from rest_framework import status from rest_framework.authentication import BasicAuthentication, SessionAuthentication from rest_framework.decorators import api_view, authentication_classes, permission_classes, throttle_classes from rest_framework.permissions import BasePermission, IsAuthenticated from rest_framework.response import Response from rest_framework.throttling import UserRateThrottle from .serializers import ( CheckInConfirmResponseSerializer, CheckInPreviewResponseSerializer, CheckInTokenSerializer, ) from .services import ( AlreadyCheckedIn, InvalidToken, MissingStaffUser, ReservationNotConfirmed, confirm_check_in_from_token, preview_check_in_token, ) class CheckInPreviewThrottle(UserRateThrottle): scope = "check_in_preview" class CheckInConfirmThrottle(UserRateThrottle): scope = "check_in_confirm" class IsStaffUser(BasePermission): def has_permission(self, request, view): return bool(request.user and request.user.is_staff) @api_view(["POST"]) @authentication_classes([BasicAuthentication, SessionAuthentication]) @permission_classes([IsAuthenticated, IsStaffUser]) @throttle_classes([CheckInPreviewThrottle]) def check_in_preview(request): serializer = CheckInTokenSerializer(data=request.data) serializer.is_valid(raise_exception=True) try: preview = preview_check_in_token(serializer.validated_data["token"], staff_user=request.user) except InvalidToken as exc: return Response( {"status": "invalid_token", "detail": str(exc)}, status=status.HTTP_404_NOT_FOUND, ) except ReservationNotConfirmed as exc: return Response( {"status": "reservation_not_confirmed", "detail": str(exc)}, status=status.HTTP_409_CONFLICT, ) except AlreadyCheckedIn as exc: return Response( {"status": "already_checked_in", "detail": str(exc)}, status=status.HTTP_409_CONFLICT, ) except MissingStaffUser as exc: return Response( {"status": "staff_user_required", "detail": str(exc)}, status=status.HTTP_403_FORBIDDEN, ) response_serializer = CheckInPreviewResponseSerializer( { "status": "valid", "reservation_id": preview.reservation_id, "performance_id": preview.performance_id, "show_title": preview.show_title, "venue_name": preview.venue_name, "starts_at": preview.starts_at, "party_size": preview.party_size, } ) return Response(response_serializer.data) @api_view(["POST"]) @authentication_classes([BasicAuthentication, SessionAuthentication]) @permission_classes([IsAuthenticated, IsStaffUser]) @throttle_classes([CheckInConfirmThrottle]) def check_in_confirm(request): serializer = CheckInTokenSerializer(data=request.data) serializer.is_valid(raise_exception=True) try: result = confirm_check_in_from_token(serializer.validated_data["token"], staff_user=request.user) except InvalidToken as exc: return Response( {"status": "invalid_token", "detail": str(exc)}, status=status.HTTP_404_NOT_FOUND, ) except ReservationNotConfirmed as exc: return Response( {"status": "reservation_not_confirmed", "detail": str(exc)}, status=status.HTTP_409_CONFLICT, ) except AlreadyCheckedIn as exc: return Response( {"status": "already_checked_in", "detail": str(exc)}, status=status.HTTP_409_CONFLICT, ) except MissingStaffUser as exc: return Response( {"status": "staff_user_required", "detail": str(exc)}, status=status.HTTP_403_FORBIDDEN, ) response_serializer = CheckInConfirmResponseSerializer( { "status": "checked_in", "check_in": result.check_in, "preview": result.preview, } ) return Response(response_serializer.data)