API: Writeable methods for vouchers (#639)

2026-05-05 15:14:04 +00:00 · 2017-10-12 14:09:44 +02:00
parent de086a2b07
commit be6496e569
11 changed files with 1029 additions and 109 deletions
--- a/src/pretix/api/serializers/voucher.py
+++ b/src/pretix/api/serializers/voucher.py
@@ -8,3 +8,36 @@ class VoucherSerializer(I18nAwareModelSerializer):
        fields = ('id', 'code', 'max_usages', 'redeemed', 'valid_until', 'block_quota',
                  'allow_ignore_quota', 'price_mode', 'value', 'item', 'variation', 'quota',
                  'tag', 'comment', 'subevent')
+        read_only_fields = ('id', 'redeemed')
+
+    def validate(self, data):
+        data = super().validate(data)
+
+        full_data = self.to_internal_value(self.to_representation(self.instance)) if self.instance else {}
+        full_data.update(data)
+
+        Voucher.clean_item_properties(
+            full_data, self.context.get('event'),
+            full_data.get('quota'), full_data.get('item'), full_data.get('variation')
+        )
+        Voucher.clean_subevent(
+            full_data, self.context.get('event')
+        )
+        Voucher.clean_max_usages(full_data, self.instance.redeemed if self.instance else 0)
+        check_quota = Voucher.clean_quota_needs_checking(
+            full_data, self.instance,
+            item_changed=self.instance and (
+                full_data.get('item') != self.instance.item or
+                full_data.get('variation') != self.instance.variation or
+                full_data.get('quota') != self.instance.quota
+            ),
+            creating=not self.instance
+        )
+        if check_quota:
+            Voucher.clean_quota_check(
+                full_data, 1, self.instance, self.context.get('event'),
+                full_data.get('quota'), full_data.get('item'), full_data.get('variation')
+            )
+        Voucher.clean_voucher_code(full_data, self.context.get('event'), self.instance.pk if self.instance else None)
+
+        return data
--- a/src/pretix/api/views/voucher.py
+++ b/src/pretix/api/views/voucher.py
@@ -4,10 +4,12 @@ from django_filters.rest_framework import (
    BooleanFilter, DjangoFilterBackend, FilterSet,
 )
 from rest_framework import viewsets
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.filters import OrderingFilter

 from pretix.api.serializers.voucher import VoucherSerializer
 from pretix.base.models import Voucher
+from pretix.base.models.organizer import TeamAPIToken


 class VoucherFilter(FilterSet):
@@ -27,7 +29,7 @@ class VoucherFilter(FilterSet):
                                   (Q(valid_until__isnull=False) & Q(valid_until__lte=now())))


-class VoucherViewSet(viewsets.ReadOnlyModelViewSet):
+class VoucherViewSet(viewsets.ModelViewSet):
    serializer_class = VoucherSerializer
    queryset = Voucher.objects.none()
    filter_backends = (DjangoFilterBackend, OrderingFilter)
@@ -35,6 +37,49 @@ class VoucherViewSet(viewsets.ReadOnlyModelViewSet):
    ordering_fields = ('id', 'code', 'max_usages', 'valid_until', 'value')
    filter_class = VoucherFilter
    permission = 'can_view_vouchers'
+    write_permission = 'can_change_vouchers'

    def get_queryset(self):
        return self.request.event.vouchers.all()
+
+    def create(self, request, *args, **kwargs):
+        with request.event.lock():
+            return super().create(request, *args, **kwargs)
+
+    def perform_create(self, serializer):
+        serializer.save(event=self.request.event)
+        serializer.instance.log_action(
+            'pretix.voucher.added',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            data=self.request.data
+        )
+
+    def get_serializer_context(self):
+        ctx = super().get_serializer_context()
+        ctx['event'] = self.request.event
+        return ctx
+
+    def update(self, request, *args, **kwargs):
+        with request.event.lock():
+            return super().update(request, *args, **kwargs)
+
+    def perform_update(self, serializer):
+        serializer.save(event=self.request.event)
+        serializer.instance.log_action(
+            'pretix.voucher.changed',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+            data=self.request.data
+        )
+
+    def perform_destroy(self, instance):
+        if not instance.allow_delete():
+            raise PermissionDenied('This voucher can not be deleted as it has already been used.')
+
+        instance.log_action(
+            'pretix.voucher.deleted',
+            user=self.request.user,
+            api_token=(self.request.auth if isinstance(self.request.auth, TeamAPIToken) else None),
+        )
+        super().perform_destroy(instance)