feat(events): expand admin event management APIs

2026-06-14 00:03:42 +03:30
parent 20e7a04e59
commit bdc4fc1a49
3 changed files with 199 additions and 18 deletions
--- a/apps/events/api/views.py
+++ b/apps/events/api/views.py
@@ -1,18 +1,20 @@
 from django.conf import settings
+from django.core.files.base import ContentFile
 from django.shortcuts import get_object_or_404
 from django.db.models import Q, Case, When, IntegerField
 from django.utils.text import slugify
 from django.utils import timezone

-from ninja import Router, Query
+from ninja import File, Router, Query, UploadedFile
 from ninja.errors import HttpError
 from typing import List, Optional
-from uuid import UUID
+from uuid import UUID, uuid4

 from apps.events.api.schemas import (
    EventAdminDetailSchema,
    EventBriefSchema,
    EventCreateSchema,
+    EventGallerySchema,
    EventListSchema,
    EventSchema,
    EventUpdateSchema,
@@ -26,6 +28,8 @@ from apps.events.api.schemas import (
 )
 from core.authentication import jwt_auth
 from apps.events.models import Event, Registration
+from apps.gallery.models import Gallery
+from apps.gallery.tasks import process_uploaded_image
 from apps.notifications.services import notify_user
 from apps.payments.models import DiscountCode
 from apps.users.tasks import send_critical_sms
@@ -34,6 +38,28 @@ from core.api.schemas import ErrorSchema, MessageSchema
 events_router = Router()


+def _is_staff_user(user) -> bool:
+    return bool(user and (user.is_staff or user.is_superuser))
+
+
+def _staff_forbidden():
+    return 403, {"error": "اجازه دسترسی ندارید."}
+
+
+def _save_uploaded_image(instance, field_name: str, file: UploadedFile, folder: str):
+    if not file.content_type or not file.content_type.startswith("image/"):
+        return False, {"error": "فایل باید تصویر باشد."}
+    if file.size > 10 * 1024 * 1024:
+        return False, {"error": "حجم فایل باید کمتر از ۱۰ مگابایت باشد."}
+    extension = file.name.rsplit(".", 1)[-1] if "." in file.name else "jpg"
+    getattr(instance, field_name).save(
+        f"{folder}/{uuid4().hex}.{extension}",
+        ContentFile(file.read()),
+        save=True,
+    )
+    return True, instance
+
+
 def _frontend_event_url(event: Event) -> str:
    root = getattr(settings, "FRONTEND_ROOT", "/") or "/"
    if not root.endswith("/"):
@@ -130,20 +156,32 @@ def get_event_by_slug(request, slug: str):
    )
    return event

-@events_router.post("/", response=EventSchema)
+@events_router.post("/", response={201: EventSchema, 403: ErrorSchema, 400: ErrorSchema}, auth=jwt_auth)
 def create_event(request, payload: EventCreateSchema):
    """Create a new event"""
-    gallery_image_ids = payload.dict().pop('gallery_image_ids', [])
-    event = Event.objects.create(**payload.dict(exclude={'gallery_image_ids'}))
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
+    data = payload.dict(exclude={'gallery_image_ids'})
+    gallery_image_ids = payload.gallery_image_ids or []
+    if data.get("slug"):
+        data["slug"] = slugify(data["slug"])
+    event = Event(**data)
+    try:
+        event.full_clean()
+        event.save()
+    except Exception as exc:
+        return 400, {"error": str(exc)}

    if gallery_image_ids:
        event.gallery_images.set(gallery_image_ids)

-    return event
+    return 201, event

-@events_router.put("/{int:event_id}", response=EventSchema)
+@events_router.put("/{int:event_id}", response={200: EventSchema, 403: ErrorSchema, 400: ErrorSchema}, auth=jwt_auth)
 def update_event(request, event_id: int, payload: EventUpdateSchema):
    """Update an existing event"""
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
    event = get_object_or_404(Event, id=event_id, is_deleted=False)
    previous_state = {
        "status": event.status,
@@ -158,12 +196,18 @@ def update_event(request, event_id: int, payload: EventUpdateSchema):
    gallery_image_ids = update_data.pop('gallery_image_ids', None)

    for attr, value in update_data.items():
+        if attr == "slug" and value:
+            value = slugify(value)
        setattr(event, attr, value)

-    if 'title' in update_data:
+    if 'title' in update_data and not update_data.get("slug"):
        event.slug = slugify(event.title)

-    event.save()
+    try:
+        event.full_clean()
+        event.save()
+    except Exception as exc:
+        return 400, {"error": str(exc)}

    if gallery_image_ids is not None:
        event.gallery_images.set(gallery_image_ids)
@@ -196,14 +240,94 @@ def update_event(request, event_id: int, payload: EventUpdateSchema):
            sms_kind="event_reschedule",
        )

-    return event
+    return 200, event

-@events_router.delete("/{int:event_id}", response=MessageSchema)
+@events_router.delete("/{int:event_id}", response={200: MessageSchema, 403: ErrorSchema}, auth=jwt_auth)
 def delete_event(request, event_id: int):
    """Soft delete an event"""
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
    event = get_object_or_404(Event, id=event_id, is_deleted=False)
    event.delete()
-    return {"message": "Event deleted successfully"}
+    return 200, {"message": "Event deleted successfully"}
+
+
+@events_router.post("/{int:event_id}/featured-image", response={200: EventSchema, 403: ErrorSchema, 400: ErrorSchema}, auth=jwt_auth)
+def upload_event_featured_image(request, event_id: int, file: UploadedFile = File(...)):
+    """Upload or replace the poster/featured image for an event."""
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
+    event = get_object_or_404(Event, id=event_id, is_deleted=False)
+    ok, result = _save_uploaded_image(event, "featured_image", file, "events/featured")
+    if not ok:
+        return 400, result
+    return 200, event
+
+
+@events_router.delete("/{int:event_id}/featured-image", response={200: EventSchema, 403: ErrorSchema}, auth=jwt_auth)
+def delete_event_featured_image(request, event_id: int):
+    """Remove the poster/featured image for an event."""
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
+    event = get_object_or_404(Event, id=event_id, is_deleted=False)
+    if event.featured_image:
+        event.featured_image.delete(save=False)
+        event.featured_image = None
+        event.save(update_fields=["featured_image", "updated_at"])
+    return 200, event
+
+
+@events_router.get("/{int:event_id}/gallery", response={200: List[EventGallerySchema], 403: ErrorSchema}, auth=jwt_auth)
+def list_event_gallery(request, event_id: int):
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
+    event = get_object_or_404(Event, id=event_id, is_deleted=False)
+    return 200, event.gallery_images.filter(is_deleted=False).select_related("uploaded_by")
+
+
+@events_router.post("/{int:event_id}/gallery", response={201: EventGallerySchema, 403: ErrorSchema, 400: ErrorSchema}, auth=jwt_auth)
+def upload_event_gallery_image(
+    request,
+    event_id: int,
+    file: UploadedFile = File(...),
+    title: str | None = None,
+    alt_text: str | None = None,
+):
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
+    event = get_object_or_404(Event, id=event_id, is_deleted=False)
+    if not file.content_type or not file.content_type.startswith("image/"):
+        return 400, {"error": "فایل باید تصویر باشد."}
+    if file.size > 10 * 1024 * 1024:
+        return 400, {"error": "حجم فایل باید کمتر از ۱۰ مگابایت باشد."}
+    try:
+        gallery_item = Gallery.objects.create(
+            title=title or file.name,
+            description="",
+            uploaded_by=request.auth,
+            alt_text=alt_text or title or file.name,
+            is_public=True,
+        )
+        gallery_item._defer_image_processing = True
+        extension = file.name.rsplit(".", 1)[-1] if "." in file.name else "jpg"
+        gallery_item.image.save(f"gallery/{uuid4().hex}.{extension}", ContentFile(file.read()))
+        event.gallery_images.add(gallery_item)
+        process_uploaded_image.delay(gallery_item.id)
+    except Exception as exc:
+        return 400, {"error": str(exc)}
+    return 201, gallery_item
+
+
+@events_router.delete("/{int:event_id}/gallery/{int:image_id}", response={200: MessageSchema, 403: ErrorSchema}, auth=jwt_auth)
+def delete_event_gallery_image(request, event_id: int, image_id: int):
+    if not _is_staff_user(request.auth):
+        return _staff_forbidden()
+    event = get_object_or_404(Event, id=event_id, is_deleted=False)
+    image = get_object_or_404(Gallery, id=image_id, is_deleted=False)
+    event.gallery_images.remove(image)
+    if not image.event_galleries.exclude(id=event.id).exists():
+        image.delete()
+    return 200, {"message": "Gallery image removed"}

 # Registration endpoints
@events_router.get("/{int:event_id}/registrations", response=List[RegistrationSchema])
@@ -235,7 +359,7 @@ def list_event_registrations_admin(
    event = get_object_or_404(Event, id=event_id, is_deleted=False)
    qs = (
        event.registrations.filter(is_deleted=False)
-        .select_related("user")
+        .select_related("user", "user__university", "user__major")
        .prefetch_related("payments__discount_code")
        .order_by("-registered_at")
    )
@@ -259,6 +383,7 @@ def list_event_registrations_admin(
    if search:
        qs = qs.filter(
            Q(user__username__icontains=search)
+            | Q(user__mobile__icontains=search)
            | Q(user__email__icontains=search)
            | Q(user__first_name__icontains=search)
            | Q(user__last_name__icontains=search)