Coverage for website/sales/api/v2/admin/views.py: 90.29%

85 statements  

« prev     ^ index     » next       coverage.py v7.6.7, created at 2025-08-14 10:31 +0000

1from oauth2_provider.contrib.rest_framework import IsAuthenticatedOrTokenHasScope 

2from rest_framework import exceptions 

3from rest_framework import filters as framework_filters 

4from rest_framework.exceptions import PermissionDenied 

5from rest_framework.generics import get_object_or_404 

6from rest_framework.permissions import DjangoModelPermissions 

7 

8from sales.api.v2 import filters 

9from sales.api.v2.admin.permissions import IsManager 

10from sales.api.v2.admin.serializers.order import OrderListSerializer, OrderSerializer 

11from sales.api.v2.admin.serializers.shift import ShiftSerializer 

12from sales.models.order import Order 

13from sales.models.shift import Shift 

14from thaliawebsite.api.v2.admin import ( 

15 AdminCreateAPIView, 

16 AdminDestroyAPIView, 

17 AdminListAPIView, 

18 AdminRetrieveAPIView, 

19 AdminUpdateAPIView, 

20) 

21 

22 

23class ShiftListView(AdminListAPIView): 

24 """Returns an overview of all sales shifts.""" 

25 

26 serializer_class = ShiftSerializer 

27 queryset = Shift.objects.all() 

28 filter_backends = ( 

29 framework_filters.OrderingFilter, 

30 framework_filters.SearchFilter, 

31 filters.ShiftActiveFilter, 

32 filters.ShiftLockedFilter, 

33 filters.ShiftDateFilter, 

34 ) 

35 ordering_fields = ("start", "end") 

36 permission_classes = [IsAuthenticatedOrTokenHasScope, DjangoModelPermissions] 

37 required_scopes = ["sales:admin"] 

38 

39 def get_queryset(self): 

40 queryset = super().get_queryset().filter(locked=False) 

41 

42 if not self.request.member: 42 ↛ 43line 42 didn't jump to line 43 because the condition on line 42 was never true

43 queryset = queryset.none() 

44 elif not self.request.member.has_perm("sales.override_manager"): 

45 queryset = queryset.filter( 

46 managers__in=self.request.member.get_member_groups() 

47 ).distinct() 

48 

49 queryset = queryset.select_properties( 

50 "active", 

51 "total_revenue", 

52 "total_revenue_paid", 

53 "num_orders", 

54 "num_orders_paid", 

55 ) 

56 queryset = queryset.prefetch_related("event", "product_list") 

57 queryset = queryset.prefetch_related( 

58 "orders__order_items", 

59 ) 

60 return queryset 

61 

62 

63class ShiftDetailView(AdminRetrieveAPIView): 

64 serializer_class = ShiftSerializer 

65 queryset = Shift.objects.all() 

66 permission_classes = [ 

67 IsAuthenticatedOrTokenHasScope, 

68 DjangoModelPermissions, 

69 IsManager, 

70 ] 

71 required_scopes = ["sales:admin"] 

72 

73 

74class OrderListView(AdminListAPIView, AdminCreateAPIView): 

75 method_serializer_classes = { 

76 ("GET",): OrderListSerializer, 

77 ("POST",): OrderSerializer, 

78 } 

79 permission_classes = [ 

80 IsAuthenticatedOrTokenHasScope, 

81 DjangoModelPermissions, 

82 IsManager, 

83 ] 

84 required_scopes = ["sales:admin"] 

85 shift_lookup_field = "pk" 

86 

87 def get_serializer_class(self): 

88 for methods, serializer_cls in self.method_serializer_classes.items(): 88 ↛ 91line 88 didn't jump to line 91 because the loop on line 88 didn't complete

89 if self.request.method in methods: 

90 return serializer_cls 

91 raise exceptions.MethodNotAllowed(self.request.method) 

92 

93 def create(self, request, *args, **kwargs): 

94 shift = Shift.objects.get(pk=kwargs["pk"]) 

95 if shift.locked: 95 ↛ 96line 95 didn't jump to line 96 because the condition on line 95 was never true

96 raise PermissionDenied 

97 

98 return super().create(request, args, kwargs) 

99 

100 def perform_create(self, serializer): 

101 serializer.save(created_by_id=self.request.member.pk) 

102 

103 def get_queryset(self): 

104 queryset = Order.objects.all() 

105 

106 pk = self.kwargs.get("pk") 

107 if pk: 107 ↛ 110line 107 didn't jump to line 110 because the condition on line 107 was always true

108 queryset = queryset.filter(shift=pk) 

109 

110 queryset = queryset.select_properties( 

111 "total_amount", "subtotal", "num_items", "age_restricted" 

112 ) 

113 queryset = queryset.prefetch_related( 

114 "shift", "shift__event", "shift__product_list" 

115 ) 

116 queryset = queryset.prefetch_related( 

117 "order_items", "order_items__product", "order_items__product__product" 

118 ) 

119 queryset = queryset.prefetch_related("payment") 

120 return queryset 

121 

122 def get_serializer_context(self): 

123 context = super().get_serializer_context() 

124 pk = self.kwargs.get("pk") 

125 if pk: 125 ↛ 128line 125 didn't jump to line 128 because the condition on line 125 was always true

126 shift = get_object_or_404(Shift, pk=self.kwargs.get("pk")) 

127 context.update({"shift": shift}) 

128 return context 

129 

130 

131class OrderDetailView(AdminRetrieveAPIView, AdminUpdateAPIView, AdminDestroyAPIView): 

132 serializer_class = OrderSerializer 

133 queryset = Order.objects.all() 

134 permission_classes = [ 

135 IsAuthenticatedOrTokenHasScope, 

136 DjangoModelPermissions, 

137 IsManager, 

138 ] 

139 required_scopes = ["sales:admin"] 

140 

141 def get_queryset(self): 

142 queryset = super().get_queryset() 

143 

144 if not self.request.member: 144 ↛ 145line 144 didn't jump to line 145 because the condition on line 144 was never true

145 queryset = queryset.none() 

146 elif not self.request.member.has_perm("sales.override_manager"): 

147 queryset = queryset.filter( 

148 shift__managers__in=self.request.member.get_member_groups() 

149 ).distinct() 

150 

151 queryset = queryset.select_properties( 

152 "total_amount", "subtotal", "num_items", "age_restricted" 

153 ) 

154 queryset = queryset.prefetch_related( 

155 "shift", "shift__event", "shift__product_list" 

156 ) 

157 queryset = queryset.prefetch_related( 

158 "order_items", "order_items__product", "order_items__product__product" 

159 ) 

160 queryset = queryset.prefetch_related("payment") 

161 return queryset