Add support for extended voucher endpoint (#8)

Author: marcoacierno

pretix_extended_api/urls.py

@@ -2,6 +2,10 @@
 
 from .views.orders import OrdersViewSet
 from .views.tickets import TicketsViewSet
+from .views.vouchers import VouchersViewSet
 
 event_router.register("tickets", TicketsViewSet, basename="tickets")
 event_router.register("extended-orders", OrdersViewSet, basename="extended-orders")
+event_router.register(
+    "extended-vouchers", VouchersViewSet, basename="extended-vouchers"
+)

pretix_extended_api/views/orders.py

@@ -1,18 +1,14 @@
 from pretix.api.serializers.order import OrderSerializer
 from pretix.api.views.order import OrderViewSet
-from pretix.base.models import TeamAPIToken
-from rest_framework import exceptions, viewsets
+from rest_framework import viewsets
 from rest_framework.response import Response
 
+from .permissions import check_permission
+
 
 class OrdersViewSet(viewsets.ViewSet):
     def retrieve(self, request, pk: str, **kwargs):
-        # Only allow Team API tokens to call this API.
-        perm_holder = request.auth if isinstance(request.auth, TeamAPIToken) else None
-        if not perm_holder or not perm_holder.has_event_permission(
-            request.event.organizer, request.event, "can_view_orders"
-        ):
-            raise exceptions.PermissionDenied()
+        check_permission(request, "can_view_orders")
 
         codes = pk.split(",")
         qs = OrderViewSet(request=request).get_queryset()

pretix_extended_api/views/permissions.py

@@ -0,0 +1,11 @@
+from pretix.base.models import TeamAPIToken
+from rest_framework import exceptions
+
+
+def check_permission(request, permission):
+    # Only allow Team API tokens to call this API.
+    perm_holder = request.auth if isinstance(request.auth, TeamAPIToken) else None
+    if not perm_holder or not perm_holder.has_event_permission(
+        request.event.organizer, request.event, permission
+    ):
+        raise exceptions.PermissionDenied()

pretix_extended_api/views/serializers.py

@@ -1,5 +1,6 @@
 from pretix.api.serializers.i18n import I18nAwareModelSerializer
 from pretix.api.serializers.item import ItemSerializer, QuestionSerializer
+from pretix.api.serializers.voucher import VoucherSerializer
 from pretix.base.models import OrderPosition, QuestionAnswer
 from rest_framework import serializers
 
@@ -61,3 +62,16 @@ def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
 
         self.fields["item"] = ItemSerializer(read_only=True, context=self.context)
+
+
+class ExtendedVoucherSerializer(VoucherSerializer):
+    quota_items = serializers.SerializerMethodField()
+
+    def get_quota_items(self, instance):
+        if not instance.quota_id:
+            return None
+
+        return list(instance.quota.items.values_list("id", flat=True))
+
+    class Meta(VoucherSerializer.Meta):
+        fields = VoucherSerializer.Meta.fields + ("quota_items",)

pretix_extended_api/views/tickets.py

@@ -1,26 +1,18 @@
 from django.db.models import Q
 from django_scopes import scopes_disabled
-from pretix.base.models import Order, OrderPosition, TeamAPIToken
-from rest_framework import exceptions, viewsets
+from pretix.base.models import Order, OrderPosition
+from rest_framework import viewsets
 from rest_framework.decorators import action
 from rest_framework.response import Response
 
+from .permissions import check_permission
 from .serializers import (
     AttendeeHasTicketBodySerializer,
     AttendeeTicketBodySerializer,
     OrderPositionSerializer,
 )
 
 
-def check_permission(request, permission):
-    # Only allow Team API tokens to call this API.
-    perm_holder = request.auth if isinstance(request.auth, TeamAPIToken) else None
-    if not perm_holder or not perm_holder.has_event_permission(
-        request.event.organizer, request.event, permission
-    ):
-        raise exceptions.PermissionDenied()
-
-
 class TicketsViewSet(viewsets.ViewSet):
     # Disable scoping because we want to allow cross-organization checking
     # This allows us to do stuff like, you can attend PyCon Italia 2022

pretix_extended_api/views/vouchers.py

@@ -0,0 +1,26 @@
+from django.db.models import F, Q
+from django.utils.timezone import now
+from rest_framework import viewsets
+from rest_framework.response import Response
+
+from .permissions import check_permission
+from .serializers import ExtendedVoucherSerializer
+
+
+class VouchersViewSet(viewsets.ViewSet):
+    def retrieve(self, request, pk: str, **kwargs):
+        check_permission(request, "can_view_vouchers")
+        voucher = (
+            self.request.event.vouchers.select_related("seat")
+            .filter(
+                Q(valid_until__isnull=True) | Q(valid_until__gt=now()),
+                code=pk,
+                redeemed__lt=F("max_usages"),
+            )
+            .first()
+        )
+
+        if not voucher:
+            return Response(status=404)
+
+        return Response(ExtendedVoucherSerializer(voucher).data)

tests/conftest.py

@@ -321,3 +321,35 @@ def user_client(client, team, user):
     team.members.add(user)
     client.force_authenticate(user=user)
     return client
+
+
+@pytest.fixture
+@scopes_disabled()
+def voucher_for_item(event, admission_item):
+    return event.vouchers.create(
+        item=admission_item, price_mode="set", value=12, tag="Foo"
+    )
+
+
+@pytest.fixture
+@scopes_disabled()
+def voucher_for_quota(event, quota):
+    return event.vouchers.create(
+        item=None, quota=quota, price_mode="set", value=12, tag="Foo"
+    )
+
+
+@pytest.fixture
+@scopes_disabled()
+def voucher_for_all_items(event):
+    return event.vouchers.create(
+        item=None, quota=None, price_mode="set", value=12, tag="Foo"
+    )
+
+
+@pytest.fixture
+@scopes_disabled()
+def quota(event, admission_item):
+    q = event.quotas.create(name="Budget Quota", size=200)
+    q.items.add(admission_item)
+    return q

tests/views/test_vouchers.py

@@ -0,0 +1,106 @@
+import pytest
+from datetime import timedelta
+from django.utils import timezone
+
+pytestmark = pytest.mark.django_db
+
+
+def test_voucher_info_for_item(token_client, admission_item, voucher_for_item):
+    resp = token_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_item.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 200
+    assert resp.data["id"] == voucher_for_item.id
+    assert resp.data["item"] == admission_item.id
+    assert resp.data["quota"] is None
+    assert resp.data["quota_items"] is None
+
+
+def test_quota_voucher_info(token_client, admission_item, quota, voucher_for_quota):
+    resp = token_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_quota.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 200
+    assert resp.data["id"] == voucher_for_quota.id
+    assert resp.data["item"] is None
+    assert resp.data["quota"] == quota.id
+    assert resp.data["quota_items"] == [admission_item.id]
+
+
+def test_voucher_for_all_items(token_client, voucher_for_all_items):
+    resp = token_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_all_items.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 200
+    assert resp.data["id"] == voucher_for_all_items.id
+    assert resp.data["item"] is None
+    assert resp.data["quota"] is None
+    assert resp.data["quota_items"] is None
+
+
+def test_invalid_code(token_client, voucher_for_all_items):
+    resp = token_client.get(
+        "/api/v1/organizers/dummy/events/dummy/extended-vouchers/ABCABCABC/",
+        format="json",
+    )
+
+    assert resp.status_code == 404
+    assert resp.data is None
+
+
+def test_requires_authentication(client, voucher_for_all_items):
+    resp = client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_all_items.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 401
+
+
+def test_requires_authentication_of_team(user_client, voucher_for_all_items):
+    resp = user_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_all_items.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 403
+
+
+def test_requires_permissions(no_permissions_token_client, voucher_for_all_items):
+    resp = no_permissions_token_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_all_items.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 403
+
+
+def test_expired_voucher_is_not_returned(token_client, voucher_for_item):
+    voucher_for_item.valid_until = timezone.now() - timedelta(days=50)
+    voucher_for_item.save()
+
+    resp = token_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_item.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 404
+
+
+def test_used_voucher_is_not_returned(token_client, voucher_for_item):
+    voucher_for_item.redeemed = 1
+    voucher_for_item.max_usages = 1
+    voucher_for_item.save()
+
+    resp = token_client.get(
+        f"/api/v1/organizers/dummy/events/dummy/extended-vouchers/{voucher_for_item.code}/",
+        format="json",
+    )
+
+    assert resp.status_code == 404