is False + assert str(rule.home_country) == "DE" + + +@pytest.mark.django_db +def test_rule_update(token_client, organizer, event, taxrule): + resp = token_client.patch( + '/api/v1/organizers/{}/events/{}/taxrules/{}/'.format(organizer.slug, event.slug, taxrule.pk), + { + "rate": "20.00", + }, + format='json' + ) + assert resp.status_code == 200 + taxrule.refresh_from_db() + assert taxrule.rate == Decimal("20.00") + assert taxrule.all_logentries().last().action_type == 'pretix.event.taxrule.changed' + + +@pytest.mark.django_db +def test_rule_delete(token_client, organizer, event, taxrule): + resp = token_client.delete( + '/api/v1/organizers/{}/events/{}/taxrules/{}/'.format(organizer.slug, event.slug, taxrule.pk), + ) + assert resp.status_code == 200 + assert not event.taxrules.exists() + + +@pytest.mark.django_db +def test_rule_delete_forbidden(token_client, organizer, event, taxrule): + event.items.create(name="Budget Ticket", default_price=23, tax_rule=taxrule) + resp = token_client.delete( + '/api/v1/organizers/{}/events/{}/taxrules/{}/'.format(organizer.slug, event.slug, taxrule.pk), + ) + assert resp.status_code == 403 + assert event.taxrules.exists()