feat: add check-in REST API

2026-04-29 10:01:06 +02:00
parent 09e3243034
commit 9560963139
5 changed files with 341 additions and 0 deletions
--- a/backend/checkins/views.py
+++ b/backend/checkins/views.py
@@ -0,0 +1,110 @@
+from rest_framework import status
+from rest_framework.authentication import BasicAuthentication, SessionAuthentication
+from rest_framework.decorators import api_view, authentication_classes, permission_classes
+from rest_framework.permissions import BasePermission, IsAuthenticated
+from rest_framework.response import Response
+
+from .serializers import (
+    CheckInConfirmResponseSerializer,
+    CheckInPreviewResponseSerializer,
+    CheckInTokenSerializer,
+)
+from .services import (
+    AlreadyCheckedIn,
+    InvalidToken,
+    MissingStaffUser,
+    ReservationNotConfirmed,
+    confirm_check_in_from_token,
+    preview_check_in_token,
+)
+
+
+class IsStaffUser(BasePermission):
+    def has_permission(self, request, view):
+        return bool(request.user and request.user.is_staff)
+
+
+def staff_check_in_view(view_func):
+    view_func = permission_classes([IsAuthenticated, IsStaffUser])(view_func)
+    view_func = authentication_classes([BasicAuthentication, SessionAuthentication])(view_func)
+    view_func = api_view(["POST"])(view_func)
+    return view_func
+
+
+@staff_check_in_view
+def check_in_preview(request):
+    serializer = CheckInTokenSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+
+    try:
+        preview = preview_check_in_token(serializer.validated_data["token"], staff_user=request.user)
+    except InvalidToken as exc:
+        return Response(
+            {"status": "invalid_token", "detail": str(exc)},
+            status=status.HTTP_404_NOT_FOUND,
+        )
+    except ReservationNotConfirmed as exc:
+        return Response(
+            {"status": "reservation_not_confirmed", "detail": str(exc)},
+            status=status.HTTP_409_CONFLICT,
+        )
+    except AlreadyCheckedIn as exc:
+        return Response(
+            {"status": "already_checked_in", "detail": str(exc)},
+            status=status.HTTP_409_CONFLICT,
+        )
+    except MissingStaffUser as exc:
+        return Response(
+            {"status": "staff_user_required", "detail": str(exc)},
+            status=status.HTTP_403_FORBIDDEN,
+        )
+
+    response_serializer = CheckInPreviewResponseSerializer(
+        {
+            "status": "valid",
+            "reservation_id": preview.reservation_id,
+            "performance_id": preview.performance_id,
+            "show_title": preview.show_title,
+            "starts_at": preview.starts_at,
+            "party_size": preview.party_size,
+        }
+    )
+    return Response(response_serializer.data)
+
+
+@staff_check_in_view
+def check_in_confirm(request):
+    serializer = CheckInTokenSerializer(data=request.data)
+    serializer.is_valid(raise_exception=True)
+
+    try:
+        result = confirm_check_in_from_token(serializer.validated_data["token"], staff_user=request.user)
+    except InvalidToken as exc:
+        return Response(
+            {"status": "invalid_token", "detail": str(exc)},
+            status=status.HTTP_404_NOT_FOUND,
+        )
+    except ReservationNotConfirmed as exc:
+        return Response(
+            {"status": "reservation_not_confirmed", "detail": str(exc)},
+            status=status.HTTP_409_CONFLICT,
+        )
+    except AlreadyCheckedIn as exc:
+        return Response(
+            {"status": "already_checked_in", "detail": str(exc)},
+            status=status.HTTP_409_CONFLICT,
+        )
+    except MissingStaffUser as exc:
+        return Response(
+            {"status": "staff_user_required", "detail": str(exc)},
+            status=status.HTTP_403_FORBIDDEN,
+        )
+
+    response_serializer = CheckInConfirmResponseSerializer(
+        {
+            "status": "checked_in",
+            "check_in": result.check_in,
+            "preview": result.preview,
+        }
+    )
+    return Response(response_serializer.data)