mohd
d40bb10876
Implemented localization foundations across backend and frontend (locale settings/middleware, preferred language, i18n wiring, RTL support, minimal Arabic UI strings, Accept-Language). Added targeted backend and frontend tests plus a risks note for pending full translation coverage.
55 lines
2.2 KiB
Python
55 lines
2.2 KiB
Python
from rest_framework import permissions, status, viewsets
|
|
from rest_framework.response import Response
|
|
from django.utils.translation import gettext as _
|
|
|
|
from apps.bookings.models import Booking
|
|
from apps.payments.models import Payment
|
|
from apps.payments.serializers import PaymentCreateSerializer, PaymentSerializer
|
|
|
|
|
|
def user_can_access_booking(user, booking: Booking) -> bool:
|
|
if getattr(user, "is_superuser", False) or user.role == "admin":
|
|
return True
|
|
if user.role == "manager":
|
|
return booking.salon.owner_id == user.id
|
|
if user.role == "staff":
|
|
return booking.staff_id and booking.staff.user_id == user.id
|
|
return booking.customer_id == user.id
|
|
|
|
|
|
class PaymentViewSet(viewsets.ModelViewSet):
|
|
permission_classes = [permissions.IsAuthenticated]
|
|
|
|
def get_queryset(self):
|
|
user = self.request.user
|
|
if getattr(user, "is_superuser", False) or user.role == "admin":
|
|
return Payment.objects.all().order_by("-created_at")
|
|
if user.role == "manager":
|
|
return Payment.objects.filter(booking__salon__owner=user).order_by("-created_at")
|
|
if user.role == "staff":
|
|
return Payment.objects.filter(booking__staff__user=user).order_by("-created_at")
|
|
return Payment.objects.filter(booking__customer=user).order_by("-created_at")
|
|
|
|
def get_serializer_class(self):
|
|
if self.action == "create":
|
|
return PaymentCreateSerializer
|
|
return PaymentSerializer
|
|
|
|
def create(self, request, *args, **kwargs):
|
|
serializer = self.get_serializer(data=request.data)
|
|
serializer.is_valid(raise_exception=True)
|
|
booking = Booking.objects.get(id=serializer.validated_data["booking_id"])
|
|
if not user_can_access_booking(request.user, booking):
|
|
return Response({"detail": _("Not allowed")}, status=status.HTTP_403_FORBIDDEN)
|
|
payment = serializer.save()
|
|
return Response(
|
|
{
|
|
"detail": _("Payment record created. Provider integration pending."),
|
|
"payment_id": payment.id,
|
|
"amount": str(payment.amount),
|
|
"currency": payment.currency,
|
|
"status": payment.status,
|
|
},
|
|
status=status.HTTP_201_CREATED,
|
|
)
|