vivekpprakash/eventify_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vivekpprakash:4a9f754fdaad19a5370694c9f7ca249362d08f73
Branches Tags
vivekpprakash:main vivekpprakash:sprint/post-10-fixes vivekpprakash:sprint/9-analytics vivekpprakash:sprint/8-dashboard vivekpprakash:sprint/7-checkin vivekpprakash:sprint/6-staff vivekpprakash:sprint/5-customers vivekpprakash:sprint/4-bookings vivekpprakash:sprint/3-tier-endpoints
..
compare: vivekpprakash:sprint/9-analytics
Branches Tags
vivekpprakash:sprint/post-10-fixes vivekpprakash:sprint/9-analytics vivekpprakash:sprint/8-dashboard vivekpprakash:sprint/7-checkin vivekpprakash:sprint/6-staff vivekpprakash:sprint/5-customers vivekpprakash:sprint/4-bookings vivekpprakash:sprint/3-tier-endpoints vivekpprakash:main

15 Commits
4a9f754fda ... sprint/9-a

Author SHA1 Message Date
Sicherhaven
03ac2f25ae feat(sprint9): add 5 partner analytics endpoints 
revenue-timeseries, ticket-type-breakdown, marketing-funnel,
traffic-sources, retention-heatmap. Funnel/sources return
trackingAvailable=false with notes where no tracking exists.
Heatmap computed from booking created_date by day × time slot.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:58:41 +05:30
Sicherhaven
8bc176b2f6 feat(sprint8): add PartnerDashboardView + URL for partner me dashboard 
Returns KPIs (revenue/tickets/events) with 30d vs prev-30d % change,
last 5 bookings, and next 5 upcoming events with capacity progress.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:50:07 +05:30
Sicherhaven
b6c2b93fd0 Sprint 7: PartnerMeCheckInView — JWT-authenticated ticket check-in 
- admin_api/views.py: PartnerMeCheckInView — validates ticket belongs to
  partner's event, marks is_checked_in=True, returns name/ticket/event/
  alreadyCheckedIn; uses IsAuthenticated (Bearer JWT, not body token)
- admin_api/urls.py: wire partners/me/check-in/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:45:32 +05:30
Sicherhaven
fee67385d5 Sprint 6: partner staff CRUD endpoints 
- admin_api/views.py: PartnerMeStaffListView (GET list + POST invite with
  auto-generated temp password), PartnerMeStaffDetailView (PATCH role +
  DELETE/deactivate); role mapping admin/manager→partner_manager,
  analyst/scanner→partner_staff; soft-delete (is_active=False)
- admin_api/urls.py: wire partners/me/staff/ and .../staff/{pk}/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:41:52 +05:30
Sicherhaven
f587c4dd24 Sprint 5: PartnerCustomerListView — partner-scoped customer list 
- admin_api/views.py: PartnerCustomerListView — distinct users who've
  booked partner's events, annotated with bookings_count + total_spent
  aggregates, search by email/name, paginated [1,200]
- admin_api/urls.py: wire partners/me/customers/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:38:39 +05:30
Sicherhaven
4669907a02 Sprint 4: PartnerBookingListView for partner-scoped booking list 
- admin_api/views.py: PartnerBookingListView — filters Booking rows by
  partner via ticket_meta__event__partner, supports search (booking_id,
  user email/name), payment_status filter, event_id filter, pagination
  with page_size bound [1,200]
- admin_api/urls.py: wire partners/me/bookings/ endpoint

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:34:57 +05:30
Sicherhaven
611d653938 Sprint 3: partner ticket tier CRUD endpoints 
- admin_api/views.py: add _serialize_tier(), PartnerMeEventTiersView
  (GET list + POST create with get_or_create TicketMeta),
  PartnerMeEventTierDetailView (PATCH update + DELETE)
- admin_api/urls.py: wire partners/me/events/{event_pk}/tiers/ and
  .../tiers/{tier_pk}/ with named routes partner-me-event-tiers,
  partner-me-event-tier-detail
- Deployed to eventify-backend + eventify-django containers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:28:57 +05:30
Sicherhaven
16c21c17d2 feat(partner-portal): Sprint 2 — partner-me events CRUD endpoints 
Add partner-scoped event endpoints under /api/v1/partners/me/events/:
- GET/POST  /partners/me/events/            → list + create
- GET/PATCH/DELETE /partners/me/events/{pk}/ → detail + update + delete
- POST /partners/me/events/{pk}/duplicate/   → clone as draft

All endpoints enforce partner ownership via _require_owned_event().
Create auto-sets partner FK + source='partner'. Duplicate always
resets status to 'created' (draft).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:20:37 +05:30
Sicherhaven
761b702e57 feat(partner-portal): Sprint 1 — partner-me settings endpoints 
Add 4 self-service endpoints under /api/v1/partners/me/:
- GET/PUT  /partners/me/profile/      → name, email, phone, website, bio
- GET/PUT  /partners/me/notifications/ → 4 boolean notification prefs
- GET/PUT  /partners/me/payout/        → bank account + payout schedule
- POST     /partners/me/change-password/ → current+new password change

Model changes (partner/models.py + migration 0002):
- Partner.bio TextField
- Partner.payout_* fields (holder name, account number, IFSC, bank name, schedule)
- Partner.notif_* boolean fields (new_booking, event_status, payout_update, weekly_report)

Auth: simplejwt Bearer token (same as all admin_api views).
Role guard: _require_partner() enforces partner/partner_manager/partner_staff
and verifies user.partner FK is non-null.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-22 11:02:34 +05:30
Sicherhaven
46b391bd51 fix: allow partner portal SSR to reach admin_api (/me/) for impersonation 
ALLOWED_HOSTS was missing partner.eventifyplus.com + docker internal
hostnames (eventify-backend, eventify-django). Partner Next.js
server-side authorize() fetch to /api/v1/auth/me/ was rejected with
HTTP 400 DisallowedHost, so admin "Login as Partner" redirected to
/login?error=ImpersonationFailed instead of /dashboard.

Also added `partner` FK to UserSerializer so the /me/ response exposes
the partner id the portal needs to set session.user.partnerId.

Deployed to both eventify-backend and eventify-django containers via
docker cp + HUP.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-22 10:30:58 +05:30
Sicherhaven
d9a2af7168 fix(reviews): expose profile_photo in /api/reviews/list payload 
_serialize_review() was not returning the reviewer's profile_picture URL,
so the consumer app had no field to key off and always rendered DiceBear
cartoons for every reviewer.

- Resolves r.reviewer.profile_picture.url when non-empty
- Treats default.png placeholder as no-photo (returns empty string)
- Defensive try/except around FK dereference, same pattern as user.py

Paired with mvnew consumer v1.7.8 which consumes the new field.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-22 00:32:00 +05:30
Sicherhaven
f75d4f2915 fix: add missing get_object_or_404 import in PartnerImpersonateView 2026-04-21 23:18:37 +05:30
Sicherhaven
05de552820 feat(partners): add PartnerImpersonateView for admin Login-as-Partner 
POST /api/v1/partners/<pk>/impersonate/ mints a short-lived JWT for the
partner's primary partner_manager user. Returns access + refresh tokens
so the partner portal can create a session without requiring a password.
Writes a partner.impersonated audit log row with admin username, partner
name, and impersonated user for traceability.

Closes: admin Login-as-Partner showing "Partner not found" (mock data)
 2026-04-21 22:55:08 +05:30
Sicherhaven
f85188ca6b revert: remove partner role login block from AdminLoginView 
Partner accounts must be able to log into admin.eventifyplus.com.
ProtectedRoute empty-module redirect (frontend) handles the access
boundary — no backend login gate needed.
 2026-04-21 18:38:10 +05:30
Sicherhaven
64ff08b2b2 security: block non-admin roles from AdminLoginView 
AdminLoginView previously accepted any valid credential regardless of
role. partner_manager / partner / partner_staff / partner_customer /
customer accounts could obtain admin JWTs and land on admin.eventifyplus.com,
where protected pages would render generic "not found" empty states.

Now returns 403 for those roles unless the user is a superuser or has an
attached StaffProfile. Writes an auth.admin_login_failed audit row with
reason=non_admin_role.

Closes gap reported for novakopro@gmail.com on /partners/3.
 2026-04-21 18:35:16 +05:30
8 changed files with 1471 additions and 1 deletions
Expand all files Collapse all files

20
CHANGELOG.md
View File

@@ -5,6 +5,26 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), version
--- ---
## [1.14.2] — 2026-04-22
### Fixed
- **Admin "Login as Partner" impersonation now completes into `/dashboard`** instead of bouncing back to `/login?error=ImpersonationFailed`. Two linked issues:
- **`ALLOWED_HOSTS`** (`eventify/settings.py`) — partner portal's server-side `authorize()` (Next.js) calls `${BACKEND_API_URL}/api/v1/auth/me/` with `BACKEND_API_URL=http://eventify-backend:8000`, so the HTTP `Host` header was `eventify-backend` — not in the Django allowlist. `SecurityMiddleware` rejected with HTTP 400 DisallowedHost, `authorize()` returned null, `signIn()` failed, and the `/impersonate` page redirected to the login error. Added `partner.eventifyplus.com`, `eventify-backend`, and `eventify-django` to `ALLOWED_HOSTS`. Same Host issue was silently breaking regular partner password login too — fixed as a side effect.
- **`UserSerializer` missing `partner` field** (`admin_api/serializers.py`) — `MeView` returned `/api/v1/auth/me/` payload with no `partner` key, so the partner portal's `auth.ts` set `partnerId: ""` on the NextAuth session. Downstream dashboard queries that filter by `partnerId` would then return empty/403. Added `partner = PrimaryKeyRelatedField(read_only=True)` to the serializer's `fields` list. Payload now includes `"partner": <id>`.
- Deploy: `docker cp` both files into **both** `eventify-backend` and `eventify-django` containers + `kill -HUP 1` on each (per shared admin_api rule).
---
## [1.14.1] — 2026-04-22
### Fixed
- **`_serialize_review()` now returns `profile_photo`** (`mobile_api/views/reviews.py`) — `/api/reviews/list` payload was missing the reviewer's photo URL, so the consumer app had no choice but to render DiceBear placeholders for every reviewer regardless of whether they had uploaded a real profile picture
- Resolves `r.reviewer.profile_picture.url` when the field is non-empty and the file name is not `default.png` (the model's placeholder default); returns empty string otherwise so the frontend can fall back cleanly to DiceBear
- Mirrors the existing pattern in `mobile_api/views/user.py` (`LoginView`, `StatusView`, `UpdateProfileView`) — same defensive try/except around FK dereference
- Pure serializer change — no migration, no URL change, no permission change; `gunicorn kill -HUP 1` picks it up
---
## [1.14.0] — 2026-04-21 ## [1.14.0] — 2026-04-21
### Added ### Added

3
admin_api/serializers.py
View File

@@ -5,9 +5,10 @@ User = get_user_model()
class UserSerializer(serializers.ModelSerializer): class UserSerializer(serializers.ModelSerializer):
name = serializers.SerializerMethodField() name = serializers.SerializerMethodField()
role = serializers.SerializerMethodField() role = serializers.SerializerMethodField()
partner = serializers.PrimaryKeyRelatedField(read_only=True)
class Meta: class Meta:
model = User model = User
fields = ['id', 'email', 'username', 'name', 'role'] fields = ['id', 'email', 'username', 'name', 'role', 'partner']
def get_name(self, obj): def get_name(self, obj):
return f"{obj.first_name} {obj.last_name}".strip() or obj.username return f"{obj.first_name} {obj.last_name}".strip() or obj.username
def get_role(self, obj): def get_role(self, obj):

30
admin_api/urls.py
View File

@@ -18,8 +18,38 @@ urlpatterns = [
path('partners/<int:pk>/', views.PartnerDetailView.as_view(), name='partner-detail'), path('partners/<int:pk>/', views.PartnerDetailView.as_view(), name='partner-detail'),
path('partners/<int:pk>/status/', views.PartnerStatusView.as_view(), name='partner-status'), path('partners/<int:pk>/status/', views.PartnerStatusView.as_view(), name='partner-status'),
path('partners/<int:pk>/kyc/review/', views.PartnerKYCReviewView.as_view(), name='partner-kyc-review'), path('partners/<int:pk>/kyc/review/', views.PartnerKYCReviewView.as_view(), name='partner-kyc-review'),
path('partners/<int:pk>/impersonate/', views.PartnerImpersonateView.as_view(), name='partner-impersonate'),
path('partners/onboard/', views.PartnerOnboardView.as_view(), name='partner-onboard'), path('partners/onboard/', views.PartnerOnboardView.as_view(), name='partner-onboard'),
path('partners/<int:partner_id>/staff/', views.PartnerStaffCreateView.as_view(), name='partner-staff-create'), path('partners/<int:partner_id>/staff/', views.PartnerStaffCreateView.as_view(), name='partner-staff-create'),
# Partner-Me: partner portal self-service (Sprint 1)
path('partners/me/profile/', views.PartnerMeProfileView.as_view(), name='partner-me-profile'),
path('partners/me/notifications/', views.PartnerMeNotificationsView.as_view(), name='partner-me-notifications'),
path('partners/me/payout/', views.PartnerMePayoutView.as_view(), name='partner-me-payout'),
path('partners/me/change-password/', views.PartnerMeChangePasswordView.as_view(), name='partner-me-change-password'),
# Partner-Me: events (Sprint 2)
path('partners/me/events/', views.PartnerMeEventsView.as_view(), name='partner-me-events'),
path('partners/me/events/<int:pk>/', views.PartnerMeEventDetailView.as_view(), name='partner-me-event-detail'),
path('partners/me/events/<int:pk>/duplicate/', views.PartnerMeEventDuplicateView.as_view(), name='partner-me-event-duplicate'),
# Partner-Me: ticket tiers (Sprint 3)
path('partners/me/events/<int:event_pk>/tiers/', views.PartnerMeEventTiersView.as_view(), name='partner-me-event-tiers'),
path('partners/me/events/<int:event_pk>/tiers/<int:tier_pk>/', views.PartnerMeEventTierDetailView.as_view(), name='partner-me-event-tier-detail'),
# Partner-Me: bookings (Sprint 4)
path('partners/me/bookings/', views.PartnerBookingListView.as_view(), name='partner-me-bookings'),
# Partner-Me: customers (Sprint 5)
path('partners/me/customers/', views.PartnerCustomerListView.as_view(), name='partner-me-customers'),
# Partner-Me: staff CRUD (Sprint 6)
path('partners/me/staff/', views.PartnerMeStaffListView.as_view(), name='partner-me-staff-list'),
path('partners/me/staff/<int:pk>/', views.PartnerMeStaffDetailView.as_view(), name='partner-me-staff-detail'),
# Partner-Me: check-in (Sprint 7)
path('partners/me/check-in/', views.PartnerMeCheckInView.as_view(), name='partner-me-check-in'),
# Partner-Me: dashboard (Sprint 8)
path('partners/me/dashboard/', views.PartnerDashboardView.as_view(), name='partner-me-dashboard'),
# Partner-Me: analytics (Sprint 9)
path('partners/me/analytics/revenue-timeseries/', views.PartnerAnalyticsRevenueView.as_view(), name='partner-me-analytics-revenue'),
path('partners/me/analytics/ticket-type-breakdown/', views.PartnerAnalyticsTicketTypeView.as_view(), name='partner-me-analytics-ticket-type'),
path('partners/me/analytics/marketing-funnel/', views.PartnerAnalyticsFunnelView.as_view(), name='partner-me-analytics-funnel'),
path('partners/me/analytics/traffic-sources/', views.PartnerAnalyticsTrafficSourcesView.as_view(), name='partner-me-analytics-traffic'),
path('partners/me/analytics/retention-heatmap/', views.PartnerAnalyticsHeatmapView.as_view(), name='partner-me-analytics-heatmap'),
path('users/metrics/', views.UserMetricsView.as_view(), name='user-metrics'), path('users/metrics/', views.UserMetricsView.as_view(), name='user-metrics'),
path('users/', views.UserListView.as_view(), name='user-list'), path('users/', views.UserListView.as_view(), name='user-list'),
path('users/<int:pk>/', views.UserDetailView.as_view(), name='user-detail'), path('users/<int:pk>/', views.UserDetailView.as_view(), name='user-detail'),

1314
admin_api/views.py
View File

File diff suppressed because it is too large Load Diff

3
eventify/settings.py
View File

@@ -18,6 +18,9 @@ ALLOWED_HOSTS = [
'backend.eventifyplus.com', 'backend.eventifyplus.com',
'admin.eventifyplus.com', 'admin.eventifyplus.com',
'app.eventifyplus.com', 'app.eventifyplus.com',
'partner.eventifyplus.com',
'eventify-backend',
'eventify-django',
'localhost', 'localhost',
'127.0.0.1', '127.0.0.1',
] ]

9
mobile_api/views/reviews.py
View File

@@ -29,11 +29,20 @@ def _serialize_review(r, user_interactions=None):
uname = r.reviewer.username uname = r.reviewer.username
except Exception: except Exception:
uname = '' uname = ''
try:
pic = r.reviewer.profile_picture
if pic and pic.name and 'default.png' not in pic.name:
profile_photo = pic.url
else:
profile_photo = ''
except Exception:
profile_photo = ''
return { return {
'id': r.id, 'id': r.id,
'event_id': r.event_id, 'event_id': r.event_id,
'username': uname, 'username': uname,
'display_name': display, 'display_name': display,
'profile_photo': profile_photo,
'rating': r.rating, 'rating': r.rating,
'comment': r.review_text, 'comment': r.review_text,
'status': _STATUS_TO_JSON.get(r.status, r.status), 'status': _STATUS_TO_JSON.get(r.status, r.status),

70
partner/migrations/0002_partner_profile_payout_notifications.py Normal file
View File

@@ -0,0 +1,70 @@
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('partner', '0001_initial'),
]
operations = [
# Profile extras
migrations.AddField(
model_name='partner',
name='bio',
field=models.TextField(blank=True, null=True),
),
# Payout settings
migrations.AddField(
model_name='partner',
name='payout_account_holder_name',
field=models.CharField(blank=True, max_length=250, null=True),
),
migrations.AddField(
model_name='partner',
name='payout_account_number',
field=models.CharField(blank=True, max_length=50, null=True),
),
migrations.AddField(
model_name='partner',
name='payout_ifsc_code',
field=models.CharField(blank=True, max_length=20, null=True),
),
migrations.AddField(
model_name='partner',
name='payout_bank_name',
field=models.CharField(blank=True, max_length=250, null=True),
),
migrations.AddField(
model_name='partner',
name='payout_schedule',
field=models.CharField(
choices=[('weekly', 'Weekly'), ('biweekly', 'Bi-weekly'), ('monthly', 'Monthly')],
default='monthly',
max_length=20,
),
),
# Notification preferences
migrations.AddField(
model_name='partner',
name='notif_new_booking',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='partner',
name='notif_event_status',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='partner',
name='notif_payout_update',
field=models.BooleanField(default=True),
),
migrations.AddField(
model_name='partner',
name='notif_weekly_report',
field=models.BooleanField(default=False),
),
]

23
partner/models.py
View File

@@ -65,5 +65,28 @@ class Partner(models.Model):
kyc_compliance_document_file = models.FileField(upload_to='kyc_documents/', blank=True, null=True) kyc_compliance_document_file = models.FileField(upload_to='kyc_documents/', blank=True, null=True)
kyc_compliance_document_number = models.CharField(max_length=250, blank=True, null=True) kyc_compliance_document_number = models.CharField(max_length=250, blank=True, null=True)
# Profile extras
bio = models.TextField(blank=True, null=True)
# Payout settings
PAYOUT_SCHEDULE_CHOICES = (
('weekly', 'Weekly'),
('biweekly', 'Bi-weekly'),
('monthly', 'Monthly'),
)
payout_account_holder_name = models.CharField(max_length=250, blank=True, null=True)
payout_account_number = models.CharField(max_length=50, blank=True, null=True)
payout_ifsc_code = models.CharField(max_length=20, blank=True, null=True)
payout_bank_name = models.CharField(max_length=250, blank=True, null=True)
payout_schedule = models.CharField(
max_length=20, choices=PAYOUT_SCHEDULE_CHOICES, default='monthly'
)
# Notification preferences
notif_new_booking = models.BooleanField(default=True)
notif_event_status = models.BooleanField(default=True)
notif_payout_update = models.BooleanField(default=True)
notif_weekly_report = models.BooleanField(default=False)
def __str__(self): def __str__(self):
return self.name return self.name