feat(partner-portal): Sprint 1 — partner-me settings endpoints

Add 4 self-service endpoints under /api/v1/partners/me/: - GET/PUT /partners/me/profile/ → name, email, phone, website, bio - GET/PUT /partners/me/notifications/ → 4 boolean notification prefs - GET/PUT /partners/me/payout/ → bank account + payout schedule - POST /partners/me/change-password/ → current+new password change Model changes (partner/models.py + migration 0002): - Partner.bio TextField - Partner.payout_* fields (holder name, account number, IFSC, bank name, schedule) - Partner.notif_* boolean fields (new_booking, event_status, payout_update, weekly_report) Auth: simplejwt Bearer token (same as all admin_api views). Role guard: _require_partner() enforces partner/partner_manager/partner_staff and verifies user.partner FK is non-null. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-22 11:02:34 +05:30
parent 46b391bd51
commit 761b702e57
4 changed files with 324 additions and 0 deletions
--- a/admin_api/views.py
+++ b/admin_api/views.py
@@ -3313,3 +3313,229 @@ class NotificationScheduleTestSendView(APIView):
        log('info', f'Test email sent for schedule #{pk} → {email}',
            request=request, user=request.user)
        return Response({'ok': True, 'sentTo': email})
+
+
+# ===========================================================================
+# Partner-Me (Partner Portal self-service endpoints)
+# Sprint 1 — Settings wiring
+# Auth: simplejwt Bearer token (same as MeView / all admin_api views)
+# ===========================================================================
+
+def _require_partner(request):
+    """Return (partner, None) or (None, error_response)."""
+    partner_roles = ['partner', 'partner_manager', 'partner_staff']
+    if request.user.role not in partner_roles:
+        return None, Response(
+            {'error': 'Partner account required.'},
+            status=status.HTTP_403_FORBIDDEN,
+        )
+    partner = getattr(request.user, 'partner', None)
+    if partner is None:
+        return None, Response(
+            {'error': 'No partner organisation linked to this account.'},
+            status=status.HTTP_403_FORBIDDEN,
+        )
+    return partner, None
+
+
+class PartnerMeProfileView(APIView):
+    """
+    GET  /api/v1/partners/me/profile/ — return partner profile
+    PUT  /api/v1/partners/me/profile/ — update partner profile
+    """
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        partner, err = _require_partner(request)
+        if err:
+            return err
+        return Response({
+            'name': partner.name or '',
+            'email': request.user.email or '',
+            'phone': request.user.phone_number or '',
+            'website': partner.website_url or '',
+            'bio': partner.bio or '',
+        })
+
+    def put(self, request):
+        partner, err = _require_partner(request)
+        if err:
+            return err
+
+        data = request.data
+        user = request.user
+        user_changed = False
+        partner_changed = False
+
+        if 'email' in data and data['email'] != user.email:
+            new_email = (data['email'] or '').strip()
+            if new_email:
+                # Uniqueness check — exclude self
+                from django.contrib.auth import get_user_model as _gum
+                _User = _gum()
+                if _User.objects.filter(email=new_email).exclude(pk=user.pk).exists():
+                    return Response({'error': 'Email already in use by another account.'}, status=400)
+                user.email = new_email
+                user_changed = True
+
+        if 'phone' in data:
+            user.phone_number = (data['phone'] or '').strip() or None
+            user_changed = True
+
+        if 'name' in data and data['name']:
+            partner.name = data['name'].strip()
+            partner_changed = True
+
+        if 'website' in data:
+            partner.website_url = (data['website'] or '').strip() or None
+            partner_changed = True
+
+        if 'bio' in data:
+            partner.bio = (data['bio'] or '').strip() or None
+            partner_changed = True
+
+        if user_changed:
+            user.save(update_fields=[f for f in ['email', 'phone_number'] if f])
+        if partner_changed:
+            partner.save(update_fields=[f for f in ['name', 'website_url', 'bio'] if getattr(partner, f, None) is not None or f in data])
+
+        return Response({
+            'name': partner.name or '',
+            'email': user.email or '',
+            'phone': user.phone_number or '',
+            'website': partner.website_url or '',
+            'bio': partner.bio or '',
+        })
+
+
+class PartnerMeNotificationsView(APIView):
+    """
+    GET  /api/v1/partners/me/notifications/ — return notification prefs
+    PUT  /api/v1/partners/me/notifications/ — update notification prefs
+    """
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        partner, err = _require_partner(request)
+        if err:
+            return err
+        return Response({
+            'newBooking': partner.notif_new_booking,
+            'eventStatus': partner.notif_event_status,
+            'payoutUpdate': partner.notif_payout_update,
+            'weeklyReport': partner.notif_weekly_report,
+        })
+
+    def put(self, request):
+        partner, err = _require_partner(request)
+        if err:
+            return err
+
+        data = request.data
+        if 'newBooking' in data:
+            partner.notif_new_booking = bool(data['newBooking'])
+        if 'eventStatus' in data:
+            partner.notif_event_status = bool(data['eventStatus'])
+        if 'payoutUpdate' in data:
+            partner.notif_payout_update = bool(data['payoutUpdate'])
+        if 'weeklyReport' in data:
+            partner.notif_weekly_report = bool(data['weeklyReport'])
+        partner.save(update_fields=[
+            'notif_new_booking', 'notif_event_status',
+            'notif_payout_update', 'notif_weekly_report',
+        ])
+        return Response({
+            'newBooking': partner.notif_new_booking,
+            'eventStatus': partner.notif_event_status,
+            'payoutUpdate': partner.notif_payout_update,
+            'weeklyReport': partner.notif_weekly_report,
+        })
+
+
+class PartnerMePayoutView(APIView):
+    """
+    GET  /api/v1/partners/me/payout/ — return payout settings
+    PUT  /api/v1/partners/me/payout/ — update payout settings
+    """
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        partner, err = _require_partner(request)
+        if err:
+            return err
+        return Response({
+            'accountHolderName': partner.payout_account_holder_name or '',
+            'accountNumber': partner.payout_account_number or '',
+            'ifscCode': partner.payout_ifsc_code or '',
+            'bankName': partner.payout_bank_name or '',
+            'payoutSchedule': partner.payout_schedule or 'monthly',
+        })
+
+    def put(self, request):
+        partner, err = _require_partner(request)
+        if err:
+            return err
+
+        data = request.data
+        valid_schedules = ['weekly', 'biweekly', 'monthly']
+
+        if 'accountHolderName' in data:
+            partner.payout_account_holder_name = (data['accountHolderName'] or '').strip() or None
+        if 'accountNumber' in data:
+            partner.payout_account_number = (data['accountNumber'] or '').strip() or None
+        if 'ifscCode' in data:
+            partner.payout_ifsc_code = (data['ifscCode'] or '').strip().upper() or None
+        if 'bankName' in data:
+            partner.payout_bank_name = (data['bankName'] or '').strip() or None
+        if 'payoutSchedule' in data:
+            sched = data['payoutSchedule']
+            if sched not in valid_schedules:
+                return Response(
+                    {'error': f'payoutSchedule must be one of: {", ".join(valid_schedules)}'},
+                    status=400,
+                )
+            partner.payout_schedule = sched
+
+        partner.save(update_fields=[
+            'payout_account_holder_name', 'payout_account_number',
+            'payout_ifsc_code', 'payout_bank_name', 'payout_schedule',
+        ])
+        return Response({
+            'accountHolderName': partner.payout_account_holder_name or '',
+            'accountNumber': partner.payout_account_number or '',
+            'ifscCode': partner.payout_ifsc_code or '',
+            'bankName': partner.payout_bank_name or '',
+            'payoutSchedule': partner.payout_schedule or 'monthly',
+        })
+
+
+class PartnerMeChangePasswordView(APIView):
+    """
+    POST /api/v1/partners/me/change-password/
+    Body: { current_password, new_password }
+    """
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request):
+        partner_roles = ['partner', 'partner_manager', 'partner_staff']
+        if request.user.role not in partner_roles:
+            return Response({'error': 'Partner account required.'}, status=403)
+
+        current_password = request.data.get('current_password', '')
+        new_password = request.data.get('new_password', '')
+
+        if not current_password or not new_password:
+            return Response(
+                {'error': 'current_password and new_password are required.'},
+                status=400,
+            )
+
+        if not request.user.check_password(current_password):
+            return Response({'error': 'Current password is incorrect.'}, status=400)
+
+        if len(new_password) < 8:
+            return Response({'error': 'New password must be at least 8 characters.'}, status=400)
+
+        request.user.set_password(new_password)
+        request.user.save(update_fields=['password'])
+        return Response({'success': True})