pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-25 01:11:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

Implement entity submission services for ThrillWiki

Browse Source 
- Added BaseEntitySubmissionService as an abstract base for entity submissions.
- Created specific submission services for entities: Park, Ride, Company, RideModel.
- Implemented create, update, and delete functionalities with moderation workflow.
- Enhanced logging and validation for required fields.
- Addressed foreign key handling and special field processing for each entity type.
- Noted existing issues with JSONField usage in Company submissions.
This commit is contained in:
pacnpal
2025-11-08 22:23:41 -05:00
parent 9122320e7e
commit 2884bc23ce
29 changed files with 8699 additions and 330 deletions
Download Patch File Download Diff File Expand all files Collapse all files

508
django/api/v1/endpoints/companies.py
View File

@@ -11,13 +11,29 @@ from ninja import Router, Query
from ninja.pagination import paginate, PageNumberPagination
from apps.entities.models import Company
from apps.entities.services.company_submission import CompanySubmissionService
from apps.users.permissions import jwt_auth, require_auth
from ..schemas import (
CompanyCreate,
CompanyUpdate,
CompanyOut,
CompanyListOut,
ErrorResponse
ErrorResponse,
HistoryListResponse,
HistoryEventDetailSchema,
HistoryComparisonSchema,
HistoryDiffCurrentSchema,
FieldHistorySchema,
HistoryActivitySummarySchema,
RollbackRequestSchema,
RollbackResponseSchema,
ErrorSchema
)
from ..services.history_service import HistoryService
from django.core.exceptions import ValidationError
import logging
logger = logging.getLogger(__name__)
router = Router(tags=["Companies"])
@@ -101,38 +117,70 @@ def get_company(request, company_id: UUID):
@router.post(
"/",
response={201: CompanyOut, 400: ErrorResponse},
response={201: CompanyOut, 202: dict, 400: ErrorResponse, 401: ErrorResponse},
summary="Create company",
description="Create a new company (requires authentication)"
description="Create a new company through the Sacred Pipeline (requires authentication)"
)
@require_auth
def create_company(request, payload: CompanyCreate):
"""
Create a new company.
Create a new company through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- payload: Company data
- payload: Company data (name, company_types, headquarters, etc.)
**Returns:** Created company
**Returns:** Created company (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Company created immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All companies flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
company = Company.objects.create(**payload.dict())
return 201, company
try:
user = request.auth
# Create company through Sacred Pipeline
submission, company = CompanySubmissionService.create_entity_submission(
user=user,
data=payload.dict(),
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, Company was created immediately
if company:
logger.info(f"Company created (moderator): {company.id} by {user.email}")
return 201, company
# Regular user: submission pending moderation
logger.info(f"Company submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Company submission pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error creating company: {e}")
return 400, {'detail': str(e)}
@router.put(
"/{company_id}",
response={200: CompanyOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: CompanyOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Update company",
description="Update an existing company (requires authentication)"
description="Update an existing company through the Sacred Pipeline (requires authentication)"
)
@require_auth
def update_company(request, company_id: UUID, payload: CompanyUpdate):
"""
Update a company.
Update a company through the Sacred Pipeline.
**Authentication:** Required
@@ -140,78 +188,177 @@ def update_company(request, company_id: UUID, payload: CompanyUpdate):
- company_id: UUID of the company
- payload: Updated company data
**Returns:** Updated company
**Returns:** Updated company (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
company = get_object_or_404(Company, id=company_id)
# Update only provided fields
for key, value in payload.dict(exclude_unset=True).items():
setattr(company, key, value)
company.save()
return company
try:
user = request.auth
company = get_object_or_404(Company, id=company_id)
data = payload.dict(exclude_unset=True)
# Update company through Sacred Pipeline
submission, updated_company = CompanySubmissionService.update_entity_submission(
entity=company,
user=user,
update_data=data,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, company was updated immediately
if updated_company:
logger.info(f"Company updated (moderator): {updated_company.id} by {user.email}")
return 200, updated_company
# Regular user: submission pending moderation
logger.info(f"Company update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Company update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error updating company: {e}")
return 400, {'detail': str(e)}
@router.patch(
"/{company_id}",
response={200: CompanyOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: CompanyOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Partial update company",
description="Partially update an existing company (requires authentication)"
description="Partially update an existing company through the Sacred Pipeline (requires authentication)"
)
@require_auth
def partial_update_company(request, company_id: UUID, payload: CompanyUpdate):
"""
Partially update a company.
Partially update a company through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- company_id: UUID of the company
- payload: Fields to update
- payload: Fields to update (only provided fields are updated)
**Returns:** Updated company
**Returns:** Updated company (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
company = get_object_or_404(Company, id=company_id)
# Update only provided fields
for key, value in payload.dict(exclude_unset=True).items():
setattr(company, key, value)
company.save()
return company
try:
user = request.auth
company = get_object_or_404(Company, id=company_id)
data = payload.dict(exclude_unset=True)
# Update company through Sacred Pipeline
submission, updated_company = CompanySubmissionService.update_entity_submission(
entity=company,
user=user,
update_data=data,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, company was updated immediately
if updated_company:
logger.info(f"Company partially updated (moderator): {updated_company.id} by {user.email}")
return 200, updated_company
# Regular user: submission pending moderation
logger.info(f"Company partial update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Company update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error partially updating company: {e}")
return 400, {'detail': str(e)}
@router.delete(
"/{company_id}",
response={204: None, 404: ErrorResponse},
response={200: dict, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Delete company",
description="Delete a company (requires authentication)"
description="Delete a company through the Sacred Pipeline (requires authentication)"
)
@require_auth
def delete_company(request, company_id: UUID):
"""
Delete a company.
Delete a company through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- company_id: UUID of the company
**Returns:** No content (204)
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
**Returns:** Deletion confirmation (moderators) or submission confirmation (regular users)
company = get_object_or_404(Company, id=company_id)
company.delete()
return 204, None
**Flow:**
- Moderators: Company hard-deleted immediately (removed from database)
- Regular users: Deletion request created, enters moderation queue
**Deletion Strategy:**
- Hard Delete: Removes company from database (Company has no status field for soft delete)
**Note:** All deletions flow through ContentSubmission pipeline for moderation.
**Warning:** Deleting a company may affect related parks and rides.
"""
try:
user = request.auth
company = get_object_or_404(Company, id=company_id)
# Delete company through Sacred Pipeline (hard delete - no status field)
submission, deleted = CompanySubmissionService.delete_entity_submission(
entity=company,
user=user,
deletion_type='hard', # Company has no status field
deletion_reason='',
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, deletion was applied immediately
if deleted:
logger.info(f"Company deleted (moderator): {company_id} by {user.email}")
return 200, {
'message': 'Company deleted successfully',
'entity_id': str(company_id),
'deletion_type': 'hard'
}
# Regular user: deletion pending moderation
logger.info(f"Company deletion submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Company deletion request pending moderation. You will be notified when it is approved.',
'entity_id': str(company_id)
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error deleting company: {e}")
return 400, {'detail': str(e)}
@router.get(
@@ -252,3 +399,252 @@ def get_company_rides(request, company_id: UUID):
company = get_object_or_404(Company, id=company_id)
rides = company.manufactured_rides.all().values('id', 'name', 'slug', 'status', 'ride_category')
return list(rides)
# ============================================================================
# History Endpoints
# ============================================================================
@router.get(
'/{company_id}/history/',
response={200: HistoryListResponse, 404: ErrorSchema},
summary="Get company history",
description="Get historical changes for a company"
)
def get_company_history(
request,
company_id: UUID,
page: int = Query(1, ge=1),
page_size: int = Query(50, ge=1, le=100),
date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)")
):
"""Get history for a company."""
from datetime import datetime
# Verify company exists
company = get_object_or_404(Company, id=company_id)
# Parse dates if provided
date_from_obj = datetime.fromisoformat(date_from).date() if date_from else None
date_to_obj = datetime.fromisoformat(date_to).date() if date_to else None
# Get history
offset = (page - 1) * page_size
events, accessible_count = HistoryService.get_history(
'company', str(company_id), request.user,
date_from=date_from_obj, date_to=date_to_obj,
limit=page_size, offset=offset
)
# Format events
formatted_events = []
for event in events:
formatted_events.append({
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'change_summary': event.get('change_summary', ''),
'can_rollback': HistoryService.can_rollback(request.user)
})
# Calculate pagination
total_pages = (accessible_count + page_size - 1) // page_size
return {
'entity_id': str(company_id),
'entity_type': 'company',
'entity_name': company.name,
'total_events': accessible_count,
'accessible_events': accessible_count,
'access_limited': HistoryService.is_access_limited(request.user),
'access_reason': HistoryService.get_access_reason(request.user),
'events': formatted_events,
'pagination': {
'page': page,
'page_size': page_size,
'total_pages': total_pages,
'total_items': accessible_count
}
}
@router.get(
'/{company_id}/history/{event_id}/',
response={200: HistoryEventDetailSchema, 404: ErrorSchema},
summary="Get specific company history event",
description="Get detailed information about a specific historical event"
)
def get_company_history_event(request, company_id: UUID, event_id: int):
"""Get a specific history event for a company."""
company = get_object_or_404(Company, id=company_id)
event = HistoryService.get_event('company', event_id, request.user)
if not event:
return 404, {"error": "Event not found or not accessible"}
return {
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'entity_id': str(company_id),
'entity_type': 'company',
'entity_name': company.name,
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'metadata': event.get('metadata', {}),
'can_rollback': HistoryService.can_rollback(request.user),
'rollback_preview': None
}
@router.get(
'/{company_id}/history/compare/',
response={200: HistoryComparisonSchema, 400: ErrorSchema, 404: ErrorSchema},
summary="Compare two company history events",
description="Compare two historical events for a company"
)
def compare_company_history(
request,
company_id: UUID,
event1: int = Query(..., description="First event ID"),
event2: int = Query(..., description="Second event ID")
):
"""Compare two historical events for a company."""
company = get_object_or_404(Company, id=company_id)
try:
comparison = HistoryService.compare_events(
'company', event1, event2, request.user
)
if not comparison:
return 404, {"error": "One or both events not found"}
return {
'entity_id': str(company_id),
'entity_type': 'company',
'entity_name': company.name,
'event1': comparison['event1'],
'event2': comparison['event2'],
'differences': comparison['differences'],
'changed_field_count': comparison['changed_field_count'],
'unchanged_field_count': comparison['unchanged_field_count'],
'time_between': comparison['time_between']
}
except ValueError as e:
return 400, {"error": str(e)}
@router.get(
'/{company_id}/history/{event_id}/diff-current/',
response={200: HistoryDiffCurrentSchema, 404: ErrorSchema},
summary="Compare historical event with current state",
description="Compare a historical event with the current company state"
)
def diff_company_history_with_current(request, company_id: UUID, event_id: int):
"""Compare historical event with current company state."""
company = get_object_or_404(Company, id=company_id)
try:
diff = HistoryService.compare_with_current(
'company', event_id, company, request.user
)
if not diff:
return 404, {"error": "Event not found"}
return {
'entity_id': str(company_id),
'entity_type': 'company',
'entity_name': company.name,
'event': diff['event'],
'current_state': diff['current_state'],
'differences': diff['differences'],
'changed_field_count': diff['changed_field_count'],
'time_since': diff['time_since']
}
except ValueError as e:
return 404, {"error": str(e)}
@router.post(
'/{company_id}/history/{event_id}/rollback/',
response={200: RollbackResponseSchema, 400: ErrorSchema, 403: ErrorSchema},
summary="Rollback company to historical state",
description="Rollback company to a historical state (Moderators/Admins only)"
)
def rollback_company(request, company_id: UUID, event_id: int, payload: RollbackRequestSchema):
"""
Rollback company to a historical state.
**Permission:** Moderators, Admins, Superusers only
"""
# Check authentication
if not request.user or not request.user.is_authenticated:
return 401, {"error": "Authentication required"}
# Check rollback permission
if not HistoryService.can_rollback(request.user):
return 403, {"error": "Only moderators and administrators can perform rollbacks"}
company = get_object_or_404(Company, id=company_id)
try:
result = HistoryService.rollback_to_event(
company, 'company', event_id, request.user,
fields=payload.fields,
comment=payload.comment,
create_backup=payload.create_backup
)
return result
except (ValueError, PermissionError) as e:
return 400, {"error": str(e)}
@router.get(
'/{company_id}/history/field/{field_name}/',
response={200: FieldHistorySchema, 404: ErrorSchema},
summary="Get field-specific history",
description="Get history of changes to a specific company field"
)
def get_company_field_history(request, company_id: UUID, field_name: str):
"""Get history of changes to a specific company field."""
company = get_object_or_404(Company, id=company_id)
history = HistoryService.get_field_history(
'company', str(company_id), field_name, request.user
)
return {
'entity_id': str(company_id),
'entity_type': 'company',
'entity_name': company.name,
'field': field_name,
'field_type': 'CharField', # Could introspect this
**history
}
@router.get(
'/{company_id}/history/summary/',
response={200: HistoryActivitySummarySchema, 404: ErrorSchema},
summary="Get company activity summary",
description="Get activity summary for a company"
)
def get_company_activity_summary(request, company_id: UUID):
"""Get activity summary for a company."""
company = get_object_or_404(Company, id=company_id)
summary = HistoryService.get_activity_summary(
'company', str(company_id), request.user
)
return {
'entity_id': str(company_id),
'entity_type': 'company',
'entity_name': company.name,
**summary
}

100
django/api/v1/endpoints/history.py Normal file
View File

@@ -0,0 +1,100 @@
"""
Generic history endpoints for all entity types.
Provides cross-entity history operations and utilities.
"""
from typing import Optional
from uuid import UUID
from django.shortcuts import get_object_or_404
from django.http import Http404
from ninja import Router, Query
from api.v1.services.history_service import HistoryService
from api.v1.schemas import (
HistoryEventDetailSchema,
HistoryComparisonSchema,
ErrorSchema
)
router = Router(tags=['History'])
@router.get(
'/events/{event_id}',
response={200: HistoryEventDetailSchema, 404: ErrorSchema},
summary="Get event by ID",
description="Retrieve any historical event by its ID (requires entity_type parameter)"
)
def get_event_by_id(
request,
event_id: int,
entity_type: str = Query(..., description="Entity type (park, ride, company, ridemodel, review)")
):
"""Get a specific historical event by ID."""
try:
event = HistoryService.get_event(entity_type, event_id, request.user)
if not event:
return 404, {"error": "Event not found or not accessible"}
# Get entity info for response
entity_id = str(event['entity_id'])
entity_name = event.get('entity_name', 'Unknown')
# Build response
response_data = {
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'entity_id': entity_id,
'entity_type': entity_type,
'entity_name': entity_name,
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'metadata': event.get('metadata', {}),
'can_rollback': HistoryService.can_rollback(request.user),
'rollback_preview': None # Could add rollback preview logic if needed
}
return response_data
except ValueError as e:
return 404, {"error": str(e)}
@router.get(
'/compare',
response={200: HistoryComparisonSchema, 400: ErrorSchema, 404: ErrorSchema},
summary="Compare two events",
description="Compare two historical events (must be same entity)"
)
def compare_events(
request,
entity_type: str = Query(..., description="Entity type (park, ride, company, ridemodel, review)"),
event1: int = Query(..., description="First event ID"),
event2: int = Query(..., description="Second event ID")
):
"""Compare two historical events."""
try:
comparison = HistoryService.compare_events(
entity_type, event1, event2, request.user
)
if not comparison:
return 404, {"error": "One or both events not found or not accessible"}
# Format response
response_data = {
'entity_id': comparison['entity_id'],
'entity_type': entity_type,
'entity_name': comparison.get('entity_name', 'Unknown'),
'event1': comparison['event1'],
'event2': comparison['event2'],
'differences': comparison['differences'],
'changed_field_count': comparison['changed_field_count'],
'unchanged_field_count': comparison['unchanged_field_count'],
'time_between': comparison['time_between']
}
return response_data
except ValueError as e:
return 400, {"error": str(e)}

568
django/api/v1/endpoints/parks.py
View File

@@ -15,13 +15,29 @@ from ninja.pagination import paginate, PageNumberPagination
import math
from apps.entities.models import Park, Company, _using_postgis
from apps.entities.services.park_submission import ParkSubmissionService
from apps.users.permissions import jwt_auth, require_auth
from ..schemas import (
ParkCreate,
ParkUpdate,
ParkOut,
ParkListOut,
ErrorResponse
ErrorResponse,
HistoryListResponse,
HistoryEventDetailSchema,
HistoryComparisonSchema,
HistoryDiffCurrentSchema,
FieldHistorySchema,
HistoryActivitySummarySchema,
RollbackRequestSchema,
RollbackResponseSchema,
ErrorSchema
)
from ..services.history_service import HistoryService
from django.core.exceptions import ValidationError
import logging
logger = logging.getLogger(__name__)
router = Router(tags=["Parks"])
@@ -185,54 +201,72 @@ def find_nearby_parks(
@router.post(
"/",
response={201: ParkOut, 400: ErrorResponse},
response={201: ParkOut, 202: dict, 400: ErrorResponse, 401: ErrorResponse},
summary="Create park",
description="Create a new park (requires authentication)"
description="Create a new park through the Sacred Pipeline (requires authentication)"
)
@require_auth
def create_park(request, payload: ParkCreate):
"""
Create a new park.
Create a new park through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- payload: Park data
- payload: Park data (name, park_type, operator, coordinates, etc.)
**Returns:** Created park
**Returns:** Created park (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Park created immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All parks flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
data = payload.dict()
# Extract coordinates to use set_location method
latitude = data.pop('latitude', None)
longitude = data.pop('longitude', None)
park = Park.objects.create(**data)
# Set location using helper method (handles both SQLite and PostGIS)
if latitude is not None and longitude is not None:
park.set_location(longitude, latitude)
park.save()
park.coordinates = park.coordinates
if park.operator:
park.operator_name = park.operator.name
return 201, park
try:
user = request.auth
# Create park through Sacred Pipeline
submission, park = ParkSubmissionService.create_entity_submission(
user=user,
data=payload.dict(),
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, Park was created immediately
if park:
logger.info(f"Park created (moderator): {park.id} by {user.email}")
park.operator_name = park.operator.name if park.operator else None
park.coordinates = park.coordinates
return 201, park
# Regular user: submission pending moderation
logger.info(f"Park submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Park submission pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error creating park: {e}")
return 400, {'detail': str(e)}
@router.put(
"/{park_id}",
response={200: ParkOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: ParkOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Update park",
description="Update an existing park (requires authentication)"
description="Update an existing park through the Sacred Pipeline (requires authentication)"
)
@require_auth
def update_park(request, park_id: UUID, payload: ParkUpdate):
"""
Update a park.
Update a park through the Sacred Pipeline.
**Authentication:** Required
@@ -240,104 +274,193 @@ def update_park(request, park_id: UUID, payload: ParkUpdate):
- park_id: UUID of the park
- payload: Updated park data
**Returns:** Updated park
**Returns:** Updated park (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
data = payload.dict(exclude_unset=True)
# Handle coordinates separately
latitude = data.pop('latitude', None)
longitude = data.pop('longitude', None)
# Update other fields
for key, value in data.items():
setattr(park, key, value)
# Update location if coordinates provided
if latitude is not None and longitude is not None:
park.set_location(longitude, latitude)
park.save()
park.operator_name = park.operator.name if park.operator else None
park.coordinates = park.coordinates
return park
try:
user = request.auth
park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
data = payload.dict(exclude_unset=True)
# Handle coordinates separately
latitude = data.pop('latitude', None)
longitude = data.pop('longitude', None)
# Update park through Sacred Pipeline
submission, updated_park = ParkSubmissionService.update_entity_submission(
entity=park,
user=user,
update_data=data,
latitude=latitude,
longitude=longitude,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, park was updated immediately
if updated_park:
logger.info(f"Park updated (moderator): {updated_park.id} by {user.email}")
updated_park.operator_name = updated_park.operator.name if updated_park.operator else None
updated_park.coordinates = updated_park.coordinates
return 200, updated_park
# Regular user: submission pending moderation
logger.info(f"Park update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Park update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error updating park: {e}")
return 400, {'detail': str(e)}
@router.patch(
"/{park_id}",
response={200: ParkOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: ParkOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Partial update park",
description="Partially update an existing park (requires authentication)"
description="Partially update an existing park through the Sacred Pipeline (requires authentication)"
)
@require_auth
def partial_update_park(request, park_id: UUID, payload: ParkUpdate):
"""
Partially update a park.
Partially update a park through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- park_id: UUID of the park
- payload: Fields to update
- payload: Fields to update (only provided fields are updated)
**Returns:** Updated park
**Returns:** Updated park (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
data = payload.dict(exclude_unset=True)
# Handle coordinates separately
latitude = data.pop('latitude', None)
longitude = data.pop('longitude', None)
# Update other fields
for key, value in data.items():
setattr(park, key, value)
# Update location if coordinates provided
if latitude is not None and longitude is not None:
park.set_location(longitude, latitude)
park.save()
park.operator_name = park.operator.name if park.operator else None
park.coordinates = park.coordinates
return park
try:
user = request.auth
park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
data = payload.dict(exclude_unset=True)
# Handle coordinates separately
latitude = data.pop('latitude', None)
longitude = data.pop('longitude', None)
# Update park through Sacred Pipeline
submission, updated_park = ParkSubmissionService.update_entity_submission(
entity=park,
user=user,
update_data=data,
latitude=latitude,
longitude=longitude,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, park was updated immediately
if updated_park:
logger.info(f"Park partially updated (moderator): {updated_park.id} by {user.email}")
updated_park.operator_name = updated_park.operator.name if updated_park.operator else None
updated_park.coordinates = updated_park.coordinates
return 200, updated_park
# Regular user: submission pending moderation
logger.info(f"Park partial update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Park update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error partially updating park: {e}")
return 400, {'detail': str(e)}
@router.delete(
"/{park_id}",
response={204: None, 404: ErrorResponse},
response={200: dict, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Delete park",
description="Delete a park (requires authentication)"
description="Delete a park through the Sacred Pipeline (requires authentication)"
)
@require_auth
def delete_park(request, park_id: UUID):
"""
Delete a park.
Delete a park through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- park_id: UUID of the park
**Returns:** No content (204)
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
**Returns:** Deletion confirmation (moderators) or submission confirmation (regular users)
park = get_object_or_404(Park, id=park_id)
park.delete()
return 204, None
**Flow:**
- Moderators: Park soft-deleted immediately (status set to 'closed')
- Regular users: Deletion request created, enters moderation queue
**Deletion Strategy:**
- Soft Delete (default): Sets park status to 'closed', preserves data
- Hard Delete: Actually removes from database (moderators only)
**Note:** All deletions flow through ContentSubmission pipeline for moderation.
"""
try:
user = request.auth
park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
# Delete park through Sacred Pipeline (soft delete by default)
submission, deleted = ParkSubmissionService.delete_entity_submission(
entity=park,
user=user,
deletion_type='soft', # Can be made configurable via query param
deletion_reason='', # Can be provided in request body
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, deletion was applied immediately
if deleted:
logger.info(f"Park deleted (moderator): {park_id} by {user.email}")
return 200, {
'message': 'Park deleted successfully',
'entity_id': str(park_id),
'deletion_type': 'soft'
}
# Regular user: deletion pending moderation
logger.info(f"Park deletion submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Park deletion request pending moderation. You will be notified when it is approved.',
'entity_id': str(park_id)
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error deleting park: {e}")
return 400, {'detail': str(e)}
@router.get(
@@ -360,3 +483,252 @@ def get_park_rides(request, park_id: UUID):
'id', 'name', 'slug', 'status', 'ride_category', 'is_coaster', 'manufacturer__name'
)
return list(rides)
# ============================================================================
# History Endpoints
# ============================================================================
@router.get(
'/{park_id}/history/',
response={200: HistoryListResponse, 404: ErrorSchema},
summary="Get park history",
description="Get historical changes for a park"
)
def get_park_history(
request,
park_id: UUID,
page: int = Query(1, ge=1),
page_size: int = Query(50, ge=1, le=100),
date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)")
):
"""Get history for a park."""
from datetime import datetime
# Verify park exists
park = get_object_or_404(Park, id=park_id)
# Parse dates if provided
date_from_obj = datetime.fromisoformat(date_from).date() if date_from else None
date_to_obj = datetime.fromisoformat(date_to).date() if date_to else None
# Get history
offset = (page - 1) * page_size
events, accessible_count = HistoryService.get_history(
'park', str(park_id), request.user,
date_from=date_from_obj, date_to=date_to_obj,
limit=page_size, offset=offset
)
# Format events
formatted_events = []
for event in events:
formatted_events.append({
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'change_summary': event.get('change_summary', ''),
'can_rollback': HistoryService.can_rollback(request.user)
})
# Calculate pagination
total_pages = (accessible_count + page_size - 1) // page_size
return {
'entity_id': str(park_id),
'entity_type': 'park',
'entity_name': park.name,
'total_events': accessible_count,
'accessible_events': accessible_count,
'access_limited': HistoryService.is_access_limited(request.user),
'access_reason': HistoryService.get_access_reason(request.user),
'events': formatted_events,
'pagination': {
'page': page,
'page_size': page_size,
'total_pages': total_pages,
'total_items': accessible_count
}
}
@router.get(
'/{park_id}/history/{event_id}/',
response={200: HistoryEventDetailSchema, 404: ErrorSchema},
summary="Get specific park history event",
description="Get detailed information about a specific historical event"
)
def get_park_history_event(request, park_id: UUID, event_id: int):
"""Get a specific history event for a park."""
park = get_object_or_404(Park, id=park_id)
event = HistoryService.get_event('park', event_id, request.user)
if not event:
return 404, {"error": "Event not found or not accessible"}
return {
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'entity_id': str(park_id),
'entity_type': 'park',
'entity_name': park.name,
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'metadata': event.get('metadata', {}),
'can_rollback': HistoryService.can_rollback(request.user),
'rollback_preview': None
}
@router.get(
'/{park_id}/history/compare/',
response={200: HistoryComparisonSchema, 400: ErrorSchema, 404: ErrorSchema},
summary="Compare two park history events",
description="Compare two historical events for a park"
)
def compare_park_history(
request,
park_id: UUID,
event1: int = Query(..., description="First event ID"),
event2: int = Query(..., description="Second event ID")
):
"""Compare two historical events for a park."""
park = get_object_or_404(Park, id=park_id)
try:
comparison = HistoryService.compare_events(
'park', event1, event2, request.user
)
if not comparison:
return 404, {"error": "One or both events not found"}
return {
'entity_id': str(park_id),
'entity_type': 'park',
'entity_name': park.name,
'event1': comparison['event1'],
'event2': comparison['event2'],
'differences': comparison['differences'],
'changed_field_count': comparison['changed_field_count'],
'unchanged_field_count': comparison['unchanged_field_count'],
'time_between': comparison['time_between']
}
except ValueError as e:
return 400, {"error": str(e)}
@router.get(
'/{park_id}/history/{event_id}/diff-current/',
response={200: HistoryDiffCurrentSchema, 404: ErrorSchema},
summary="Compare historical event with current state",
description="Compare a historical event with the current park state"
)
def diff_park_history_with_current(request, park_id: UUID, event_id: int):
"""Compare historical event with current park state."""
park = get_object_or_404(Park, id=park_id)
try:
diff = HistoryService.compare_with_current(
'park', event_id, park, request.user
)
if not diff:
return 404, {"error": "Event not found"}
return {
'entity_id': str(park_id),
'entity_type': 'park',
'entity_name': park.name,
'event': diff['event'],
'current_state': diff['current_state'],
'differences': diff['differences'],
'changed_field_count': diff['changed_field_count'],
'time_since': diff['time_since']
}
except ValueError as e:
return 404, {"error": str(e)}
@router.post(
'/{park_id}/history/{event_id}/rollback/',
response={200: RollbackResponseSchema, 400: ErrorSchema, 403: ErrorSchema},
summary="Rollback park to historical state",
description="Rollback park to a historical state (Moderators/Admins only)"
)
def rollback_park(request, park_id: UUID, event_id: int, payload: RollbackRequestSchema):
"""
Rollback park to a historical state.
**Permission:** Moderators, Admins, Superusers only
"""
# Check authentication
if not request.user or not request.user.is_authenticated:
return 401, {"error": "Authentication required"}
# Check rollback permission
if not HistoryService.can_rollback(request.user):
return 403, {"error": "Only moderators and administrators can perform rollbacks"}
park = get_object_or_404(Park, id=park_id)
try:
result = HistoryService.rollback_to_event(
park, 'park', event_id, request.user,
fields=payload.fields,
comment=payload.comment,
create_backup=payload.create_backup
)
return result
except (ValueError, PermissionError) as e:
return 400, {"error": str(e)}
@router.get(
'/{park_id}/history/field/{field_name}/',
response={200: FieldHistorySchema, 404: ErrorSchema},
summary="Get field-specific history",
description="Get history of changes to a specific park field"
)
def get_park_field_history(request, park_id: UUID, field_name: str):
"""Get history of changes to a specific park field."""
park = get_object_or_404(Park, id=park_id)
history = HistoryService.get_field_history(
'park', str(park_id), field_name, request.user
)
return {
'entity_id': str(park_id),
'entity_type': 'park',
'entity_name': park.name,
'field': field_name,
'field_type': 'CharField', # Could introspect this
**history
}
@router.get(
'/{park_id}/history/summary/',
response={200: HistoryActivitySummarySchema, 404: ErrorSchema},
summary="Get park activity summary",
description="Get activity summary for a park"
)
def get_park_activity_summary(request, park_id: UUID):
"""Get activity summary for a park."""
park = get_object_or_404(Park, id=park_id)
summary = HistoryService.get_activity_summary(
'park', str(park_id), request.user
)
return {
'entity_id': str(park_id),
'entity_type': 'park',
'entity_name': park.name,
**summary
}

259
django/api/v1/endpoints/reviews.py
View File

@@ -28,7 +28,17 @@ from ..schemas import (
VoteResponse,
ErrorResponse,
UserSchema,
HistoryListResponse,
HistoryEventDetailSchema,
HistoryComparisonSchema,
HistoryDiffCurrentSchema,
FieldHistorySchema,
HistoryActivitySummarySchema,
RollbackRequestSchema,
RollbackResponseSchema,
ErrorSchema,
)
from ..services.history_service import HistoryService
router = Router(tags=["Reviews"])
logger = logging.getLogger(__name__)
@@ -583,3 +593,252 @@ def get_review_stats(request, entity_type: str, entity_id: UUID):
'total_reviews': stats['total_reviews'] or 0,
'rating_distribution': distribution,
}
# ============================================================================
# History Endpoints
# ============================================================================
@router.get(
'/{review_id}/history/',
response={200: HistoryListResponse, 404: ErrorSchema},
summary="Get review history",
description="Get historical changes for a review"
)
def get_review_history(
request,
review_id: int,
page: int = Query(1, ge=1),
page_size: int = Query(50, ge=1, le=100),
date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)")
):
"""Get history for a review."""
from datetime import datetime
# Verify review exists
review = get_object_or_404(Review, id=review_id)
# Parse dates if provided
date_from_obj = datetime.fromisoformat(date_from).date() if date_from else None
date_to_obj = datetime.fromisoformat(date_to).date() if date_to else None
# Get history
offset = (page - 1) * page_size
events, accessible_count = HistoryService.get_history(
'review', str(review_id), request.user,
date_from=date_from_obj, date_to=date_to_obj,
limit=page_size, offset=offset
)
# Format events
formatted_events = []
for event in events:
formatted_events.append({
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'change_summary': event.get('change_summary', ''),
'can_rollback': HistoryService.can_rollback(request.user)
})
# Calculate pagination
total_pages = (accessible_count + page_size - 1) // page_size
return {
'entity_id': str(review_id),
'entity_type': 'review',
'entity_name': f"Review by {review.user.username}",
'total_events': accessible_count,
'accessible_events': accessible_count,
'access_limited': HistoryService.is_access_limited(request.user),
'access_reason': HistoryService.get_access_reason(request.user),
'events': formatted_events,
'pagination': {
'page': page,
'page_size': page_size,
'total_pages': total_pages,
'total_items': accessible_count
}
}
@router.get(
'/{review_id}/history/{event_id}/',
response={200: HistoryEventDetailSchema, 404: ErrorSchema},
summary="Get specific review history event",
description="Get detailed information about a specific historical event"
)
def get_review_history_event(request, review_id: int, event_id: int):
"""Get a specific history event for a review."""
review = get_object_or_404(Review, id=review_id)
event = HistoryService.get_event('review', event_id, request.user)
if not event:
return 404, {"error": "Event not found or not accessible"}
return {
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'entity_id': str(review_id),
'entity_type': 'review',
'entity_name': f"Review by {review.user.username}",
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'metadata': event.get('metadata', {}),
'can_rollback': HistoryService.can_rollback(request.user),
'rollback_preview': None
}
@router.get(
'/{review_id}/history/compare/',
response={200: HistoryComparisonSchema, 400: ErrorSchema, 404: ErrorSchema},
summary="Compare two review history events",
description="Compare two historical events for a review"
)
def compare_review_history(
request,
review_id: int,
event1: int = Query(..., description="First event ID"),
event2: int = Query(..., description="Second event ID")
):
"""Compare two historical events for a review."""
review = get_object_or_404(Review, id=review_id)
try:
comparison = HistoryService.compare_events(
'review', event1, event2, request.user
)
if not comparison:
return 404, {"error": "One or both events not found"}
return {
'entity_id': str(review_id),
'entity_type': 'review',
'entity_name': f"Review by {review.user.username}",
'event1': comparison['event1'],
'event2': comparison['event2'],
'differences': comparison['differences'],
'changed_field_count': comparison['changed_field_count'],
'unchanged_field_count': comparison['unchanged_field_count'],
'time_between': comparison['time_between']
}
except ValueError as e:
return 400, {"error": str(e)}
@router.get(
'/{review_id}/history/{event_id}/diff-current/',
response={200: HistoryDiffCurrentSchema, 404: ErrorSchema},
summary="Compare historical event with current state",
description="Compare a historical event with the current review state"
)
def diff_review_history_with_current(request, review_id: int, event_id: int):
"""Compare historical event with current review state."""
review = get_object_or_404(Review, id=review_id)
try:
diff = HistoryService.compare_with_current(
'review', event_id, review, request.user
)
if not diff:
return 404, {"error": "Event not found"}
return {
'entity_id': str(review_id),
'entity_type': 'review',
'entity_name': f"Review by {review.user.username}",
'event': diff['event'],
'current_state': diff['current_state'],
'differences': diff['differences'],
'changed_field_count': diff['changed_field_count'],
'time_since': diff['time_since']
}
except ValueError as e:
return 404, {"error": str(e)}
@router.post(
'/{review_id}/history/{event_id}/rollback/',
response={200: RollbackResponseSchema, 400: ErrorSchema, 403: ErrorSchema},
summary="Rollback review to historical state",
description="Rollback review to a historical state (Moderators/Admins only)"
)
def rollback_review(request, review_id: int, event_id: int, payload: RollbackRequestSchema):
"""
Rollback review to a historical state.
**Permission:** Moderators, Admins, Superusers only
"""
# Check authentication
if not request.user or not request.user.is_authenticated:
return 401, {"error": "Authentication required"}
# Check rollback permission
if not HistoryService.can_rollback(request.user):
return 403, {"error": "Only moderators and administrators can perform rollbacks"}
review = get_object_or_404(Review, id=review_id)
try:
result = HistoryService.rollback_to_event(
review, 'review', event_id, request.user,
fields=payload.fields,
comment=payload.comment,
create_backup=payload.create_backup
)
return result
except (ValueError, PermissionError) as e:
return 400, {"error": str(e)}
@router.get(
'/{review_id}/history/field/{field_name}/',
response={200: FieldHistorySchema, 404: ErrorSchema},
summary="Get field-specific history",
description="Get history of changes to a specific review field"
)
def get_review_field_history(request, review_id: int, field_name: str):
"""Get history of changes to a specific review field."""
review = get_object_or_404(Review, id=review_id)
history = HistoryService.get_field_history(
'review', str(review_id), field_name, request.user
)
return {
'entity_id': str(review_id),
'entity_type': 'review',
'entity_name': f"Review by {review.user.username}",
'field': field_name,
'field_type': 'CharField', # Could introspect this
**history
}
@router.get(
'/{review_id}/history/summary/',
response={200: HistoryActivitySummarySchema, 404: ErrorSchema},
summary="Get review activity summary",
description="Get activity summary for a review"
)
def get_review_activity_summary(request, review_id: int):
"""Get activity summary for a review."""
review = get_object_or_404(Review, id=review_id)
summary = HistoryService.get_activity_summary(
'review', str(review_id), request.user
)
return {
'entity_id': str(review_id),
'entity_type': 'review',
'entity_name': f"Review by {review.user.username}",
**summary
}

517
django/api/v1/endpoints/ride_models.py
View File

@@ -11,13 +11,29 @@ from ninja import Router, Query
from ninja.pagination import paginate, PageNumberPagination
from apps.entities.models import RideModel, Company
from apps.entities.services.ride_model_submission import RideModelSubmissionService
from apps.users.permissions import jwt_auth, require_auth
from ..schemas import (
RideModelCreate,
RideModelUpdate,
RideModelOut,
RideModelListOut,
ErrorResponse
ErrorResponse,
HistoryListResponse,
HistoryEventDetailSchema,
HistoryComparisonSchema,
HistoryDiffCurrentSchema,
FieldHistorySchema,
HistoryActivitySummarySchema,
RollbackRequestSchema,
RollbackResponseSchema,
ErrorSchema
)
from ..services.history_service import HistoryService
from django.core.exceptions import ValidationError
import logging
logger = logging.getLogger(__name__)
router = Router(tags=["Ride Models"])
@@ -106,42 +122,71 @@ def get_ride_model(request, model_id: UUID):
@router.post(
"/",
response={201: RideModelOut, 400: ErrorResponse, 404: ErrorResponse},
response={201: RideModelOut, 202: dict, 400: ErrorResponse, 401: ErrorResponse, 404: ErrorResponse},
summary="Create ride model",
description="Create a new ride model (requires authentication)"
description="Create a new ride model through the Sacred Pipeline (requires authentication)"
)
@require_auth
def create_ride_model(request, payload: RideModelCreate):
"""
Create a new ride model.
Create a new ride model through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- payload: Ride model data
- payload: Ride model data (name, manufacturer, model_type, specifications, etc.)
**Returns:** Created ride model
**Returns:** Created ride model (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Ride model created immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All ride models flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
# Verify manufacturer exists
manufacturer = get_object_or_404(Company, id=payload.manufacturer_id)
model = RideModel.objects.create(**payload.dict())
model.manufacturer_name = manufacturer.name
return 201, model
try:
user = request.auth
# Create ride model through Sacred Pipeline
submission, ride_model = RideModelSubmissionService.create_entity_submission(
user=user,
data=payload.dict(),
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, RideModel was created immediately
if ride_model:
logger.info(f"RideModel created (moderator): {ride_model.id} by {user.email}")
ride_model.manufacturer_name = ride_model.manufacturer.name if ride_model.manufacturer else None
return 201, ride_model
# Regular user: submission pending moderation
logger.info(f"RideModel submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride model submission pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error creating ride model: {e}")
return 400, {'detail': str(e)}
@router.put(
"/{model_id}",
response={200: RideModelOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: RideModelOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Update ride model",
description="Update an existing ride model (requires authentication)"
description="Update an existing ride model through the Sacred Pipeline (requires authentication)"
)
@require_auth
def update_ride_model(request, model_id: UUID, payload: RideModelUpdate):
"""
Update a ride model.
Update a ride model through the Sacred Pipeline.
**Authentication:** Required
@@ -149,80 +194,179 @@ def update_ride_model(request, model_id: UUID, payload: RideModelUpdate):
- model_id: UUID of the ride model
- payload: Updated ride model data
**Returns:** Updated ride model
**Returns:** Updated ride model (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
# Update only provided fields
for key, value in payload.dict(exclude_unset=True).items():
setattr(model, key, value)
model.save()
model.manufacturer_name = model.manufacturer.name if model.manufacturer else None
return model
try:
user = request.auth
model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
data = payload.dict(exclude_unset=True)
# Update ride model through Sacred Pipeline
submission, updated_model = RideModelSubmissionService.update_entity_submission(
entity=model,
user=user,
update_data=data,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, ride model was updated immediately
if updated_model:
logger.info(f"RideModel updated (moderator): {updated_model.id} by {user.email}")
updated_model.manufacturer_name = updated_model.manufacturer.name if updated_model.manufacturer else None
return 200, updated_model
# Regular user: submission pending moderation
logger.info(f"RideModel update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride model update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error updating ride model: {e}")
return 400, {'detail': str(e)}
@router.patch(
"/{model_id}",
response={200: RideModelOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: RideModelOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Partial update ride model",
description="Partially update an existing ride model (requires authentication)"
description="Partially update an existing ride model through the Sacred Pipeline (requires authentication)"
)
@require_auth
def partial_update_ride_model(request, model_id: UUID, payload: RideModelUpdate):
"""
Partially update a ride model.
Partially update a ride model through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- model_id: UUID of the ride model
- payload: Fields to update
- payload: Fields to update (only provided fields are updated)
**Returns:** Updated ride model
**Returns:** Updated ride model (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
# Update only provided fields
for key, value in payload.dict(exclude_unset=True).items():
setattr(model, key, value)
model.save()
model.manufacturer_name = model.manufacturer.name if model.manufacturer else None
return model
try:
user = request.auth
model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
data = payload.dict(exclude_unset=True)
# Update ride model through Sacred Pipeline
submission, updated_model = RideModelSubmissionService.update_entity_submission(
entity=model,
user=user,
update_data=data,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, ride model was updated immediately
if updated_model:
logger.info(f"RideModel partially updated (moderator): {updated_model.id} by {user.email}")
updated_model.manufacturer_name = updated_model.manufacturer.name if updated_model.manufacturer else None
return 200, updated_model
# Regular user: submission pending moderation
logger.info(f"RideModel partial update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride model update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error partially updating ride model: {e}")
return 400, {'detail': str(e)}
@router.delete(
"/{model_id}",
response={204: None, 404: ErrorResponse},
response={200: dict, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Delete ride model",
description="Delete a ride model (requires authentication)"
description="Delete a ride model through the Sacred Pipeline (requires authentication)"
)
@require_auth
def delete_ride_model(request, model_id: UUID):
"""
Delete a ride model.
Delete a ride model through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- model_id: UUID of the ride model
**Returns:** No content (204)
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
**Returns:** Deletion confirmation (moderators) or submission confirmation (regular users)
model = get_object_or_404(RideModel, id=model_id)
model.delete()
return 204, None
**Flow:**
- Moderators: RideModel hard-deleted immediately (removed from database)
- Regular users: Deletion request created, enters moderation queue
**Deletion Strategy:**
- Hard Delete: Removes ride model from database (RideModel has no status field for soft delete)
**Note:** All deletions flow through ContentSubmission pipeline for moderation.
**Warning:** Deleting a ride model may affect related rides.
"""
try:
user = request.auth
model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
# Delete ride model through Sacred Pipeline (hard delete - no status field)
submission, deleted = RideModelSubmissionService.delete_entity_submission(
entity=model,
user=user,
deletion_type='hard', # RideModel has no status field
deletion_reason='',
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, deletion was applied immediately
if deleted:
logger.info(f"RideModel deleted (moderator): {model_id} by {user.email}")
return 200, {
'message': 'Ride model deleted successfully',
'entity_id': str(model_id),
'deletion_type': 'hard'
}
# Regular user: deletion pending moderation
logger.info(f"RideModel deletion submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride model deletion request pending moderation. You will be notified when it is approved.',
'entity_id': str(model_id)
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error deleting ride model: {e}")
return 400, {'detail': str(e)}
@router.get(
@@ -245,3 +389,252 @@ def get_ride_model_installations(request, model_id: UUID):
'id', 'name', 'slug', 'status', 'park__name', 'park__id'
)
return list(rides)
# ============================================================================
# History Endpoints
# ============================================================================
@router.get(
'/{model_id}/history/',
response={200: HistoryListResponse, 404: ErrorSchema},
summary="Get ride model history",
description="Get historical changes for a ride model"
)
def get_ride_model_history(
request,
model_id: UUID,
page: int = Query(1, ge=1),
page_size: int = Query(50, ge=1, le=100),
date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)")
):
"""Get history for a ride model."""
from datetime import datetime
# Verify ride model exists
ride_model = get_object_or_404(RideModel, id=model_id)
# Parse dates if provided
date_from_obj = datetime.fromisoformat(date_from).date() if date_from else None
date_to_obj = datetime.fromisoformat(date_to).date() if date_to else None
# Get history
offset = (page - 1) * page_size
events, accessible_count = HistoryService.get_history(
'ridemodel', str(model_id), request.user,
date_from=date_from_obj, date_to=date_to_obj,
limit=page_size, offset=offset
)
# Format events
formatted_events = []
for event in events:
formatted_events.append({
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'change_summary': event.get('change_summary', ''),
'can_rollback': HistoryService.can_rollback(request.user)
})
# Calculate pagination
total_pages = (accessible_count + page_size - 1) // page_size
return {
'entity_id': str(model_id),
'entity_type': 'ridemodel',
'entity_name': ride_model.name,
'total_events': accessible_count,
'accessible_events': accessible_count,
'access_limited': HistoryService.is_access_limited(request.user),
'access_reason': HistoryService.get_access_reason(request.user),
'events': formatted_events,
'pagination': {
'page': page,
'page_size': page_size,
'total_pages': total_pages,
'total_items': accessible_count
}
}
@router.get(
'/{model_id}/history/{event_id}/',
response={200: HistoryEventDetailSchema, 404: ErrorSchema},
summary="Get specific ride model history event",
description="Get detailed information about a specific historical event"
)
def get_ride_model_history_event(request, model_id: UUID, event_id: int):
"""Get a specific history event for a ride model."""
ride_model = get_object_or_404(RideModel, id=model_id)
event = HistoryService.get_event('ridemodel', event_id, request.user)
if not event:
return 404, {"error": "Event not found or not accessible"}
return {
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'entity_id': str(model_id),
'entity_type': 'ridemodel',
'entity_name': ride_model.name,
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'metadata': event.get('metadata', {}),
'can_rollback': HistoryService.can_rollback(request.user),
'rollback_preview': None
}
@router.get(
'/{model_id}/history/compare/',
response={200: HistoryComparisonSchema, 400: ErrorSchema, 404: ErrorSchema},
summary="Compare two ride model history events",
description="Compare two historical events for a ride model"
)
def compare_ride_model_history(
request,
model_id: UUID,
event1: int = Query(..., description="First event ID"),
event2: int = Query(..., description="Second event ID")
):
"""Compare two historical events for a ride model."""
ride_model = get_object_or_404(RideModel, id=model_id)
try:
comparison = HistoryService.compare_events(
'ridemodel', event1, event2, request.user
)
if not comparison:
return 404, {"error": "One or both events not found"}
return {
'entity_id': str(model_id),
'entity_type': 'ridemodel',
'entity_name': ride_model.name,
'event1': comparison['event1'],
'event2': comparison['event2'],
'differences': comparison['differences'],
'changed_field_count': comparison['changed_field_count'],
'unchanged_field_count': comparison['unchanged_field_count'],
'time_between': comparison['time_between']
}
except ValueError as e:
return 400, {"error": str(e)}
@router.get(
'/{model_id}/history/{event_id}/diff-current/',
response={200: HistoryDiffCurrentSchema, 404: ErrorSchema},
summary="Compare historical event with current state",
description="Compare a historical event with the current ride model state"
)
def diff_ride_model_history_with_current(request, model_id: UUID, event_id: int):
"""Compare historical event with current ride model state."""
ride_model = get_object_or_404(RideModel, id=model_id)
try:
diff = HistoryService.compare_with_current(
'ridemodel', event_id, ride_model, request.user
)
if not diff:
return 404, {"error": "Event not found"}
return {
'entity_id': str(model_id),
'entity_type': 'ridemodel',
'entity_name': ride_model.name,
'event': diff['event'],
'current_state': diff['current_state'],
'differences': diff['differences'],
'changed_field_count': diff['changed_field_count'],
'time_since': diff['time_since']
}
except ValueError as e:
return 404, {"error": str(e)}
@router.post(
'/{model_id}/history/{event_id}/rollback/',
response={200: RollbackResponseSchema, 400: ErrorSchema, 403: ErrorSchema},
summary="Rollback ride model to historical state",
description="Rollback ride model to a historical state (Moderators/Admins only)"
)
def rollback_ride_model(request, model_id: UUID, event_id: int, payload: RollbackRequestSchema):
"""
Rollback ride model to a historical state.
**Permission:** Moderators, Admins, Superusers only
"""
# Check authentication
if not request.user or not request.user.is_authenticated:
return 401, {"error": "Authentication required"}
# Check rollback permission
if not HistoryService.can_rollback(request.user):
return 403, {"error": "Only moderators and administrators can perform rollbacks"}
ride_model = get_object_or_404(RideModel, id=model_id)
try:
result = HistoryService.rollback_to_event(
ride_model, 'ridemodel', event_id, request.user,
fields=payload.fields,
comment=payload.comment,
create_backup=payload.create_backup
)
return result
except (ValueError, PermissionError) as e:
return 400, {"error": str(e)}
@router.get(
'/{model_id}/history/field/{field_name}/',
response={200: FieldHistorySchema, 404: ErrorSchema},
summary="Get field-specific history",
description="Get history of changes to a specific ride model field"
)
def get_ride_model_field_history(request, model_id: UUID, field_name: str):
"""Get history of changes to a specific ride model field."""
ride_model = get_object_or_404(RideModel, id=model_id)
history = HistoryService.get_field_history(
'ridemodel', str(model_id), field_name, request.user
)
return {
'entity_id': str(model_id),
'entity_type': 'ridemodel',
'entity_name': ride_model.name,
'field': field_name,
'field_type': 'CharField', # Could introspect this
**history
}
@router.get(
'/{model_id}/history/summary/',
response={200: HistoryActivitySummarySchema, 404: ErrorSchema},
summary="Get ride model activity summary",
description="Get activity summary for a ride model"
)
def get_ride_model_activity_summary(request, model_id: UUID):
"""Get activity summary for a ride model."""
ride_model = get_object_or_404(RideModel, id=model_id)
summary = HistoryService.get_activity_summary(
'ridemodel', str(model_id), request.user
)
return {
'entity_id': str(model_id),
'entity_type': 'ridemodel',
'entity_name': ride_model.name,
**summary
}

561
django/api/v1/endpoints/rides.py
View File

@@ -11,13 +11,29 @@ from ninja import Router, Query
from ninja.pagination import paginate, PageNumberPagination
from apps.entities.models import Ride, Park, Company, RideModel
from apps.entities.services.ride_submission import RideSubmissionService
from apps.users.permissions import jwt_auth, require_auth
from ..schemas import (
RideCreate,
RideUpdate,
RideOut,
RideListOut,
ErrorResponse
ErrorResponse,
HistoryListResponse,
HistoryEventDetailSchema,
HistoryComparisonSchema,
HistoryDiffCurrentSchema,
FieldHistorySchema,
HistoryActivitySummarySchema,
RollbackRequestSchema,
RollbackResponseSchema,
ErrorSchema
)
from ..services.history_service import HistoryService
from django.core.exceptions import ValidationError
import logging
logger = logging.getLogger(__name__)
router = Router(tags=["Rides"])
@@ -104,6 +120,255 @@ def list_rides(
return queryset
# ============================================================================
# History Endpoints
# ============================================================================
@router.get(
'/{ride_id}/history/',
response={200: HistoryListResponse, 404: ErrorSchema},
summary="Get ride history",
description="Get historical changes for a ride"
)
def get_ride_history(
request,
ride_id: UUID,
page: int = Query(1, ge=1),
page_size: int = Query(50, ge=1, le=100),
date_from: Optional[str] = Query(None, description="Filter from date (YYYY-MM-DD)"),
date_to: Optional[str] = Query(None, description="Filter to date (YYYY-MM-DD)")
):
"""Get history for a ride."""
from datetime import datetime
# Verify ride exists
ride = get_object_or_404(Ride, id=ride_id)
# Parse dates if provided
date_from_obj = datetime.fromisoformat(date_from).date() if date_from else None
date_to_obj = datetime.fromisoformat(date_to).date() if date_to else None
# Get history
offset = (page - 1) * page_size
events, accessible_count = HistoryService.get_history(
'ride', str(ride_id), request.user,
date_from=date_from_obj, date_to=date_to_obj,
limit=page_size, offset=offset
)
# Format events
formatted_events = []
for event in events:
formatted_events.append({
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'change_summary': event.get('change_summary', ''),
'can_rollback': HistoryService.can_rollback(request.user)
})
# Calculate pagination
total_pages = (accessible_count + page_size - 1) // page_size
return {
'entity_id': str(ride_id),
'entity_type': 'ride',
'entity_name': ride.name,
'total_events': accessible_count,
'accessible_events': accessible_count,
'access_limited': HistoryService.is_access_limited(request.user),
'access_reason': HistoryService.get_access_reason(request.user),
'events': formatted_events,
'pagination': {
'page': page,
'page_size': page_size,
'total_pages': total_pages,
'total_items': accessible_count
}
}
@router.get(
'/{ride_id}/history/{event_id}/',
response={200: HistoryEventDetailSchema, 404: ErrorSchema},
summary="Get specific ride history event",
description="Get detailed information about a specific historical event"
)
def get_ride_history_event(request, ride_id: UUID, event_id: int):
"""Get a specific history event for a ride."""
ride = get_object_or_404(Ride, id=ride_id)
event = HistoryService.get_event('ride', event_id, request.user)
if not event:
return 404, {"error": "Event not found or not accessible"}
return {
'id': event['id'],
'timestamp': event['timestamp'],
'operation': event['operation'],
'entity_id': str(ride_id),
'entity_type': 'ride',
'entity_name': ride.name,
'snapshot': event['snapshot'],
'changed_fields': event.get('changed_fields'),
'metadata': event.get('metadata', {}),
'can_rollback': HistoryService.can_rollback(request.user),
'rollback_preview': None
}
@router.get(
'/{ride_id}/history/compare/',
response={200: HistoryComparisonSchema, 400: ErrorSchema, 404: ErrorSchema},
summary="Compare two ride history events",
description="Compare two historical events for a ride"
)
def compare_ride_history(
request,
ride_id: UUID,
event1: int = Query(..., description="First event ID"),
event2: int = Query(..., description="Second event ID")
):
"""Compare two historical events for a ride."""
ride = get_object_or_404(Ride, id=ride_id)
try:
comparison = HistoryService.compare_events(
'ride', event1, event2, request.user
)
if not comparison:
return 404, {"error": "One or both events not found"}
return {
'entity_id': str(ride_id),
'entity_type': 'ride',
'entity_name': ride.name,
'event1': comparison['event1'],
'event2': comparison['event2'],
'differences': comparison['differences'],
'changed_field_count': comparison['changed_field_count'],
'unchanged_field_count': comparison['unchanged_field_count'],
'time_between': comparison['time_between']
}
except ValueError as e:
return 400, {"error": str(e)}
@router.get(
'/{ride_id}/history/{event_id}/diff-current/',
response={200: HistoryDiffCurrentSchema, 404: ErrorSchema},
summary="Compare historical event with current state",
description="Compare a historical event with the current ride state"
)
def diff_ride_history_with_current(request, ride_id: UUID, event_id: int):
"""Compare historical event with current ride state."""
ride = get_object_or_404(Ride, id=ride_id)
try:
diff = HistoryService.compare_with_current(
'ride', event_id, ride, request.user
)
if not diff:
return 404, {"error": "Event not found"}
return {
'entity_id': str(ride_id),
'entity_type': 'ride',
'entity_name': ride.name,
'event': diff['event'],
'current_state': diff['current_state'],
'differences': diff['differences'],
'changed_field_count': diff['changed_field_count'],
'time_since': diff['time_since']
}
except ValueError as e:
return 404, {"error": str(e)}
@router.post(
'/{ride_id}/history/{event_id}/rollback/',
response={200: RollbackResponseSchema, 400: ErrorSchema, 403: ErrorSchema},
summary="Rollback ride to historical state",
description="Rollback ride to a historical state (Moderators/Admins only)"
)
def rollback_ride(request, ride_id: UUID, event_id: int, payload: RollbackRequestSchema):
"""
Rollback ride to a historical state.
**Permission:** Moderators, Admins, Superusers only
"""
# Check authentication
if not request.user or not request.user.is_authenticated:
return 401, {"error": "Authentication required"}
# Check rollback permission
if not HistoryService.can_rollback(request.user):
return 403, {"error": "Only moderators and administrators can perform rollbacks"}
ride = get_object_or_404(Ride, id=ride_id)
try:
result = HistoryService.rollback_to_event(
ride, 'ride', event_id, request.user,
fields=payload.fields,
comment=payload.comment,
create_backup=payload.create_backup
)
return result
except (ValueError, PermissionError) as e:
return 400, {"error": str(e)}
@router.get(
'/{ride_id}/history/field/{field_name}/',
response={200: FieldHistorySchema, 404: ErrorSchema},
summary="Get field-specific history",
description="Get history of changes to a specific ride field"
)
def get_ride_field_history(request, ride_id: UUID, field_name: str):
"""Get history of changes to a specific ride field."""
ride = get_object_or_404(Ride, id=ride_id)
history = HistoryService.get_field_history(
'ride', str(ride_id), field_name, request.user
)
return {
'entity_id': str(ride_id),
'entity_type': 'ride',
'entity_name': ride.name,
'field': field_name,
'field_type': 'CharField', # Could introspect this
**history
}
@router.get(
'/{ride_id}/history/summary/',
response={200: HistoryActivitySummarySchema, 404: ErrorSchema},
summary="Get ride activity summary",
description="Get activity summary for a ride"
)
def get_ride_activity_summary(request, ride_id: UUID):
"""Get activity summary for a ride."""
ride = get_object_or_404(Ride, id=ride_id)
summary = HistoryService.get_activity_summary(
'ride', str(ride_id), request.user
)
return {
'entity_id': str(ride_id),
'entity_type': 'ride',
'entity_name': ride.name,
**summary
}
@router.get(
"/{ride_id}",
response={200: RideOut, 404: ErrorResponse},
@@ -131,56 +396,73 @@ def get_ride(request, ride_id: UUID):
@router.post(
"/",
response={201: RideOut, 400: ErrorResponse, 404: ErrorResponse},
response={201: RideOut, 202: dict, 400: ErrorResponse, 401: ErrorResponse, 404: ErrorResponse},
summary="Create ride",
description="Create a new ride (requires authentication)"
description="Create a new ride through the Sacred Pipeline (requires authentication)"
)
@require_auth
def create_ride(request, payload: RideCreate):
"""
Create a new ride.
Create a new ride through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- payload: Ride data
- payload: Ride data (name, park, ride_category, manufacturer, model, etc.)
**Returns:** Created ride
**Returns:** Created ride (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Ride created immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All rides flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
# Verify park exists
park = get_object_or_404(Park, id=payload.park_id)
# Verify manufacturer if provided
if payload.manufacturer_id:
get_object_or_404(Company, id=payload.manufacturer_id)
# Verify model if provided
if payload.model_id:
get_object_or_404(RideModel, id=payload.model_id)
ride = Ride.objects.create(**payload.dict())
# Reload with related objects
ride = Ride.objects.select_related('park', 'manufacturer', 'model').get(id=ride.id)
ride.park_name = ride.park.name if ride.park else None
ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
ride.model_name = ride.model.name if ride.model else None
return 201, ride
try:
user = request.auth
# Create ride through Sacred Pipeline
submission, ride = RideSubmissionService.create_entity_submission(
user=user,
data=payload.dict(),
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, Ride was created immediately
if ride:
logger.info(f"Ride created (moderator): {ride.id} by {user.email}")
ride.park_name = ride.park.name if ride.park else None
ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
ride.model_name = ride.model.name if ride.model else None
return 201, ride
# Regular user: submission pending moderation
logger.info(f"Ride submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride submission pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error creating ride: {e}")
return 400, {'detail': str(e)}
@router.put(
"/{ride_id}",
response={200: RideOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: RideOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Update ride",
description="Update an existing ride (requires authentication)"
description="Update an existing ride through the Sacred Pipeline (requires authentication)"
)
@require_auth
def update_ride(request, ride_id: UUID, payload: RideUpdate):
"""
Update a ride.
Update a ride through the Sacred Pipeline.
**Authentication:** Required
@@ -188,98 +470,189 @@ def update_ride(request, ride_id: UUID, payload: RideUpdate):
- ride_id: UUID of the ride
- payload: Updated ride data
**Returns:** Updated ride
**Returns:** Updated ride (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
ride = get_object_or_404(
Ride.objects.select_related('park', 'manufacturer', 'model'),
id=ride_id
)
# Update only provided fields
for key, value in payload.dict(exclude_unset=True).items():
setattr(ride, key, value)
ride.save()
# Reload to get updated relationships
ride = Ride.objects.select_related('park', 'manufacturer', 'model').get(id=ride.id)
ride.park_name = ride.park.name if ride.park else None
ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
ride.model_name = ride.model.name if ride.model else None
return ride
try:
user = request.auth
ride = get_object_or_404(
Ride.objects.select_related('park', 'manufacturer', 'model'),
id=ride_id
)
data = payload.dict(exclude_unset=True)
# Update ride through Sacred Pipeline
submission, updated_ride = RideSubmissionService.update_entity_submission(
entity=ride,
user=user,
update_data=data,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, ride was updated immediately
if updated_ride:
logger.info(f"Ride updated (moderator): {updated_ride.id} by {user.email}")
updated_ride.park_name = updated_ride.park.name if updated_ride.park else None
updated_ride.manufacturer_name = updated_ride.manufacturer.name if updated_ride.manufacturer else None
updated_ride.model_name = updated_ride.model.name if updated_ride.model else None
return 200, updated_ride
# Regular user: submission pending moderation
logger.info(f"Ride update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error updating ride: {e}")
return 400, {'detail': str(e)}
@router.patch(
"/{ride_id}",
response={200: RideOut, 404: ErrorResponse, 400: ErrorResponse},
response={200: RideOut, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Partial update ride",
description="Partially update an existing ride (requires authentication)"
description="Partially update an existing ride through the Sacred Pipeline (requires authentication)"
)
@require_auth
def partial_update_ride(request, ride_id: UUID, payload: RideUpdate):
"""
Partially update a ride.
Partially update a ride through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- ride_id: UUID of the ride
- payload: Fields to update
- payload: Fields to update (only provided fields are updated)
**Returns:** Updated ride
**Returns:** Updated ride (moderators) or submission confirmation (regular users)
**Flow:**
- Moderators: Updates applied immediately (bypass moderation)
- Regular users: Submission created, enters moderation queue
**Note:** All updates flow through ContentSubmission pipeline for moderation.
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
ride = get_object_or_404(
Ride.objects.select_related('park', 'manufacturer', 'model'),
id=ride_id
)
# Update only provided fields
for key, value in payload.dict(exclude_unset=True).items():
setattr(ride, key, value)
ride.save()
# Reload to get updated relationships
ride = Ride.objects.select_related('park', 'manufacturer', 'model').get(id=ride.id)
ride.park_name = ride.park.name if ride.park else None
ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
ride.model_name = ride.model.name if ride.model else None
return ride
try:
user = request.auth
ride = get_object_or_404(
Ride.objects.select_related('park', 'manufacturer', 'model'),
id=ride_id
)
data = payload.dict(exclude_unset=True)
# Update ride through Sacred Pipeline
submission, updated_ride = RideSubmissionService.update_entity_submission(
entity=ride,
user=user,
update_data=data,
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, ride was updated immediately
if updated_ride:
logger.info(f"Ride partially updated (moderator): {updated_ride.id} by {user.email}")
updated_ride.park_name = updated_ride.park.name if updated_ride.park else None
updated_ride.manufacturer_name = updated_ride.manufacturer.name if updated_ride.manufacturer else None
updated_ride.model_name = updated_ride.model.name if updated_ride.model else None
return 200, updated_ride
# Regular user: submission pending moderation
logger.info(f"Ride partial update submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride update pending moderation. You will be notified when it is approved.',
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error partially updating ride: {e}")
return 400, {'detail': str(e)}
@router.delete(
"/{ride_id}",
response={204: None, 404: ErrorResponse},
response={200: dict, 202: dict, 404: ErrorResponse, 400: ErrorResponse, 401: ErrorResponse},
summary="Delete ride",
description="Delete a ride (requires authentication)"
description="Delete a ride through the Sacred Pipeline (requires authentication)"
)
@require_auth
def delete_ride(request, ride_id: UUID):
"""
Delete a ride.
Delete a ride through the Sacred Pipeline.
**Authentication:** Required
**Parameters:**
- ride_id: UUID of the ride
**Returns:** No content (204)
"""
# TODO: Add authentication check
# if not request.auth:
# return 401, {"detail": "Authentication required"}
**Returns:** Deletion confirmation (moderators) or submission confirmation (regular users)
ride = get_object_or_404(Ride, id=ride_id)
ride.delete()
return 204, None
**Flow:**
- Moderators: Ride soft-deleted immediately (status set to 'closed')
- Regular users: Deletion request created, enters moderation queue
**Deletion Strategy:**
- Soft Delete (default): Sets ride status to 'closed', preserves data
- Hard Delete: Actually removes from database (moderators only)
**Note:** All deletions flow through ContentSubmission pipeline for moderation.
"""
try:
user = request.auth
ride = get_object_or_404(Ride.objects.select_related('park', 'manufacturer'), id=ride_id)
# Delete ride through Sacred Pipeline (soft delete by default)
submission, deleted = RideSubmissionService.delete_entity_submission(
entity=ride,
user=user,
deletion_type='soft',
deletion_reason='',
source='api',
ip_address=request.META.get('REMOTE_ADDR'),
user_agent=request.META.get('HTTP_USER_AGENT', '')
)
# If moderator bypass happened, deletion was applied immediately
if deleted:
logger.info(f"Ride deleted (moderator): {ride_id} by {user.email}")
return 200, {
'message': 'Ride deleted successfully',
'entity_id': str(ride_id),
'deletion_type': 'soft'
}
# Regular user: deletion pending moderation
logger.info(f"Ride deletion submission created: {submission.id} by {user.email}")
return 202, {
'submission_id': str(submission.id),
'status': submission.status,
'message': 'Ride deletion request pending moderation. You will be notified when it is approved.',
'entity_id': str(ride_id)
}
except ValidationError as e:
return 400, {'detail': str(e)}
except Exception as e:
logger.error(f"Error deleting ride: {e}")
return 400, {'detail': str(e)}
@router.get(