feat(partner-portal): Sprint 2 — partner-me events CRUD endpoints

Add partner-scoped event endpoints under /api/v1/partners/me/events/:
- GET/POST  /partners/me/events/            → list + create
- GET/PATCH/DELETE /partners/me/events/{pk}/ → detail + update + delete
- POST /partners/me/events/{pk}/duplicate/   → clone as draft

All endpoints enforce partner ownership via _require_owned_event().
Create auto-sets partner FK + source='partner'. Duplicate always
resets status to 'created' (draft).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

CHANGELOG.md

@@ -5,6 +5,154 @@ Format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), version
 
 ---
 
+## [1.14.2] — 2026-04-22
+
+### Fixed
+- **Admin "Login as Partner" impersonation now completes into `/dashboard`** instead of bouncing back to `/login?error=ImpersonationFailed`. Two linked issues:
+  - **`ALLOWED_HOSTS`** (`eventify/settings.py`) — partner portal's server-side `authorize()` (Next.js) calls `${BACKEND_API_URL}/api/v1/auth/me/` with `BACKEND_API_URL=http://eventify-backend:8000`, so the HTTP `Host` header was `eventify-backend` — not in the Django allowlist. `SecurityMiddleware` rejected with HTTP 400 DisallowedHost, `authorize()` returned null, `signIn()` failed, and the `/impersonate` page redirected to the login error. Added `partner.eventifyplus.com`, `eventify-backend`, and `eventify-django` to `ALLOWED_HOSTS`. Same Host issue was silently breaking regular partner password login too — fixed as a side effect.
+  - **`UserSerializer` missing `partner` field** (`admin_api/serializers.py`) — `MeView` returned `/api/v1/auth/me/` payload with no `partner` key, so the partner portal's `auth.ts` set `partnerId: ""` on the NextAuth session. Downstream dashboard queries that filter by `partnerId` would then return empty/403. Added `partner = PrimaryKeyRelatedField(read_only=True)` to the serializer's `fields` list. Payload now includes `"partner": <id>`.
+- Deploy: `docker cp` both files into **both** `eventify-backend` and `eventify-django` containers + `kill -HUP 1` on each (per shared admin_api rule).
+
+---
+
+## [1.14.1] — 2026-04-22
+
+### Fixed
+- **`_serialize_review()` now returns `profile_photo`** (`mobile_api/views/reviews.py`) — `/api/reviews/list` payload was missing the reviewer's photo URL, so the consumer app had no choice but to render DiceBear placeholders for every reviewer regardless of whether they had uploaded a real profile picture
+  - Resolves `r.reviewer.profile_picture.url` when the field is non-empty and the file name is not `default.png` (the model's placeholder default); returns empty string otherwise so the frontend can fall back cleanly to DiceBear
+  - Mirrors the existing pattern in `mobile_api/views/user.py` (`LoginView`, `StatusView`, `UpdateProfileView`) — same defensive try/except around FK dereference
+  - Pure serializer change — no migration, no URL change, no permission change; `gunicorn kill -HUP 1` picks it up
+
+---
+
+## [1.14.0] — 2026-04-21
+
+### Added
+- **Module-level RBAC scopes for Reviews, Contributions, Leads, Audit Log** — `SCOPE_DEFINITIONS` in `admin_api/views.py` extended with 13 new entries so the admin dashboard's Roles & Permissions grid and the new Base Permissions tab can grant/revoke access at module granularity:
+  - Reviews: `reviews.read`, `reviews.moderate`, `reviews.delete`
+  - Contributions: `contributions.read`, `contributions.approve`, `contributions.reject`, `contributions.award`
+  - Leads: `leads.read`, `leads.write`, `leads.assign`, `leads.convert`
+  - Audit Log: `audit.read`, `audit.export`
+- **`NotificationSchedule` audit emissions** in `admin_api/views.py` — `NotificationScheduleListView.post` and `NotificationScheduleDetailView.patch` / `.delete` now write `notification.schedule.created` / `.updated` / `.deleted` `AuditLog` rows. Update emits only when at least one field actually changed. Delete captures `name`/`notification_type`/`cron_expression` before the row is deleted so the audit trail survives the deletion
+
+### Fixed
+- **`StaffProfile.get_allowed_modules()`** in `admin_api/models.py` — `SCOPE_TO_MODULE` was missing the `'reviews': 'reviews'` entry, so staff granted `reviews.*` scopes could not see the Reviews module in their sidebar. Added
+
+---
+
+## [1.13.0] — 2026-04-21
+
+### Added
+- **Full admin interaction audit coverage** — `_audit_log()` calls added to 12 views; every meaningful admin state change now writes an `AuditLog` row:
+
+| View | Action slug(s) | Notes |
+|---|---|---|
+| `AdminLoginView` | `auth.admin_login`, `auth.admin_login_failed` | Uses new `user=` kwarg (anonymous at login time) |
+| `PartnerStatusView` | `partner.status_changed` | Wrapped in `transaction.atomic()` |
+| `PartnerOnboardView` | `partner.onboarded` | Inside existing `transaction.atomic()` block |
+| `PartnerStaffCreateView` | `partner.staff.created` | Logged after `staff_user.save()` |
+| `EventCreateView` | `event.created` | title, partner_id, source in details |
+| `EventUpdateView` | `event.updated` | changed_fields list in details, wrapped in `transaction.atomic()` |
+| `EventDeleteView` | `event.deleted` | title + partner_id captured BEFORE delete, wrapped in `transaction.atomic()` |
+| `SettlementReleaseView` | `settlement.released` | prev/new status in details, `transaction.atomic()` |
+| `ReviewDeleteView` | `review.deleted` | reviewer_user_id + event_id + rating captured BEFORE delete |
+| `PaymentGatewaySettingsView` | `gateway.created`, `gateway.updated`, `gateway.deleted` | changed_fields on update |
+| `EventPrimaryImageView` | `event.primary_image_changed` | prev + new primary image id in details |
+| `LeadUpdateView` | `lead.updated` | changed_fields list; only emits if any field was changed |
+
+- **`_audit_log` helper** — optional `user=None` kwarg so `AdminLoginView` can supply the authenticated user explicitly (request.user is still anonymous at that point in the login flow). All 20+ existing callers are unaffected (no kwarg = falls through to `request.user`).
+- **`admin_api/tests.py`** — `AuthAuditEmissionTests` (login success + failed login) and `EventCrudAuditTests` (create/update/delete) bring total test count to 16, all green
+
+---
+
+## [1.12.0] — 2026-04-21
+
+### Added
+- **Audit coverage for four moderation endpoints** — every admin state change now leaves a matching row in `AuditLog`, written in the same `transaction.atomic()` block as the state change so the log can never disagree with the database:
+  - `UserStatusView` (`PATCH /api/v1/users/<id>/status/`) — `user.suspended`, `user.banned`, `user.reinstated`, `user.flagged`; details capture `reason`, `previous_status`, `new_status`
+  - `EventModerationView` (`PATCH /api/v1/events/<id>/moderate/`) — `event.approved`, `event.rejected`, `event.flagged`, `event.featured`, `event.unfeatured`; details include `reason`, `partner_id`, `previous_status`/`new_status`, `previous_is_featured`/`new_is_featured`
+  - `ReviewModerationView` (`PATCH /api/v1/reviews/<id>/moderate/`) — `review.approved`, `review.rejected`, `review.edited`; details include `reject_reason`, `edited_text` flag, `original_text` on edits
+  - `PartnerKYCReviewView` (`POST /api/v1/partners/<id>/kyc/review/`) — `partner.kyc.approved`, `partner.kyc.rejected`, `partner.kyc.requested_info` (new `requested_info` decision leaves compliance state intact and only records the info request)
+- **`GET /api/v1/rbac/audit-log/metrics/`** — `AuditLogMetricsView` returns `total`, `today`, `week`, `distinct_users`, and a `by_action_group` breakdown (`create`/`update`/`delete`/`moderate`/`auth`/`other`). Cached 60 s under key `admin_api:audit_log:metrics:v1`; pass `?nocache=1` to bypass (useful from the Django shell during incident response)
+- **`GET /api/v1/rbac/audit-log/`** — free-text `search` parameter (Q-filter over `action`, `target_type`, `target_id`, `user__username`, `user__email`); `page_size` now bounded to `[1, 200]` with defensive fallback to defaults on non-integer input
+- **`accounts.User.ALL_MODULES`** — appended `audit-log`; `StaffProfile.get_allowed_modules()` adds `'audit'` → `'audit-log'` to `SCOPE_TO_MODULE` so scope-based staff resolve the module correctly
+- **`admin_api/migrations/0005_auditlog_indexes.py`** — composite indexes `(action, -created_at)` and `(target_type, target_id)` on `AuditLog` to keep the /audit-log page fast past ~10k rows; reversible via Django's default `RemoveIndex` reverse op
+- **`admin_api/tests.py`** — `AuditLogListViewTests`, `AuditLogMetricsViewTests`, `UserStatusAuditEmissionTests` covering list shape, search, pagination bounds, metrics shape + `nocache`, and audit emission on suspend / ban / reinstate
+
+### Deploy notes
+Admin users created before this release won't have `audit-log` in their `allowed_modules` TextField. Backfill with:
+```python
+# Django shell
+from accounts.models import User
+for u in User.objects.filter(role__in=['admin', 'manager']):
+    mods = [m.strip() for m in (u.allowed_modules or '').split(',') if m.strip()]
+    if 'audit-log' not in mods and mods:  # only touch users with explicit lists
+        u.allowed_modules = ','.join(mods + ['audit-log'])
+        u.save(update_fields=['allowed_modules'])
+```
+Users on the implicit full-access list (empty `allowed_modules` + admin role) pick up the new module automatically via `get_allowed_modules()`.
+
+---
+
+## [1.11.0] — 2026-04-12
+
+### Added
+- **Worldline Connect payment integration** (`banking_operations/worldline/`)
+  - `client.py` — `WorldlineClient`: HMAC-SHA256 signed requests, `create_hosted_checkout()`, `get_hosted_checkout_status()`, `verify_webhook_signature()`
+  - `views.py` — `POST /api/payments/webhook/` (CSRF-exempt, signature-verified Worldline server callback) + `POST /api/payments/verify/` (frontend polls on return URL)
+  - `emails.py` — HTML ticket confirmation email with per-ticket QR codes embedded as base64 inline images
+  - `WorldlineOrder` model in `banking_operations/models.py` — tracks each hosted-checkout session (hosted_checkout_id, reference_id, status, raw_response, webhook_payload)
+- **`Booking.payment_status`** field — `pending / paid / failed / cancelled` (default `pending`); migration `bookings/0002_booking_payment_status`
+- **`banking_operations/services.py::transaction_initiate`** — implemented (was a stub); calls Worldline API, creates `WorldlineOrder`, returns `payment_url` back to `CheckoutAPI`
+- **Settings**: `WORLDLINE_MERCHANT_ID`, `WORLDLINE_API_KEY_ID`, `WORLDLINE_API_SECRET_KEY`, `WORLDLINE_WEBHOOK_SECRET_KEY`, `WORLDLINE_API_ENDPOINT` (default: sandbox), `WORLDLINE_RETURN_URL`
+- **Requirements**: `requests>=2.31.0`, `qrcode[pil]>=7.4.2`
+
+### Flow
+1. User adds tickets to cart → `POST /api/bookings/checkout/` creates Bookings + calls `transaction_initiate`
+2. `transaction_initiate` creates `WorldlineOrder` + calls Worldline → returns redirect URL
+3. Frontend redirects user to Worldline hosted checkout page
+4. After payment, Worldline redirects to `WORLDLINE_RETURN_URL` (`app.eventifyplus.com/booking/confirm?hostedCheckoutId=...`)
+5. SPA calls `POST /api/payments/verify/` — checks local status; if still pending, polls Worldline API directly
+6. Worldline webhook fires `POST /api/payments/webhook/` → generates Tickets (one per quantity), marks Booking `paid`, sends confirmation email with QR codes
+7. Partner scans QR code at event → existing `POST /api/bookings/check-in/` marks `Ticket.is_checked_in=True`
+
+### Deploy requirement
+Set in Django container `.env`:
+```
+WORLDLINE_MERCHANT_ID=...
+WORLDLINE_API_KEY_ID=...
+WORLDLINE_API_SECRET_KEY=...
+WORLDLINE_WEBHOOK_SECRET_KEY=...
+```
+`WORLDLINE_API_ENDPOINT` defaults to sandbox — set to production URL when going live.
+
+---
+
+## [1.10.0] — 2026-04-10
+
+### Security
+- **`GoogleLoginView` audience-check fix** (`POST /api/user/google-login/`) — **CRITICAL security patch**
+  - `verify_oauth2_token(token, google_requests.Request())` was called **without** the third `audience` argument, meaning any valid Google-signed ID token from *any* OAuth client was accepted — token spoofing from external apps was trivially possible
+  - Fixed to `verify_oauth2_token(token, google_requests.Request(), settings.GOOGLE_CLIENT_ID)` — only tokens whose `aud` claim matches our registered Client ID are now accepted
+  - Added fail-closed guard: if `settings.GOOGLE_CLIENT_ID` is empty the view returns HTTP 503 instead of silently accepting all tokens
+
+### Changed
+- **Removed Clerk scaffolding** — the `@clerk/react` broker approach added in a prior iteration has been replaced with direct Google Identity Services (GIS) ID-token flow on the frontend. Simpler architecture: one trust boundary instead of three.
+  - Removed `ClerkLoginView`, `_clerk_jwks_client`, `_get_clerk_jwks_client()` from `mobile_api/views/user.py`
+  - Removed `path('user/clerk-login/', ...)` from `mobile_api/urls.py`
+  - Removed `CLERK_JWKS_URL` / `CLERK_ISSUER` / `CLERK_SECRET_KEY` from `eventify/settings.py`; replaced with `GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '')`
+  - Removed `PyJWT[crypto]>=2.8.0` and `requests>=2.31.0` from `requirements.txt` + `requirements-docker.txt` (no longer needed; `google-auth>=2.0.0` handles verification)
+
+### Added
+- **Settings**: `GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '')` in `eventify/settings.py`
+- **Tests**: `mobile_api/tests.py::GoogleLoginViewTests` — 4 cases: valid token creates user (audience arg verified), missing `id_token` → 400, `ValueError` (wrong sig / wrong aud) → 401, existing user reuses DRF token
+
+### Context
+- The consumer SPA (`app.eventifyplus.com`) now loads the Google Identity Services script dynamically and POSTs a Google ID token to the existing `/api/user/google-login/` endpoint. Django is the sole session authority. `localStorage.event_token` / `event_user` are unchanged.
+- Deploy requirement: set `GOOGLE_CLIENT_ID` in the Django container `.env` **before** deploying — without it the view returns 503 (fail-closed by design).
+
+---
+
 ## [1.9.0] — 2026-04-07
 
 ### Added

accounts/models.py

@@ -68,10 +68,10 @@ class User(AbstractUser):
         help_text='Comma-separated module slugs this user can access',
     )
 
-    ALL_MODULES = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "leads", "financials", "settings"]
+    ALL_MODULES = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "leads", "financials", "audit-log", "settings"]
 
     def get_allowed_modules(self):
-        ALL = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "leads", "financials", "settings"]
+        ALL = ["dashboard", "partners", "events", "ad-control", "users", "reviews", "contributions", "leads", "financials", "audit-log", "settings"]
         if self.is_superuser or self.role == "admin":
             return ALL
         if self.allowed_modules:

admin_api/migrations/0005_auditlog_indexes.py

@@ -0,0 +1,31 @@
+# Generated by Django 4.2.21 for the Audit Log module (admin_api v1.12.0).
+#
+# Adds two composite indexes to `AuditLog` so the new /audit-log admin page
+# can filter by action and resolve "related entries" lookups without a full
+# table scan once the log grows past a few thousand rows.
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('admin_api', '0004_lead_user_account'),
+    ]
+
+    operations = [
+        migrations.AddIndex(
+            model_name='auditlog',
+            index=models.Index(
+                fields=['action', '-created_at'],
+                name='auditlog_action_time_idx',
+            ),
+        ),
+        migrations.AddIndex(
+            model_name='auditlog',
+            index=models.Index(
+                fields=['target_type', 'target_id'],
+                name='auditlog_target_idx',
+            ),
+        ),
+    ]

admin_api/models.py

@@ -130,7 +130,7 @@ class StaffProfile(models.Model):
     def get_allowed_modules(self):
         scopes = self.get_effective_scopes()
         if '*' in scopes:
-            return ['dashboard', 'partners', 'events', 'ad-control', 'users', 'reviews', 'contributions', 'leads', 'financials', 'settings']
+            return ['dashboard', 'partners', 'events', 'ad-control', 'users', 'reviews', 'contributions', 'leads', 'financials', 'audit-log', 'settings']
         SCOPE_TO_MODULE = {
             'users': 'users',
             'events': 'events',
@@ -141,6 +141,8 @@ class StaffProfile(models.Model):
             'ads': 'ad-control',
             'contributions': 'contributions',
             'leads': 'leads',
+            'audit': 'audit-log',
+            'reviews': 'reviews',
         }
         modules = {'dashboard'}
         for scope in scopes:
@@ -179,6 +181,12 @@ class AuditLog(models.Model):
 
     class Meta:
         ordering = ['-created_at']
+        indexes = [
+            # Fast filter-by-action ordered by time (audit log page default view)
+            models.Index(fields=['action', '-created_at'], name='auditlog_action_time_idx'),
+            # Fast "related entries for this target" lookups in the detail panel
+            models.Index(fields=['target_type', 'target_id'], name='auditlog_target_idx'),
+        ]
 
     def __str__(self):
         return f"{self.action} by {self.user} at {self.created_at}"

admin_api/serializers.py

@@ -5,9 +5,10 @@ User = get_user_model()
 class UserSerializer(serializers.ModelSerializer):
     name = serializers.SerializerMethodField()
     role = serializers.SerializerMethodField()
+    partner = serializers.PrimaryKeyRelatedField(read_only=True)
     class Meta:
         model = User
-        fields = ['id', 'email', 'username', 'name', 'role']
+        fields = ['id', 'email', 'username', 'name', 'role', 'partner']
     def get_name(self, obj):
         return f"{obj.first_name} {obj.last_name}".strip() or obj.username
     def get_role(self, obj):

admin_api/tests.py

@@ -0,0 +1,325 @@
+"""Tests for the Audit Log module (admin_api v1.12.0).
+
+Covers:
+    * `AuditLogListView` — list + search + filter shape
+    * `AuditLogMetricsView` — shape + `?nocache=1` bypass
+    * `UserStatusView` — emits a row into `AuditLog` for every status change,
+      inside the same transaction as the state change
+
+Run with:
+    python manage.py test admin_api.tests
+"""
+from __future__ import annotations
+
+from django.core.cache import cache
+from django.test import TestCase
+from rest_framework_simplejwt.tokens import RefreshToken
+
+from accounts.models import User
+from admin_api.models import AuditLog
+
+
+# ---------------------------------------------------------------------------
+# Base — auth helper shared across cases
+# ---------------------------------------------------------------------------
+
+
+class _AuditTestBase(TestCase):
+    """Gives each subclass an admin user + pre-issued JWT."""
+
+    @classmethod
+    def setUpTestData(cls):
+        cls.admin = User.objects.create_user(
+            username='audit.admin@eventifyplus.com',
+            email='audit.admin@eventifyplus.com',
+            password='irrelevant',
+            role='admin',
+        )
+        cls.admin.is_superuser = True
+        cls.admin.save()
+
+    def setUp(self):
+        # Metrics view caches by key; reset to keep cases independent.
+        cache.delete('admin_api:audit_log:metrics:v1')
+        access = str(RefreshToken.for_user(self.admin).access_token)
+        self.auth = {'HTTP_AUTHORIZATION': f'Bearer {access}'}
+
+
+# ---------------------------------------------------------------------------
+# AuditLogListView
+# ---------------------------------------------------------------------------
+
+
+class AuditLogListViewTests(_AuditTestBase):
+    url = '/api/v1/rbac/audit-log/'
+
+    def test_unauthenticated_returns_401(self):
+        resp = self.client.get(self.url)
+        self.assertEqual(resp.status_code, 401)
+
+    def test_authenticated_returns_paginated_shape(self):
+        AuditLog.objects.create(
+            user=self.admin,
+            action='user.suspended',
+            target_type='user',
+            target_id='42',
+            details={'reason': 'spam'},
+        )
+        resp = self.client.get(self.url, **self.auth)
+        self.assertEqual(resp.status_code, 200, resp.content)
+        body = resp.json()
+        for key in ('results', 'total', 'page', 'page_size', 'total_pages'):
+            self.assertIn(key, body)
+        self.assertEqual(body['total'], 1)
+        self.assertEqual(body['results'][0]['action'], 'user.suspended')
+        self.assertEqual(body['results'][0]['user']['email'], self.admin.email)
+
+    def test_search_narrows_results(self):
+        AuditLog.objects.create(
+            user=self.admin, action='user.suspended',
+            target_type='user', target_id='1', details={},
+        )
+        AuditLog.objects.create(
+            user=self.admin, action='event.approved',
+            target_type='event', target_id='1', details={},
+        )
+        resp = self.client.get(self.url, {'search': 'suspend'}, **self.auth)
+        self.assertEqual(resp.status_code, 200)
+        body = resp.json()
+        self.assertEqual(body['total'], 1)
+        self.assertEqual(body['results'][0]['action'], 'user.suspended')
+
+    def test_page_size_is_bounded(self):
+        # page_size=999 must be clamped to the 200-row upper bound.
+        resp = self.client.get(self.url, {'page_size': '999'}, **self.auth)
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(resp.json()['page_size'], 200)
+
+    def test_invalid_pagination_falls_back_to_defaults(self):
+        resp = self.client.get(self.url, {'page': 'x', 'page_size': 'y'}, **self.auth)
+        self.assertEqual(resp.status_code, 200)
+        body = resp.json()
+        self.assertEqual(body['page'], 1)
+        self.assertEqual(body['page_size'], 50)
+
+
+# ---------------------------------------------------------------------------
+# AuditLogMetricsView
+# ---------------------------------------------------------------------------
+
+
+class AuditLogMetricsViewTests(_AuditTestBase):
+    url = '/api/v1/rbac/audit-log/metrics/'
+
+    def test_unauthenticated_returns_401(self):
+        resp = self.client.get(self.url)
+        self.assertEqual(resp.status_code, 401)
+
+    def test_returns_expected_shape(self):
+        AuditLog.objects.create(
+            user=self.admin, action='event.approved',
+            target_type='event', target_id='7', details={},
+        )
+        AuditLog.objects.create(
+            user=self.admin, action='department.created',
+            target_type='department', target_id='3', details={},
+        )
+        resp = self.client.get(self.url, **self.auth)
+        self.assertEqual(resp.status_code, 200, resp.content)
+        body = resp.json()
+        for key in ('total', 'today', 'week', 'distinct_users', 'by_action_group'):
+            self.assertIn(key, body)
+        self.assertEqual(body['total'], 2)
+        self.assertEqual(body['distinct_users'], 1)
+        # Each group present so frontend tooltip can render all 6 rows.
+        for group in ('create', 'update', 'delete', 'moderate', 'auth', 'other'):
+            self.assertIn(group, body['by_action_group'])
+        self.assertEqual(body['by_action_group']['moderate'], 1)
+        self.assertEqual(body['by_action_group']['create'], 1)
+
+    def test_nocache_bypasses_stale_cache(self):
+        # Prime cache with a fake payload.
+        cache.set(
+            'admin_api:audit_log:metrics:v1',
+            {
+                'total': 999,
+                'today': 0, 'week': 0, 'distinct_users': 0,
+                'by_action_group': {
+                    'create': 0, 'update': 0, 'delete': 0,
+                    'moderate': 0, 'auth': 0, 'other': 0,
+                },
+            },
+            60,
+        )
+
+        resp_cached = self.client.get(self.url, **self.auth)
+        self.assertEqual(resp_cached.json()['total'], 999)
+
+        resp_fresh = self.client.get(self.url, {'nocache': '1'}, **self.auth)
+        self.assertEqual(resp_fresh.json()['total'], 0)  # real DB state
+
+
+# ---------------------------------------------------------------------------
+# UserStatusView — audit emission
+# ---------------------------------------------------------------------------
+
+
+class UserStatusAuditEmissionTests(_AuditTestBase):
+    """Each status transition must leave a matching row in `AuditLog`.
+
+    The endpoint wraps the state change + audit log in `transaction.atomic()`
+    so the two can never disagree. These assertions catch regressions where a
+    new branch forgets the audit call.
+    """
+
+    def _url(self, user_id: int) -> str:
+        return f'/api/v1/users/{user_id}/status/'
+
+    def setUp(self):
+        super().setUp()
+        self.target = User.objects.create_user(
+            username='target@example.com',
+            email='target@example.com',
+            password='irrelevant',
+            role='customer',
+        )
+
+    def test_suspend_emits_audit_row(self):
+        resp = self.client.patch(
+            self._url(self.target.id),
+            data={'action': 'suspend', 'reason': 'spam flood'},
+            content_type='application/json',
+            **self.auth,
+        )
+        self.assertEqual(resp.status_code, 200, resp.content)
+        log = AuditLog.objects.filter(
+            action='user.suspended', target_id=str(self.target.id),
+        ).first()
+        self.assertIsNotNone(log, 'suspend did not emit audit log')
+        self.assertEqual(log.details.get('reason'), 'spam flood')
+
+    def test_ban_emits_audit_row(self):
+        resp = self.client.patch(
+            self._url(self.target.id),
+            data={'action': 'ban'},
+            content_type='application/json',
+            **self.auth,
+        )
+        self.assertEqual(resp.status_code, 200, resp.content)
+        self.assertTrue(
+            AuditLog.objects.filter(
+                action='user.banned', target_id=str(self.target.id),
+            ).exists(),
+            'ban did not emit audit log',
+        )
+
+    def test_reinstate_emits_audit_row(self):
+        self.target.is_active = False
+        self.target.save()
+        resp = self.client.patch(
+            self._url(self.target.id),
+            data={'action': 'reinstate'},
+            content_type='application/json',
+            **self.auth,
+        )
+        self.assertEqual(resp.status_code, 200, resp.content)
+        self.assertTrue(
+            AuditLog.objects.filter(
+                action='user.reinstated', target_id=str(self.target.id),
+            ).exists(),
+            'reinstate did not emit audit log',
+        )
+
+
+# ---------------------------------------------------------------------------
+# AdminLoginView — audit emission
+# ---------------------------------------------------------------------------
+
+
+class AuthAuditEmissionTests(_AuditTestBase):
+    """Successful and failed logins must leave matching rows in AuditLog."""
+
+    url = '/api/v1/admin/auth/login/'
+
+    def test_successful_login_emits_audit_row(self):
+        resp = self.client.post(
+            self.url,
+            data={'username': self.admin.username, 'password': 'irrelevant'},
+            content_type='application/json',
+        )
+        self.assertEqual(resp.status_code, 200, resp.content)
+        log = AuditLog.objects.filter(
+            action='auth.admin_login', target_id=str(self.admin.id),
+        ).first()
+        self.assertIsNotNone(log, 'successful login did not emit audit log')
+        self.assertEqual(log.details.get('username'), self.admin.username)
+
+    def test_failed_login_emits_audit_row(self):
+        resp = self.client.post(
+            self.url,
+            data={'username': self.admin.username, 'password': 'wrong-password'},
+            content_type='application/json',
+        )
+        self.assertEqual(resp.status_code, 401, resp.content)
+        self.assertTrue(
+            AuditLog.objects.filter(action='auth.admin_login_failed').exists(),
+            'failed login did not emit audit log',
+        )
+
+
+# ---------------------------------------------------------------------------
+# EventCreateView / EventUpdateView / EventDeleteView — audit emission
+# ---------------------------------------------------------------------------
+
+
+class EventCrudAuditTests(_AuditTestBase):
+    """Event CRUD operations must emit matching audit rows."""
+
+    def setUp(self):
+        super().setUp()
+        from events.models import EventType
+        self.event_type = EventType.objects.create(event_type='Test Category')
+
+    def _create_event_id(self):
+        resp = self.client.post(
+            '/api/v1/events/create/',
+            data={'title': 'Test Event', 'eventType': self.event_type.id},
+            content_type='application/json',
+            **self.auth,
+        )
+        self.assertEqual(resp.status_code, 201, resp.content)
+        return resp.json()['id']
+
+    def test_create_event_emits_audit_row(self):
+        event_id = self._create_event_id()
+        self.assertTrue(
+            AuditLog.objects.filter(action='event.created', target_id=str(event_id)).exists(),
+            'event create did not emit audit log',
+        )
+
+    def test_update_event_emits_audit_row(self):
+        event_id = self._create_event_id()
+        AuditLog.objects.all().delete()
+        resp = self.client.patch(
+            f'/api/v1/events/{event_id}/update/',
+            data={'title': 'Updated Title'},
+            content_type='application/json',
+            **self.auth,
+        )
+        self.assertEqual(resp.status_code, 200, resp.content)
+        log = AuditLog.objects.filter(action='event.updated', target_id=str(event_id)).first()
+        self.assertIsNotNone(log, 'event update did not emit audit log')
+        self.assertIn('title', log.details.get('changed_fields', []))
+
+    def test_delete_event_emits_audit_row(self):
+        event_id = self._create_event_id()
+        AuditLog.objects.all().delete()
+        resp = self.client.delete(
+            f'/api/v1/events/{event_id}/delete/',
+            **self.auth,
+        )
+        self.assertEqual(resp.status_code, 204)
+        self.assertTrue(
+            AuditLog.objects.filter(action='event.deleted', target_id=str(event_id)).exists(),
+            'event delete did not emit audit log',
+        )

admin_api/urls.py

@@ -18,8 +18,18 @@ urlpatterns = [
     path('partners/<int:pk>/', views.PartnerDetailView.as_view(), name='partner-detail'),
     path('partners/<int:pk>/status/', views.PartnerStatusView.as_view(), name='partner-status'),
     path('partners/<int:pk>/kyc/review/', views.PartnerKYCReviewView.as_view(), name='partner-kyc-review'),
+    path('partners/<int:pk>/impersonate/', views.PartnerImpersonateView.as_view(), name='partner-impersonate'),
     path('partners/onboard/', views.PartnerOnboardView.as_view(), name='partner-onboard'),
     path('partners/<int:partner_id>/staff/', views.PartnerStaffCreateView.as_view(), name='partner-staff-create'),
+    # Partner-Me: partner portal self-service (Sprint 1)
+    path('partners/me/profile/', views.PartnerMeProfileView.as_view(), name='partner-me-profile'),
+    path('partners/me/notifications/', views.PartnerMeNotificationsView.as_view(), name='partner-me-notifications'),
+    path('partners/me/payout/', views.PartnerMePayoutView.as_view(), name='partner-me-payout'),
+    path('partners/me/change-password/', views.PartnerMeChangePasswordView.as_view(), name='partner-me-change-password'),
+    # Partner-Me: events (Sprint 2)
+    path('partners/me/events/', views.PartnerMeEventsView.as_view(), name='partner-me-events'),
+    path('partners/me/events/<int:pk>/', views.PartnerMeEventDetailView.as_view(), name='partner-me-event-detail'),
+    path('partners/me/events/<int:pk>/duplicate/', views.PartnerMeEventDuplicateView.as_view(), name='partner-me-event-duplicate'),
     path('users/metrics/', views.UserMetricsView.as_view(), name='user-metrics'),
     path('users/', views.UserListView.as_view(), name='user-list'),
     path('users/<int:pk>/', views.UserDetailView.as_view(), name='user-detail'),
@@ -80,6 +90,16 @@ urlpatterns = [
     path('rbac/scopes/', views.ScopeListView.as_view(), name='rbac-scope-list'),
     path('rbac/org-tree/', views.OrgTreeView.as_view(), name='rbac-org-tree'),
     path('rbac/audit-log/', views.AuditLogListView.as_view(), name='rbac-audit-log'),
+    path('rbac/audit-log/metrics/', views.AuditLogMetricsView.as_view(), name='rbac-audit-log-metrics'),
+
+    # Notifications (admin-side recurring email jobs)
+    path('notifications/types/', views.NotificationTypesView.as_view(), name='notification-types'),
+    path('notifications/schedules/', views.NotificationScheduleListView.as_view(), name='notification-schedule-list'),
+    path('notifications/schedules/<int:pk>/', views.NotificationScheduleDetailView.as_view(), name='notification-schedule-detail'),
+    path('notifications/schedules/<int:pk>/recipients/', views.NotificationRecipientView.as_view(), name='notification-recipient-create'),
+    path('notifications/schedules/<int:pk>/recipients/<int:rid>/', views.NotificationRecipientDetailView.as_view(), name='notification-recipient-detail'),
+    path('notifications/schedules/<int:pk>/send-now/', views.NotificationScheduleSendNowView.as_view(), name='notification-schedule-send-now'),
+    path('notifications/schedules/<int:pk>/test-send/', views.NotificationScheduleTestSendView.as_view(), name='notification-schedule-test-send'),
 
     # Ad Control
     path('ad-control/', include('ad_control.urls')),

eventify/settings.py

@@ -18,6 +18,9 @@ ALLOWED_HOSTS = [
     'backend.eventifyplus.com',
     'admin.eventifyplus.com',
     'app.eventifyplus.com',
+    'partner.eventifyplus.com',
+    'eventify-backend',
+    'eventify-django',
     'localhost',
     '127.0.0.1',
 ]
@@ -196,3 +199,9 @@ SIMPLE_JWT = {
     'USER_ID_FIELD': 'id',
     'USER_ID_CLAIM': 'user_id',
 }
+
+# --- Google OAuth (Sign in with Google via GIS ID-token flow) -----------
+# The Client ID is public (safe in VITE_* env vars and the SPA bundle).
+# There is NO client secret — we use the ID-token flow, not auth-code flow.
+# Set the SAME value in the Django container .env and in SPA .env.local.
+GOOGLE_CLIENT_ID = os.environ.get('GOOGLE_CLIENT_ID', '')

mobile_api/tests.py

@@ -1,3 +1,89 @@
-from django.test import TestCase
+"""Unit tests for GoogleLoginView.
 
-# Create your tests here.
+Run with:
+    python manage.py test mobile_api.tests
+"""
+import json
+from unittest.mock import patch, MagicMock
+
+from django.test import TestCase, override_settings
+from rest_framework.authtoken.models import Token
+
+from accounts.models import User
+
+
+@override_settings(GOOGLE_CLIENT_ID='test-client-id.apps.googleusercontent.com')
+class GoogleLoginViewTests(TestCase):
+    url = '/api/user/google-login/'
+
+    def _valid_idinfo(self, email='new.user@example.com'):
+        return {
+            'email': email,
+            'given_name': 'New',
+            'family_name': 'User',
+            'aud': 'test-client-id.apps.googleusercontent.com',
+        }
+
+    @patch('google.oauth2.id_token.verify_oauth2_token')
+    def test_valid_token_creates_user(self, mock_verify):
+        mock_verify.return_value = self._valid_idinfo('fresh@example.com')
+
+        resp = self.client.post(
+            self.url,
+            data=json.dumps({'id_token': 'fake.google.jwt'}),
+            content_type='application/json',
+        )
+
+        self.assertEqual(resp.status_code, 200, resp.content)
+        body = resp.json()
+        self.assertEqual(body['email'], 'fresh@example.com')
+        self.assertEqual(body['role'], 'customer')
+        self.assertTrue(body['token'])
+
+        user = User.objects.get(email='fresh@example.com')
+        self.assertTrue(Token.objects.filter(user=user).exists())
+        # Confirm audience was passed to verify_oauth2_token
+        _, call_kwargs = mock_verify.call_args[0], mock_verify.call_args
+        self.assertEqual(mock_verify.call_args[0][2], 'test-client-id.apps.googleusercontent.com')
+
+    def test_missing_id_token_returns_400(self):
+        resp = self.client.post(
+            self.url,
+            data=json.dumps({}),
+            content_type='application/json',
+        )
+        self.assertEqual(resp.status_code, 400)
+        self.assertEqual(resp.json()['error'], 'id_token is required')
+
+    @patch('google.oauth2.id_token.verify_oauth2_token')
+    def test_invalid_token_returns_401(self, mock_verify):
+        mock_verify.side_effect = ValueError('Token audience mismatch')
+
+        resp = self.client.post(
+            self.url,
+            data=json.dumps({'id_token': 'tampered.or.wrong-aud.jwt'}),
+            content_type='application/json',
+        )
+        self.assertEqual(resp.status_code, 401)
+        self.assertEqual(resp.json()['error'], 'Invalid Google token')
+
+    @patch('google.oauth2.id_token.verify_oauth2_token')
+    def test_existing_user_reuses_token(self, mock_verify):
+        existing = User.objects.create_user(
+            username='returning@example.com',
+            email='returning@example.com',
+            password='irrelevant',
+            role='customer',
+        )
+        existing_auth_token = Token.objects.create(user=existing)
+        mock_verify.return_value = self._valid_idinfo('returning@example.com')
+
+        resp = self.client.post(
+            self.url,
+            data=json.dumps({'id_token': 'returning.user.jwt'}),
+            content_type='application/json',
+        )
+        self.assertEqual(resp.status_code, 200)
+        self.assertEqual(resp.json()['token'], existing_auth_token.key)
+        # No duplicate user created
+        self.assertEqual(User.objects.filter(email='returning@example.com').count(), 1)

mobile_api/views/events.py

@@ -244,9 +244,9 @@ class EventListAPI(APIView):
                 if pincode_qs.count() >= MIN_EVENTS_THRESHOLD:
                     qs = pincode_qs
 
-            # Priority 3: Full-text search on title / description
+            # Priority 3: Full-text search on title / name / description
             if q:
-                qs = qs.filter(Q(title__icontains=q) | Q(description__icontains=q))
+                qs = qs.filter(Q(title__icontains=q) | Q(name__icontains=q) | Q(description__icontains=q))
 
             if per_type > 0 and page == 1:
                 type_ids = list(qs.values_list('event_type_id', flat=True).distinct())

mobile_api/views/reviews.py

@@ -29,11 +29,20 @@ def _serialize_review(r, user_interactions=None):
         uname = r.reviewer.username
     except Exception:
         uname = ''
+    try:
+        pic = r.reviewer.profile_picture
+        if pic and pic.name and 'default.png' not in pic.name:
+            profile_photo = pic.url
+        else:
+            profile_photo = ''
+    except Exception:
+        profile_photo = ''
     return {
         'id': r.id,
         'event_id': r.event_id,
         'username': uname,
         'display_name': display,
+        'profile_photo': profile_photo,
         'rating': r.rating,
         'comment': r.review_text,
         'status': _STATUS_TO_JSON.get(r.status, r.status),

mobile_api/views/user.py

@@ -10,12 +10,32 @@ from rest_framework.authtoken.models import Token
 from mobile_api.forms import RegisterForm, LoginForm, WebRegisterForm
 from rest_framework.authentication import TokenAuthentication
 from django.contrib.auth import logout
+from django.db import connection
 from mobile_api.utils import validate_token_and_get_user
 from utils.errors_json_convertor import simplify_form_errors
 from accounts.models import User
 from eventify_logger.services import log
 
 
+def _seed_gamification_profile(user):
+    """Insert a gamification profile row for a newly registered user.
+    Non-fatal: if the insert fails for any reason, registration still succeeds."""
+    try:
+        with connection.cursor() as cursor:
+            cursor.execute("""
+                INSERT INTO user_gamification_profiles (user_id, eventify_id)
+                VALUES (%s, %s)
+                ON CONFLICT (user_id) DO UPDATE
+                    SET eventify_id = COALESCE(
+                        user_gamification_profiles.eventify_id,
+                        EXCLUDED.eventify_id
+                    )
+            """, [user.email, user.eventify_id])
+    except Exception as e:
+        log("warning", "Failed to seed gamification profile on registration",
+            logger_data={"user": user.email, "error": str(e)})
+
+
 @method_decorator(csrf_exempt, name='dispatch')
 class RegisterView(View):
     def post(self, request):
@@ -24,6 +44,7 @@ class RegisterView(View):
             form = RegisterForm(data)
             if form.is_valid():
                 user = form.save()
+                _seed_gamification_profile(user)
                 token, _ = Token.objects.get_or_create(user=user)
                 log("info", "API user registration", request=request, user=user)
                 return JsonResponse({'message': 'User registered successfully', 'token': token.key}, status=201)
@@ -51,6 +72,7 @@ class WebRegisterView(View):
             if form.is_valid():
                 print('2')
                 user = form.save()
+                _seed_gamification_profile(user)
                 token, _ = Token.objects.get_or_create(user=user)
                 print('3')
                 log("info", "Web user registration", request=request, user=user)
@@ -134,6 +156,7 @@ class StatusView(View):
                 "eventify_id": user.eventify_id or '',
                 "district": user.district or '',
                 "district_changed_at": user.district_changed_at.isoformat() if user.district_changed_at else None,
+                "profile_photo": user.profile_picture.url if user.profile_picture else '',
             })
 
         except Exception as e:
@@ -408,12 +431,22 @@ class GoogleLoginView(View):
             from google.oauth2 import id_token as google_id_token
             from google.auth.transport import requests as google_requests
 
+            from django.conf import settings
+
             data = json.loads(request.body)
             token = data.get('id_token')
             if not token:
                 return JsonResponse({'error': 'id_token is required'}, status=400)
 
-            idinfo = google_id_token.verify_oauth2_token(token, google_requests.Request())
+            if not settings.GOOGLE_CLIENT_ID:
+                log("error", "GOOGLE_CLIENT_ID not configured", request=request)
+                return JsonResponse({'error': 'Google login temporarily unavailable'}, status=503)
+
+            idinfo = google_id_token.verify_oauth2_token(
+                token,
+                google_requests.Request(),
+                settings.GOOGLE_CLIENT_ID,
+            )
             email = idinfo.get('email')
             if not email:
                 return JsonResponse({'error': 'Email not found in Google token'}, status=400)

notifications/emails.py

@@ -0,0 +1,181 @@
+"""HTML email builders for scheduled admin notifications.
+
+Each builder is registered in ``BUILDERS`` keyed by ``NotificationSchedule.notification_type``
+and returns ``(subject, html_body)``. Add new types by appending to the registry
+and extending ``NotificationSchedule.TYPE_CHOICES``.
+
+Week bounds for ``events_expiring_this_week`` are computed in Asia/Kolkata so the
+"this week" semantics match the operations team's wall-clock week regardless of
+``settings.TIME_ZONE`` (currently UTC).
+"""
+from datetime import date, datetime, timedelta
+from html import escape
+
+try:
+    from zoneinfo import ZoneInfo
+except ImportError:  # pragma: no cover — fallback for py<3.9
+    from backports.zoneinfo import ZoneInfo  # type: ignore
+
+from django.conf import settings
+from django.core.mail import EmailMessage
+from django.db.models import Q
+
+from eventify_logger.services import log
+
+
+IST = ZoneInfo('Asia/Kolkata')
+
+
+def _today_in_ist() -> date:
+    return datetime.now(IST).date()
+
+
+def _upcoming_week_bounds(today: date) -> tuple[date, date]:
+    """Return (next Monday, next Sunday) inclusive.
+
+    If today is Monday the result is *this week* (today..Sunday).
+    If today is any other weekday the result is *next week* (next Monday..next Sunday).
+    Mon=0 per Python ``weekday()``.
+    """
+    days_until_monday = (7 - today.weekday()) % 7
+    monday = today + timedelta(days=days_until_monday)
+    sunday = monday + timedelta(days=6)
+    return monday, sunday
+
+
+def _build_events_expiring_this_week(schedule) -> tuple[str, str]:
+    from events.models import Event
+
+    today = _today_in_ist()
+    monday, sunday = _upcoming_week_bounds(today)
+
+    qs = (
+        Event.objects
+        .select_related('partner', 'event_type')
+        .filter(event_status='published')
+        .filter(
+            Q(end_date__isnull=False, end_date__gte=monday, end_date__lte=sunday)
+            | Q(end_date__isnull=True, start_date__gte=monday, start_date__lte=sunday)
+        )
+        .order_by('end_date', 'start_date', 'name')
+    )
+
+    events = list(qs)
+    rows_html = ''
+    for e in events:
+        end = e.end_date or e.start_date
+        title = e.title or e.name or '(untitled)'
+        partner_name = ''
+        if e.partner_id:
+            try:
+                partner_name = e.partner.name or ''
+            except Exception:
+                partner_name = ''
+        category = ''
+        if e.event_type_id and e.event_type:
+            category = getattr(e.event_type, 'event_type', '') or ''
+        rows_html += (
+            '<tr>'
+            f'<td style="padding:10px 12px;border-bottom:1px solid #eee;">{escape(title)}</td>'
+            f'<td style="padding:10px 12px;border-bottom:1px solid #eee;">{escape(partner_name or "—")}</td>'
+            f'<td style="padding:10px 12px;border-bottom:1px solid #eee;">{escape(category or "—")}</td>'
+            f'<td style="padding:10px 12px;border-bottom:1px solid #eee;">'
+            f'{end.strftime("%a %d %b %Y") if end else "—"}</td>'
+            '</tr>'
+        )
+
+    if not events:
+        rows_html = (
+            '<tr><td colspan="4" style="padding:24px;text-align:center;color:#888;">'
+            'No published events are expiring next week.'
+            '</td></tr>'
+        )
+
+    subject = (
+        f'[Eventify] {len(events)} event(s) expiring '
+        f'{monday.strftime("%d %b")}–{sunday.strftime("%d %b")}'
+    )
+
+    html = f"""<!doctype html>
+<html><body style="margin:0;padding:0;background:#f5f5f5;font-family:Arial,Helvetica,sans-serif;color:#1a1a1a;">
+  <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="background:#f5f5f5;">
+    <tr><td align="center" style="padding:24px 12px;">
+      <table role="presentation" width="640" cellspacing="0" cellpadding="0" style="max-width:640px;background:#ffffff;border-radius:10px;overflow:hidden;box-shadow:0 2px 6px rgba(15,69,207,0.08);">
+        <tr><td style="background:#0F45CF;color:#ffffff;padding:24px 28px;">
+          <h2 style="margin:0;font-size:20px;">Events expiring next week</h2>
+          <p style="margin:6px 0 0;color:#d2dcff;font-size:14px;">
+            {monday.strftime("%A %d %b %Y")} &rarr; {sunday.strftime("%A %d %b %Y")}
+            &middot; {len(events)} event(s)
+          </p>
+        </td></tr>
+        <tr><td style="padding:20px 24px;">
+          <p style="margin:0 0 12px;font-size:14px;color:#444;">
+            Scheduled notification: <strong>{escape(schedule.name)}</strong>
+          </p>
+          <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="border-collapse:collapse;font-size:14px;">
+            <thead>
+              <tr style="background:#f0f4ff;color:#0F45CF;">
+                <th align="left" style="padding:10px 12px;">Title</th>
+                <th align="left" style="padding:10px 12px;">Partner</th>
+                <th align="left" style="padding:10px 12px;">Category</th>
+                <th align="left" style="padding:10px 12px;">End date</th>
+              </tr>
+            </thead>
+            <tbody>{rows_html}</tbody>
+          </table>
+        </td></tr>
+        <tr><td style="padding:16px 24px 24px;color:#888;font-size:12px;">
+          Sent automatically by Eventify Command Center.
+          To change recipients or the schedule, open
+          <a href="https://admin.eventifyplus.com/settings" style="color:#0F45CF;">admin.eventifyplus.com &rsaquo; Settings &rsaquo; Notifications</a>.
+        </td></tr>
+      </table>
+    </td></tr>
+  </table>
+</body></html>"""
+
+    return subject, html
+
+
+BUILDERS: dict = {
+    'events_expiring_this_week': _build_events_expiring_this_week,
+}
+
+
+def render_and_send(schedule) -> int:
+    """Render the email for ``schedule`` and deliver it to active recipients.
+
+    Returns the number of recipients the message was sent to. Raises on SMTP
+    failure so the management command can mark the schedule as errored.
+    """
+    builder = BUILDERS.get(schedule.notification_type)
+    if builder is None:
+        raise ValueError(f'No builder for notification type: {schedule.notification_type}')
+
+    subject, html = builder(schedule)
+    recipients = list(
+        schedule.recipients.filter(is_active=True).values_list('email', flat=True)
+    )
+    if not recipients:
+        log('warning', 'notification schedule has no active recipients', logger_data={
+            'schedule_id': schedule.id,
+            'schedule_name': schedule.name,
+        })
+        return 0
+
+    msg = EmailMessage(
+        subject=subject,
+        body=html,
+        from_email=settings.DEFAULT_FROM_EMAIL,
+        to=recipients,
+    )
+    msg.content_subtype = 'html'
+    msg.send(fail_silently=False)
+
+    log('info', 'notification email sent', logger_data={
+        'schedule_id': schedule.id,
+        'schedule_name': schedule.name,
+        'type': schedule.notification_type,
+        'recipient_count': len(recipients),
+    })
+    return len(recipients)

notifications/management/commands/send_scheduled_notifications.py

@@ -0,0 +1,153 @@
+"""Dispatch due ``NotificationSchedule`` jobs.
+
+Host cron invokes this every ~15 minutes via ``docker exec``. The command
+walks all active schedules, evaluates their cron expression against
+``last_run_at`` using ``croniter``, and fires any that are due. A row-level
+``select_for_update(skip_locked=True)`` prevents duplicate sends if two cron
+ticks race or the container is restarted mid-run.
+
+Evaluation timezone is **Asia/Kolkata** to match
+``notifications/emails.py::_upcoming_week_bounds`` — the same wall-clock week
+used in the outgoing email body.
+
+Flags:
+    --schedule-id <id>   Fire exactly one schedule, ignoring cron check.
+    --dry-run            Resolve due schedules + render emails, send nothing.
+"""
+from datetime import datetime, timedelta
+
+try:
+    from zoneinfo import ZoneInfo
+except ImportError:  # pragma: no cover — py<3.9
+    from backports.zoneinfo import ZoneInfo  # type: ignore
+
+from croniter import croniter
+from django.core.management.base import BaseCommand, CommandError
+from django.db import transaction
+from django.utils import timezone
+
+from eventify_logger.services import log
+from notifications.emails import BUILDERS, render_and_send
+from notifications.models import NotificationSchedule
+
+
+IST = ZoneInfo('Asia/Kolkata')
+
+
+def _is_due(schedule: NotificationSchedule, now_ist: datetime) -> bool:
+    """Return True if ``schedule`` should fire at ``now_ist``.
+
+    ``croniter`` is seeded with ``last_run_at`` (or one year ago for a fresh
+    schedule) and asked for the next fire time. If that time has already
+    passed relative to ``now_ist`` the schedule is due.
+    """
+    if not croniter.is_valid(schedule.cron_expression):
+        return False
+
+    if schedule.last_run_at is not None:
+        seed = schedule.last_run_at.astimezone(IST)
+    else:
+        seed = now_ist - timedelta(days=365)
+
+    itr = croniter(schedule.cron_expression, seed)
+    next_fire = itr.get_next(datetime)
+    return next_fire <= now_ist
+
+
+class Command(BaseCommand):
+    help = 'Dispatch due NotificationSchedule email jobs.'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--schedule-id', type=int, default=None,
+            help='Force-run a single schedule by ID, ignoring cron check.',
+        )
+        parser.add_argument(
+            '--dry-run', action='store_true',
+            help='Render and log but do not send or persist last_run_at.',
+        )
+
+    def handle(self, *args, **opts):
+        schedule_id = opts.get('schedule_id')
+        dry_run = opts.get('dry_run', False)
+
+        now_ist = datetime.now(IST)
+        qs = NotificationSchedule.objects.filter(is_active=True)
+        if schedule_id is not None:
+            qs = qs.filter(id=schedule_id)
+
+        candidate_ids = list(qs.values_list('id', flat=True))
+        if not candidate_ids:
+            self.stdout.write('No active schedules to evaluate.')
+            return
+
+        fired = 0
+        skipped = 0
+        errored = 0
+
+        for sid in candidate_ids:
+            with transaction.atomic():
+                locked_qs = (
+                    NotificationSchedule.objects
+                    .select_for_update(skip_locked=True)
+                    .filter(id=sid, is_active=True)
+                )
+                schedule = locked_qs.first()
+                if schedule is None:
+                    skipped += 1
+                    continue
+
+                forced = schedule_id is not None
+                if not forced and not _is_due(schedule, now_ist):
+                    skipped += 1
+                    continue
+
+                if schedule.notification_type not in BUILDERS:
+                    schedule.last_status = NotificationSchedule.STATUS_ERROR
+                    schedule.last_error = (
+                        f'No builder registered for {schedule.notification_type!r}'
+                    )
+                    schedule.save(update_fields=['last_status', 'last_error', 'updated_at'])
+                    errored += 1
+                    continue
+
+                if dry_run:
+                    self.stdout.write(
+                        f'[dry-run] would fire schedule {schedule.id} '
+                        f'({schedule.name}) type={schedule.notification_type}'
+                    )
+                    fired += 1
+                    continue
+
+                try:
+                    recipient_count = render_and_send(schedule)
+                except Exception as exc:  # noqa: BLE001 — wide catch, store msg
+                    log('error', 'notification dispatch failed', logger_data={
+                        'schedule_id': schedule.id,
+                        'schedule_name': schedule.name,
+                        'error': str(exc),
+                    })
+                    schedule.last_status = NotificationSchedule.STATUS_ERROR
+                    schedule.last_error = str(exc)[:2000]
+                    schedule.save(update_fields=['last_status', 'last_error', 'updated_at'])
+                    errored += 1
+                    continue
+
+                schedule.last_run_at = timezone.now()
+                schedule.last_status = NotificationSchedule.STATUS_SUCCESS
+                schedule.last_error = ''
+                schedule.save(update_fields=[
+                    'last_run_at', 'last_status', 'last_error', 'updated_at',
+                ])
+                fired += 1
+                self.stdout.write(
+                    f'Fired schedule {schedule.id} ({schedule.name}) '
+                    f'→ {recipient_count} recipient(s)'
+                )
+
+        summary = f'Done. fired={fired} skipped={skipped} errored={errored}'
+        self.stdout.write(summary)
+        log('info', 'send_scheduled_notifications complete', logger_data={
+            'fired': fired, 'skipped': skipped, 'errored': errored,
+            'dry_run': dry_run, 'forced_id': schedule_id,
+        })

notifications/migrations/0001_initial.py

@@ -0,0 +1,93 @@
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Notification',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('title', models.CharField(max_length=255)),
+                ('message', models.TextField()),
+                ('notification_type', models.CharField(
+                    choices=[
+                        ('event', 'Event'),
+                        ('promo', 'Promotion'),
+                        ('system', 'System'),
+                        ('booking', 'Booking'),
+                    ],
+                    default='system', max_length=20,
+                )),
+                ('is_read', models.BooleanField(default=False)),
+                ('action_url', models.URLField(blank=True, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('user', models.ForeignKey(
+                    on_delete=django.db.models.deletion.CASCADE,
+                    related_name='notifications',
+                    to=settings.AUTH_USER_MODEL,
+                )),
+            ],
+            options={'ordering': ['-created_at']},
+        ),
+        migrations.CreateModel(
+            name='NotificationSchedule',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=200)),
+                ('notification_type', models.CharField(
+                    choices=[('events_expiring_this_week', 'Events Expiring This Week')],
+                    db_index=True, max_length=64,
+                )),
+                ('cron_expression', models.CharField(
+                    default='0 0 * * 1',
+                    help_text=(
+                        'Standard 5-field cron (minute hour dom month dow). '
+                        'Evaluated in Asia/Kolkata.'
+                    ),
+                    max_length=100,
+                )),
+                ('is_active', models.BooleanField(db_index=True, default=True)),
+                ('last_run_at', models.DateTimeField(blank=True, null=True)),
+                ('last_status', models.CharField(blank=True, default='', max_length=20)),
+                ('last_error', models.TextField(blank=True, default='')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+            options={'ordering': ['-created_at']},
+        ),
+        migrations.AddIndex(
+            model_name='notificationschedule',
+            index=models.Index(
+                fields=['is_active', 'notification_type'],
+                name='notificatio_is_acti_26dfb5_idx',
+            ),
+        ),
+        migrations.CreateModel(
+            name='NotificationRecipient',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('email', models.EmailField(max_length=254)),
+                ('display_name', models.CharField(blank=True, default='', max_length=200)),
+                ('is_active', models.BooleanField(default=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('schedule', models.ForeignKey(
+                    on_delete=django.db.models.deletion.CASCADE,
+                    related_name='recipients',
+                    to='notifications.notificationschedule',
+                )),
+            ],
+            options={
+                'ordering': ['display_name', 'email'],
+                'unique_together': {('schedule', 'email')},
+            },
+        ),
+    ]

notifications/models.py

@@ -1,4 +1,16 @@
+"""
+Two distinct concerns live in this app:
+
+1. ``Notification`` — consumer-facing in-app inbox entries surfaced on the mobile
+   SPA (/api/notifications/list/). One row per user per alert.
+
+2. ``NotificationSchedule`` + ``NotificationRecipient`` — admin-side recurring
+   email jobs configured from the Command Center Settings tab and dispatched by
+   the ``send_scheduled_notifications`` management command (host cron).
+   Not user-facing; strictly operational.
+"""
 from django.db import models
+
 from accounts.models import User
 
 
@@ -23,3 +35,68 @@ class Notification(models.Model):
 
     def __str__(self):
         return f"{self.notification_type}: {self.title} → {self.user.email}"
+
+
+class NotificationSchedule(models.Model):
+    """One configurable recurring email job.
+
+    New types are added by registering a builder in ``notifications/emails.py``
+    and adding the slug to ``TYPE_CHOICES`` below. Cron expression is evaluated
+    in ``Asia/Kolkata`` by the dispatcher (matches operations team timezone).
+    """
+
+    TYPE_EVENTS_EXPIRING_THIS_WEEK = 'events_expiring_this_week'
+
+    TYPE_CHOICES = [
+        (TYPE_EVENTS_EXPIRING_THIS_WEEK, 'Events Expiring This Week'),
+    ]
+
+    STATUS_SUCCESS = 'success'
+    STATUS_ERROR = 'error'
+
+    name = models.CharField(max_length=200)
+    notification_type = models.CharField(
+        max_length=64, choices=TYPE_CHOICES, db_index=True,
+    )
+    cron_expression = models.CharField(
+        max_length=100, default='0 0 * * 1',
+        help_text='Standard 5-field cron (minute hour dom month dow). '
+                  'Evaluated in Asia/Kolkata.',
+    )
+    is_active = models.BooleanField(default=True, db_index=True)
+    last_run_at = models.DateTimeField(null=True, blank=True)
+    last_status = models.CharField(max_length=20, blank=True, default='')
+    last_error = models.TextField(blank=True, default='')
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    class Meta:
+        ordering = ['-created_at']
+        indexes = [models.Index(fields=['is_active', 'notification_type'])]
+
+    def __str__(self):
+        return f'{self.name} ({self.notification_type})'
+
+
+class NotificationRecipient(models.Model):
+    """Free-form recipient — not tied to a User row so external stakeholders
+    (vendors, partners, sponsors) can receive notifications without needing
+    platform accounts."""
+
+    schedule = models.ForeignKey(
+        NotificationSchedule,
+        on_delete=models.CASCADE,
+        related_name='recipients',
+    )
+    email = models.EmailField()
+    display_name = models.CharField(max_length=200, blank=True, default='')
+    is_active = models.BooleanField(default=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    class Meta:
+        unique_together = [('schedule', 'email')]
+        ordering = ['display_name', 'email']
+
+    def __str__(self):
+        label = self.display_name or self.email
+        return f'{label} ({self.schedule.name})'

partner/migrations/0002_partner_profile_payout_notifications.py

@@ -0,0 +1,70 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('partner', '0001_initial'),
+    ]
+
+    operations = [
+        # Profile extras
+        migrations.AddField(
+            model_name='partner',
+            name='bio',
+            field=models.TextField(blank=True, null=True),
+        ),
+
+        # Payout settings
+        migrations.AddField(
+            model_name='partner',
+            name='payout_account_holder_name',
+            field=models.CharField(blank=True, max_length=250, null=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='payout_account_number',
+            field=models.CharField(blank=True, max_length=50, null=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='payout_ifsc_code',
+            field=models.CharField(blank=True, max_length=20, null=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='payout_bank_name',
+            field=models.CharField(blank=True, max_length=250, null=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='payout_schedule',
+            field=models.CharField(
+                choices=[('weekly', 'Weekly'), ('biweekly', 'Bi-weekly'), ('monthly', 'Monthly')],
+                default='monthly',
+                max_length=20,
+            ),
+        ),
+
+        # Notification preferences
+        migrations.AddField(
+            model_name='partner',
+            name='notif_new_booking',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='notif_event_status',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='notif_payout_update',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='partner',
+            name='notif_weekly_report',
+            field=models.BooleanField(default=False),
+        ),
+    ]

partner/models.py

@@ -65,5 +65,28 @@ class Partner(models.Model):
     kyc_compliance_document_file = models.FileField(upload_to='kyc_documents/', blank=True, null=True)
     kyc_compliance_document_number = models.CharField(max_length=250, blank=True, null=True)
 
+    # Profile extras
+    bio = models.TextField(blank=True, null=True)
+
+    # Payout settings
+    PAYOUT_SCHEDULE_CHOICES = (
+        ('weekly', 'Weekly'),
+        ('biweekly', 'Bi-weekly'),
+        ('monthly', 'Monthly'),
+    )
+    payout_account_holder_name = models.CharField(max_length=250, blank=True, null=True)
+    payout_account_number = models.CharField(max_length=50, blank=True, null=True)
+    payout_ifsc_code = models.CharField(max_length=20, blank=True, null=True)
+    payout_bank_name = models.CharField(max_length=250, blank=True, null=True)
+    payout_schedule = models.CharField(
+        max_length=20, choices=PAYOUT_SCHEDULE_CHOICES, default='monthly'
+    )
+
+    # Notification preferences
+    notif_new_booking = models.BooleanField(default=True)
+    notif_event_status = models.BooleanField(default=True)
+    notif_payout_update = models.BooleanField(default=True)
+    notif_weekly_report = models.BooleanField(default=False)
+
     def __str__(self):
         return self.name

requirements-docker.txt

@@ -7,3 +7,7 @@ gunicorn==21.2.0
 django-extensions==3.2.3
 psycopg2-binary==2.9.9
 djangorestframework-simplejwt==5.3.1
+google-auth>=2.0.0
+requests>=2.28.0
+qrcode[pil]>=7.4.2
+croniter>=2.0.0

requirements.txt

@@ -2,3 +2,6 @@ Django>=4.2
 Pillow
 django-summernote
 google-auth>=2.0.0
+requests>=2.31.0
+qrcode[pil]>=7.4.2
+croniter>=2.0.0