feat(favorites): add EventLike model, favorites API, and notifications module

- EventLike model (user × event unique constraint, indexed) - contributed_by field on Event (EVT ID or email of community contributor) - Favorites API endpoints: toggle-like, my-likes, my-liked-events - Notifications app wired into main urls.py at /api/notifications/ - accounts migration 0014_merge_0013 (resolves split 0013 branches) - requirements.txt updated
feat(leads): link consumer account to lead on submission
2026-04-07 12:56:25 +05:30 · 2026-04-07 11:52:41 +05:30 · 2026-04-07 10:48:04 +05:30 · 2026-04-06 22:21:32 +05:30 · 2026-04-06 22:16:41 +05:30 · 2026-04-06 21:44:11 +05:30
22 changed files with 944 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,22 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), version
 ---
 ## [1.9.0] — 2026-04-07
 ### Added
 - **Lead Manager** — new `Lead` model in `admin_api` for tracking Schedule-a-Call form submissions and sales inquiries
  - Fields: name, email, phone, event_type, message, status (new/contacted/qualified/converted/closed), source (schedule_call/website/manual), priority (low/medium/high), assigned_to (FK User), notes
  - Migration `admin_api/0003_lead` with indexes on status, priority, created_at, email
 - **Consumer endpoint** `POST /api/leads/schedule-call/` — public (AllowAny, CSRF-exempt) endpoint for the Schedule a Call modal; creates Lead with status=new, source=schedule_call
 - **Admin API endpoints** (all IsAuthenticated):
  - `GET /api/v1/leads/metrics/` — total, new today, counts per status
  - `GET /api/v1/leads/` — paginated list with filters (status, priority, source, search, date_from, date_to)
  - `GET /api/v1/leads/<id>/` — single lead detail
  - `PATCH /api/v1/leads/<id>/update/` — update status, priority, assigned_to, notes
 - **RBAC**: `leads` added to `ALL_MODULES`, `get_allowed_modules()`, and `StaffProfile.SCOPE_TO_MODULE`
 ---
 ## [1.8.3] — 2026-04-06
 ### Fixed
--- a/accounts/migrations/0014_merge_0013.py
+++ b/accounts/migrations/0014_merge_0013.py
@@ -0,0 +1,13 @@
 from django.db import migrations
 class Migration(migrations.Migration):
    """Merge migration to resolve conflicting 0013 migrations."""
    dependencies = [
        ('accounts', '0013_merge_eventify_id'),
        ('accounts', '0013_user_district_changed_at'),
    ]
    operations = [
    ]
--- a/accounts/models.py
+++ b/accounts/models.py
@@ -68,10 +68,10 @@ class User(AbstractUser):
        help_text='Comma-separated module slugs this user can access',
    )
-    ALL_MODULES = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "financials", "settings"]
+    ALL_MODULES = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "leads", "financials", "settings"]
    def get_allowed_modules(self):
-        ALL = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "financials", "settings"]
+        ALL = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "leads", "financials", "settings"]
        if self.is_superuser or self.role == "admin":
            return ALL
        if self.allowed_modules:
--- a/admin_api/migrations/0003_lead.py
+++ b/admin_api/migrations/0003_lead.py
@@ -0,0 +1,53 @@
 # Generated by Django 4.2.21 on 2026-04-07
 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
        ('admin_api', '0002_rbac_models'),
    ]
    operations = [
        migrations.CreateModel(
            name='Lead',
            fields=[
                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('name', models.CharField(max_length=200)),
                ('email', models.EmailField(max_length=254)),
                ('phone', models.CharField(max_length=20)),
                ('event_type', models.CharField(choices=[('private', 'Private Event'), ('ticketed', 'Ticketed Event'), ('corporate', 'Corporate Event'), ('wedding', 'Wedding'), ('other', 'Other')], default='private', max_length=20)),
                ('message', models.TextField(blank=True, default='')),
                ('status', models.CharField(choices=[('new', 'New'), ('contacted', 'Contacted'), ('qualified', 'Qualified'), ('converted', 'Converted'), ('closed', 'Closed')], default='new', max_length=20)),
                ('source', models.CharField(choices=[('schedule_call', 'Schedule a Call'), ('website', 'Website'), ('manual', 'Manual')], default='schedule_call', max_length=20)),
                ('priority', models.CharField(choices=[('low', 'Low'), ('medium', 'Medium'), ('high', 'High')], default='medium', max_length=10)),
                ('assigned_to', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='assigned_leads', to=settings.AUTH_USER_MODEL)),
                ('notes', models.TextField(blank=True, default='')),
                ('created_at', models.DateTimeField(auto_now_add=True)),
                ('updated_at', models.DateTimeField(auto_now=True)),
            ],
            options={
                'ordering': ['-created_at'],
            },
        ),
        migrations.AddIndex(
            model_name='lead',
            index=models.Index(fields=['status'], name='admin_api_lead_status_idx'),
        ),
        migrations.AddIndex(
            model_name='lead',
            index=models.Index(fields=['priority'], name='admin_api_lead_priority_idx'),
        ),
        migrations.AddIndex(
            model_name='lead',
            index=models.Index(fields=['created_at'], name='admin_api_lead_created_idx'),
        ),
        migrations.AddIndex(
            model_name='lead',
            index=models.Index(fields=['email'], name='admin_api_lead_email_idx'),
        ),
    ]
--- a/admin_api/migrations/0004_lead_user_account.py
+++ b/admin_api/migrations/0004_lead_user_account.py
@@ -0,0 +1,28 @@
 # Generated by Django 4.2.21 on 2026-04-07
 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
        ('admin_api', '0003_lead'),
    ]
    operations = [
        migrations.AddField(
            model_name='lead',
            name='user_account',
            field=models.ForeignKey(
                blank=True,
                null=True,
                on_delete=django.db.models.deletion.SET_NULL,
                related_name='submitted_leads',
                to=settings.AUTH_USER_MODEL,
                help_text='Consumer platform account that submitted this lead (auto-matched by email)',
            ),
        ),
    ]
--- a/admin_api/models.py
+++ b/admin_api/models.py
@@ -130,7 +130,7 @@ class StaffProfile(models.Model):
    def get_allowed_modules(self):
        scopes = self.get_effective_scopes()
        if '*' in scopes:
-            return ['dashboard', 'partners', 'events', 'ad-control', 'users', 'reviews', 'contributions', 'financials', 'settings']
+            return ['dashboard', 'partners', 'events', 'ad-control', 'users', 'reviews', 'contributions', 'leads', 'financials', 'settings']
        SCOPE_TO_MODULE = {
            'users': 'users',
            'events': 'events',
@@ -140,6 +140,7 @@ class StaffProfile(models.Model):
            'settings': 'settings',
            'ads': 'ad-control',
            'contributions': 'contributions',
            'leads': 'leads',
        }
        modules = {'dashboard'}
        for scope in scopes:
@@ -181,3 +182,65 @@ class AuditLog(models.Model):
    def __str__(self):
        return f"{self.action} by {self.user} at {self.created_at}"
 # ---------------------------------------------------------------------------
 # Lead Manager
 # ---------------------------------------------------------------------------
 class Lead(models.Model):
    EVENT_TYPE_CHOICES = [
        ('private', 'Private Event'),
        ('ticketed', 'Ticketed Event'),
        ('corporate', 'Corporate Event'),
        ('wedding', 'Wedding'),
        ('other', 'Other'),
    ]
    STATUS_CHOICES = [
        ('new', 'New'),
        ('contacted', 'Contacted'),
        ('qualified', 'Qualified'),
        ('converted', 'Converted'),
        ('closed', 'Closed'),
    ]
    SOURCE_CHOICES = [
        ('schedule_call', 'Schedule a Call'),
        ('website', 'Website'),
        ('manual', 'Manual'),
    ]
    PRIORITY_CHOICES = [
        ('low', 'Low'),
        ('medium', 'Medium'),
        ('high', 'High'),
    ]
    name        = models.CharField(max_length=200)
    email       = models.EmailField()
    phone       = models.CharField(max_length=20)
    event_type  = models.CharField(max_length=20, choices=EVENT_TYPE_CHOICES, default='private')
    message     = models.TextField(blank=True, default='')
    status      = models.CharField(max_length=20, choices=STATUS_CHOICES, default='new')
    source      = models.CharField(max_length=20, choices=SOURCE_CHOICES, default='schedule_call')
    priority    = models.CharField(max_length=10, choices=PRIORITY_CHOICES, default='medium')
    assigned_to  = models.ForeignKey(
        User, on_delete=models.SET_NULL, null=True, blank=True, related_name='assigned_leads'
    )
    user_account = models.ForeignKey(
        User, on_delete=models.SET_NULL, null=True, blank=True, related_name='submitted_leads',
        help_text='Consumer platform account that submitted this lead (auto-matched by email)'
    )
    notes       = models.TextField(blank=True, default='')
    created_at  = models.DateTimeField(auto_now_add=True)
    updated_at  = models.DateTimeField(auto_now=True)
    class Meta:
        ordering = ['-created_at']
        indexes  = [
            models.Index(fields=['status']),
            models.Index(fields=['priority']),
            models.Index(fields=['created_at']),
            models.Index(fields=['email']),
        ]
    def __str__(self):
        return f'Lead #{self.pk} — {self.name} ({self.status})'
--- a/admin_api/urls.py
+++ b/admin_api/urls.py
@@ -44,6 +44,12 @@ urlpatterns = [
    path('reviews/<int:pk>/moderate/', views.ReviewModerationView.as_view(), name='review-moderate'),
    path('reviews/<int:pk>/', views.ReviewDeleteView.as_view(), name='review-delete'),
    # Lead Manager
    path('leads/metrics/', views.LeadMetricsView.as_view(), name='lead-metrics'),
    path('leads/', views.LeadListView.as_view(), name='lead-list'),
    path('leads/<int:pk>/', views.LeadDetailView.as_view(), name='lead-detail'),
    path('leads/<int:pk>/update/', views.LeadUpdateView.as_view(), name='lead-update'),
        path('gamification/submit-event/', views.GamificationSubmitEventView.as_view(), name='gamification-submit-event'),
    path('gamification/submit-event', views.GamificationSubmitEventView.as_view()),
    path('shop/items/', views.ShopItemsView.as_view(), name='shop-items'),
--- a/admin_api/views.py
+++ b/admin_api/views.py
@@ -684,6 +684,7 @@ def _serialize_event(e):
        'isFeatured': bool(e.is_featured),
        'isTopEvent': bool(e.is_top_event),
        'source': e.source or 'eventify',
        'contributedBy': getattr(e, 'contributed_by', '') or '',
        'eventTypeId': e.event_type_id,
        'eventTypeName': e.event_type.event_type if e.event_type_id and e.event_type else '',
    }
@@ -796,6 +797,7 @@ class EventUpdateView(APIView):
            'pincode': 'pincode',
            'importantInformation': 'important_information',
            'source': 'source',
            'contributedBy': 'contributed_by',
            'cancelledReason': 'cancelled_reason',
            'outsideEventUrl': 'outside_event_url',
        }
@@ -2343,3 +2345,174 @@ class ShopRedeemView(APIView):
            },
            'message': 'Reward redeemed successfully!',
        })
 # ---------------------------------------------------------------------------
 # Lead Manager
 # ---------------------------------------------------------------------------
 def _serialize_lead(lead):
    assigned_name = ''
    assigned_id = None
    if lead.assigned_to:
        assigned_name = lead.assigned_to.get_full_name() or lead.assigned_to.username
        assigned_id = lead.assigned_to.pk
    user_account = None
    if lead.user_account:
        u = lead.user_account
        profile_pic = None
        try:
            if u.profile_picture:
                profile_pic = u.profile_picture.url
        except Exception:
            pass
        user_account = {
            'id':           u.pk,
            'name':         u.get_full_name() or u.username,
            'email':        u.email,
            'phone':        getattr(u, 'phone_number', None) or '',
            'eventifyId':   getattr(u, 'eventify_id', None),
            'profilePicture': profile_pic,
        }
    return {
        'id':             lead.pk,
        'name':           lead.name,
        'email':          lead.email,
        'phone':          lead.phone,
        'eventType':      lead.event_type,
        'message':        lead.message,
        'status':         lead.status,
        'source':         lead.source,
        'priority':       lead.priority,
        'assignedTo':     assigned_id,
        'assignedToName': assigned_name,
        'notes':          lead.notes,
        'createdAt':      lead.created_at.isoformat(),
        'updatedAt':      lead.updated_at.isoformat(),
        'userAccount':    user_account,
    }
 class LeadMetricsView(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request):
        from admin_api.models import Lead
        from django.utils import timezone
        today = timezone.now().date()
        return Response({
            'total':     Lead.objects.count(),
            'newToday':  Lead.objects.filter(created_at__date=today).count(),
            'new':       Lead.objects.filter(status='new').count(),
            'contacted': Lead.objects.filter(status='contacted').count(),
            'qualified': Lead.objects.filter(status='qualified').count(),
            'converted': Lead.objects.filter(status='converted').count(),
            'closed':    Lead.objects.filter(status='closed').count(),
        })
 class LeadListView(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request):
        from admin_api.models import Lead
        from django.db.models import Q
        qs = Lead.objects.select_related('assigned_to', 'user_account').order_by('-created_at')
        # Filters
        status_f = request.query_params.get('status', '').strip()
        if status_f and status_f in dict(Lead.STATUS_CHOICES):
            qs = qs.filter(status=status_f)
        priority_f = request.query_params.get('priority', '').strip()
        if priority_f and priority_f in dict(Lead.PRIORITY_CHOICES):
            qs = qs.filter(priority=priority_f)
        source_f = request.query_params.get('source', '').strip()
        if source_f and source_f in dict(Lead.SOURCE_CHOICES):
            qs = qs.filter(source=source_f)
        search = request.query_params.get('search', '').strip()
        if search:
            qs = qs.filter(
                Q(name__icontains=search) |
                Q(email__icontains=search) |
                Q(phone__icontains=search)
            )
        date_from = request.query_params.get('date_from', '').strip()
        if date_from:
            qs = qs.filter(created_at__date__gte=date_from)
        date_to = request.query_params.get('date_to', '').strip()
        if date_to:
            qs = qs.filter(created_at__date__lte=date_to)
        # Pagination
        try:
            page = max(1, int(request.query_params.get('page', 1)))
            page_size = min(100, int(request.query_params.get('page_size', 20)))
        except (ValueError, TypeError):
            page, page_size = 1, 20
        total = qs.count()
        leads = qs[(page - 1) * page_size: page * page_size]
        return Response({'count': total, 'results': [_serialize_lead(l) for l in leads]})
 class LeadDetailView(APIView):
    permission_classes = [IsAuthenticated]
    def get(self, request, pk):
        from admin_api.models import Lead
        from django.shortcuts import get_object_or_404
        lead = get_object_or_404(Lead.objects.select_related('assigned_to', 'user_account'), pk=pk)
        return Response(_serialize_lead(lead))
 class LeadUpdateView(APIView):
    permission_classes = [IsAuthenticated]
    def patch(self, request, pk):
        from admin_api.models import Lead
        from django.shortcuts import get_object_or_404
        from eventify_logger.services import log
        lead = get_object_or_404(Lead, pk=pk)
        changed = []
        new_status = request.data.get('status')
        if new_status:
            if new_status not in dict(Lead.STATUS_CHOICES):
                return Response({'error': f'Invalid status: {new_status}'}, status=400)
            lead.status = new_status
            changed.append('status')
        new_priority = request.data.get('priority')
        if new_priority:
            if new_priority not in dict(Lead.PRIORITY_CHOICES):
                return Response({'error': f'Invalid priority: {new_priority}'}, status=400)
            lead.priority = new_priority
            changed.append('priority')
        assigned_to_id = request.data.get('assignedTo')
        if assigned_to_id is not None:
            if assigned_to_id == '' or assigned_to_id is False:
                lead.assigned_to = None
                changed.append('assigned_to')
            else:
                try:
                    lead.assigned_to = User.objects.get(pk=int(assigned_to_id))
                    changed.append('assigned_to')
                except (User.DoesNotExist, ValueError, TypeError):
                    return Response({'error': 'Invalid assignedTo user'}, status=400)
        notes = request.data.get('notes')
        if notes is not None:
            lead.notes = notes
            changed.append('notes')
        lead.save()
        log("info", f"Lead #{pk} updated: {', '.join(changed)}", request=request, user=request.user)
        return Response(_serialize_lead(lead))
--- a/eventify/urls.py
+++ b/eventify/urls.py
@@ -36,6 +36,7 @@ urlpatterns = [
    path('banking/', include('banking_operations.urls')),
    path('api/', include('mobile_api.urls')),
    path('api/v1/', include('admin_api.urls')),
    path('api/notifications/', include('notifications.urls')),
    # path('web-api/', include('web_api.urls')),
    path('summernote/', include('django_summernote.urls')),
--- a/events/migrations/0011_event_contributed_by.py
+++ b/events/migrations/0011_event_contributed_by.py
@@ -0,0 +1,73 @@
 """
 Add contributed_by field to Event and backfill from overloaded source field.
 The admin dashboard stores community contributor identifiers (EVT-XXXXXXXX or email)
 in the source field. This migration:
 1. Adds a dedicated contributed_by CharField
 2. Copies user identifiers from source → contributed_by
 3. Normalizes source back to its intended choices ('eventify', 'community', 'partner')
 """
 from django.db import migrations, models
 def backfill_contributed_by(apps, schema_editor):
    """Move user identifiers from source to contributed_by."""
    Event = apps.get_model('events', 'Event')
    STANDARD_SOURCES = {'eventify', 'community', 'partner', 'eventify_team', 'official', ''}
    for event in Event.objects.all().iterator():
        source_val = (event.source or '').strip()
        changed = False
        # User identifier: contains @ (email) or starts with EVT- (eventifyId)
        if source_val and source_val not in STANDARD_SOURCES and not source_val.startswith('partner:'):
            event.contributed_by = source_val
            event.source = 'community'
            changed = True
        # Normalize eventify_team → eventify
        elif source_val == 'eventify_team':
            event.source = 'eventify'
            changed = True
        # Normalize official → eventify
        elif source_val == 'official':
            event.source = 'eventify'
            changed = True
        if changed:
            event.save(update_fields=['source', 'contributed_by'])
 def reverse_backfill(apps, schema_editor):
    """Reverse: move contributed_by back to source."""
    Event = apps.get_model('events', 'Event')
    for event in Event.objects.exclude(contributed_by__isnull=True).exclude(contributed_by='').iterator():
        event.source = event.contributed_by
        event.contributed_by = None
        event.save(update_fields=['source', 'contributed_by'])
 class Migration(migrations.Migration):
    dependencies = [
        ('events', '0010_merge_20260324_1443'),
    ]
    operations = [
        # Step 1: Add the field
        migrations.AddField(
            model_name='event',
            name='contributed_by',
            field=models.CharField(
                blank=True,
                help_text='Eventify ID (EVT-XXXXXXXX) or email of the community contributor',
                max_length=100,
                null=True,
            ),
        ),
        # Step 2: Backfill data
        migrations.RunPython(backfill_contributed_by, reverse_backfill),
    ]
--- a/events/migrations/0012_eventlike.py
+++ b/events/migrations/0012_eventlike.py
@@ -0,0 +1,38 @@
 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ('events', '0011_event_contributed_by'),
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
    ]
    operations = [
        migrations.CreateModel(
            name='EventLike',
            fields=[
                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('created_at', models.DateTimeField(auto_now_add=True)),
                ('event', models.ForeignKey(
                    on_delete=django.db.models.deletion.CASCADE,
                    related_name='likes',
                    to='events.event',
                )),
                ('user', models.ForeignKey(
                    on_delete=django.db.models.deletion.CASCADE,
                    related_name='event_likes',
                    to=settings.AUTH_USER_MODEL,
                )),
            ],
            options={
                'unique_together': {('user', 'event')},
            },
        ),
        migrations.AddIndex(
            model_name='eventlike',
            index=models.Index(fields=['user', '-created_at'], name='events_even_user_id_created_idx'),
        ),
    ]
--- a/events/models.py
+++ b/events/models.py
@@ -58,6 +58,11 @@ class Event(models.Model):
    is_featured = models.BooleanField(default=False, help_text='Show this event in the featured section')
    is_top_event = models.BooleanField(default=False, help_text='Show this event in the Top Events section')
    contributed_by = models.CharField(
        max_length=100, blank=True, null=True,
        help_text='Eventify ID (EVT-XXXXXXXX) or email of the community contributor',
    )
    def __str__(self):
        return f"{self.name} ({self.start_date})"
@@ -71,3 +76,26 @@ class EventImages(models.Model):
        return f"{self.event_image}"
 class EventLike(models.Model):
    user = models.ForeignKey(
        'accounts.User',
        on_delete=models.CASCADE,
        related_name='event_likes'
    )
    event = models.ForeignKey(
        Event,
        on_delete=models.CASCADE,
        related_name='likes'
    )
    created_at = models.DateTimeField(auto_now_add=True)
    class Meta:
        unique_together = ('user', 'event')
        indexes = [
            models.Index(fields=['user', '-created_at']),
        ]
    def __str__(self):
        return f"{self.user.email} likes {self.event.name}"
--- a/mobile_api/urls.py
+++ b/mobile_api/urls.py
@@ -1,6 +1,8 @@
 from django.urls import path
 from .views import *
 from mobile_api.views.user import ScheduleCallView
 from mobile_api.views.reviews import ReviewSubmitView, MobileReviewListView, ReviewHelpfulView, ReviewFlagView
 from mobile_api.views.favorites import ToggleLikeView, MyLikedIdsView, MyLikedEventsView
 from ad_control.views import ConsumerFeaturedEventsView, ConsumerTopEventsView
@@ -13,6 +15,7 @@ urlpatterns = [
    path('user/update-profile/', UpdateProfileView.as_view(), name='update_profile'),
    path('user/bulk-public-info/', BulkUserPublicInfoView.as_view(), name='bulk_public_info'),
    path('user/google-login/', GoogleLoginView.as_view(), name='google_login'),
    path('leads/schedule-call/', ScheduleCallView.as_view(), name='schedule_call'),
 ]
 # Event URLS
@@ -37,3 +40,10 @@ urlpatterns += [
    path('reviews/helpful', ReviewHelpfulView.as_view()),
    path('reviews/flag', ReviewFlagView.as_view()),
 ]
 # Favorites URLs
 urlpatterns += [
    path('events/like/', ToggleLikeView.as_view()),
    path('events/my-likes/', MyLikedIdsView.as_view()),
    path('events/my-liked-events/', MyLikedEventsView.as_view()),
 ]
--- a/mobile_api/views/favorites.py
+++ b/mobile_api/views/favorites.py
@@ -0,0 +1,146 @@
 from django.views import View
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
 from django.http import JsonResponse
 from django.core.paginator import Paginator
 from events.models import Event, EventLike, EventImages
 from mobile_api.utils import validate_token_and_get_user
 from eventify_logger.services import log
 def _serialize_liked_event(event):
    """Serialize an Event for the liked-events list."""
    primary_img = EventImages.objects.filter(
        event=event, is_primary=True
    ).first()
    if not primary_img:
        primary_img = EventImages.objects.filter(event=event).first()
    return {
        'id': event.id,
        'title': event.title or event.name,
        'image': primary_img.event_image.url if primary_img else '',
        'date': str(event.start_date) if event.start_date else None,
        'location': event.place or '',
        'venue': event.venue_name or '',
        'event_type': event.event_type.event_type if event.event_type else '',
        'event_status': event.event_status,
    }
@method_decorator(csrf_exempt, name='dispatch')
 class ToggleLikeView(View):
    """POST /api/events/like/ — toggle like on/off for an event."""
    def post(self, request):
        try:
            user, token, data, error_response = validate_token_and_get_user(request)
            if error_response:
                return error_response
            event_id = data.get('event_id')
            if not event_id:
                return JsonResponse(
                    {'status': 'error', 'message': 'event_id is required'},
                    status=400
                )
            try:
                event = Event.objects.get(pk=event_id)
            except Event.DoesNotExist:
                return JsonResponse(
                    {'status': 'error', 'message': 'Event not found'},
                    status=404
                )
            like, created = EventLike.objects.get_or_create(user=user, event=event)
            if not created:
                like.delete()
                return JsonResponse({'status': 'success', 'liked': False})
            return JsonResponse({'status': 'success', 'liked': True})
        except Exception as e:
            log("error", "ToggleLikeView exception", request=request,
                logger_data={"error": str(e)})
            return JsonResponse(
                {'status': 'error', 'message': 'An unexpected server error occurred.'},
                status=500
            )
@method_decorator(csrf_exempt, name='dispatch')
 class MyLikedIdsView(View):
    """POST /api/events/my-likes/ — return all liked event IDs for the user."""
    def post(self, request):
        try:
            user, token, data, error_response = validate_token_and_get_user(request)
            if error_response:
                return error_response
            liked_ids = list(
                EventLike.objects.filter(user=user)
                .values_list('event_id', flat=True)
            )
            return JsonResponse({'status': 'success', 'liked_event_ids': liked_ids})
        except Exception as e:
            log("error", "MyLikedIdsView exception", request=request,
                logger_data={"error": str(e)})
            return JsonResponse(
                {'status': 'error', 'message': 'An unexpected server error occurred.'},
                status=500
            )
@method_decorator(csrf_exempt, name='dispatch')
 class MyLikedEventsView(View):
    """POST /api/events/my-liked-events/ — paginated liked events with full data."""
    def post(self, request):
        try:
            user, token, data, error_response = validate_token_and_get_user(request)
            if error_response:
                return error_response
            page = int(data.get('page', 1))
            page_size = min(int(data.get('page_size', 20)), 50)
            # Event IDs liked by this user, newest first
            liked_event_ids = list(
                EventLike.objects.filter(user=user)
                .order_by('-created_at')
                .values_list('event_id', flat=True)
            )
            # Preserve ordering from liked_event_ids
            from django.db.models import Case, When, IntegerField
            ordering = Case(
                *[When(pk=pk, then=pos) for pos, pk in enumerate(liked_event_ids)],
                output_field=IntegerField()
            )
            events_qs = Event.objects.filter(id__in=liked_event_ids).order_by(ordering)
            paginator = Paginator(events_qs, page_size)
            page_obj = paginator.get_page(page)
            events_data = [_serialize_liked_event(e) for e in page_obj]
            return JsonResponse({
                'status': 'success',
                'events': events_data,
                'total': paginator.count,
                'page': page,
                'page_size': page_size,
                'has_next': page_obj.has_next(),
            })
        except Exception as e:
            log("error", "MyLikedEventsView exception", request=request,
                logger_data={"error": str(e)})
            return JsonResponse(
                {'status': 'error', 'message': 'An unexpected server error occurred.'},
                status=500
            )
--- a/mobile_api/views/user.py
+++ b/mobile_api/views/user.py
@@ -1,9 +1,11 @@
 # accounts/views.py
 import json
 import secrets
 from django.views.decorators.csrf import csrf_exempt
 from django.http import JsonResponse
 from django.utils.decorators import method_decorator
 from django.views import View
 from rest_framework.views import APIView
 from rest_framework.authtoken.models import Token
 from mobile_api.forms import RegisterForm, LoginForm, WebRegisterForm
 from rest_framework.authentication import TokenAuthentication
@@ -363,3 +365,159 @@ class UpdateProfileView(View):
                'success': False,
                'error': 'An unexpected server error occurred. Please try again.'
            }, status=500)
@method_decorator(csrf_exempt, name='dispatch')
 class BulkUserPublicInfoView(APIView):
    """Internal endpoint for Node.js gamification server to resolve user details.
    Accepts POST with { emails: [...] } (max 500).
    Returns { users: { email: { district, display_name, eventify_id } } }
    """
    authentication_classes = []
    permission_classes = []
    def post(self, request):
        try:
            json_data = json.loads(request.body)
            emails = json_data.get('emails', [])
            if not emails or not isinstance(emails, list) or len(emails) > 500:
                return JsonResponse({'error': 'Provide 1-500 emails'}, status=400)
            users_qs = User.objects.filter(email__in=emails).values_list(
                'email', 'first_name', 'last_name', 'district', 'eventify_id'
            )
            result = {}
            for email, first, last, district, eid in users_qs:
                name = f"{first} {last}".strip() or email.split('@')[0]
                result[email] = {
                    'display_name': name,
                    'district': district or '',
                    'eventify_id': eid or '',
                }
            return JsonResponse({'users': result})
        except Exception as e:
            log("error", "BulkUserPublicInfoView error", logger_data={"error": str(e)})
            return JsonResponse({'error': 'An unexpected server error occurred.'}, status=500)
@method_decorator(csrf_exempt, name='dispatch')
 class GoogleLoginView(View):
    """Verify a Google ID token, find or create the user, return the same response shape as LoginView."""
    def post(self, request):
        try:
            from google.oauth2 import id_token as google_id_token
            from google.auth.transport import requests as google_requests
            data = json.loads(request.body)
            token = data.get('id_token')
            if not token:
                return JsonResponse({'error': 'id_token is required'}, status=400)
            idinfo = google_id_token.verify_oauth2_token(token, google_requests.Request())
            email = idinfo.get('email')
            if not email:
                return JsonResponse({'error': 'Email not found in Google token'}, status=400)
            user, created = User.objects.get_or_create(
                email=email,
                defaults={
                    'username': email,
                    'first_name': idinfo.get('given_name', ''),
                    'last_name': idinfo.get('family_name', ''),
                    'role': 'customer',
                },
            )
            if created:
                user.set_password(secrets.token_urlsafe(32))
                user.save()
                log("info", "Google OAuth new user created", request=request, user=user)
            auth_token, _ = Token.objects.get_or_create(user=user)
            log("info", "Google OAuth login", request=request, user=user)
            return JsonResponse({
                'message': 'Login successful',
                'token': auth_token.key,
                'eventify_id': user.eventify_id or '',
                'username': user.username,
                'email': user.email,
                'phone_number': user.phone_number or '',
                'first_name': user.first_name,
                'last_name': user.last_name,
                'role': user.role,
                'pincode': user.pincode or '',
                'district': user.district or '',
                'district_changed_at': user.district_changed_at.isoformat() if user.district_changed_at else None,
                'state': user.state or '',
                'country': user.country or '',
                'place': user.place or '',
                'latitude': user.latitude or '',
                'longitude': user.longitude or '',
                'profile_photo': user.profile_picture.url if user.profile_picture else '',
            }, status=200)
        except ValueError as e:
            log("warning", "Google OAuth invalid token", request=request, logger_data={"error": str(e)})
            return JsonResponse({'error': 'Invalid Google token'}, status=401)
        except Exception as e:
            log("error", "Google OAuth exception", request=request, logger_data={"error": str(e)})
            return JsonResponse({'error': 'An unexpected server error occurred.'}, status=500)
@method_decorator(csrf_exempt, name='dispatch')
 class ScheduleCallView(View):
    """Public endpoint for the 'Schedule a Call' form on the consumer app."""
    def post(self, request):
        from admin_api.models import Lead
        try:
            data = json.loads(request.body)
            name = (data.get('name') or '').strip()
            email = (data.get('email') or '').strip()
            phone = (data.get('phone') or '').strip()
            event_type = (data.get('eventType') or '').strip()
            message = (data.get('message') or '').strip()
            errors = {}
            if not name:
                errors['name'] = ['This field is required.']
            if not email:
                errors['email'] = ['This field is required.']
            if not phone:
                errors['phone'] = ['This field is required.']
            valid_event_types = [c[0] for c in Lead.EVENT_TYPE_CHOICES]
            if not event_type or event_type not in valid_event_types:
                errors['eventType'] = [f'Must be one of: {", ".join(valid_event_types)}']
            if errors:
                return JsonResponse({'errors': errors}, status=400)
            # Auto-link to a consumer account if one exists with this email
            from django.contrib.auth import get_user_model
            _User = get_user_model()
            try:
                consumer_account = _User.objects.get(email=email)
            except _User.DoesNotExist:
                consumer_account = None
            lead = Lead.objects.create(
                name=name,
                email=email,
                phone=phone,
                event_type=event_type,
                message=message,
                status='new',
                source='schedule_call',
                priority='medium',
                user_account=consumer_account,
            )
            log("info", f"New schedule-call lead #{lead.pk} from {email}", request=request)
            return JsonResponse({
                'status': 'success',
                'message': 'Your request has been submitted. Our team will get back to you soon.',
                'lead_id': lead.pk,
            }, status=201)
        except json.JSONDecodeError:
            return JsonResponse({'error': 'Invalid JSON body.'}, status=400)
        except Exception as e:
            log("error", "Schedule call exception", request=request, logger_data={"error": str(e)})
            return JsonResponse({'error': 'An unexpected server error occurred.'}, status=500)
--- a/notifications/init.py
+++ b/notifications/init.py
--- a/notifications/admin.py
+++ b/notifications/admin.py
@@ -0,0 +1,10 @@
 from django.contrib import admin
 from .models import Notification
@admin.register(Notification)
 class NotificationAdmin(admin.ModelAdmin):
    list_display = ('title', 'user', 'notification_type', 'is_read', 'created_at')
    list_filter = ('notification_type', 'is_read', 'created_at')
    search_fields = ('title', 'message', 'user__email')
    readonly_fields = ('created_at',)
--- a/notifications/apps.py
+++ b/notifications/apps.py
@@ -0,0 +1,6 @@
 from django.apps import AppConfig
 class NotificationsConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'notifications'
--- a/notifications/models.py
+++ b/notifications/models.py
@@ -0,0 +1,25 @@
 from django.db import models
 from accounts.models import User
 class Notification(models.Model):
    NOTIFICATION_TYPES = [
        ('event', 'Event'),
        ('promo', 'Promotion'),
        ('system', 'System'),
        ('booking', 'Booking'),
    ]
    user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='notifications')
    title = models.CharField(max_length=255)
    message = models.TextField()
    notification_type = models.CharField(max_length=20, choices=NOTIFICATION_TYPES, default='system')
    is_read = models.BooleanField(default=False)
    action_url = models.URLField(blank=True, null=True)
    created_at = models.DateTimeField(auto_now_add=True)
    class Meta:
        ordering = ['-created_at']
    def __str__(self):
        return f"{self.notification_type}: {self.title} → {self.user.email}"
--- a/notifications/urls.py
+++ b/notifications/urls.py
@@ -0,0 +1,8 @@
 from django.urls import path
 from .views import NotificationListView, NotificationMarkReadView, NotificationCountView
 urlpatterns = [
    path('list/', NotificationListView.as_view(), name='notification_list'),
    path('mark-read/', NotificationMarkReadView.as_view(), name='notification_mark_read'),
    path('count/', NotificationCountView.as_view(), name='notification_count'),
 ]
--- a/notifications/views.py
+++ b/notifications/views.py
@@ -0,0 +1,85 @@
 import json
 from django.views.decorators.csrf import csrf_exempt
 from django.http import JsonResponse
 from django.utils.decorators import method_decorator
 from django.views import View
 from mobile_api.utils import validate_token_and_get_user
 from eventify_logger.services import log
 from .models import Notification
@method_decorator(csrf_exempt, name='dispatch')
 class NotificationListView(View):
    def post(self, request):
        try:
            user, token, data, error_response = validate_token_and_get_user(request, error_status_code=True)
            if error_response:
                return error_response
            page = int(data.get('page', 1))
            page_size = int(data.get('page_size', 20))
            offset = (page - 1) * page_size
            notifications = Notification.objects.filter(user=user)[offset:offset + page_size]
            total = Notification.objects.filter(user=user).count()
            items = [{
                'id': n.id,
                'title': n.title,
                'message': n.message,
                'notification_type': n.notification_type,
                'is_read': n.is_read,
                'action_url': n.action_url or '',
                'created_at': n.created_at.isoformat(),
            } for n in notifications]
            return JsonResponse({
                'status': 'success',
                'notifications': items,
                'total': total,
                'page': page,
                'page_size': page_size,
            })
        except Exception as e:
            log("error", "NotificationListView error", request=request, logger_data={"error": str(e)})
            return JsonResponse({'error': 'An unexpected server error occurred.'}, status=500)
@method_decorator(csrf_exempt, name='dispatch')
 class NotificationMarkReadView(View):
    def post(self, request):
        try:
            user, token, data, error_response = validate_token_and_get_user(request, error_status_code=True)
            if error_response:
                return error_response
            mark_all = data.get('mark_all', False)
            notification_id = data.get('notification_id')
            if mark_all:
                Notification.objects.filter(user=user, is_read=False).update(is_read=True)
                return JsonResponse({'status': 'success', 'message': 'All notifications marked as read'})
            if notification_id:
                Notification.objects.filter(id=notification_id, user=user).update(is_read=True)
                return JsonResponse({'status': 'success', 'message': 'Notification marked as read'})
            return JsonResponse({'error': 'Provide notification_id or mark_all=true'}, status=400)
        except Exception as e:
            log("error", "NotificationMarkReadView error", request=request, logger_data={"error": str(e)})
            return JsonResponse({'error': 'An unexpected server error occurred.'}, status=500)
@method_decorator(csrf_exempt, name='dispatch')
 class NotificationCountView(View):
    def post(self, request):
        try:
            user, token, data, error_response = validate_token_and_get_user(request, error_status_code=True)
            if error_response:
                return error_response
            count = Notification.objects.filter(user=user, is_read=False).count()
            return JsonResponse({'status': 'success', 'unread_count': count})
        except Exception as e:
            log("error", "NotificationCountView error", request=request, logger_data={"error": str(e)})
            return JsonResponse({'error': 'An unexpected server error occurred.'}, status=500)
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
 Django>=4.2
 Pillow
 django-summernote
 google-auth>=2.0.0
Author	SHA1	Message	Date
Sicherhaven	9aa7c01efe	feat(favorites): add EventLike model, favorites API, and notifications module - EventLike model (user × event unique constraint, indexed) - contributed_by field on Event (EVT ID or email of community contributor) - Favorites API endpoints: toggle-like, my-likes, my-liked-events - Notifications app wired into main urls.py at /api/notifications/ - accounts migration 0014_merge_0013 (resolves split 0013 branches) - requirements.txt updated	2026-04-07 12:56:25 +05:30
Sicherhaven	d04891c064	feat(leads): link consumer account to lead on submission - user_account FK on Lead model (SET_NULL, related_name='submitted_leads') - Migration 0004_lead_user_account - ScheduleCallView auto-matches consumer account by email on create - _serialize_lead now returns userAccount: {id, name, email, phone, eventifyId, profilePicture}	2026-04-07 11:52:41 +05:30
Sicherhaven	9142b8fedb	feat(leads): add Lead Manager module with full admin and consumer endpoints - Lead model in admin_api with status/priority/source/assigned_to fields - Admin API: metrics, list, detail, update views at /api/v1/leads/ - Consumer API: public ScheduleCallView at /api/leads/schedule-call/ - RBAC: 'leads' module registered in ALL_MODULES and StaffProfile scopes - Migration 0003_lead with indexes on status, priority, created_at, email	2026-04-07 10:48:04 +05:30
Sicherhaven	14c474ea87	docs: changelog v1.8.3 — TopEventsAPI fix	2026-04-06 22:21:32 +05:30
Sicherhaven	8d0e801d86	fix(top-events): remove token gate, add event_status filter and event_type_name TopEventsAPI had AllowAny permission but still called validate_token_and_get_user(), blocking unauthenticated carousel fetches. Also added event_status='published' filter and event_type_name resolution (model_to_dict only returns the FK integer, not the string name).	2026-04-06 22:16:41 +05:30
Sicherhaven	a29e8d2892	fix(featured-events): resolve event_type FK to name string in API response model_to_dict() returns event_type as an integer PK; the DHS frontend reads ev.event_type_name to show the category badge. Added event_type_name resolution so the carousel displays e.g. "Festivals".	2026-04-06 21:44:11 +05:30
Sicherhaven	2fefdd16c9	docs: changelog v1.8.1 — FeaturedEventsAPI token gate fix	2026-04-06 19:45:46 +05:30
Sicherhaven	8ae97dcdc7	fix(featured-events): remove token gate from FeaturedEventsAPI FeaturedEventsAPI had AllowAny permission but still called validate_token_and_get_user(), causing it to return a token-required error for unauthenticated requests from the desktop hero slider. Removed the token check entirely — the endpoint is public by design. Also tightened the queryset to event_status='published' to match ConsumerFeaturedEventsView behaviour.	2026-04-06 19:41:25 +05:30
Sicherhaven	05770d6d21	feat(carousel): wire is_featured flag to consumer featured events API ConsumerFeaturedEventsView now includes events with is_featured=True alongside ad placement results. Placement events retain priority; is_featured events are appended, deduped, and capped at 10 total.	2026-04-06 17:25:19 +05:30
Sicherhaven	b8a69ceae2	fix(accounts): add merge migration to resolve conflicting eventify_id migrations 0011_user_eventify_id and 0012_user_eventify_id both added eventify_id field from different base migrations. Created 0013 merge node to unify the graph.	2026-04-06 12:30:49 +05:30
Sicherhaven	b2a2cbad5f	feat(ad_control): new AdSurface + AdPlacement module for placement-based featured/top events - New ad_control Django app: AdSurface + AdPlacement models with GLOBAL/LOCAL scope - Admin CRUD API at /api/v1/ad-control/ (JWT-protected): surfaces, placements, picker events - Placement lifecycle: DRAFT → ACTIVE\|SCHEDULED → EXPIRED\|DISABLED - LOCAL scope: Haversine ≤ 50km from event lat/lng (fixed radius, no config needed) - Consumer APIs: /api/events/featured-events/ and /api/events/top-events/ rewritten to use placement-based queries (same URL paths + response shape — no breaking changes) - Seed command: seed_surfaces --migrate converts existing is_featured/is_top_event booleans - mount: admin_api/urls.py → ad-control/, mobile_api/urls.py → replaced consumer views - settings.py: added ad_control to INSTALLED_APPS	2026-04-06 12:10:06 +05:30
Sicherhaven	635a1224cd	fix: add localhost:8080 to CORS_ALLOWED_ORIGINS for Flutter web preview	2026-04-04 18:56:47 +05:30
Sicherhaven	3a3f6d4179	feat: HOME-007 — server-side event title/description search (q param)	2026-04-04 17:33:56 +05:30
Sicherhaven	c9afbcf3cc	feat(accounts): home district with 6-month cooldown - accounts/models.py: add district_changed_at DateTimeField + VALID_DISTRICTS constant (14 Kerala districts) - migration 0013_user_district_changed_at: nullable DateTimeField, no backfill - WebRegisterForm: accept optional district during signup, stamp district_changed_at - UpdateProfileView: enforce 183-day cooldown with human-readable error - LoginView/WebRegisterView/StatusView: include district_changed_at in responses Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-04-04 10:42:44 +05:30
Sicherhaven	ac2b2ba242	fix(users): add include_all param to UserListView for contributor search Superusers (admins) were excluded by the is_superuser=False filter, making them unsearchable in the contributor picker. Pass include_all=1 to bypass this filter when searching for event contributors.	2026-04-03 17:41:45 +05:30
Sicherhaven	a208ddf1f7	fix(users): add eventify_id__icontains to UserListView search filter EVT-XXXXXXXX searches were returning no results because the Q filter only covered first_name, last_name, email, username, phone_number.	2026-04-03 17:37:09 +05:30
Sicherhaven	4a24e9cdca	feat(events): add EventDeleteView for permanent event deletion - Add EventDeleteView with DELETE /api/v1/events/<pk>/delete/ - Register delete URL in admin_api/urls.py	2026-04-03 17:21:26 +05:30
Sicherhaven	bae9ac9e23	docs: add v1.6.1 and v1.6.2 CHANGELOG entries Documents StatusView eventify_id addition and the security fix that stops internal Python exceptions from reaching API callers.	2026-04-03 09:27:15 +05:30
Sicherhaven	a5bdde278d	security: never expose internal exceptions to API callers All except blocks in user.py and events.py now log the real error server-side (via eventify_logger) and return a generic "An unexpected server error occurred." message to the client. Python tracebacks, model field names, and ORM errors are no longer visible in API responses.	2026-04-03 09:23:26 +05:30
Sicherhaven	fc5aa555e5	feat(api): return eventify_id in StatusView response Adds `eventify_id` to the `/api/user/status/` endpoint so that `initProfileTickets` can fetch the EVT-XXXXXXXX badge for users whose localStorage session pre-dates the eventify_id login field.	2026-04-03 09:14:37 +05:30
Sicherhaven	9d61967350	feat: add Haversine radius-based location filtering to EventListAPI - Add _haversine_km() great-circle distance function (pure Python, no PostGIS) - EventListAPI now accepts optional latitude, longitude, radius_km params - Bounding-box SQL pre-filter narrows candidates, Haversine filters precisely - Progressive radius expansion: 10km → 25km → 50km → 100km if <6 results - Backward compatible: falls back to pincode filtering when no coords provided - Response includes radius_km field showing effective search radius used - Guard radius_km float conversion against malformed input - Use `is not None` checks for lat/lng (handles 0.0 edge case) - Expansion list filters to only try radii larger than requested	2026-04-03 08:56:00 +05:30
Sicherhaven	99f376506d	docs: add CHANGELOG.md and update README version to 1.6.0 - CHANGELOG.md: full history from 1.0.0 → 1.6.0 (Keep a Changelog format) - README.md: bump version badge 1.5.0 → 1.6.0, add changelog summary table	2026-04-02 11:03:18 +05:30
Sicherhaven	384797551f	feat: add Eventify ID (EVT-XXXXXXXX) to User model and all APIs - Add eventify_id CharField (unique, indexed, editable=False) to User - Auto-generate on save() with charset excluding I/O/0/1 for clarity - Migration 0012: add field nullable, backfill all existing users, make non-null - Sync migration 0011 (allowed_modules) pulled from server - Expose eventify_id in accounts/api.py, partner/api.py serializers - Expose eventify_id in mobile_api login response (populates localStorage)	2026-04-02 10:26:08 +05:30
admin	255519473b	feat: add RBAC migrations, user modules, admin API updates, and utility scripts	2026-04-02 04:06:02 +00:00
Eventify Deploy	1b6185c758	security: fix SMTP credential exposure and auth bypass - C-1: Move EMAIL_HOST_PASSWORD to os.environ (was hardcoded plaintext) - C-2: Enable token-user cross-validation in validate_token_and_get_user() (compares token.user_id with user.id to prevent impersonation) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 19:29:42 +00:00
Eventify Deploy	43123d0ff1	feat: add source field with 3 options, fix EventListAPI fallback, add is_eventify_event to API response - Event.source field updated: eventify, community, partner (radio select in form) - EventListAPI: fallback to all events when pincode returns < 6 - EventListAPI: include is_eventify_event and source in serializer - Admin API: add source to list serializer - Django admin: source in list_display, list_filter, list_editable - Event form template: proper radio button rendering for source field Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 11:23:03 +00:00
Eventify Deploy	388057b641	feat: add user search/filter, banned metric, mobile review API, event detail improvements - admin_api/views.py: Add banned count to UserMetrics, fix server-side search/filter in UserListView - admin_api/models.py: Add ReviewInteraction model, display_name/is_verified/helpful_count/flag_count to Review - mobile_api/views/reviews.py: Customer-facing review submit/list/helpful/flag endpoints - mobile_api/urls.py: Wire review API routes - mobile_api/views/events.py: Event detail and listing improvements - Security hardening across API modules	2026-03-26 09:50:03 +00:00
Eventify Deploy	5a2752a2de	fix: security audit remediation — Django settings + payment gateway API - ALLOWED_HOSTS: wildcard replaced with explicit domain list (#15) - CORS_ALLOWED_ORIGINS: added app.eventifyplus.com (#16) - CSRF_TRUSTED_ORIGINS: added app.eventifyplus.com (#18) - JWT ACCESS_TOKEN_LIFETIME: 1 day reduced to 30 minutes (#19) - ROTATE_REFRESH_TOKENS enabled - SECRET_KEY: removed unsafe fallback, crash on missing env var - Added ActivePaymentGatewayView for dynamic gateway config (#1, #5, #20) - Added PaymentGatewaySettingsView CRUD for admin panel Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-25 12:25:11 +00:00
Sicherhaven	b12f4952b3	fix: update admin_api migration dependency to existing events migration 0001_initial was referencing events.0011_dashboard_indexes which no longer exists as a file on disk (the DB has it applied but the file was removed). Updated dependency to 0010_merge_20260324_1443 which is the latest events migration file present, resolving the NodeNotFoundError on management commands.	2026-03-25 11:49:15 +05:30
Sicherhaven	ea378f19b1	refactor: migrate users to PostgreSQL, remove SQLite secondary DB Users have been migrated from eventify-django SQLite to eventify-backend PostgreSQL. The temporary users_db workaround is no longer needed: - settings.py: removed users_db SQLite secondary database config - views.py: removed _user_db()/_user_qs() helpers; user views now query the default PostgreSQL directly with plain User.objects.filter() - docker-compose.yml: SQLite read-only volume mount removed All 27 users (25 non-superuser customers) now live in PostgreSQL.	2026-03-25 11:43:12 +05:30
Sicherhaven	54aa7ce06e	fix: read real users from eventify-django SQLite via secondary database The admin_api was querying eventify-backend's empty PostgreSQL. Real users live in eventify-django's SQLite (db.sqlite3 on host). Fix: - settings.py: auto-adds 'users_db' database config when users_db.sqlite3 is mounted into the container (read-only volume in docker-compose) - views.py: _user_db() helper selects the correct database alias; _user_qs() defers 'partner' field (absent from older SQLite schema) - UserMetricsView, UserListView, UserDetailView, UserStatusView all use _user_qs() so they query the 25 real registered customers	2026-03-25 11:38:03 +05:30
Sicherhaven	a3d1bbad30	fix: scope users API to end-users and tag new registrations as customers - UserListView and UserMetricsView now filter is_superuser=False so only end-user accounts appear in the admin Users page (not admin/staff) - _serialize_user now returns avatarUrl from profile_picture field so the grid view renders profile images instead of broken img tags - RegisterForm and WebRegisterForm now set is_customer=True and role='customer' on save so future registrants are correctly classified	2026-03-25 11:10:29 +05:30
Eventify Deploy	54315408eb	Phase 7: Reviews Moderation — Review model + migration + 4 admin endpoints (metrics, list, moderate, delete)	2026-03-25 02:46:50 +00:00
Eventify Deploy	3103eff949	Phase 6: Financials & Payouts — 4 new financial endpoints (metrics, transactions, settlements, release)	2026-03-24 19:05:33 +00:00
Eventify Deploy	bc0a9ad5c8	docs: beautify README with ASCII banner, badges, API reference, and architecture diagram	2026-03-24 18:47:15 +00:00
Eventify Deploy	d921dde598	Phase 5: Events Admin — 4 new event endpoints (stats, list, detail, moderate)	2026-03-24 18:42:15 +00:00
Eventify Deploy	54d31dd3b1	Phase 4: Users & RBAC — 4 new user endpoints (list, metrics, detail, status)	2026-03-24 18:26:55 +00:00
Ubuntu	cbe06e9c8f	feat: Phase 3 - Partners API (5 endpoints + 2 helpers) - GET /api/v1/partners/stats/ - total, active, pendingKyc, highRisk counts - GET /api/v1/partners/ - paginated list with status/kyc/type/search filters - GET /api/v1/partners/:id/ - full detail with events, kycDocuments, dealTerms, ledger - PATCH /api/v1/partners/:id/status/ - suspend/activate partner - POST /api/v1/partners/:id/kyc/review/ - approve/reject KYC with reason Helpers: _serialize_partner(), _partner_kyc_docs() Status/KYC/type mapping: backend snake_case to frontend capitalised values Risk score derived from kyc_compliance_status (high_risk=80, approved=5, etc.) All views IsAuthenticated, models imported inside methods	2026-03-24 18:11:33 +00:00
Ubuntu	b60d03142c	feat: Phase 1+2 - JWT auth, dashboard metrics API, DB indexes Phase 1 - JWT Auth Foundation: - Replace token auth with djangorestframework-simplejwt - POST /api/v1/admin/auth/login/ - returns access + refresh JWT - POST /api/v1/auth/refresh/ - JWT refresh - GET /api/v1/auth/me/ - current admin profile - GET /api/v1/health/ - DB health check - Add ledger app to INSTALLED_APPS Phase 2 - Dashboard Metrics API: - GET /api/v1/dashboard/metrics/ - revenue, partners, events, tickets - GET /api/v1/dashboard/revenue/ - 7-day revenue vs payouts chart data - GET /api/v1/dashboard/activity/ - last 10 platform events feed - GET /api/v1/dashboard/actions/ - KYC queue, flagged events, pending payouts DB Indexes (dashboard query optimisation): - RazorpayTransaction: status, captured_at - Partner: status, kyc_compliance_status - Event: event_status, start_date, created_date - Booking: created_date - PaymentTransaction: payment_type, payment_transaction_status, payment_transaction_date Infra: - Add Dockerfile for eventify-backend container - Add simplejwt to requirements.txt - All 4 dashboard views use IsAuthenticated permission class	2026-03-24 17:46:41 +00:00
Ubuntu	37001f8e70	feat: add JWT auth foundation - /api/v1/ with admin login, refresh, me, health endpoints - Add djangorestframework-simplejwt==5.3.1 to requirements-docker.txt - Configure REST_FRAMEWORK with JWTAuthentication and SIMPLE_JWT settings - Create admin_api Django app with AdminLoginView, MeView, HealthView - Wire /api/v1/ routes without touching existing /api/ mobile endpoints - Resolve pre-existing events migration conflict (0010_merge) - Superuser admin created for initial authentication	2026-03-24 14:46:03 +00:00