Initial commit

2026-02-27 15:01:06 +03:00
commit fc06bb6fcd
52 changed files with 1355 additions and 0 deletions
@@ -0,0 +1,53 @@
+from rest_framework import permissions, status, viewsets
+from rest_framework.response import Response
+
+from apps.bookings.models import Booking
+from apps.payments.models import Payment
+from apps.payments.serializers import PaymentCreateSerializer, PaymentSerializer
+
+
+def user_can_access_booking(user, booking: Booking) -> bool:
+    if getattr(user, "is_superuser", False) or user.role == "admin":
+        return True
+    if user.role == "manager":
+        return booking.salon.owner_id == user.id
+    if user.role == "staff":
+        return booking.staff_id and booking.staff.user_id == user.id
+    return booking.customer_id == user.id
+
+
+class PaymentViewSet(viewsets.ModelViewSet):
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_queryset(self):
+        user = self.request.user
+        if getattr(user, "is_superuser", False) or user.role == "admin":
+            return Payment.objects.all().order_by("-created_at")
+        if user.role == "manager":
+            return Payment.objects.filter(booking__salon__owner=user).order_by("-created_at")
+        if user.role == "staff":
+            return Payment.objects.filter(booking__staff__user=user).order_by("-created_at")
+        return Payment.objects.filter(booking__customer=user).order_by("-created_at")
+
+    def get_serializer_class(self):
+        if self.action == "create":
+            return PaymentCreateSerializer
+        return PaymentSerializer
+
+    def create(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        booking = Booking.objects.get(id=serializer.validated_data["booking_id"])
+        if not user_can_access_booking(request.user, booking):
+            return Response({"detail": "Not allowed"}, status=status.HTTP_403_FORBIDDEN)
+        payment = serializer.save()
+        return Response(
+            {
+                "detail": "Payment record created. Provider integration pending.",
+                "payment_id": payment.id,
+                "amount": str(payment.amount),
+                "currency": payment.currency,
+                "status": payment.status,
+            },
+            status=status.HTTP_201_CREATED,
+        )