Merge pull request #15 from pacnpal/dev

Dev
Delete django directory
2025-12-20 10:31:13 -05:00 · 2025-11-12 13:28:51 -05:00 · 2025-11-12 13:28:31 -05:00 · 2025-11-12 15:24:07 +00:00 · 2025-11-12 15:24:06 +00:00 · 2025-11-12 15:12:31 +00:00
413 changed files with 215 additions and 67732 deletions
--- a/django/.env.example
+++ b/django/.env.example
@@ -1,35 +0,0 @@
 # Django Settings
 DEBUG=True
 SECRET_KEY=your-secret-key-here-change-in-production
 ALLOWED_HOSTS=localhost,127.0.0.1
 # Database
 DATABASE_URL=postgresql://user:password@localhost:5432/thrillwiki
 # Redis
 REDIS_URL=redis://localhost:6379/0
 # Celery
 CELERY_BROKER_URL=redis://localhost:6379/0
 CELERY_RESULT_BACKEND=redis://localhost:6379/1
 # CloudFlare Images
 CLOUDFLARE_ACCOUNT_ID=your-account-id
 CLOUDFLARE_IMAGE_TOKEN=your-token
 CLOUDFLARE_IMAGE_HASH=your-hash
 # Novu
 NOVU_API_KEY=your-novu-api-key
 NOVU_API_URL=https://api.novu.co
 # Sentry
 SENTRY_DSN=your-sentry-dsn
 # CORS
 CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
 # OAuth
 GOOGLE_CLIENT_ID=
 GOOGLE_CLIENT_SECRET=
 DISCORD_CLIENT_ID=
 DISCORD_CLIENT_SECRET=
--- a/django/ADMIN_GUIDE.md
+++ b/django/ADMIN_GUIDE.md
@@ -1,568 +0,0 @@
 # ThrillWiki Admin Interface Guide
 ## Overview
 The ThrillWiki admin interface uses **Django Unfold**, a modern, Tailwind CSS-based admin theme that provides a beautiful and intuitive user experience. This guide covers all features of the enhanced admin interface implemented in Phase 2C.
 ## Table of Contents
 1. [Features](#features)
 2. [Accessing the Admin](#accessing-the-admin)
 3. [Dashboard](#dashboard)
 4. [Entity Management](#entity-management)
 5. [Import/Export](#importexport)
 6. [Advanced Filtering](#advanced-filtering)
 7. [Bulk Actions](#bulk-actions)
 8. [Geographic Features](#geographic-features)
 9. [Customization](#customization)
 ---
 ## Features
 ### ✨ Modern UI/UX
 - **Tailwind CSS-based design** - Clean, modern interface
 - **Dark mode support** - Automatic theme switching
 - **Responsive layout** - Works on desktop, tablet, and mobile
 - **Material Design icons** - Intuitive visual elements
 - **Custom green color scheme** - Branded appearance
 ### 🎯 Enhanced Entity Management
 - **Inline editing** - Edit related objects without leaving the page
 - **Visual indicators** - Color-coded status badges and icons
 - **Smart search** - Search across multiple fields
 - **Advanced filters** - Dropdown filters for easy data navigation
 - **Autocomplete fields** - Fast foreign key selection
 ### 📊 Dashboard Statistics
 - Total entity counts (Parks, Rides, Companies, Models)
 - Operating vs. total counts
 - Recent additions (last 30 days)
 - Top manufacturers by ride count
 - Parks by type distribution
 ### 📥 Import/Export
 - **Multiple formats** - CSV, Excel (XLS/XLSX), JSON, YAML
 - **Bulk operations** - Import hundreds of records at once
 - **Data validation** - Error checking during import
 - **Export filtered data** - Export search results
 ### 🗺️ Geographic Features
 - **Dual-mode support** - Works with both SQLite (lat/lng) and PostGIS
 - **Coordinate display** - Visual representation of park locations
 - **Map widgets** - Interactive maps for location editing (PostGIS mode)
 ---
 ## Accessing the Admin
 ### URL
 ```
 http://localhost:8000/admin/
 ```
 ### Creating a Superuser
 If you don't have an admin account yet:
 ```bash
 cd django
 python manage.py createsuperuser
 ```
 Follow the prompts to create your admin account.
 ### Login
 Navigate to `/admin/` and log in with your superuser credentials.
 ---
 ## Dashboard
 The admin dashboard provides an at-a-glance view of your ThrillWiki data:
 ### Statistics Displayed
 1. **Entity Counts**
   - Total Parks
   - Total Rides
   - Total Companies
   - Total Ride Models
 2. **Operational Status**
   - Operating Parks
   - Operating Rides
   - Total Roller Coasters
 3. **Recent Activity**
   - Parks added in last 30 days
   - Rides added in last 30 days
 4. **Top Manufacturers**
   - List of manufacturers by ride count
 5. **Parks by Type**
   - Distribution chart of park types
 ### Navigating from Dashboard
 Use the sidebar navigation to access different sections:
 - **Dashboard** - Overview and statistics
 - **Entities** - Parks, Rides, Companies, Ride Models
 - **User Management** - Users and Groups
 - **Content** - Media and Moderation
 ---
 ## Entity Management
 ### Parks Admin
 #### List View Features
 - **Visual indicators**: Icon and emoji for park type
 - **Location display**: City/Country with coordinates
 - **Status badges**: Color-coded operational status
 - **Ride counts**: Total rides and coaster count
 - **Operator links**: Quick access to operating company
 #### Detail View
 - **Geographic Location section**: Latitude/longitude input with coordinate display
 - **Operator selection**: Autocomplete field for company selection
 - **Inline rides**: View and manage all rides in the park
 - **Date precision**: Separate fields for dates and their precision levels
 - **Custom data**: JSON field for additional attributes
 #### Bulk Actions
 - `export_admin_action` - Export selected parks
 - `activate_parks` - Mark parks as operating
 - `close_parks` - Mark parks as temporarily closed
 #### Filters
 - Park Type (dropdown)
 - Status (dropdown)
 - Operator (dropdown with search)
 - Opening Date (range filter)
 - Closing Date (range filter)
 ---
 ### Rides Admin
 #### List View Features
 - **Category icons**: Visual ride category identification
 - **Status badges**: Color-coded operational status
 - **Stats display**: Height, Speed, Inversions at a glance
 - **Coaster badge**: Special indicator for roller coasters
 - **Park link**: Quick navigation to parent park
 #### Detail View
 - **Classification section**: Category, Type, Status
 - **Manufacturer & Model**: Autocomplete fields with search
 - **Ride Statistics**: Height, Speed, Length, Duration, Inversions, Capacity
 - **Auto-coaster detection**: Automatically marks roller coasters
 - **Custom data**: JSON field for additional attributes
 #### Bulk Actions
 - `export_admin_action` - Export selected rides
 - `activate_rides` - Mark rides as operating
 - `close_rides` - Mark rides as temporarily closed
 #### Filters
 - Ride Category (dropdown)
 - Status (dropdown)
 - Is Coaster (boolean)
 - Park (dropdown with search)
 - Manufacturer (dropdown with search)
 - Opening Date (range)
 - Height (numeric range)
 - Speed (numeric range)
 ---
 ### Companies Admin
 #### List View Features
 - **Type icons**: Manufacturer 🏭, Operator 🎡, Designer ✏️
 - **Type badges**: Color-coded company type indicators
 - **Entity counts**: Parks and rides associated
 - **Status indicator**: Active (green) or Closed (red)
 - **Location display**: Primary location
 #### Detail View
 - **Company types**: Multi-select for manufacturer, operator, designer
 - **History section**: Founded/Closed dates with precision
 - **Inline parks**: View all operated parks
 - **Statistics**: Cached counts for performance
 #### Bulk Actions
 - `export_admin_action` - Export selected companies
 #### Filters
 - Company Types (dropdown)
 - Founded Date (range)
 - Closed Date (range)
 ---
 ### Ride Models Admin
 #### List View Features
 - **Model type icons**: Visual identification (🎢, 🌊, 🎡, etc.)
 - **Manufacturer link**: Quick access to manufacturer
 - **Typical specs**: Height, Speed, Capacity summary
 - **Installation count**: Number of installations worldwide
 #### Detail View
 - **Manufacturer**: Autocomplete field
 - **Typical Specifications**: Standard specifications for the model
 - **Inline installations**: List of all rides using this model
 #### Bulk Actions
 - `export_admin_action` - Export selected ride models
 #### Filters
 - Model Type (dropdown)
 - Manufacturer (dropdown with search)
 - Typical Height (numeric range)
 - Typical Speed (numeric range)
 ---
 ## Import/Export
 ### Exporting Data
 1. Navigate to the entity list view (e.g., Parks)
 2. Optionally apply filters to narrow down data
 3. Select records to export (or none for all)
 4. Choose action: "Export"
 5. Select format: CSV, Excel (XLS/XLSX), JSON, YAML, HTML
 6. Click "Go"
 7. Download the file
 ### Importing Data
 1. Navigate to the entity list view
 2. Click "Import" button in the top right
 3. Choose file format
 4. Select your import file
 5. Click "Submit"
 6. Review import preview
 7. Confirm import
 ### Import File Format
 #### CSV/Excel Requirements
 - First row must be column headers
 - Use field names from the model
 - For foreign keys, use the related object's name
 - Dates in ISO format (YYYY-MM-DD)
 #### Example Company CSV
 ```csv
 name,slug,location,company_types,founded_date,website
 Intamin,intamin,"Schaan, Liechtenstein","[""manufacturer""]",1967-01-01,https://intamin.com
 Cedar Fair,cedar-fair,"Sandusky, Ohio, USA","[""operator""]",1983-03-01,https://cedarfair.com
 ```
 #### Example Park CSV
 ```csv
 name,slug,park_type,status,latitude,longitude,operator,opening_date
 Cedar Point,cedar-point,amusement_park,operating,41.4779,-82.6838,Cedar Fair,1870-01-01
 ```
 ### Import Error Handling
 If import fails:
 1. Review error messages carefully
 2. Check data formatting
 3. Verify foreign key references exist
 4. Ensure required fields are present
 5. Fix issues and try again
 ---
 ## Advanced Filtering
 ### Filter Types
 #### 1. **Dropdown Filters**
 - Single selection from predefined choices
 - Examples: Park Type, Status, Ride Category
 #### 2. **Related Dropdown Filters**
 - Dropdown with search for foreign keys
 - Examples: Operator, Manufacturer, Park
 - Supports autocomplete
 #### 3. **Range Date Filters**
 - Filter by date range
 - Includes "From" and "To" fields
 - Examples: Opening Date, Closing Date
 #### 4. **Range Numeric Filters**
 - Filter by numeric range
 - Includes "Min" and "Max" fields
 - Examples: Height, Speed, Capacity
 #### 5. **Boolean Filters**
 - Yes/No/All options
 - Example: Is Coaster
 ### Combining Filters
 Filters can be combined for precise queries:
 **Example: Find all operating roller coasters at Cedar Fair parks over 50m tall**
 1. Go to Rides admin
 2. Set "Ride Category" = Roller Coaster
 3. Set "Status" = Operating
 4. Set "Park" = (search for Cedar Fair parks)
 5. Set "Height Min" = 50
 ### Search vs. Filters
 - **Search**: Text-based search across multiple fields (name, description, etc.)
 - **Filters**: Structured filtering by specific attributes
 - **Best Practice**: Use filters to narrow down, then search within results
 ---
 ## Bulk Actions
 ### Available Actions
 #### All Entities
 - **Export** - Export selected records to file
 #### Parks
 - **Activate Parks** - Set status to "operating"
 - **Close Parks** - Set status to "closed_temporarily"
 #### Rides  
 - **Activate Rides** - Set status to "operating"
 - **Close Rides** - Set status to "closed_temporarily"
 ### How to Use Bulk Actions
 1. Select records using checkboxes
 2. Choose action from dropdown at bottom of list
 3. Click "Go"
 4. Confirm action if prompted
 5. View success message
 ### Tips
 - Select all on page: Use checkbox in header row
 - Select all in query: Click "Select all X items" link
 - Bulk actions respect permissions
 - Some actions cannot be undone
 ---
 ## Geographic Features
 ### SQLite Mode (Default for Local Development)
 **Fields Available:**
 - `latitude` - Decimal field for latitude (-90 to 90)
 - `longitude` - Decimal field for longitude (-180 to 180)
 - `location` - Text field for location name
 **Coordinate Display:**
 - Read-only field showing current coordinates
 - Format: "Longitude: X.XXXXXX, Latitude: Y.YYYYYY"
 **Search:**
 - `/api/v1/parks/nearby/` uses bounding box approximation
 ### PostGIS Mode (Production)
 **Additional Features:**
 - `location_point` - PointField for geographic data
 - Interactive map widget in admin
 - Accurate distance calculations
 - Optimized geographic queries
 **Setting Up PostGIS:**
 See `POSTGIS_SETUP.md` for detailed instructions.
 ### Entering Coordinates
 1. Find coordinates using Google Maps or similar
 2. Enter latitude in "Latitude" field
 3. Enter longitude in "Longitude" field
 4. Enter location name in "Location" field
 5. Coordinates are automatically synced to `location_point` (PostGIS mode)
 **Coordinate Format:**
 - Latitude: -90.000000 to 90.000000
 - Longitude: -180.000000 to 180.000000
 - Use negative for South/West
 ---
 ## Customization
 ### Settings Configuration
 The Unfold configuration is in `config/settings/base.py`:
 ```python
 UNFOLD = {
    "SITE_TITLE": "ThrillWiki Admin",
    "SITE_HEADER": "ThrillWiki Administration",
    "SITE_SYMBOL": "🎢",
    "SHOW_HISTORY": True,
    "SHOW_VIEW_ON_SITE": True,
    # ... more settings
 }
 ```
 ### Customizable Options
 #### Branding
 - `SITE_TITLE` - Browser title
 - `SITE_HEADER` - Header text
 - `SITE_SYMBOL` - Emoji or icon in header
 - `SITE_ICON` - Logo image paths
 #### Colors
 - `COLORS["primary"]` - Primary color palette (currently green)
 - Supports full Tailwind CSS color specification
 #### Navigation
 - `SIDEBAR["navigation"]` - Custom sidebar menu structure
 - Can add custom links and sections
 ### Adding Custom Dashboard Widgets
 The dashboard callback is in `apps/entities/admin.py`:
 ```python
 def dashboard_callback(request, context):
    """Customize dashboard statistics."""
    # Add your custom statistics here
    context.update({
        'custom_stat': calculate_custom_stat(),
    })
    return context
 ```
 ### Custom Admin Actions
 Add custom actions to admin classes:
 ```python
@admin.register(Park)
 class ParkAdmin(ModelAdmin):
    actions = ['export_admin_action', 'custom_action']
    def custom_action(self, request, queryset):
        # Your custom logic here
        updated = queryset.update(some_field='value')
        self.message_user(request, f'{updated} records updated.')
    custom_action.short_description = 'Perform custom action'
 ```
 ---
 ## Tips & Best Practices
 ### Performance
 1. **Use filters before searching** - Narrow down data set first
 2. **Use autocomplete fields** - Faster than raw ID fields
 3. **Limit inline records** - Use `show_change_link` for large datasets
 4. **Export in batches** - For very large datasets
 ### Data Quality
 1. **Use import validation** - Preview before confirming
 2. **Verify foreign keys** - Ensure related objects exist
 3. **Check date precision** - Use appropriate precision levels
 4. **Review before bulk actions** - Double-check selections
 ### Navigation
 1. **Use breadcrumbs** - Navigate back through hierarchy
 2. **Bookmark frequently used filters** - Save time
 3. **Use keyboard shortcuts** - Unfold supports many shortcuts
 4. **Search then filter** - Or filter then search, depending on need
 ### Security
 1. **Use strong passwords** - For admin accounts
 2. **Enable 2FA** - If available (django-otp configured)
 3. **Regular backups** - Before major bulk operations
 4. **Audit changes** - Review history in change log
 ---
 ## Troubleshooting
 ### Issue: Can't see Unfold theme
 **Solution:**
 ```bash
 cd django
 python manage.py collectstatic --noinput
 ```
 ### Issue: Import fails with validation errors
 **Solution:**
 - Check CSV formatting
 - Verify column headers match field names
 - Ensure required fields are present
 - Check foreign key references exist
 ### Issue: Geographic features not working
 **Solution:**
 - Verify latitude/longitude are valid decimals
 - Check coordinate ranges (-90 to 90, -180 to 180)
 - For PostGIS: Verify PostGIS is installed and configured
 ### Issue: Filters not appearing
 **Solution:**
 - Clear browser cache
 - Check admin class has list_filter defined
 - Verify filter classes are imported
 - Restart development server
 ### Issue: Inline records not saving
 **Solution:**
 - Check form validation errors
 - Verify required fields in inline
 - Check permissions for related model
 - Review browser console for JavaScript errors
 ---
 ## Additional Resources
 ### Documentation
 - **Django Unfold**: https://unfoldadmin.com/
 - **django-import-export**: https://django-import-export.readthedocs.io/
 - **Django Admin**: https://docs.djangoproject.com/en/4.2/ref/contrib/admin/
 ### ThrillWiki Docs
 - `API_GUIDE.md` - REST API documentation
 - `POSTGIS_SETUP.md` - Geographic features setup
 - `MIGRATION_PLAN.md` - Database migration guide
 - `README.md` - Project overview
 ---
 ## Support
 For issues or questions:
 1. Check this guide first
 2. Review Django Unfold documentation
 3. Check project README.md
 4. Review code comments in `apps/entities/admin.py`
 ---
 **Last Updated:** Phase 2C Implementation  
 **Version:** 1.0  
 **Admin Theme:** Django Unfold 0.40.0
--- a/django/API_GUIDE.md
+++ b/django/API_GUIDE.md
@@ -1,542 +0,0 @@
 # ThrillWiki REST API Guide
 ## Phase 2B: REST API Development - Complete
 This guide provides comprehensive documentation for the ThrillWiki REST API v1.
 ## Overview
 The ThrillWiki API provides programmatic access to amusement park, ride, and company data. It uses django-ninja for fast, modern REST API implementation with automatic OpenAPI documentation.
 ## Base URL
 - **Local Development**: `http://localhost:8000/api/v1/`
 - **Production**: `https://your-domain.com/api/v1/`
 ## Documentation
 - **Interactive API Docs**: `/api/v1/docs`
 - **OpenAPI Schema**: `/api/v1/openapi.json`
 ## Features
 ### Implemented in Phase 2B
 ✅ **Full CRUD Operations** for all entities
 ✅ **Filtering & Search** on all list endpoints
 ✅ **Pagination** (50 items per page)
 ✅ **Geographic Search** for parks (dual-mode: SQLite + PostGIS)
 ✅ **Automatic OpenAPI/Swagger Documentation**
 ✅ **Pydantic Schema Validation**
 ✅ **Related Data** (automatic joins and annotations)
 ✅ **Error Handling** with detailed error responses
 ### Coming in Phase 2C
 - JWT Token Authentication
 - Role-based Permissions
 - Rate Limiting
 - Caching
 - Webhooks
 ## Authentication
 **Current Status**: Authentication placeholders are in place, but not yet enforced.
 - **Read Operations (GET)**: Public access
 - **Write Operations (POST, PUT, PATCH, DELETE)**: Will require authentication (JWT tokens)
 ## Endpoints
 ### System Endpoints
 #### Health Check
 ```
 GET /api/v1/health
 ```
 Returns API health status.
 #### API Information
 ```
 GET /api/v1/info
 ```
 Returns API metadata and statistics.
 ---
 ### Companies
 Companies represent manufacturers, operators, designers, and other entities in the amusement industry.
 #### List Companies
 ```
 GET /api/v1/companies/
 ```
 **Query Parameters:**
 - `page` (int): Page number
 - `search` (string): Search by name or description
 - `company_type` (string): Filter by type (manufacturer, operator, designer, supplier, contractor)
 - `location_id` (UUID): Filter by headquarters location
 - `ordering` (string): Sort field (prefix with `-` for descending)
 **Example:**
 ```bash
 curl "http://localhost:8000/api/v1/companies/?search=B%26M&ordering=-park_count"
 ```
 #### Get Company
 ```
 GET /api/v1/companies/{company_id}
 ```
 #### Create Company
 ```
 POST /api/v1/companies/
 ```
 **Request Body:**
 ```json
 {
  "name": "Bolliger & Mabillard",
  "description": "Swiss roller coaster manufacturer",
  "company_types": ["manufacturer"],
  "founded_date": "1988-01-01",
  "website": "https://www.bolliger-mabillard.com"
 }
 ```
 #### Update Company
 ```
 PUT /api/v1/companies/{company_id}
 PATCH /api/v1/companies/{company_id}
 ```
 #### Delete Company
 ```
 DELETE /api/v1/companies/{company_id}
 ```
 #### Get Company Parks
 ```
 GET /api/v1/companies/{company_id}/parks
 ```
 Returns all parks operated by the company.
 #### Get Company Rides
 ```
 GET /api/v1/companies/{company_id}/rides
 ```
 Returns all rides manufactured by the company.
 ---
 ### Ride Models
 Ride models represent specific ride types from manufacturers.
 #### List Ride Models
 ```
 GET /api/v1/ride-models/
 ```
 **Query Parameters:**
 - `page` (int): Page number
 - `search` (string): Search by model name
 - `manufacturer_id` (UUID): Filter by manufacturer
 - `model_type` (string): Filter by model type
 - `ordering` (string): Sort field
 **Example:**
 ```bash
 curl "http://localhost:8000/api/v1/ride-models/?manufacturer_id=<uuid>&model_type=coaster_model"
 ```
 #### Get Ride Model
 ```
 GET /api/v1/ride-models/{model_id}
 ```
 #### Create Ride Model
 ```
 POST /api/v1/ride-models/
 ```
 **Request Body:**
 ```json
 {
  "name": "Wing Coaster",
  "manufacturer_id": "uuid-here",
  "model_type": "coaster_model",
  "description": "Winged seating roller coaster",
  "typical_height": 164.0,
  "typical_speed": 55.0
 }
 ```
 #### Update Ride Model
 ```
 PUT /api/v1/ride-models/{model_id}
 PATCH /api/v1/ride-models/{model_id}
 ```
 #### Delete Ride Model
 ```
 DELETE /api/v1/ride-models/{model_id}
 ```
 #### Get Model Installations
 ```
 GET /api/v1/ride-models/{model_id}/installations
 ```
 Returns all rides using this model.
 ---
 ### Parks
 Parks represent theme parks, amusement parks, water parks, and FECs.
 #### List Parks
 ```
 GET /api/v1/parks/
 ```
 **Query Parameters:**
 - `page` (int): Page number
 - `search` (string): Search by park name
 - `park_type` (string): Filter by type (theme_park, amusement_park, water_park, family_entertainment_center, traveling_park, zoo, aquarium)
 - `status` (string): Filter by status (operating, closed, sbno, under_construction, planned)
 - `operator_id` (UUID): Filter by operator
 - `ordering` (string): Sort field
 **Example:**
 ```bash
 curl "http://localhost:8000/api/v1/parks/?status=operating&park_type=theme_park"
 ```
 #### Get Park
 ```
 GET /api/v1/parks/{park_id}
 ```
 #### Find Nearby Parks (Geographic Search)
 ```
 GET /api/v1/parks/nearby/
 ```
 **Query Parameters:**
 - `latitude` (float, required): Center point latitude
 - `longitude` (float, required): Center point longitude
 - `radius` (float): Search radius in kilometers (default: 50)
 - `limit` (int): Maximum results (default: 50)
 **Geographic Modes:**
 - **PostGIS (Production)**: Accurate distance-based search using `location_point`
 - **SQLite (Local Dev)**: Bounding box approximation using `latitude`/`longitude`
 **Example:**
 ```bash
 curl "http://localhost:8000/api/v1/parks/nearby/?latitude=28.385233&longitude=-81.563874&radius=100"
 ```
 #### Create Park
 ```
 POST /api/v1/parks/
 ```
 **Request Body:**
 ```json
 {
  "name": "Six Flags Magic Mountain",
  "park_type": "theme_park",
  "status": "operating",
  "latitude": 34.4239,
  "longitude": -118.5971,
  "opening_date": "1971-05-29",
  "website": "https://www.sixflags.com/magicmountain"
 }
 ```
 #### Update Park
 ```
 PUT /api/v1/parks/{park_id}
 PATCH /api/v1/parks/{park_id}
 ```
 #### Delete Park
 ```
 DELETE /api/v1/parks/{park_id}
 ```
 #### Get Park Rides
 ```
 GET /api/v1/parks/{park_id}/rides
 ```
 Returns all rides at the park.
 ---
 ### Rides
 Rides represent individual rides and roller coasters.
 #### List Rides
 ```
 GET /api/v1/rides/
 ```
 **Query Parameters:**
 - `page` (int): Page number
 - `search` (string): Search by ride name
 - `park_id` (UUID): Filter by park
 - `ride_category` (string): Filter by category (roller_coaster, flat_ride, water_ride, dark_ride, transport_ride, other)
 - `status` (string): Filter by status
 - `is_coaster` (bool): Filter for roller coasters only
 - `manufacturer_id` (UUID): Filter by manufacturer
 - `ordering` (string): Sort field
 **Example:**
 ```bash
 curl "http://localhost:8000/api/v1/rides/?is_coaster=true&status=operating"
 ```
 #### List Roller Coasters Only
 ```
 GET /api/v1/rides/coasters/
 ```
 **Additional Query Parameters:**
 - `min_height` (float): Minimum height in feet
 - `min_speed` (float): Minimum speed in mph
 **Example:**
 ```bash
 curl "http://localhost:8000/api/v1/rides/coasters/?min_height=200&min_speed=70"
 ```
 #### Get Ride
 ```
 GET /api/v1/rides/{ride_id}
 ```
 #### Create Ride
 ```
 POST /api/v1/rides/
 ```
 **Request Body:**
 ```json
 {
  "name": "Steel Vengeance",
  "park_id": "uuid-here",
  "ride_category": "roller_coaster",
  "is_coaster": true,
  "status": "operating",
  "manufacturer_id": "uuid-here",
  "height": 205.0,
  "speed": 74.0,
  "length": 5740.0,
  "inversions": 4,
  "opening_date": "2018-05-05"
 }
 ```
 #### Update Ride
 ```
 PUT /api/v1/rides/{ride_id}
 PATCH /api/v1/rides/{ride_id}
 ```
 #### Delete Ride
 ```
 DELETE /api/v1/rides/{ride_id}
 ```
 ---
 ## Response Formats
 ### Success Responses
 #### Single Entity
 ```json
 {
  "id": "uuid",
  "name": "Entity Name",
  "created": "2025-01-01T00:00:00Z",
  "modified": "2025-01-01T00:00:00Z",
  ...
 }
 ```
 #### Paginated List
 ```json
 {
  "items": [...],
  "count": 100,
  "next": "http://api/endpoint/?page=2",
  "previous": null
 }
 ```
 ### Error Responses
 #### 400 Bad Request
 ```json
 {
  "detail": "Invalid input",
  "errors": [
    {
      "field": "name",
      "message": "This field is required"
    }
  ]
 }
 ```
 #### 404 Not Found
 ```json
 {
  "detail": "Entity not found"
 }
 ```
 #### 500 Internal Server Error
 ```json
 {
  "detail": "Internal server error",
  "code": "server_error"
 }
 ```
 ---
 ## Data Types
 ### UUID
 All entity IDs use UUID format:
 ```
 "550e8400-e29b-41d4-a716-446655440000"
 ```
 ### Dates
 ISO 8601 format (YYYY-MM-DD):
 ```
 "2025-01-01"
 ```
 ### Timestamps
 ISO 8601 format with timezone:
 ```
 "2025-01-01T12:00:00Z"
 ```
 ### Coordinates
 Latitude/Longitude as decimal degrees:
 ```json
 {
  "latitude": 28.385233,
  "longitude": -81.563874
 }
 ```
 ---
 ## Testing the API
 ### Using curl
 ```bash
 # Get API info
 curl http://localhost:8000/api/v1/info
 # List companies
 curl http://localhost:8000/api/v1/companies/
 # Search parks
 curl "http://localhost:8000/api/v1/parks/?search=Six+Flags"
 # Find nearby parks
 curl "http://localhost:8000/api/v1/parks/nearby/?latitude=28.385&longitude=-81.563&radius=50"
 ```
 ### Using the Interactive Docs
 1. Start the development server:
   ```bash
   cd django
   python manage.py runserver
   ```
 2. Open your browser to:
   ```
   http://localhost:8000/api/v1/docs
   ```
 3. Explore and test all endpoints interactively!
 ---
 ## Geographic Features
 ### SQLite Mode (Local Development)
 Uses simple latitude/longitude fields with bounding box approximation:
 - Stores coordinates as `DecimalField`
 - Geographic search uses bounding box calculation
 - Less accurate but works without PostGIS
 ### PostGIS Mode (Production)
 Uses advanced geographic features:
 - Stores coordinates as `PointField` (geography type)
 - Accurate distance-based queries
 - Supports spatial indexing
 - Full GIS capabilities
 ### Switching Between Modes
 The API automatically detects the database backend and uses the appropriate method. No code changes needed!
 ---
 ## Next Steps
 ### Phase 2C: Admin Interface Enhancements
 - Enhanced Django admin for all entities
 - Bulk operations
 - Advanced filtering
 - Custom actions
 ### Phase 3: Frontend Integration
 - React/Next.js frontend
 - Real-time updates
 - Interactive maps
 - Rich search interface
 ### Phase 4: Advanced Features
 - JWT authentication
 - API rate limiting
 - Caching strategies
 - Webhooks
 - WebSocket support
 ---
 ## Support
 For issues or questions about the API:
 1. Check the interactive documentation at `/api/v1/docs`
 2. Review this guide
 3. Check the POSTGIS_SETUP.md for geographic features
 4. Refer to the main README.md for project setup
 ## Version History
 - **v1.0.0** (Phase 2B): Initial REST API implementation
  - Full CRUD for all entities
  - Filtering and search
  - Geographic queries
  - Pagination
  - OpenAPI documentation
--- a/django/COMPLETE_MIGRATION_AUDIT.md
+++ b/django/COMPLETE_MIGRATION_AUDIT.md
@@ -1,735 +0,0 @@
 # Complete Django Migration Audit Report
 **Audit Date:** November 8, 2025  
 **Project:** ThrillWiki Django Backend Migration  
 **Auditor:** AI Code Analysis  
 **Status:** Comprehensive audit complete
 ---
 ## 🎯 Executive Summary
 The Django backend migration is **65% complete overall** with an **excellent 85% backend implementation**. The project has outstanding core systems (moderation, versioning, authentication, search) but is missing 3 user-interaction models and has not started frontend integration or data migration.
 ### Key Findings
 ✅ **Strengths:**
 - Production-ready moderation system with FSM state machine
 - Comprehensive authentication with JWT and MFA
 - Automatic versioning for all entities
 - Advanced search with PostgreSQL full-text and PostGIS
 - 90+ REST API endpoints fully functional
 - Background task processing with Celery
 - Excellent code quality and documentation
 ⚠️ **Gaps:**
 - 3 missing models: Reviews, User Ride Credits, User Top Lists
 - No frontend integration started (0%)
 - No data migration from Supabase executed (0%)
 - No automated test suite (0%)
 - No deployment configuration
 🔴 **Risks:**
 - Frontend integration is 4-6 weeks of work
 - Data migration strategy undefined
 - No testing creates deployment risk
 ---
 ## 📊 Detailed Analysis
 ### 1. Backend Implementation: 85% Complete
 #### ✅ **Fully Implemented Systems**
 **Core Entity Models (100%)**
 ```
 ✅ Company - 585 lines
   - Manufacturer, operator, designer types
   - Location relationships
   - Cached statistics (park_count, ride_count)
   - CloudFlare logo integration
   - Full-text search support
   - Admin interface with inline editing
 ✅ RideModel - 360 lines
   - Manufacturer relationships
   - Model categories and types
   - Technical specifications (JSONB)
   - Installation count tracking
   - Full-text search support
   - Admin interface
 ✅ Park - 720 lines
   - PostGIS PointField for production
   - SQLite lat/lng fallback for dev
   - Status tracking (operating, closed, SBNO, etc.)
   - Operator and owner relationships
   - Cached ride counts
   - Banner/logo images
   - Full-text search support
   - Location-based queries
 ✅ Ride - 650 lines
   - Park relationships
   - Manufacturer and model relationships
   - Extensive statistics (height, speed, length, inversions)
   - Auto-set is_coaster flag
   - Status tracking
   - Full-text search support
   - Automatic parent park count updates
 ```
 **Location Models (100%)**
 ```
 ✅ Country - ISO 3166-1 with 2 and 3-letter codes
 ✅ Subdivision - ISO 3166-2 state/province/region data
 ✅ Locality - City/town with lat/lng coordinates
 ```
 **Advanced Systems (100%)**
 ```
 ✅ Moderation System (Phase 3)
   - FSM state machine (draft → pending → reviewing → approved/rejected)
   - Atomic transaction handling
   - Selective approval (approve individual items)
   - 15-minute lock mechanism with auto-unlock
   - 12 REST API endpoints
   - ContentSubmission and SubmissionItem models
   - ModerationLock tracking
   - Beautiful admin interface with colored badges
   - Email notifications via Celery
 ✅ Versioning System (Phase 4)
   - EntityVersion model with generic relations
   - Automatic tracking via lifecycle hooks
   - Full JSON snapshots for rollback
   - Changed fields tracking with old/new values
   - 16 REST API endpoints
   - Version comparison and diff generation
   - Admin interface (read-only, append-only)
   - Integration with moderation workflow
 ✅ Authentication System (Phase 5)
   - JWT tokens (60-min access, 7-day refresh)
   - MFA/2FA with TOTP
   - Role-based permissions (user, moderator, admin)
   - 23 authentication endpoints
   - OAuth ready (Google, Discord)
   - User management
   - Password reset flow
   - django-allauth + django-otp integration
   - Permission decorators and helpers
 ✅ Media Management (Phase 6)
   - Photo model with CloudFlare Images
   - Image validation and metadata
   - Photo moderation workflow
   - Generic relations to entities
   - Admin interface with thumbnails
   - Photo upload API endpoints
 ✅ Background Tasks (Phase 7)
   - Celery + Redis configuration
   - 20+ background tasks:
     * Media processing
     * Email notifications
     * Statistics updates
     * Cleanup tasks
   - 10 scheduled tasks with Celery Beat
   - Email templates (base, welcome, password reset, moderation)
   - Flower monitoring setup (production)
   - Task retry logic and error handling
 ✅ Search & Filtering (Phase 8)
   - PostgreSQL full-text search with ranking
   - SQLite fallback with LIKE queries
   - SearchVector fields with GIN indexes
   - Signal-based auto-update of search vectors
   - Global search across all entities
   - Entity-specific search endpoints
   - Location-based search with PostGIS
   - Autocomplete functionality
   - Advanced filtering classes
   - 6 search API endpoints
 ```
 **API Coverage (90+ endpoints)**
 ```
 ✅ Authentication: 23 endpoints
   - Register, login, logout, token refresh
   - Profile management
   - MFA enable/disable/verify
   - Password change/reset
   - User administration
   - Role assignment
 ✅ Moderation: 12 endpoints
   - Submission CRUD
   - Start review, approve, reject
   - Selective approval/rejection
   - Queue views (pending, reviewing, my submissions)
   - Manual unlock
 ✅ Versioning: 16 endpoints
   - Version history for all entities
   - Get specific version
   - Compare versions
   - Diff with current
   - Generic version endpoints
 ✅ Search: 6 endpoints
   - Global search
   - Entity-specific search (companies, models, parks, rides)
   - Autocomplete
 ✅ Entity CRUD: ~40 endpoints
   - Companies: 6 endpoints
   - RideModels: 6 endpoints
   - Parks: 7 endpoints (including nearby search)
   - Rides: 6 endpoints
   - Each with list, create, retrieve, update, delete
 ✅ Photos: ~10 endpoints
   - Photo CRUD
   - Entity-specific photo lists
   - Photo moderation
 ✅ System: 2 endpoints
   - Health check
   - API info with statistics
 ```
 **Admin Interfaces (100%)**
 ```
 ✅ All models have rich admin interfaces:
   - List views with custom columns
   - Filtering and search
   - Inline editing where appropriate
   - Colored status badges
   - Link navigation between related models
   - Import/export functionality
   - Bulk actions
   - Read-only views for append-only models (versions, locks)
 ```
 #### ❌ **Missing Implementation (15%)**
 **1. Reviews System** 🔴 CRITICAL
 ```
 Supabase Schema:
 - reviews table with rating (1-5), title, content
 - User → Park or Ride relationship
 - Visit date and wait time tracking
 - Photo attachments (JSONB array)
 - Helpful votes (helpful_votes, total_votes)
 - Moderation status and workflow
 - Created/updated timestamps
 Django Status: NOT IMPLEMENTED
 Impact: 
 - Can't migrate user review data from Supabase
 - Users can't leave reviews after migration
 - Missing key user engagement feature
 Estimated Implementation: 1-2 days
 ```
 **2. User Ride Credits** 🟡 IMPORTANT
 ```
 Supabase Schema:
 - user_ride_credits table
 - User → Ride relationship
 - First ride date tracking
 - Ride count per user/ride
 - Created/updated timestamps
 Django Status: NOT IMPLEMENTED
 Impact:
 - Can't track which rides users have been on
 - Missing coaster counting/tracking feature
 - Can't preserve user ride history
 Estimated Implementation: 0.5-1 day
 ```
 **3. User Top Lists** 🟡 IMPORTANT
 ```
 Supabase Schema:
 - user_top_lists table
 - User ownership
 - List type (parks, rides, coasters)
 - Title and description
 - Items array (JSONB with id, position, notes)
 - Public/private flag
 - Created/updated timestamps
 Django Status: NOT IMPLEMENTED
 Impact:
 - Users can't create ranked lists
 - Missing personalization feature
 - Can't preserve user-created rankings
 Estimated Implementation: 0.5-1 day
 ```
 ---
 ### 2. Frontend Integration: 0% Complete
 **Current State:**
 - React frontend using Supabase client
 - All API calls via `@/integrations/supabase/client`
 - Supabase Auth for authentication
 - Real-time subscriptions (if any) via Supabase Realtime
 **Required Changes:**
 ```typescript
 // Need to create:
 1. Django API client (src/lib/djangoClient.ts)
 2. JWT auth context (src/contexts/AuthContext.tsx)
 3. React Query hooks for Django endpoints
 4. Type definitions for Django responses
 // Need to replace:
 - ~50-100 Supabase API calls across components
 - Authentication flow (Supabase Auth → JWT)
 - File uploads (Supabase Storage → CloudFlare)
 - Real-time features (polling or WebSockets)
 ```
 **Estimated Effort:** 4-6 weeks (160-240 hours)
 **Breakdown:**
 ```
 Week 1-2: Foundation
 - Create Django API client
 - Implement JWT auth management
 - Replace auth in 2-3 components as proof-of-concept
 - Establish patterns
 Week 3-4: Core Entities
 - Update Companies pages
 - Update Parks pages
 - Update Rides pages
 - Update RideModels pages
 - Test all CRUD operations
 Week 5: Advanced Features
 - Update Moderation Queue
 - Update User Profiles
 - Update Search functionality
 - Update Photos/Media
 Week 6: Polish & Testing
 - E2E tests
 - Bug fixes
 - Performance optimization
 - User acceptance testing
 ```
 ---
 ### 3. Data Migration: 0% Complete
 **Supabase Database Analysis:**
 ```
 Migration Files: 187 files (heavily evolved schema)
 Tables: ~15-20 core tables identified
 Core Tables:
 ✅ companies
 ✅ locations
 ✅ parks
 ✅ rides
 ✅ ride_models
 ✅ profiles
 ❌ reviews (not in Django yet)
 ❌ user_ride_credits (not in Django yet)
 ❌ user_top_lists (not in Django yet)
 ❌ park_operating_hours (deprioritized)
 ✅ content_submissions (different structure in Django)
 ```
 **Critical Questions:**
 1. Is there production data? (Unknown)
 2. How many records per table? (Unknown)
 3. Data quality assessment? (Unknown)
 4. Which data to migrate? (Unknown)
 **Migration Strategy Options:**
 **Option A: Fresh Start** (If no production data)
 ```
 Pros:
 - Skip migration complexity
 - No data transformation needed
 - Faster path to production
 - Clean start
 Cons:
 - Lose any test data
 - Can't preserve user history
 Recommended: YES, if no prod data exists
 Timeline: 0 weeks
 ```
 **Option B: Full Migration** (If production data exists)
 ```
 Steps:
 1. Audit Supabase database
 2. Count records, assess quality
 3. Export data (pg_dump or CSV)
 4. Transform data (Python script)
 5. Import to Django (ORM or bulk_create)
 6. Validate integrity (checksums, counts)
 7. Test with migrated data
 Timeline: 2-4 weeks
 Risk: HIGH (data loss, corruption)
 Complexity: HIGH
 ```
 **Recommendation:**
 - First, determine if production data exists
 - If NO → Fresh start (Option A)
 - If YES → Carefully execute Option B
 ---
 ### 4. Testing: 0% Complete
 **Current State:**
 - No unit tests
 - No integration tests
 - No E2E tests
 - Manual testing only
 **Required Testing:**
 ```
 Backend Unit Tests:
 - Model tests (create, update, relationships)
 - Service tests (business logic)
 - Permission tests (auth, roles)
 - Admin tests (basic)
 API Integration Tests:
 - Authentication flow
 - CRUD operations
 - Moderation workflow
 - Search functionality
 - Error handling
 Frontend Integration Tests:
 - Django API client
 - Auth context
 - React Query hooks
 E2E Tests (Playwright/Cypress):
 - User registration/login
 - Create/edit entities
 - Submit for moderation
 - Approve/reject workflow
 - Search and filter
 ```
 **Estimated Effort:** 2-3 weeks
 **Target:** 80% backend code coverage
 ---
 ### 5. Deployment: 0% Complete
 **Current State:**
 - No production configuration
 - No Docker setup
 - No CI/CD pipeline
 - No infrastructure planning
 **Required Components:**
 ```
 Infrastructure:
 - Web server (Gunicorn/Daphne)
 - PostgreSQL with PostGIS
 - Redis (Celery broker + cache)
 - Static file serving (WhiteNoise or CDN)
 - SSL/TLS certificates
 Services:
 - Django application
 - Celery worker(s)
 - Celery beat (scheduler)
 - Flower (monitoring)
 Platform Options:
 1. Railway (recommended for MVP)
 2. Render.com (recommended for MVP)
 3. DigitalOcean/Linode (more control)
 4. AWS/GCP (enterprise, complex)
 Configuration:
 - Environment variables
 - Database connection
 - Redis connection
 - Email service (SendGrid/Mailgun)
 - CloudFlare Images API
 - Sentry error tracking
 - Monitoring/logging
 ```
 **Estimated Effort:** 1 week
 ---
 ## 📈 Timeline & Effort Estimates
 ### Phase 9: Complete Missing Models
 **Duration:** 5-7 days  
 **Effort:** 40-56 hours  
 **Risk:** LOW  
 **Priority:** P0 (Must do before migration)
 ```
 Tasks:
 - Reviews model + API + admin: 12-16 hours
 - User Ride Credits + API + admin: 6-8 hours
 - User Top Lists + API + admin: 6-8 hours
 - Testing: 8-12 hours
 - Documentation: 4-6 hours
 - Buffer: 4-6 hours
 ```
 ### Phase 10: Data Migration (Optional)
 **Duration:** 0-14 days  
 **Effort:** 0-112 hours  
 **Risk:** HIGH (if doing migration)  
 **Priority:** P0 (If production data exists)
 ```
 If production data exists:
 - Database audit: 8 hours
 - Export scripts: 16 hours
 - Transformation logic: 24 hours
 - Import scripts: 16 hours
 - Validation: 16 hours
 - Testing: 24 hours
 - Buffer: 8 hours
 If no production data:
 - Skip entirely: 0 hours
 ```
 ### Phase 11: Frontend Integration
 **Duration:** 20-30 days  
 **Effort:** 160-240 hours  
 **Risk:** MEDIUM  
 **Priority:** P0 (Must do for launch)
 ```
 Tasks:
 - API client foundation: 40 hours
 - Auth migration: 40 hours
 - Entity pages: 60 hours
 - Advanced features: 40 hours
 - Testing & polish: 40 hours
 - Buffer: 20 hours
 ```
 ### Phase 12: Testing
 **Duration:** 7-10 days  
 **Effort:** 56-80 hours  
 **Risk:** LOW  
 **Priority:** P1 (Highly recommended)
 ```
 Tasks:
 - Backend unit tests: 24 hours
 - API integration tests: 16 hours
 - Frontend tests: 16 hours
 - E2E tests: 16 hours
 - Bug fixes: 8 hours
 ```
 ### Phase 13: Deployment
 **Duration:** 5-7 days  
 **Effort:** 40-56 hours  
 **Risk:** MEDIUM  
 **Priority:** P0 (Must do for launch)
 ```
 Tasks:
 - Platform setup: 8 hours
 - Configuration: 8 hours
 - CI/CD pipeline: 8 hours
 - Staging deployment: 8 hours
 - Testing: 8 hours
 - Production deployment: 4 hours
 - Monitoring setup: 4 hours
 - Buffer: 8 hours
 ```
 ### Total Remaining Effort
 **Minimum Path** (No data migration, skip testing):
 - Phase 9: 40 hours
 - Phase 11: 160 hours
 - Phase 13: 40 hours
 - **Total: 240 hours (6 weeks @ 40hrs/week)**
 **Realistic Path** (No data migration, with testing):
 - Phase 9: 48 hours
 - Phase 11: 200 hours
 - Phase 12: 64 hours
 - Phase 13: 48 hours
 - **Total: 360 hours (9 weeks @ 40hrs/week)**
 **Full Path** (With data migration and testing):
 - Phase 9: 48 hours
 - Phase 10: 112 hours
 - Phase 11: 200 hours
 - Phase 12: 64 hours
 - Phase 13: 48 hours
 - **Total: 472 hours (12 weeks @ 40hrs/week)**
 ---
 ## 🎯 Recommendations
 ### Immediate (This Week)
 1. ✅ **Implement 3 missing models** (Reviews, Credits, Lists)
 2. ✅ **Run Django system check** - ensure 0 issues
 3. ✅ **Create basic tests** for new models
 4. ❓ **Determine if Supabase has production data** - Critical decision point
 ### Short-term (Next 2-3 Weeks)
 5. **If NO production data:** Skip data migration, go to frontend
 6. **If YES production data:** Execute careful data migration
 7. **Start frontend integration** planning
 8. **Set up development environment** for testing
 ### Medium-term (Next 4-8 Weeks)
 9. **Frontend integration** - Create Django API client
 10. **Replace all Supabase calls** systematically
 11. **Test all user flows** thoroughly
 12. **Write comprehensive tests**
 ### Long-term (Next 8-12 Weeks)
 13. **Deploy to staging** for testing
 14. **User acceptance testing**
 15. **Deploy to production**
 16. **Monitor and iterate**
 ---
 ## 🚨 Critical Risks & Mitigation
 ### Risk 1: Data Loss During Migration 🔴
 **Probability:** HIGH (if migrating)  
 **Impact:** CATASTROPHIC  
 **Mitigation:**
 - Complete Supabase backup before ANY changes
 - Multiple dry-run migrations
 - Checksum validation at every step
 - Keep Supabase running in parallel for 1-2 weeks
 - Have rollback plan ready
 ### Risk 2: Frontend Breaking Changes 🔴
 **Probability:** VERY HIGH  
 **Impact:** HIGH  
 **Mitigation:**
 - Systematic component-by-component migration
 - Comprehensive testing at each step
 - Feature flags for gradual rollout
 - Beta testing with subset of users
 - Quick rollback capability
 ### Risk 3: Extended Downtime 🟡
 **Probability:** MEDIUM  
 **Impact:** HIGH  
 **Mitigation:**
 - Blue-green deployment
 - Run systems in parallel temporarily
 - Staged rollout by feature
 - Monitor closely during cutover
 ### Risk 4: Missing Features 🟡
 **Probability:** MEDIUM (after Phase 9)  
 **Impact:** MEDIUM  
 **Mitigation:**
 - Complete Phase 9 before any migration
 - Test feature parity thoroughly
 - User acceptance testing
 - Beta testing period
 ### Risk 5: No Testing = Production Bugs 🟡
 **Probability:** HIGH (if skipping tests)  
 **Impact:** MEDIUM  
 **Mitigation:**
 - Don't skip testing phase
 - Minimum 80% backend coverage
 - Critical path E2E tests
 - Staging environment testing
 ---
 ## ✅ Success Criteria
 ### Phase 9 Success
 - [ ] Reviews model implemented with full functionality
 - [ ] User Ride Credits model implemented
 - [ ] User Top Lists model implemented
 - [ ] All API endpoints working
 - [ ] All admin interfaces functional
 - [ ] Basic tests passing
 - [ ] Django system check: 0 issues
 - [ ] Documentation updated
 ### Overall Migration Success
 - [ ] 100% backend feature parity with Supabase
 - [ ] All data migrated (if applicable) with 0 loss
 - [ ] Frontend 100% functional with Django backend
 - [ ] 80%+ test coverage
 - [ ] Production deployed and stable
 - [ ] User acceptance testing passed
 - [ ] Performance meets or exceeds Supabase
 - [ ] Zero critical bugs in production
 ---
 ## 📝 Conclusion
 The Django backend migration is in **excellent shape** with 85% completion. The core infrastructure is production-ready with outstanding moderation, versioning, authentication, and search systems. 
 **The remaining work is well-defined:**
 1. Complete 3 missing models (5-7 days)
 2. Decide on data migration approach (0-14 days)
 3. Frontend integration (4-6 weeks)
 4. Testing (1-2 weeks)
 5. Deployment (1 week)
 **Total estimated time to completion: 8-12 weeks**
 **Key Success Factors:**
 - Complete Phase 9 (missing models) before ANY migration
 - Make data migration decision early
 - Don't skip testing
 - Deploy to staging before production
 - Have rollback plans ready
 **Nothing will be lost** if the data migration strategy is executed carefully with proper backups, validation, and rollback plans.
 ---
 **Audit Complete**  
 **Next Step:** Implement missing models (Phase 9)  
 **Last Updated:** November 8, 2025, 3:12 PM EST
--- a/django/MIGRATION_PLAN.md
+++ b/django/MIGRATION_PLAN.md
@@ -1,566 +0,0 @@
 # ThrillWiki Django Backend Migration Plan
 ## 🎯 Project Overview
 **Objective**: Migrate ThrillWiki from Supabase backend to Django REST backend while preserving 100% of functionality.
 **Timeline**: 12-16 weeks with 2 developers  
 **Status**: Foundation Phase - In Progress  
 **Branch**: `django-backend`
 ---
 ## 📊 Architecture Overview
 ### Current Stack (Supabase)
 - **Frontend**: React 18.3 + TypeScript + Vite + React Query
 - **Backend**: Supabase (PostgreSQL + Edge Functions)
 - **Database**: PostgreSQL with 80+ tables
 - **Auth**: Supabase Auth (OAuth + MFA)
 - **Storage**: CloudFlare Images
 - **Notifications**: Novu Cloud
 - **Real-time**: Supabase Realtime
 ### Target Stack (Django)
 - **Frontend**: React 18.3 + TypeScript + Vite (unchanged)
 - **Backend**: Django 4.2 + django-ninja
 - **Database**: PostgreSQL (migrated schema)
 - **Auth**: Django + django-allauth + django-otp
 - **Storage**: CloudFlare Images (unchanged)
 - **Notifications**: Novu Cloud (unchanged)
 - **Real-time**: Django Channels + WebSockets
 - **Tasks**: Celery + Redis
 - **Caching**: Redis + django-cacheops
 ---
 ## 🏗️ Project Structure
 ```
 django/
 ├── manage.py
 ├── config/                      # Project settings
 │   ├── settings/
 │   │   ├── __init__.py
 │   │   ├── base.py             # Shared settings
 │   │   ├── local.py            # Development
 │   │   └── production.py       # Production
 │   ├── urls.py
 │   ├── wsgi.py
 │   └── asgi.py                 # For Channels
 │
 ├── apps/
 │   ├── core/                   # Base models, utilities
 │   │   ├── models.py           # Abstract base models
 │   │   ├── permissions.py      # Reusable permissions
 │   │   ├── mixins.py           # Model mixins
 │   │   └── utils.py
 │   │
 │   ├── entities/               # Parks, Rides, Companies
 │   │   ├── models/
 │   │   │   ├── park.py
 │   │   │   ├── ride.py
 │   │   │   ├── company.py
 │   │   │   └── ride_model.py
 │   │   ├── api/
 │   │   │   ├── views.py
 │   │   │   ├── serializers.py
 │   │   │   └── filters.py
 │   │   ├── services.py
 │   │   └── tasks.py
 │   │
 │   ├── moderation/             # Content moderation
 │   │   ├── models.py
 │   │   ├── state_machine.py    # django-fsm workflow
 │   │   ├── services.py
 │   │   └── api/
 │   │
 │   ├── versioning/             # Entity versioning
 │   │   ├── models.py
 │   │   ├── signals.py
 │   │   └── services.py
 │   │
 │   ├── users/                  # User management
 │   │   ├── models.py
 │   │   ├── managers.py
 │   │   └── api/
 │   │
 │   ├── media/                  # Photo management
 │   │   ├── models.py
 │   │   ├── storage.py
 │   │   └── tasks.py
 │   │
 │   └── notifications/          # Notification system
 │       ├── models.py
 │       ├── providers/
 │       │   └── novu.py
 │       └── tasks.py
 │
 ├── api/
 │   └── v1/
 │       ├── router.py           # Main API router
 │       └── schemas.py          # Pydantic schemas
 │
 └── scripts/
    ├── migrate_from_supabase.py
    └── validate_data.py
 ```
 ---
 ## 📋 Implementation Phases
 ### ✅ Phase 0: Foundation (CURRENT - Week 1)
 - [x] Create git branch `django-backend`
 - [x] Set up Python virtual environment
 - [x] Install all dependencies (Django 4.2, django-ninja, celery, etc.)
 - [x] Create Django project structure
 - [x] Create app directories
 - [x] Create .env.example
 - [ ] Configure Django settings (base, local, production)
 - [ ] Create base models and utilities
 - [ ] Set up database connection
 - [ ] Create initial migrations
 ### Phase 1: Core Models (Week 2-3)
 - [ ] Create abstract base models (TimeStamped, Versioned, etc.)
 - [ ] Implement entity models (Park, Ride, Company, RideModel)
 - [ ] Implement location models
 - [ ] Implement user models with custom User
 - [ ] Implement photo/media models
 - [ ] Create Django migrations
 - [ ] Test model relationships
 ### Phase 2: Authentication System (Week 3-4)
 - [ ] Set up django-allauth for OAuth (Google, Discord)
 - [ ] Implement JWT authentication with djangorestframework-simplejwt
 - [ ] Set up django-otp for MFA (TOTP)
 - [ ] Create user registration/login endpoints
 - [ ] Implement permission system (django-guardian)
 - [ ] Create role-based access control
 - [ ] Test authentication flow
 ### Phase 3: Moderation System (Week 5-7)
 - [ ] Create ContentSubmission and SubmissionItem models
 - [ ] Implement django-fsm state machine
 - [ ] Create ModerationService with atomic transactions
 - [ ] Implement submission creation endpoints
 - [ ] Implement approval/rejection endpoints
 - [ ] Implement selective approval logic
 - [ ] Create moderation queue API
 - [ ] Add rate limiting with django-ratelimit
 - [ ] Test moderation workflow end-to-end
 ### Phase 4: Versioning System (Week 7-8)
 - [ ] Create version models for all entities
 - [ ] Implement django-lifecycle hooks for auto-versioning
 - [ ] Create VersioningService
 - [ ] Implement version history endpoints
 - [ ] Add version diff functionality
 - [ ] Test versioning with submissions
 ### Phase 5: API Layer with django-ninja (Week 8-10)
 - [ ] Set up django-ninja router
 - [ ] Create Pydantic schemas for all entities
 - [ ] Implement CRUD endpoints for parks
 - [ ] Implement CRUD endpoints for rides
 - [ ] Implement CRUD endpoints for companies
 - [ ] Add filtering with django-filter
 - [ ] Add search functionality
 - [ ] Implement pagination
 - [ ] Add API documentation (auto-generated)
 - [ ] Test all endpoints
 ### Phase 6: Celery Tasks (Week 10-11)
 - [ ] Set up Celery with Redis
 - [ ] Set up django-celery-beat for periodic tasks
 - [ ] Migrate edge functions to Celery tasks:
  - [ ] cleanup_old_page_views
  - [ ] update_entity_view_counts
  - [ ] process_submission_notifications
  - [ ] generate_daily_stats
 - [ ] Create notification tasks for Novu
 - [ ] Set up Flower for monitoring
 - [ ] Test async task execution
 ### Phase 7: Real-time Features (Week 11-12)
 - [ ] Set up Django Channels with Redis
 - [ ] Create WebSocket consumers
 - [ ] Implement moderation queue real-time updates
 - [ ] Implement notification real-time delivery
 - [ ] Test WebSocket connections
 - [ ] OR: Implement Server-Sent Events as alternative
 ### Phase 8: Caching & Performance (Week 12-13)
 - [ ] Set up django-redis for caching
 - [ ] Configure django-cacheops for automatic ORM caching
 - [ ] Add cache invalidation logic
 - [ ] Optimize database queries (select_related, prefetch_related)
 - [ ] Add database indexes
 - [ ] Profile with django-silk
 - [ ] Load testing
 ### Phase 9: Data Migration (Week 13-14)
 - [ ] Export all data from Supabase
 - [ ] Create migration script for entities
 - [ ] Migrate user data (preserve UUIDs)
 - [ ] Migrate submissions (pending only)
 - [ ] Migrate version history
 - [ ] Migrate photos/media references
 - [ ] Validate data integrity
 - [ ] Test with migrated data
 ### Phase 10: Frontend Integration (Week 14-15)
 - [ ] Create new API client (replace Supabase client)
 - [ ] Update authentication logic
 - [ ] Update all API calls to point to Django
 - [ ] Update real-time subscriptions to WebSockets
 - [ ] Test all user flows
 - [ ] Fix any integration issues
 ### Phase 11: Testing & QA (Week 15-16)
 - [ ] Write unit tests for all models
 - [ ] Write unit tests for all services
 - [ ] Write API integration tests
 - [ ] Write end-to-end tests
 - [ ] Security audit
 - [ ] Performance testing
 - [ ] Load testing
 - [ ] Bug fixes
 ### Phase 12: Deployment (Week 16-17)
 - [ ] Set up production environment
 - [ ] Configure PostgreSQL
 - [ ] Configure Redis
 - [ ] Set up Celery workers
 - [ ] Configure Gunicorn/Daphne
 - [ ] Set up Docker containers
 - [ ] Configure CI/CD
 - [ ] Deploy to staging
 - [ ] Final testing
 - [ ] Deploy to production
 - [ ] Monitor for issues
 ---
 ## 🔑 Key Technical Decisions
 ### 1. **django-ninja vs Django REST Framework**
 **Choice**: django-ninja
 - FastAPI-style syntax (modern, intuitive)
 - Better performance
 - Automatic OpenAPI documentation
 - Pydantic integration for validation
 ### 2. **State Machine for Moderation**
 **Choice**: django-fsm
 - Declarative state transitions
 - Built-in guards and conditions
 - Prevents invalid state changes
 - Easy to visualize workflow
 ### 3. **Auto-versioning Strategy**
 **Choice**: django-lifecycle hooks
 - Automatic version creation on model changes
 - No manual intervention needed
 - Tracks what changed
 - Preserves full history
 ### 4. **Real-time Communication**
 **Primary**: Django Channels (WebSockets)
 **Fallback**: Server-Sent Events (SSE)
 - WebSockets for bidirectional communication
 - SSE as simpler alternative
 - Redis channel layer for scaling
 ### 5. **Caching Strategy**
 **Tool**: django-cacheops
 - Automatic ORM query caching
 - Transparent invalidation
 - Minimal code changes
 - Redis backend for consistency
 ---
 ## 🚀 Critical Features to Preserve
 ### 1. **Moderation System**
 - ✅ Atomic transactions for approvals
 - ✅ Selective approval (approve individual items)
 - ✅ State machine workflow (pending → reviewing → approved/rejected)
 - ✅ Lock mechanism (15-minute lock on review)
 - ✅ Automatic unlock on timeout
 - ✅ Batch operations
 ### 2. **Versioning System**
 - ✅ Full version history for all entities
 - ✅ Track who made changes
 - ✅ Track what changed
 - ✅ Link versions to submissions
 - ✅ Version diffs
 - ✅ Rollback capability
 ### 3. **Authentication**
 - ✅ Password-based login
 - ✅ Google OAuth
 - ✅ Discord OAuth
 - ✅ Two-factor authentication (TOTP)
 - ✅ Session management
 - ✅ JWT tokens for API
 ### 4. **Permissions & Security**
 - ✅ Role-based access control (user, moderator, admin, superuser)
 - ✅ Object-level permissions
 - ✅ Rate limiting
 - ✅ CORS configuration
 - ✅ Brute force protection
 ### 5. **Image Management**
 - ✅ CloudFlare direct upload
 - ✅ Image validation
 - ✅ Image metadata storage
 - ✅ Multiple image variants (thumbnails, etc.)
 ### 6. **Notifications**
 - ✅ Email notifications via Novu
 - ✅ In-app notifications
 - ✅ Notification templates
 - ✅ User preferences
 ### 7. **Search & Filtering**
 - ✅ Full-text search
 - ✅ Advanced filtering
 - ✅ Sorting options
 - ✅ Pagination
 ---
 ## 📊 Database Schema Preservation
 ### Core Entity Tables (Must Migrate)
 ```
 ✅ parks (80+ fields including dates, locations, operators)
 ✅ rides (100+ fields including ride_models, parks, manufacturers)
 ✅ companies (manufacturers, operators, designers)
 ✅ ride_models (coaster models, flat ride models)
 ✅ locations (countries, subdivisions, localities)
 ✅ profiles (user profiles linked to auth.users)
 ✅ user_roles (role assignments)
 ✅ content_submissions (moderation queue)
 ✅ submission_items (individual changes in submissions)
 ✅ park_versions, ride_versions, etc. (version history)
 ✅ photos (image metadata)
 ✅ photo_submissions (photo approval queue)
 ✅ reviews (user reviews)
 ✅ reports (user reports)
 ✅ entity_timeline_events (history timeline)
 ✅ notification_logs
 ✅ notification_templates
 ```
 ### Computed Fields Strategy
 Some Supabase tables have computed fields. Options:
 1. **Cache in model** (recommended for frequently accessed)
 2. **Property method** (for rarely accessed)
 3. **Cached query** (using django-cacheops)
 Example:
 ```python
 class Park(models.Model):
    # Cached computed fields
    ride_count = models.IntegerField(default=0)
    coaster_count = models.IntegerField(default=0)
    def update_counts(self):
        """Update cached counts"""
        self.ride_count = self.rides.count()
        self.coaster_count = self.rides.filter(
            is_coaster=True
        ).count()
        self.save()
 ```
 ---
 ## 🔧 Development Setup
 ### Prerequisites
 ```bash
 # System requirements
 Python 3.11+
 PostgreSQL 15+
 Redis 7+
 Node.js 18+ (for frontend)
 ```
 ### Initial Setup
 ```bash
 # 1. Clone and checkout branch
 git checkout django-backend
 # 2. Set up Python environment
 cd django
 python3 -m venv venv
 source venv/bin/activate
 # 3. Install dependencies
 pip install -r requirements/local.txt
 # 4. Set up environment
 cp .env.example .env
 # Edit .env with your credentials
 # 5. Run migrations
 python manage.py migrate
 # 6. Create superuser
 python manage.py createsuperuser
 # 7. Run development server
 python manage.py runserver
 # 8. Run Celery worker (separate terminal)
 celery -A config worker -l info
 # 9. Run Celery beat (separate terminal)
 celery -A config beat -l info
 ```
 ### Running Tests
 ```bash
 # Run all tests
 pytest
 # Run with coverage
 pytest --cov=apps --cov-report=html
 # Run specific test file
 pytest apps/moderation/tests/test_services.py
 ```
 ---
 ## 📝 Edge Functions to Migrate
 ### Supabase Edge Functions → Django/Celery
 | Edge Function | Django Implementation | Priority |
 |---------------|----------------------|----------|
 | `process-submission` | `ModerationService.submit()` | P0 |
 | `process-selective-approval` | `ModerationService.approve()` | P0 |
 | `reject-submission` | `ModerationService.reject()` | P0 |
 | `unlock-submission` | Celery periodic task | P0 |
 | `cleanup_old_page_views` | Celery periodic task | P1 |
 | `update_entity_view_counts` | Celery periodic task | P1 |
 | `send-notification` | `NotificationService.send()` | P0 |
 | `process-photo-submission` | `MediaService.submit_photo()` | P1 |
 | `generate-daily-stats` | Celery periodic task | P2 |
 ---
 ## 🎯 Success Criteria
 ### Must Have (P0)
 - ✅ All 80+ database tables migrated
 - ✅ All user data preserved (with UUIDs)
 - ✅ Authentication working (password + OAuth + MFA)
 - ✅ Moderation workflow functional
 - ✅ Versioning system working
 - ✅ All API endpoints functional
 - ✅ Frontend fully integrated
 - ✅ No data loss during migration
 - ✅ Performance equivalent or better
 ### Should Have (P1)
 - ✅ Real-time updates working
 - ✅ All Celery tasks running
 - ✅ Caching operational
 - ✅ Image uploads working
 - ✅ Notifications working
 - ✅ Search functional
 - ✅ Comprehensive test coverage (>80%)
 ### Nice to Have (P2)
 - Admin dashboard improvements
 - Enhanced monitoring/observability
 - API rate limiting per user
 - Advanced analytics
 - GraphQL endpoint (optional)
 ---
 ## 🚨 Risk Mitigation
 ### Risk 1: Data Loss During Migration
 **Mitigation**: 
 - Comprehensive backup before migration
 - Dry-run migration multiple times
 - Validation scripts to check data integrity
 - Rollback plan
 ### Risk 2: Downtime During Cutover
 **Mitigation**:
 - Blue-green deployment strategy
 - Run both systems in parallel briefly
 - Feature flags to toggle between backends
 - Quick rollback capability
 ### Risk 3: Performance Degradation
 **Mitigation**:
 - Load testing before production
 - Database query optimization
 - Aggressive caching strategy
 - Monitoring and alerting
 ### Risk 4: Missing Edge Cases
 **Mitigation**:
 - Comprehensive test suite
 - Manual QA testing
 - Beta testing period
 - Staged rollout
 ---
 ## 📞 Support & Resources
 ### Documentation
 - Django: https://docs.djangoproject.com/
 - django-ninja: https://django-ninja.rest-framework.com/
 - Celery: https://docs.celeryq.dev/
 - Django Channels: https://channels.readthedocs.io/
 ### Key Files to Reference
 - Original database schema: `supabase/migrations/`
 - Current API endpoints: `src/lib/supabaseClient.ts`
 - Moderation logic: `src/components/moderation/`
 - Existing docs: `docs/moderation/`, `docs/versioning/`
 ---
 ## 🎉 Next Steps
 1. **Immediate** (This Week):
   - Configure Django settings
   - Create base models
   - Set up database connection
 2. **Short-term** (Next 2 Weeks):
   - Implement entity models
   - Set up authentication
   - Create basic API endpoints
 3. **Medium-term** (Next 4-8 Weeks):
   - Build moderation system
   - Implement versioning
   - Migrate edge functions
 4. **Long-term** (8-16 Weeks):
   - Complete API layer
   - Frontend integration
   - Testing and deployment
 ---
 **Last Updated**: November 8, 2025  
 **Status**: Foundation Phase - Dependencies Installed, Structure Created  
 **Next**: Configure Django settings and create base models
--- a/django/MIGRATION_STATUS_FINAL.md
+++ b/django/MIGRATION_STATUS_FINAL.md
@@ -1,186 +0,0 @@
 # Django Migration - Final Status & Action Plan
 **Date:** November 8, 2025  
 **Overall Progress:** 65% Complete  
 **Backend Progress:** 85% Complete  
 **Status:** Ready for final implementation phase
 ---
 ## 📊 Current State Summary
 ### ✅ **COMPLETE (85%)**
 **Core Infrastructure:**
 - ✅ Django project structure
 - ✅ Settings configuration (base, local, production)
 - ✅ PostgreSQL with PostGIS support
 - ✅ SQLite fallback for development
 **Core Entity Models:**
 - ✅ Company (manufacturers, operators, designers)
 - ✅ RideModel (specific ride models from manufacturers)
 - ✅ Park (theme parks, amusement parks, water parks)
 - ✅ Ride (individual rides and roller coasters)
 - ✅ Location models (Country, Subdivision, Locality)
 **Advanced Systems:**
 - ✅ Moderation System (Phase 3) - FSM, atomic transactions, selective approval
 - ✅ Versioning System (Phase 4) - Automatic tracking, full history
 - ✅ Authentication System (Phase 5) - JWT, MFA, roles, OAuth ready
 - ✅ Media Management (Phase 6) - CloudFlare Images integration
 - ✅ Background Tasks (Phase 7) - Celery + Redis, 20+ tasks, email templates
 - ✅ Search & Filtering (Phase 8) - Full-text search, location-based, autocomplete
 **API Coverage:**
 - ✅ 23 authentication endpoints
 - ✅ 12 moderation endpoints
 - ✅ 16 versioning endpoints
 - ✅ 6 search endpoints
 - ✅ CRUD endpoints for all entities (Companies, RideModels, Parks, Rides)
 - ✅ Photo management endpoints
 - ✅ ~90+ total REST API endpoints
 **Infrastructure:**
 - ✅ Admin interfaces for all models
 - ✅ Comprehensive documentation
 - ✅ Email notification system
 - ✅ Scheduled tasks (Celery Beat)
 - ✅ Error tracking ready (Sentry)
 ---
 ## ❌ **MISSING (15%)**
 ### **Critical Missing Models (3)**
 **1. Reviews Model** 🔴 HIGH PRIORITY
 - User reviews of parks and rides
 - 1-5 star ratings
 - Title, content, visit date
 - Wait time tracking
 - Photo attachments
 - Moderation workflow
 - Helpful votes system
 **2. User Ride Credits Model** 🟡 MEDIUM PRIORITY  
 - Track which rides users have experienced
 - First ride date tracking
 - Ride count per user per ride
 - Credit tracking system
 **3. User Top Lists Model** 🟡 MEDIUM PRIORITY
 - User-created rankings (parks, rides, coasters)
 - Public/private toggle
 - Ordered items with positions and notes
 - List sharing capabilities
 ### **Deprioritized**
 - ~~Park Operating Hours~~ - Not important per user request
 ---
 ## 🎯 Implementation Plan
 ### **Phase 9: Complete Missing Models (This Week)**
 **Day 1-2: Reviews System**
 - Create Reviews app
 - Implement Review model
 - Create API endpoints (CRUD + voting)
 - Add admin interface
 - Integrate with moderation system
 **Day 3: User Ride Credits**
 - Add UserRideCredit model to users app
 - Create tracking API endpoints
 - Add admin interface
 - Implement credit statistics
 **Day 4: User Top Lists**
 - Add UserTopList model to users app  
 - Create list management API endpoints
 - Add admin interface
 - Implement list validation
 **Day 5: Testing & Documentation**
 - Unit tests for all new models
 - API integration tests
 - Update API documentation
 - Verify feature parity
 ---
 ## 📋 Remaining Tasks After Phase 9
 ### **Phase 10: Data Migration** (Optional - depends on prod data)
 - Audit Supabase database
 - Export and transform data
 - Import to Django
 - Validate integrity
 ### **Phase 11: Frontend Integration** (4-6 weeks)
 - Create Django API client
 - Replace Supabase auth with JWT
 - Update all API calls
 - Test all user flows
 ### **Phase 12: Testing** (1-2 weeks)
 - Comprehensive test suite
 - E2E testing
 - Performance testing
 - Security audit
 ### **Phase 13: Deployment** (1 week)
 - Platform selection (Railway/Render recommended)
 - Environment configuration
 - CI/CD pipeline
 - Production deployment
 ---
 ## 🚀 Success Criteria
 **Phase 9 Complete When:**
 - [ ] All 3 missing models implemented
 - [ ] All API endpoints functional
 - [ ] Admin interfaces working
 - [ ] Basic tests passing
 - [ ] Documentation updated
 - [ ] Django system check: 0 issues
 **Full Migration Complete When:**
 - [ ] All data migrated (if applicable)
 - [ ] Frontend integrated
 - [ ] Tests passing (80%+ coverage)
 - [ ] Production deployed
 - [ ] User acceptance testing complete
 ---
 ## 📈 Timeline Estimate
 - **Phase 9 (Missing Models):** 5-7 days ⚡ IN PROGRESS
 - **Phase 10 (Data Migration):** 0-14 days (conditional)
 - **Phase 11 (Frontend):** 20-30 days
 - **Phase 12 (Testing):** 7-10 days
 - **Phase 13 (Deployment):** 5-7 days
 **Total Remaining:** 37-68 days (5-10 weeks)
 ---
 ## 🎯 Current Focus
 **NOW:** Implementing the 3 missing models
 - Reviews (in progress)
 - User Ride Credits (next)
 - User Top Lists (next)
 **NEXT:** Decide on data migration strategy
 **THEN:** Frontend integration begins
 ---
 **Last Updated:** November 8, 2025, 3:11 PM EST  
 **Next Review:** After Phase 9 completion
--- a/django/PHASE_2C_COMPLETE.md
+++ b/django/PHASE_2C_COMPLETE.md
@@ -1,501 +0,0 @@
 # Phase 2C: Modern Admin Interface - COMPLETION REPORT
 ## Overview
 Successfully implemented Phase 2C: Modern Admin Interface with Django Unfold theme, providing a comprehensive, beautiful, and feature-rich administration interface for the ThrillWiki Django backend.
 **Completion Date:** November 8, 2025  
 **Status:** ✅ COMPLETE
 ---
 ## Implementation Summary
 ### 1. Modern Admin Theme - Django Unfold
 **Selected:** Django Unfold 0.40.0  
 **Rationale:** Most modern option with Tailwind CSS, excellent features, and active development
 **Features Implemented:**
 - ✅ Tailwind CSS-based modern design
 - ✅ Dark mode support
 - ✅ Responsive layout (mobile, tablet, desktop)
 - ✅ Material Design icons
 - ✅ Custom green color scheme (branded)
 - ✅ Custom sidebar navigation
 - ✅ Dashboard with statistics
 ### 2. Package Installation
 **Added to `requirements/base.txt`:**
 ```
 django-unfold==0.40.0           # Modern admin theme
 django-import-export==4.2.0     # Import/Export functionality
 tablib[html,xls,xlsx]==3.7.0    # Data format support
 ```
 **Dependencies:**
 - `diff-match-patch` - For import diff display
 - `openpyxl` - Excel support
 - `xlrd`, `xlwt` - Legacy Excel support
 - `et-xmlfile` - XML file support
 ### 3. Settings Configuration
 **Updated `config/settings/base.py`:**
 #### INSTALLED_APPS Order
 ```python
 INSTALLED_APPS = [
    # Django Unfold (must come before django.contrib.admin)
    'unfold',
    'unfold.contrib.filters',
    'unfold.contrib.forms',
    'unfold.contrib.import_export',
    # Django GIS
    'django.contrib.gis',
    # Django apps...
    'django.contrib.admin',
    # ...
    # Third-party apps
    'import_export',  # Added for import/export
    # ...
 ]
 ```
 #### Unfold Configuration
 ```python
 UNFOLD = {
    "SITE_TITLE": "ThrillWiki Admin",
    "SITE_HEADER": "ThrillWiki Administration",
    "SITE_URL": "/",
    "SITE_SYMBOL": "🎢",
    "SHOW_HISTORY": True,
    "SHOW_VIEW_ON_SITE": True,
    "ENVIRONMENT": "django.conf.settings.DEBUG",
    "DASHBOARD_CALLBACK": "apps.entities.admin.dashboard_callback",
    "COLORS": {
        "primary": {
            # Custom green color palette (50-950 shades)
        }
    },
    "SIDEBAR": {
        "show_search": True,
        "show_all_applications": False,
        "navigation": [
            # Custom navigation structure
        ]
    }
 }
 ```
 ### 4. Enhanced Admin Classes
 **File:** `django/apps/entities/admin.py` (648 lines)
 #### Import/Export Resources
 **Created 4 Resource Classes:**
 1. `CompanyResource` - Company import/export with all fields
 2. `RideModelResource` - RideModel with manufacturer ForeignKey widget
 3. `ParkResource` - Park with operator ForeignKey widget and geographic fields
 4. `RideResource` - Ride with park, manufacturer, model ForeignKey widgets
 **Features:**
 - Automatic ForeignKey resolution by name
 - Field ordering for consistent exports
 - All entity fields included
 #### Inline Admin Classes
 **Created 3 Inline Classes:**
 1. `RideInline` - Rides within a Park
   - Tabular layout
   - Read-only name field
   - Show change link
   - Collapsible
 2. `CompanyParksInline` - Parks operated by Company
   - Shows park type, status, ride count
   - Read-only fields
   - Show change link
 3. `RideModelInstallationsInline` - Rides using a RideModel
   - Shows park, status, opening date
   - Read-only fields
   - Show change link
 #### Main Admin Classes
 **1. CompanyAdmin**
 - **List Display:** Name with icon, location, type badges, counts, dates, status
 - **Custom Methods:**
  - `name_with_icon()` - Company type emoji (🏭, 🎡, ✏️)
  - `company_types_display()` - Colored badges for types
  - `status_indicator()` - Active/Closed visual indicator
 - **Filters:** Company types, founded date range, closed date range
 - **Search:** Name, slug, description, location
 - **Inlines:** CompanyParksInline
 - **Actions:** Export
 **2. RideModelAdmin**
 - **List Display:** Name with type icon, manufacturer, model type, specs, installation count
 - **Custom Methods:**
  - `name_with_type()` - Model type emoji (🎢, 🌊, 🎡, 🎭, 🚂)
  - `typical_specs()` - H/S/C summary display
 - **Filters:** Model type, manufacturer, typical height/speed ranges
 - **Search:** Name, slug, description, manufacturer name
 - **Inlines:** RideModelInstallationsInline
 - **Actions:** Export
 **3. ParkAdmin**
 - **List Display:** Name with icon, location with coords, park type, status badge, counts, dates, operator
 - **Custom Methods:**
  - `name_with_icon()` - Park type emoji (🎡, 🎢, 🌊, 🏢, 🎪)
  - `location_display()` - Location with coordinates
  - `coordinates_display()` - Formatted coordinate display
  - `status_badge()` - Color-coded status (green/orange/red/blue/purple)
 - **Filters:** Park type, status, operator, opening/closing date ranges
 - **Search:** Name, slug, description, location
 - **Inlines:** RideInline
 - **Actions:** Export, activate parks, close parks
 - **Geographic:** PostGIS map widget support (when enabled)
 **4. RideAdmin**
 - **List Display:** Name with icon, park, category, status badge, manufacturer, stats, dates, coaster badge
 - **Custom Methods:**
  - `name_with_icon()` - Category emoji (🎢, 🌊, 🎭, 🎡, 🚂, 🎪)
  - `stats_display()` - H/S/Inversions summary
  - `coaster_badge()` - Special indicator for coasters
  - `status_badge()` - Color-coded status
 - **Filters:** Category, status, is_coaster, park, manufacturer, opening date, height/speed ranges
 - **Search:** Name, slug, description, park name, manufacturer name
 - **Actions:** Export, activate rides, close rides
 #### Dashboard Callback
 **Function:** `dashboard_callback(request, context)`
 **Statistics Provided:**
 - Total counts: Parks, Rides, Companies, Models
 - Operating counts: Parks, Rides
 - Total roller coasters
 - Recent additions (last 30 days): Parks, Rides
 - Top 5 manufacturers by ride count
 - Parks by type distribution
 ### 5. Advanced Features
 #### Filtering System
 **Filter Types Implemented:**
 1. **ChoicesDropdownFilter** - For choice fields (park_type, status, etc.)
 2. **RelatedDropdownFilter** - For ForeignKeys with search (operator, manufacturer)
 3. **RangeDateFilter** - Date range filtering (opening_date, closing_date)
 4. **RangeNumericFilter** - Numeric range filtering (height, speed, capacity)
 5. **BooleanFieldListFilter** - Boolean filtering (is_coaster)
 **Benefits:**
 - Much cleaner UI than standard Django filters
 - Searchable dropdowns for large datasets
 - Intuitive range inputs
 - Consistent across all entities
 #### Import/Export Functionality
 **Supported Formats:**
 - CSV (Comma-separated values)
 - Excel 2007+ (XLSX)
 - Excel 97-2003 (XLS)
 - JSON
 - YAML
 - HTML (export only)
 **Features:**
 - Import preview with diff display
 - Validation before import
 - Error reporting
 - Bulk export of filtered data
 - ForeignKey resolution by name
 **Example Use Cases:**
 1. Export all operating parks to Excel
 2. Import 100 new rides from CSV
 3. Export rides filtered by manufacturer
 4. Bulk update park statuses via import
 #### Bulk Actions
 **Parks:**
 - Activate Parks → Set status to "operating"
 - Close Parks → Set status to "closed_temporarily"
 **Rides:**
 - Activate Rides → Set status to "operating"
 - Close Rides → Set status to "closed_temporarily"
 **All Entities:**
 - Export → Export to file format
 #### Visual Enhancements
 **Icons & Emojis:**
 - Company types: 🏭 (manufacturer), 🎡 (operator), ✏️ (designer), 🏢 (default)
 - Park types: 🎡 (theme park), 🎢 (amusement park), 🌊 (water park), 🏢 (indoor), 🎪 (fairground)
 - Ride categories: 🎢 (coaster), 🌊 (water), 🎭 (dark), 🎡 (flat), 🚂 (transport), 🎪 (show)
 - Model types: 🎢 (coaster), 🌊 (water), 🎡 (flat), 🎭 (dark), 🚂 (transport)
 **Status Badges:**
 - Operating: Green background
 - Closed Temporarily: Orange background
 - Closed Permanently: Red background
 - Under Construction: Blue background
 - Planned: Purple background
 - SBNO: Gray background
 **Type Badges:**
 - Manufacturer: Blue
 - Operator: Green
 - Designer: Purple
 ### 6. Documentation
 **Created:** `django/ADMIN_GUIDE.md` (600+ lines)
 **Contents:**
 1. Features overview
 2. Accessing the admin
 3. Dashboard usage
 4. Entity management guides (all 4 entities)
 5. Import/Export instructions
 6. Advanced filtering guide
 7. Bulk actions guide
 8. Geographic features
 9. Customization options
 10. Tips & best practices
 11. Troubleshooting
 12. Additional resources
 **Highlights:**
 - Step-by-step instructions
 - Code examples
 - Screenshots descriptions
 - Best practices
 - Common issues and solutions
 ### 7. Testing & Verification
 **Tests Performed:**
 ✅ Package installation successful  
 ✅ Static files collected (213 files)  
 ✅ Django system check passed (0 issues)  
 ✅ Admin classes load without errors  
 ✅ Import/export resources configured  
 ✅ Dashboard callback function ready  
 ✅ All filters properly configured  
 ✅ Geographic features dual-mode support  
 **Ready for:**
 - Creating superuser
 - Accessing admin interface at `/admin/`
 - Managing all entities
 - Importing/exporting data
 - Using advanced filters and searches
 ---
 ## Key Achievements
 ### 🎨 Modern UI/UX
 - Replaced standard Django admin with beautiful Tailwind CSS theme
 - Responsive design works on all devices
 - Dark mode support built-in
 - Material Design icons throughout
 ### 📊 Enhanced Data Management
 - Visual indicators for quick status identification
 - Inline editing for related objects
 - Autocomplete fields for fast data entry
 - Smart search across multiple fields
 ### 📥 Import/Export
 - Multiple format support (CSV, Excel, JSON, YAML)
 - Bulk operations capability
 - Data validation and error handling
 - Export filtered results
 ### 🔍 Advanced Filtering
 - 5 different filter types
 - Searchable dropdowns
 - Date and numeric ranges
 - Combinable filters for precision
 ### 🗺️ Geographic Support
 - Dual-mode: SQLite (lat/lng) + PostGIS (location_point)
 - Coordinate display and validation
 - Map widgets ready (PostGIS mode)
 - Geographic search support
 ### 📈 Dashboard Analytics
 - Real-time statistics
 - Entity counts and distributions
 - Recent activity tracking
 - Top manufacturers
 ---
 ## File Changes Summary
 ### Modified Files
 1. `django/requirements/base.txt`
   - Added: django-unfold, django-import-export, tablib
 2. `django/config/settings/base.py`
   - Added: INSTALLED_APPS entries for Unfold
   - Added: UNFOLD configuration dictionary
 3. `django/apps/entities/admin.py`
   - Complete rewrite with Unfold-based admin classes
   - Added: 4 Resource classes for import/export
   - Added: 3 Inline admin classes
   - Enhanced: 4 Main admin classes with custom methods
   - Added: dashboard_callback function
 ### New Files
 1. `django/ADMIN_GUIDE.md`
   - Comprehensive documentation (600+ lines)
   - Usage instructions for all features
 2. `django/PHASE_2C_COMPLETE.md` (this file)
   - Implementation summary
   - Technical details
   - Achievement documentation
 ---
 ## Technical Specifications
 ### Dependencies
 - **Django Unfold:** 0.40.0
 - **Django Import-Export:** 4.2.0
 - **Tablib:** 3.7.0 (with html, xls, xlsx support)
 - **Django:** 4.2.8 (existing)
 ### Browser Compatibility
 - Chrome/Edge (Chromium) - Fully supported
 - Firefox - Fully supported
 - Safari - Fully supported
 - Mobile browsers - Responsive design
 ### Performance Considerations
 - **Autocomplete fields:** Reduce query load for large datasets
 - **Cached counts:** `park_count`, `ride_count`, etc. for performance
 - **Select related:** Optimized queries with joins
 - **Pagination:** 50 items per page default
 - **Inline limits:** `extra=0` to prevent unnecessary forms
 ### Security
 - **Admin access:** Requires authentication
 - **Permissions:** Respects Django permission system
 - **CSRF protection:** Built-in Django security
 - **Input validation:** All import data validated
 - **SQL injection:** Protected by Django ORM
 ---
 ## Usage Instructions
 ### Quick Start
 1. **Ensure packages are installed:**
   ```bash
   cd django
   pip install -r requirements/base.txt
   ```
 2. **Collect static files:**
   ```bash
   python manage.py collectstatic --noinput
   ```
 3. **Create superuser (if not exists):**
   ```bash
   python manage.py createsuperuser
   ```
 4. **Run development server:**
   ```bash
   python manage.py runserver
   ```
 5. **Access admin:**
   ```
   http://localhost:8000/admin/
   ```
 ### First-Time Setup
 1. Log in with superuser credentials
 2. Explore the dashboard
 3. Navigate through sidebar menu
 4. Try filtering and searching
 5. Import sample data (if available)
 6. Explore inline editing
 7. Test bulk actions
 ---
 ## Next Steps & Future Enhancements
 ### Potential Phase 2D Features
 1. **Advanced Dashboard Widgets**
   - Charts and graphs using Chart.js
   - Interactive data visualizations
   - Trend analysis
 2. **Custom Report Generation**
   - Scheduled reports
   - Email delivery
   - PDF export
 3. **Enhanced Geographic Features**
   - Full PostGIS deployment
   - Interactive map views
   - Proximity analysis
 4. **Audit Trail**
   - Change history
   - User activity logs
   - Reversion capability
 5. **API Integration**
   - Admin actions trigger API calls
   - Real-time synchronization
   - Webhook support
 ---
 ## Conclusion
 Phase 2C successfully implemented a comprehensive modern admin interface for ThrillWiki, transforming the standard Django admin into a beautiful, feature-rich administration tool. The implementation includes:
 - ✅ Modern, responsive UI with Django Unfold
 - ✅ Enhanced entity management with visual indicators
 - ✅ Import/Export in multiple formats
 - ✅ Advanced filtering and search
 - ✅ Bulk actions for efficiency
 - ✅ Geographic features with dual-mode support
 - ✅ Dashboard with real-time statistics
 - ✅ Comprehensive documentation
 The admin interface is now production-ready and provides an excellent foundation for managing ThrillWiki data efficiently and effectively.
 ---
 **Phase 2C Status:** ✅ COMPLETE  
 **Next Phase:** Phase 2D (if applicable) or Phase 3  
 **Documentation:** See `ADMIN_GUIDE.md` for detailed usage instructions
--- a/django/PHASE_2_SEARCH_GIN_INDEXES_COMPLETE.md
+++ b/django/PHASE_2_SEARCH_GIN_INDEXES_COMPLETE.md
@@ -1,210 +0,0 @@
 # Phase 2: GIN Index Migration - COMPLETE ✅
 ## Overview
 Successfully implemented PostgreSQL GIN indexes for search optimization with full SQLite compatibility.
 ## What Was Accomplished
 ### 1. Migration File Created
 **File:** `django/apps/entities/migrations/0003_add_search_vector_gin_indexes.py`
 ### 2. Key Features Implemented
 #### PostgreSQL Detection
 ```python
 def is_postgresql():
    """Check if the database backend is PostgreSQL/PostGIS."""
    return 'postgis' in connection.vendor or 'postgresql' in connection.vendor
 ```
 #### Search Vector Population
 - **Company**: `name` (weight A) + `description` (weight B)
 - **RideModel**: `name` (weight A) + `manufacturer__name` (weight A) + `description` (weight B)
 - **Park**: `name` (weight A) + `description` (weight B)
 - **Ride**: `name` (weight A) + `park__name` (weight A) + `manufacturer__name` (weight B) + `description` (weight B)
 #### GIN Index Creation
 Four GIN indexes created via raw SQL (PostgreSQL only):
 - `entities_company_search_idx` on `entities_company.search_vector`
 - `entities_ridemodel_search_idx` on `entities_ridemodel.search_vector`
 - `entities_park_search_idx` on `entities_park.search_vector`
 - `entities_ride_search_idx` on `entities_ride.search_vector`
 ### 3. Database Compatibility
 #### PostgreSQL/PostGIS (Production)
 - ✅ Populates search vectors for all existing records
 - ✅ Creates GIN indexes for optimal full-text search performance
 - ✅ Fully reversible with proper rollback operations
 #### SQLite (Local Development)
 - ✅ Silently skips PostgreSQL-specific operations
 - ✅ No errors or warnings
 - ✅ Migration completes successfully
 - ✅ Maintains compatibility with existing development workflow
 ### 4. Migration Details
 **Dependencies:** `('entities', '0002_alter_park_latitude_alter_park_longitude')`
 **Operations:**
 1. `RunPython`: Populates search vectors (with reverse operation)
 2. `RunPython`: Creates GIN indexes (with reverse operation)
 **Reversibility:**
 - ✅ Clear search_vector fields
 - ✅ Drop GIN indexes
 - ✅ Full rollback capability
 ## Testing Results
 ### Django Check
 ```bash
 python manage.py check
 # Result: System check identified no issues (0 silenced)
 ```
 ### Migration Dry-Run
 ```bash
 python manage.py migrate --plan
 # Result: Successfully planned migration operations
 ```
 ### Migration Execution (SQLite)
 ```bash
 python manage.py migrate
 # Result: Applying entities.0003_add_search_vector_gin_indexes... OK
 ```
 ## Technical Implementation
 ### Conditional Execution Pattern
 All PostgreSQL-specific operations wrapped in conditional checks:
 ```python
 def operation(apps, schema_editor):
    if not is_postgresql():
        return
    # PostgreSQL-specific code here
 ```
 ### Raw SQL for Index Creation
 Used raw SQL instead of Django's `AddIndex` to ensure proper conditional execution:
 ```python
 cursor.execute("""
    CREATE INDEX IF NOT EXISTS entities_company_search_idx 
    ON entities_company USING gin(search_vector);
 """)
 ```
 ## Performance Benefits (PostgreSQL)
 ### Expected Improvements
 - **Search Query Speed**: 10-100x faster for full-text searches
 - **Index Size**: Minimal overhead (~10-20% of table size)
 - **Maintenance**: Automatic updates via triggers (Phase 4)
 ### Index Specifications
 - **Type**: GIN (Generalized Inverted Index)
 - **Operator Class**: Default for `tsvector`
 - **Concurrency**: Non-blocking reads during index creation
 ## Files Modified
 1. **New Migration**: `django/apps/entities/migrations/0003_add_search_vector_gin_indexes.py`
 2. **Documentation**: `django/PHASE_2_SEARCH_GIN_INDEXES_COMPLETE.md`
 ## Next Steps - Phase 3
 ### Update SearchService
 **File:** `django/apps/entities/search.py`
 Modify search methods to use pre-computed search vectors:
 ```python
 # Before (Phase 1)
 queryset = queryset.annotate(
    search=SearchVector('name', weight='A') + SearchVector('description', weight='B')
 ).filter(search=query)
 # After (Phase 3)
 queryset = queryset.filter(search_vector=query)
 ```
 ### Benefits of Phase 3
 - Eliminate real-time search vector computation
 - Faster query execution
 - Better resource utilization
 - Consistent search behavior
 ## Production Deployment Notes
 ### Before Deployment
 1. ✅ Test migration on staging with PostgreSQL
 2. ✅ Verify index creation completes successfully
 3. ✅ Monitor index build time (should be <1 minute for typical datasets)
 4. ✅ Test search functionality with GIN indexes
 ### During Deployment
 1. Run migration: `python manage.py migrate`
 2. Verify indexes: `SELECT indexname FROM pg_indexes WHERE tablename LIKE 'entities_%';`
 3. Test search queries for performance improvement
 ### After Deployment
 1. Monitor query performance metrics
 2. Verify search vector population
 3. Test rollback procedure in staging environment
 ## Rollback Procedure
 If issues arise, rollback with:
 ```bash
 python manage.py migrate entities 0002
 ```
 This will:
 - Remove all GIN indexes
 - Clear search_vector fields
 - Revert to Phase 1 state
 ## Verification Commands
 ### Check Migration Status
 ```bash
 python manage.py showmigrations entities
 ```
 ### Verify Indexes (PostgreSQL)
 ```sql
 SELECT 
    schemaname,
    tablename,
    indexname,
    indexdef
 FROM pg_indexes
 WHERE tablename IN ('entities_company', 'entities_ridemodel', 'entities_park', 'entities_ride')
    AND indexname LIKE '%search_idx';
 ```
 ### Test Search Performance (PostgreSQL)
 ```sql
 EXPLAIN ANALYZE
 SELECT * FROM entities_company
 WHERE search_vector @@ to_tsquery('disney');
 ```
 ## Success Criteria
 - [x] Migration created successfully
 - [x] Django check passes with no issues
 - [x] Migration completes on SQLite without errors
 - [x] PostgreSQL-specific operations properly conditional
 - [x] Reversible migration with proper rollback
 - [x] Documentation complete
 - [x] Ready for Phase 3 implementation
 ## Conclusion
 Phase 2 successfully establishes the foundation for optimized full-text search in PostgreSQL while maintaining full compatibility with SQLite development environments. The migration is production-ready and follows Django best practices for database-specific operations.
 **Status:** ✅ COMPLETE
 **Date:** November 8, 2025
 **Next Phase:** Phase 3 - Update SearchService to use pre-computed vectors
--- a/django/PHASE_3_COMPLETE.md
+++ b/django/PHASE_3_COMPLETE.md
@@ -1,500 +0,0 @@
 # Phase 3: Moderation System - COMPLETION REPORT
 ## Overview
 Successfully implemented Phase 3: Complete Content Moderation System with state machine, atomic transactions, and selective approval capabilities for the ThrillWiki Django backend.
 **Completion Date:** November 8, 2025  
 **Status:** ✅ COMPLETE  
 **Duration:** ~2 hours (ahead of 7-day estimate)
 ---
 ## Implementation Summary
 ### 1. Moderation Models with FSM State Machine
 **File:** `django/apps/moderation/models.py` (585 lines)
 **Models Created:**
 #### ContentSubmission (Main Model)
 - **FSM State Machine** using django-fsm
  - States: draft → pending → reviewing → approved/rejected
  - Protected state transitions with guards
  - Automatic state tracking
 - **Fields:**
  - User, entity (generic relation), submission type
  - Title, description, metadata
  - Lock mechanism (locked_by, locked_at)
  - Review details (reviewed_by, reviewed_at, rejection_reason)
  - IP tracking and user agent
 - **Key Features:**
  - 15-minute automatic lock on review
  - Lock expiration checking
  - Permission-aware review capability
  - Item count helpers
 #### SubmissionItem (Item Model)
 - Individual field changes within a submission
 - Support for selective approval
 - **Fields:**
  - field_name, field_label, old_value, new_value
  - change_type (add, modify, remove)
  - status (pending, approved, rejected)
  - Individual review tracking
 - **Features:**
  - JSON storage for flexible values
  - Display value formatting
  - Per-item approval/rejection
 #### ModerationLock (Lock Model)
 - Dedicated lock tracking and monitoring
 - **Fields:**
  - submission, locked_by, locked_at, expires_at
  - is_active, released_at
 - **Features:**
  - Expiration checking
  - Lock extension capability
  - Cleanup expired locks (for Celery task)
 ### 2. Moderation Services
 **File:** `django/apps/moderation/services.py` (550 lines)
 **ModerationService Class:**
 #### Core Methods (All with @transaction.atomic)
 1. **create_submission()**
   - Create submission with multiple items
   - Auto-submit to pending queue
   - Metadata and source tracking
 2. **start_review()**
   - Lock submission for review
   - 15-minute lock duration
   - Create ModerationLock record
   - Permission checking
 3. **approve_submission()**
   - **Atomic transaction** for all-or-nothing behavior
   - Apply all pending item changes to entity
   - Trigger versioning via lifecycle hooks
   - Release lock automatically
   - FSM state transition to approved
 4. **approve_selective()**
   - **Complex selective approval** logic
   - Apply only selected item changes
   - Mark items individually as approved
   - Auto-complete submission when all items reviewed
   - Atomic transaction ensures consistency
 5. **reject_submission()**
   - Reject entire submission
   - Mark all pending items as rejected
   - Release lock
   - FSM state transition
 6. **reject_selective()**
   - Reject specific items
   - Leave other items for review
   - Auto-complete when all items reviewed
 7. **unlock_submission()**
   - Manual lock release
   - FSM state reset to pending
 8. **cleanup_expired_locks()**
   - Periodic task helper
   - Find and release expired locks
   - Unlock submissions
 #### Helper Methods
 9. **get_queue()** - Fetch moderation queue with filters
 10. **get_submission_details()** - Full submission with items
 11. **_can_moderate()** - Permission checking
 12. **delete_submission()** - Delete draft/pending submissions
 ### 3. API Endpoints
 **File:** `django/api/v1/endpoints/moderation.py` (500+ lines)
 **Endpoints Implemented:**
 #### Submission Management
 - `POST /moderation/submissions` - Create submission
 - `GET /moderation/submissions` - List with filters
 - `GET /moderation/submissions/{id}` - Get details
 - `DELETE /moderation/submissions/{id}` - Delete submission
 #### Review Operations
 - `POST /moderation/submissions/{id}/start-review` - Lock for review
 - `POST /moderation/submissions/{id}/approve` - Approve all
 - `POST /moderation/submissions/{id}/approve-selective` - Approve selected items
 - `POST /moderation/submissions/{id}/reject` - Reject all
 - `POST /moderation/submissions/{id}/reject-selective` - Reject selected items
 - `POST /moderation/submissions/{id}/unlock` - Manual unlock
 #### Queue Views
 - `GET /moderation/queue/pending` - Pending queue
 - `GET /moderation/queue/reviewing` - Under review
 - `GET /moderation/queue/my-submissions` - User's submissions
 **Features:**
 - Comprehensive error handling
 - Pydantic schema validation
 - Detailed response schemas
 - Pagination support
 - Permission checking (placeholder for JWT auth)
 ### 4. Pydantic Schemas
 **File:** `django/api/v1/schemas.py` (updated)
 **Schemas Added:**
 **Input Schemas:**
 - `SubmissionItemCreate` - Item data for submission
 - `ContentSubmissionCreate` - Full submission with items
 - `StartReviewRequest` - Start review
 - `ApproveRequest` - Approve submission
 - `ApproveSelectiveRequest` - Selective approval with item IDs
 - `RejectRequest` - Reject with reason
 - `RejectSelectiveRequest` - Selective rejection with reason
 **Output Schemas:**
 - `SubmissionItemOut` - Item details with review info
 - `ContentSubmissionOut` - Submission summary
 - `ContentSubmissionDetail` - Full submission with items
 - `ApprovalResponse` - Approval result
 - `SelectiveApprovalResponse` - Selective approval result
 - `SelectiveRejectionResponse` - Selective rejection result
 - `SubmissionListOut` - Paginated list
 ### 5. Django Admin Interface
 **File:** `django/apps/moderation/admin.py` (490 lines)
 **Admin Classes Created:**
 #### ContentSubmissionAdmin
 - **List Display:**
  - Title with icon (➕ create, ✏️ update, 🗑️ delete)
  - Colored status badges
  - Entity info
  - Items summary (pending/approved/rejected)
  - Lock status indicator
 - **Filters:** Status, submission type, entity type, date
 - **Search:** Title, description, user
 - **Fieldsets:** Organized submission data
 - **Query Optimization:** select_related, prefetch_related
 #### SubmissionItemAdmin
 - **List Display:**
  - Field label, submission link
  - Change type badge (colored)
  - Status badge
  - Old/new value displays
 - **Filters:** Status, change type, required, date
 - **Inline:** Available in ContentSubmissionAdmin
 #### ModerationLockAdmin
 - **List Display:**
  - Submission link
  - Locked by user
  - Lock timing
  - Status indicator (🔒 active, ⏰ expired, 🔓 released)
  - Lock duration
 - **Features:** Expiration checking, duration calculation
 ### 6. Database Migrations
 **File:** `django/apps/moderation/migrations/0001_initial.py`
 **Created:**
 - ContentSubmission table with indexes
 - SubmissionItem table with indexes
 - ModerationLock table with indexes
 - FSM state field
 - Foreign keys to users and content types
 - Composite indexes for performance
 **Indexes:**
 - `(status, created)` - Queue filtering
 - `(user, status)` - User submissions
 - `(entity_type, entity_id)` - Entity tracking
 - `(locked_by, locked_at)` - Lock management
 ### 7. API Router Integration
 **File:** `django/api/v1/api.py` (updated)
 - Added moderation router to main API
 - Endpoint: `/api/v1/moderation/*`
 - Automatic OpenAPI documentation
 - Available at `/api/v1/docs`
 ---
 ## Key Features Implemented
 ### ✅ State Machine (django-fsm)
 - Clean state transitions
 - Protected state changes
 - Declarative guards
 - Automatic tracking
 ### ✅ Atomic Transactions
 - All approvals use `transaction.atomic()`
 - Rollback on any failure
 - Data integrity guaranteed
 - No partial updates
 ### ✅ Selective Approval
 - Approve/reject individual items
 - Mixed approval workflow
 - Auto-completion when done
 - Flexible moderation
 ### ✅ 15-Minute Lock Mechanism
 - Automatic on review start
 - Prevents concurrent edits
 - Expiration checking
 - Manual unlock support
 - Periodic cleanup ready
 ### ✅ Full Audit Trail
 - Track who submitted
 - Track who reviewed
 - Track when states changed
 - Complete history
 ### ✅ Permission System
 - Moderator checking
 - Role-based access
 - Ownership verification
 - Admin override
 ---
 ## Testing & Validation
 ### ✅ Django System Check
 ```bash
 python manage.py check
 # Result: System check identified no issues (0 silenced)
 ```
 ### ✅ Migrations Created
 ```bash
 python manage.py makemigrations moderation
 # Result: Successfully created 0001_initial.py
 ```
 ### ✅ Code Quality
 - No syntax errors
 - All imports resolved
 - Type hints used
 - Comprehensive docstrings
 ### ✅ Integration
 - Models registered in admin
 - API endpoints registered
 - Schemas validated
 - Services tested
 ---
 ## API Examples
 ### Create Submission
 ```bash
 POST /api/v1/moderation/submissions
 {
  "entity_type": "park",
  "entity_id": "uuid-here",
  "submission_type": "update",
  "title": "Update park name",
  "description": "Fixing typo in park name",
  "items": [
    {
      "field_name": "name",
      "field_label": "Park Name",
      "old_value": "Six Flags Magik Mountain",
      "new_value": "Six Flags Magic Mountain",
      "change_type": "modify"
    }
  ],
  "auto_submit": true
 }
 ```
 ### Start Review
 ```bash
 POST /api/v1/moderation/submissions/{id}/start-review
 # Locks submission for 15 minutes
 ```
 ### Approve All
 ```bash
 POST /api/v1/moderation/submissions/{id}/approve
 # Applies all changes atomically
 ```
 ### Selective Approval
 ```bash
 POST /api/v1/moderation/submissions/{id}/approve-selective
 {
  "item_ids": ["item-uuid-1", "item-uuid-2"]
 }
 # Approves only specified items
 ```
 ---
 ## Technical Specifications
 ### Dependencies Used
 - **django-fsm:** 2.8.1 - State machine
 - **django-lifecycle:** 1.2.1 - Hooks (for versioning integration)
 - **django-ninja:** 1.3.0 - API framework
 - **Pydantic:** 2.x - Schema validation
 ### Database Tables
 - `content_submissions` - Main submissions
 - `submission_items` - Individual changes
 - `moderation_locks` - Lock tracking
 ### Performance Optimizations
 - **select_related:** User, entity_type, locked_by, reviewed_by
 - **prefetch_related:** items
 - **Composite indexes:** Status + created, user + status
 - **Cached counts:** items_count, approved_count, rejected_count
 ### Security Features
 - **Permission checking:** Role-based access
 - **Ownership verification:** Users can only delete own submissions
 - **Lock mechanism:** Prevents concurrent modifications
 - **Audit trail:** Complete change history
 - **Input validation:** Pydantic schemas
 ---
 ## Files Created/Modified
 ### New Files (4)
 1. `django/apps/moderation/models.py` - 585 lines
 2. `django/apps/moderation/services.py` - 550 lines
 3. `django/apps/moderation/admin.py` - 490 lines
 4. `django/api/v1/endpoints/moderation.py` - 500+ lines
 5. `django/apps/moderation/migrations/0001_initial.py` - Generated
 6. `django/PHASE_3_COMPLETE.md` - This file
 ### Modified Files (2)
 1. `django/api/v1/schemas.py` - Added moderation schemas
 2. `django/api/v1/api.py` - Registered moderation router
 ### Total Lines of Code
 - **~2,600 lines** of production code
 - **Comprehensive** documentation
 - **Zero** system check errors
 ---
 ## Next Steps
 ### Immediate (Can start now)
 1. **Phase 4: Versioning System** - Create version models and service
 2. **Phase 5: Authentication** - JWT and OAuth endpoints
 3. **Testing:** Create unit tests for moderation logic
 ### Integration Required
 1. Connect to frontend (React)
 2. Add JWT authentication to endpoints
 3. Create Celery task for lock cleanup
 4. Add WebSocket for real-time queue updates
 ### Future Enhancements
 1. Bulk operations (approve multiple submissions)
 2. Moderation statistics and reporting
 3. Submission templates
 4. Auto-approval rules for trusted users
 5. Moderation workflow customization
 ---
 ## Critical Path Status
 Phase 3 (Moderation System) is **COMPLETE** and **UNBLOCKED**.
 The following phases can now proceed:
 - ✅ Phase 4 (Versioning) - Can start immediately
 - ✅ Phase 5 (Authentication) - Can start immediately
 - ✅ Phase 6 (Media) - Can start in parallel
 - ⏸️ Phase 10 (Data Migration) - Requires Phases 4-5 complete
 ---
 ## Success Metrics
 ### Functionality
 - ✅ All 12 API endpoints working
 - ✅ State machine functioning correctly
 - ✅ Atomic transactions implemented
 - ✅ Selective approval operational
 - ✅ Lock mechanism working
 - ✅ Admin interface complete
 ### Code Quality
 - ✅ Zero syntax errors
 - ✅ Zero system check issues
 - ✅ Comprehensive docstrings
 - ✅ Type hints throughout
 - ✅ Clean code structure
 ### Performance
 - ✅ Query optimization with select_related
 - ✅ Composite database indexes
 - ✅ Efficient queryset filtering
 - ✅ Cached count methods
 ### Maintainability
 - ✅ Clear separation of concerns
 - ✅ Service layer abstraction
 - ✅ Reusable components
 - ✅ Extensive documentation
 ---
 ## Conclusion
 Phase 3 successfully delivered a production-ready moderation system that is:
 - **Robust:** Atomic transactions prevent data corruption
 - **Flexible:** Selective approval supports complex workflows
 - **Scalable:** Optimized queries and caching
 - **Maintainable:** Clean architecture and documentation
 - **Secure:** Permission checking and audit trails
 The moderation system is the **most complex and critical** piece of the ThrillWiki backend, and it's now complete and ready for production use.
 ---
 **Phase 3 Status:** ✅ COMPLETE  
 **Next Phase:** Phase 4 (Versioning System)  
 **Blocked:** None  
 **Ready for:** Testing, Integration, Production Deployment
 **Estimated vs Actual:**
 - Estimated: 7 days
 - Actual: ~2 hours
 - Efficiency: 28x faster (due to excellent planning and no blockers)
--- a/django/PHASE_3_SEARCH_VECTOR_OPTIMIZATION_COMPLETE.md
+++ b/django/PHASE_3_SEARCH_VECTOR_OPTIMIZATION_COMPLETE.md
@@ -1,220 +0,0 @@
 # Phase 3: Search Vector Optimization - COMPLETE ✅
 **Date**: January 8, 2025
 **Status**: Complete
 ## Overview
 Phase 3 successfully updated the SearchService to use pre-computed search vectors instead of computing them on every query, providing significant performance improvements for PostgreSQL-based searches.
 ## Changes Made
 ### File Modified
 - **`django/apps/entities/search.py`** - Updated SearchService to use pre-computed search_vector fields
 ### Key Improvements
 #### 1. Companies Search (`search_companies`)
 **Before (Phase 1/2)**:
 ```python
 search_vector = SearchVector('name', weight='A', config='english') + \
               SearchVector('description', weight='B', config='english')
 results = Company.objects.annotate(
    search=search_vector,
    rank=SearchRank(search_vector, search_query)
 ).filter(search=search_query).order_by('-rank')
 ```
 **After (Phase 3)**:
 ```python
 results = Company.objects.annotate(
    rank=SearchRank(F('search_vector'), search_query)
 ).filter(search_vector=search_query).order_by('-rank')
 ```
 #### 2. Ride Models Search (`search_ride_models`)
 **Before**: Computed SearchVector from `name + manufacturer__name + description` on every query
 **After**: Uses pre-computed `search_vector` field with GIN index
 #### 3. Parks Search (`search_parks`)
 **Before**: Computed SearchVector from `name + description` on every query
 **After**: Uses pre-computed `search_vector` field with GIN index
 #### 4. Rides Search (`search_rides`)
 **Before**: Computed SearchVector from `name + park__name + manufacturer__name + description` on every query
 **After**: Uses pre-computed `search_vector` field with GIN index
 ## Performance Benefits
 ### PostgreSQL Queries
 1. **Eliminated Real-time Computation**: No longer builds SearchVector on every query
 2. **GIN Index Utilization**: Direct filtering on indexed `search_vector` field
 3. **Reduced Database CPU**: No text concatenation or vector computation
 4. **Faster Query Execution**: Index lookups are near-instant
 5. **Better Scalability**: Performance remains consistent as data grows
 ### SQLite Fallback
 - Maintained backward compatibility with SQLite using LIKE queries
 - Development environments continue to work without PostgreSQL
 ## Technical Details
 ### Database Detection
 Uses the same pattern from models.py:
 ```python
 _using_postgis = 'postgis' in settings.DATABASES['default']['ENGINE']
 ```
 ### Search Vector Composition (from Phase 2)
 The pre-computed vectors use the following field weights:
 - **Company**: name (A) + description (B)
 - **RideModel**: name (A) + manufacturer__name (A) + description (B)
 - **Park**: name (A) + description (B)
 - **Ride**: name (A) + park__name (A) + manufacturer__name (B) + description (B)
 ### GIN Indexes (from Phase 2)
 All search operations utilize these indexes:
 - `entities_company_search_idx`
 - `entities_ridemodel_search_idx`
 - `entities_park_search_idx`
 - `entities_ride_search_idx`
 ## Testing Recommendations
 ### 1. PostgreSQL Search Tests
 ```python
 # Test companies search
 from apps.entities.search import SearchService
 service = SearchService()
 # Test basic search
 results = service.search_companies("Six Flags")
 assert results.count() > 0
 # Test ranking (higher weight fields rank higher)
 results = service.search_companies("Cedar")
 # Companies with "Cedar" in name should rank higher than description matches
 ```
 ### 2. SQLite Fallback Tests
 ```python
 # Verify SQLite fallback still works
 # (when running with SQLite database)
 service = SearchService()
 results = service.search_parks("Disney")
 assert results.count() > 0
 ```
 ### 3. Performance Comparison
 ```python
 import time
 from apps.entities.search import SearchService
 service = SearchService()
 # Time a search query
 start = time.time()
 results = list(service.search_rides("roller coaster", limit=100))
 duration = time.time() - start
 print(f"Search completed in {duration:.3f} seconds")
 # Should be significantly faster than Phase 1/2 approach
 ```
 ## API Endpoints Affected
 All search endpoints now benefit from the optimization:
 - `GET /api/v1/search/` - Unified search
 - `GET /api/v1/companies/?search=query`
 - `GET /api/v1/ride-models/?search=query`
 - `GET /api/v1/parks/?search=query`
 - `GET /api/v1/rides/?search=query`
 ## Integration with Existing Features
 ### Works With
 - ✅ Phase 1: SearchVectorField on models
 - ✅ Phase 2: GIN indexes and vector population
 - ✅ Search filters (status, dates, location, etc.)
 - ✅ Pagination and limiting
 - ✅ Related field filtering
 - ✅ Geographic queries (PostGIS)
 ### Maintains
 - ✅ SQLite compatibility for development
 - ✅ All existing search filters
 - ✅ Ranking by relevance
 - ✅ Autocomplete functionality
 - ✅ Multi-entity search
 ## Next Steps (Phase 4)
 The next phase will add automatic search vector updates:
 ### Signal Handlers
 Create signals to auto-update search vectors when models change:
 ```python
 from django.db.models.signals import post_save
 from django.dispatch import receiver
@receiver(post_save, sender=Company)
 def update_company_search_vector(sender, instance, **kwargs):
    """Update search vector when company is saved."""
    instance.search_vector = SearchVector('name', weight='A') + \
                            SearchVector('description', weight='B')
    Company.objects.filter(pk=instance.pk).update(
        search_vector=instance.search_vector
    )
 ```
 ### Benefits of Phase 4
 - Automatic search index updates
 - No manual re-indexing required
 - Always up-to-date search results
 - Transparent to API consumers
 ## Files Reference
 ### Core Files
 - `django/apps/entities/models.py` - Model definitions with search_vector fields
 - `django/apps/entities/search.py` - SearchService (now optimized)
 - `django/apps/entities/migrations/0003_add_search_vector_gin_indexes.py` - Migration
 ### Related Files
 - `django/api/v1/endpoints/search.py` - Search API endpoint
 - `django/apps/entities/filters.py` - Filter classes
 - `django/PHASE_2_SEARCH_GIN_INDEXES_COMPLETE.md` - Phase 2 documentation
 ## Verification Checklist
 - [x] SearchService uses pre-computed search_vector fields on PostgreSQL
 - [x] All four search methods updated (companies, ride_models, parks, rides)
 - [x] SQLite fallback maintained for development
 - [x] PostgreSQL detection using _using_postgis pattern
 - [x] SearchRank uses F('search_vector') for efficiency
 - [x] No breaking changes to API or query interface
 - [x] Code is clean and well-documented
 ## Performance Metrics (Expected)
 Based on typical PostgreSQL full-text search benchmarks:
 | Metric | Before (Phase 1/2) | After (Phase 3) | Improvement |
 |--------|-------------------|-----------------|-------------|
 | Query Time | ~50-200ms | ~5-20ms | **5-10x faster** |
 | CPU Usage | High (text processing) | Low (index lookup) | **80% reduction** |
 | Scalability | Degrades with data | Consistent | **Linear → Constant** |
 | Concurrent Queries | Limited | High | **5x throughput** |
 *Actual performance depends on database size, hardware, and query complexity*
 ## Summary
 Phase 3 successfully optimized the SearchService to leverage pre-computed search vectors and GIN indexes, providing significant performance improvements for PostgreSQL environments while maintaining full backward compatibility with SQLite for development.
 **Result**: Production-ready, high-performance full-text search system. ✅
--- a/django/PHASE_4_COMPLETE.md
+++ b/django/PHASE_4_COMPLETE.md
@@ -1,397 +0,0 @@
 # Phase 4 Complete: Versioning System
 **Date**: November 8, 2025  
 **Status**: ✅ Complete  
 **Django System Check**: 0 issues
 ## Overview
 Successfully implemented automatic version tracking for all entity changes with full history, diffs, and rollback capabilities.
 ## Files Created
 ### 1. Models (`apps/versioning/models.py`) - 325 lines
 **EntityVersion Model**:
 - Generic version tracking using ContentType (supports all entity types)
 - Full JSON snapshot of entity state
 - Changed fields tracking with old/new values
 - Links to ContentSubmission when changes come from moderation
 - Metadata: user, IP address, user agent, comment
 - Version numbering (auto-incremented per entity)
 **Key Features**:
 - `get_snapshot_dict()` - Returns snapshot as Python dict
 - `get_changed_fields_list()` - Lists changed field names
 - `get_field_change(field_name)` - Gets old/new values for field
 - `compare_with(other_version)` - Compares two versions
 - `get_diff_summary()` - Human-readable change summary
 - Class methods for version history and retrieval
 **Indexes**:
 - `(entity_type, entity_id, -created)` - Fast history lookup
 - `(entity_type, entity_id, -version_number)` - Version number lookup
 - `(change_type)` - Filter by change type
 - `(changed_by)` - Filter by user
 - `(submission)` - Link to moderation
 ### 2. Services (`apps/versioning/services.py`) - 480 lines
 **VersionService Class**:
 - `create_version()` - Creates version records (called by lifecycle hooks)
 - `get_version_history()` - Retrieves version history with limit
 - `get_version_by_number()` - Gets specific version by number
 - `get_latest_version()` - Gets most recent version
 - `compare_versions()` - Compares two versions
 - `get_diff_with_current()` - Compares version with current state
 - `restore_version()` - Rollback to previous version (creates new 'restored' version)
 - `get_version_count()` - Count versions for entity
 - `get_versions_by_user()` - Versions created by user
 - `get_versions_by_submission()` - Versions from submission
 **Snapshot Creation**:
 - Handles all Django field types (CharField, DecimalField, DateField, ForeignKey, JSONField, etc.)
 - Normalizes values for JSON serialization
 - Stores complete entity state for rollback
 **Changed Fields Tracking**:
 - Extracts dirty fields from DirtyFieldsMixin
 - Stores old and new values
 - Normalizes for JSON storage
 ### 3. API Endpoints (`api/v1/endpoints/versioning.py`) - 370 lines
 **16 REST API Endpoints**:
 **Park Versions**:
 - `GET /parks/{id}/versions` - Version history
 - `GET /parks/{id}/versions/{number}` - Specific version
 - `GET /parks/{id}/versions/{number}/diff` - Compare with current
 **Ride Versions**:
 - `GET /rides/{id}/versions` - Version history
 - `GET /rides/{id}/versions/{number}` - Specific version
 - `GET /rides/{id}/versions/{number}/diff` - Compare with current
 **Company Versions**:
 - `GET /companies/{id}/versions` - Version history
 - `GET /companies/{id}/versions/{number}` - Specific version
 - `GET /companies/{id}/versions/{number}/diff` - Compare with current
 **Ride Model Versions**:
 - `GET /ride-models/{id}/versions` - Version history
 - `GET /ride-models/{id}/versions/{number}` - Specific version
 - `GET /ride-models/{id}/versions/{number}/diff` - Compare with current
 **Generic Endpoints**:
 - `GET /versions/{id}` - Get version by ID
 - `GET /versions/{id}/compare/{other_id}` - Compare two versions
 - `POST /versions/{id}/restore` - Restore version (commented out, optional)
 ### 4. Schemas (`api/v1/schemas.py`) - Updated
 **New Schemas**:
 - `EntityVersionSchema` - Version output with metadata
 - `VersionHistoryResponseSchema` - Version history list
 - `VersionDiffSchema` - Diff comparison
 - `VersionComparisonSchema` - Compare two versions
 - `MessageSchema` - Generic message response
 - `ErrorSchema` - Error response
 ### 5. Admin Interface (`apps/versioning/admin.py`) - 260 lines
 **EntityVersionAdmin**:
 - Read-only view of version history
 - List display: version number, entity link, change type, user, submission, field count, date
 - Filters: change type, entity type, created date
 - Search: entity ID, comment, user email
 - Date hierarchy on created date
 **Formatted Display**:
 - Entity links to admin detail page
 - User links to user admin
 - Submission links to submission admin
 - Pretty-printed JSON snapshot
 - HTML table for changed fields with old/new values color-coded
 **Permissions**:
 - No add permission (versions auto-created)
 - No delete permission (append-only)
 - No change permission (read-only)
 ### 6. Migrations (`apps/versioning/migrations/0001_initial.py`)
 **Created Tables**:
 - `versioning_entityversion` with all fields and indexes
 - Foreign keys to ContentType, User, and ContentSubmission
 ## Integration Points
 ### 1. Core Models Integration
 The `VersionedModel` in `apps/core/models.py` already had lifecycle hooks ready:
 ```python
@hook(AFTER_CREATE)
 def create_version_on_create(self):
    self._create_version('created')
@hook(AFTER_UPDATE)
 def create_version_on_update(self):
    if self.get_dirty_fields():
        self._create_version('updated')
 ```
 These hooks now successfully call `VersionService.create_version()`.
 ### 2. Moderation Integration
 When `ModerationService.approve_submission()` calls `entity.save()`, the lifecycle hooks automatically:
 1. Create a version record
 2. Link it to the ContentSubmission
 3. Capture the user from submission
 4. Track all changed fields
 ### 3. Entity Models
 All entity models inherit from `VersionedModel`:
 - Company
 - RideModel
 - Park
 - Ride
 Every save operation now automatically creates a version.
 ## Key Technical Decisions
 ### Generic Version Model
 - Uses ContentType for flexibility
 - Single table for all entity types
 - Easier to query version history across entities
 - Simpler to maintain
 ### JSON Snapshot Storage
 - Complete entity state stored as JSON
 - Enables full rollback capability
 - Includes all fields for historical reference
 - Efficient with modern database JSON support
 ### Changed Fields Tracking
 - Separate from snapshot for quick access
 - Shows exactly what changed in each version
 - Includes old and new values
 - Useful for audit trails and diffs
 ### Append-Only Design
 - Versions never deleted
 - Admin is read-only
 - Provides complete audit trail
 - Supports compliance requirements
 ### Performance Optimizations
 - Indexes on (entity_type, entity_id, created)
 - Indexes on (entity_type, entity_id, version_number)
 - Select_related in queries
 - Limited default history (50 versions)
 ## API Examples
 ### Get Version History
 ```bash
 GET /api/v1/parks/{park_id}/versions?limit=20
 ```
 Response:
 ```json
 {
  "entity_id": "uuid",
  "entity_type": "park",
  "entity_name": "Cedar Point",
  "total_versions": 45,
  "versions": [
    {
      "id": "uuid",
      "version_number": 45,
      "change_type": "updated",
      "changed_by_email": "user@example.com",
      "created": "2025-11-08T12:00:00Z",
      "diff_summary": "Updated name, description",
      "changed_fields": {
        "name": {"old": "Old Name", "new": "New Name"}
      }
    }
  ]
 }
 ```
 ### Compare Version with Current
 ```bash
 GET /api/v1/parks/{park_id}/versions/40/diff
 ```
 Response:
 ```json
 {
  "entity_id": "uuid",
  "entity_type": "park",
  "entity_name": "Cedar Point",
  "version_number": 40,
  "version_date": "2025-10-01T10:00:00Z",
  "differences": {
    "name": {
      "current": "Cedar Point",
      "version": "Cedar Point Amusement Park"
    },
    "status": {
      "current": "operating",
      "version": "closed"
    }
  },
  "changed_field_count": 2
 }
 ```
 ### Compare Two Versions
 ```bash
 GET /api/v1/versions/{version_id}/compare/{other_version_id}
 ```
 ## Admin Interface
 Navigate to `/admin/versioning/entityversion/` to:
 - View all version records
 - Filter by entity type, change type, date
 - Search by entity ID, user, comment
 - See formatted snapshots and diffs
 - Click links to entity, user, and submission records
 ## Success Criteria
 ✅ **Version created on every entity save**  
 ✅ **Full snapshot stored in JSON**  
 ✅ **Changed fields tracked**  
 ✅ **Version history API endpoint**  
 ✅ **Diff generation**  
 ✅ **Link to ContentSubmission**  
 ✅ **Django system check: 0 issues**  
 ✅ **Migrations created successfully**
 ## Testing the System
 ### Create an Entity
 ```python
 from apps.entities.models import Company
 company = Company.objects.create(name="Test Company")
 # Version 1 created automatically with change_type='created'
 ```
 ### Update an Entity
 ```python
 company.name = "Updated Company"
 company.save()
 # Version 2 created automatically with change_type='updated'
 # Changed fields captured: {'name': {'old': 'Test Company', 'new': 'Updated Company'}}
 ```
 ### View Version History
 ```python
 from apps.versioning.services import VersionService
 history = VersionService.get_version_history(company, limit=10)
 for version in history:
    print(f"v{version.version_number}: {version.get_diff_summary()}")
 ```
 ### Compare Versions
 ```python
 version1 = VersionService.get_version_by_number(company, 1)
 version2 = VersionService.get_version_by_number(company, 2)
 diff = VersionService.compare_versions(version1, version2)
 print(diff['differences'])
 ```
 ### Restore Version (Optional)
 ```python
 from django.contrib.auth import get_user_model
 User = get_user_model()
 admin = User.objects.first()
 version1 = VersionService.get_version_by_number(company, 1)
 restored = VersionService.restore_version(version1, user=admin, comment="Restored to original name")
 # Creates version 3 with change_type='restored'
 # Entity now back to original state
 ```
 ## Dependencies Used
 All dependencies were already installed:
 - `django-lifecycle==2.1.1` - Lifecycle hooks (AFTER_CREATE, AFTER_UPDATE)
 - `django-dirtyfields` - Track changed fields
 - `django-ninja` - REST API framework
 - `pydantic` - API schemas
 - `unfold` - Admin UI theme
 ## Performance Characteristics
 ### Version Creation
 - **Time**: ~10-20ms per version
 - **Transaction**: Atomic with entity save
 - **Storage**: ~1-5KB per version (depends on entity size)
 ### History Queries
 - **Time**: ~5-10ms for 50 versions
 - **Optimization**: Indexed on (entity_type, entity_id, created)
 - **Pagination**: Default limit of 50 versions
 ### Snapshot Size
 - **Company**: ~500 bytes
 - **Park**: ~1-2KB (includes location data)
 - **Ride**: ~1-2KB (includes stats)
 - **RideModel**: ~500 bytes
 ## Next Steps
 ### Optional Enhancements
 1. **Version Restoration API**: Uncomment restore endpoint in `versioning.py`
 2. **Bulk Version Export**: Add CSV/JSON export for compliance
 3. **Version Retention Policy**: Archive old versions after N days
 4. **Version Notifications**: Notify on significant changes
 5. **Version Search**: Full-text search across version snapshots
 ### Integration with Frontend
 1. Display "Version History" tab on entity detail pages
 2. Show visual diff of changes
 3. Allow rollback from UI (if restoration enabled)
 4. Show version timeline
 ## Statistics
 - **Files Created**: 5
 - **Lines of Code**: ~1,735
 - **API Endpoints**: 16
 - **Database Tables**: 1
 - **Indexes**: 5
 - **Implementation Time**: ~2 hours (vs 6 days estimated) ⚡
 ## Verification
 ```bash
 # Run Django checks
 python manage.py check
 # Output: System check identified no issues (0 silenced).
 # Create migrations
 python manage.py makemigrations
 # Output: Migrations for 'versioning': 0001_initial.py
 # View API docs
 # Navigate to: http://localhost:8000/api/v1/docs
 # See "Versioning" section with all endpoints
 ```
 ## Conclusion
 Phase 4 is complete! The versioning system provides:
 - ✅ Automatic version tracking on all entity changes
 - ✅ Complete audit trail with full snapshots
 - ✅ Integration with moderation workflow
 - ✅ Rich API for version history and comparison
 - ✅ Admin interface for viewing version records
 - ✅ Optional rollback capability
 - ✅ Zero-configuration operation (works via lifecycle hooks)
 The system is production-ready and follows Django best practices for performance, security, and maintainability.
 ---
 **Next Phase**: Phase 5 - Media Management (if applicable) or Project Completion
--- a/django/PHASE_4_SEARCH_VECTOR_SIGNALS_COMPLETE.md
+++ b/django/PHASE_4_SEARCH_VECTOR_SIGNALS_COMPLETE.md
@@ -1,401 +0,0 @@
 # Phase 4: Automatic Search Vector Updates - COMPLETE ✅
 ## Overview
 Phase 4 implements Django signal handlers that automatically update search vectors whenever entity models are created or modified. This eliminates the need for manual re-indexing and ensures search results are always up-to-date.
 ## Implementation Summary
 ### 1. Signal Handler Architecture
 Created `django/apps/entities/signals.py` with comprehensive signal handlers for all entity models.
 **Key Features:**
 - ✅ PostgreSQL-only activation (respects `_using_postgis` flag)
 - ✅ Automatic search vector updates on create/update
 - ✅ Cascading updates for related objects
 - ✅ Efficient bulk updates to minimize database queries
 - ✅ Change detection to avoid unnecessary updates
 ### 2. Signal Registration
 Updated `django/apps/entities/apps.py` to register signals on app startup:
 ```python
 class EntitiesConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'apps.entities'
    verbose_name = 'Entities'
    def ready(self):
        """Import signal handlers when app is ready."""
        import apps.entities.signals  # noqa
 ```
 ## Signal Handlers Implemented
 ### Company Signals
 **1. `update_company_search_vector`** (post_save)
 - Triggers: Company create/update
 - Updates: Company's own search vector
 - Fields indexed:
  - `name` (weight A)
  - `description` (weight B)
 **2. `check_company_name_change`** (pre_save)
 - Tracks: Company name changes
 - Purpose: Enables cascading updates
 **3. `cascade_company_name_updates`** (post_save)
 - Triggers: Company name changes
 - Updates:
  - All RideModels from this manufacturer
  - All Rides from this manufacturer
 - Ensures: Related objects reflect new company name in search
 ### Park Signals
 **1. `update_park_search_vector`** (post_save)
 - Triggers: Park create/update
 - Updates: Park's own search vector
 - Fields indexed:
  - `name` (weight A)
  - `description` (weight B)
 **2. `check_park_name_change`** (pre_save)
 - Tracks: Park name changes
 - Purpose: Enables cascading updates
 **3. `cascade_park_name_updates`** (post_save)
 - Triggers: Park name changes
 - Updates: All Rides in this park
 - Ensures: Rides reflect new park name in search
 ### RideModel Signals
 **1. `update_ride_model_search_vector`** (post_save)
 - Triggers: RideModel create/update
 - Updates: RideModel's own search vector
 - Fields indexed:
  - `name` (weight A)
  - `manufacturer__name` (weight A)
  - `description` (weight B)
 **2. `check_ride_model_manufacturer_change`** (pre_save)
 - Tracks: Manufacturer changes
 - Purpose: Future cascading updates if needed
 ### Ride Signals
 **1. `update_ride_search_vector`** (post_save)
 - Triggers: Ride create/update
 - Updates: Ride's own search vector
 - Fields indexed:
  - `name` (weight A)
  - `park__name` (weight A)
  - `manufacturer__name` (weight B)
  - `description` (weight B)
 **2. `check_ride_relationships_change`** (pre_save)
 - Tracks: Park and manufacturer changes
 - Purpose: Future cascading updates if needed
 ## Search Vector Composition
 Each entity model has a carefully weighted search vector:
 ### Company
 ```sql
 search_vector = 
  setweight(to_tsvector('english', name), 'A') ||
  setweight(to_tsvector('english', description), 'B')
 ```
 ### RideModel
 ```sql
 search_vector = 
  setweight(to_tsvector('english', name), 'A') ||
  setweight(to_tsvector('english', manufacturer.name), 'A') ||
  setweight(to_tsvector('english', description), 'B')
 ```
 ### Park
 ```sql
 search_vector = 
  setweight(to_tsvector('english', name), 'A') ||
  setweight(to_tsvector('english', description), 'B')
 ```
 ### Ride
 ```sql
 search_vector = 
  setweight(to_tsvector('english', name), 'A') ||
  setweight(to_tsvector('english', park.name), 'A') ||
  setweight(to_tsvector('english', manufacturer.name), 'B') ||
  setweight(to_tsvector('english', description), 'B')
 ```
 ## Cascading Update Logic
 ### When Company Name Changes
 1. **Pre-save signal** captures old name
 2. **Post-save signal** compares old vs new name
 3. If changed:
   - Updates all RideModels from this manufacturer
   - Updates all Rides from this manufacturer
 **Example:**
 ```python
 # Rename "Bolliger & Mabillard" to "B&M"
 company = Company.objects.get(name="Bolliger & Mabillard")
 company.name = "B&M"
 company.save()
 # Automatically updates search vectors for:
 # - All RideModels (e.g., "B&M Inverted Coaster")
 # - All Rides (e.g., "Batman: The Ride at Six Flags")
 ```
 ### When Park Name Changes
 1. **Pre-save signal** captures old name
 2. **Post-save signal** compares old vs new name
 3. If changed:
   - Updates all Rides in this park
 **Example:**
 ```python
 # Rename park
 park = Park.objects.get(name="Cedar Point")
 park.name = "Cedar Point Amusement Park"
 park.save()
 # Automatically updates search vectors for:
 # - All rides in this park (e.g., "Steel Vengeance")
 ```
 ## Performance Considerations
 ### Efficient Update Strategy
 1. **Filter-then-update pattern**:
   ```python
   Model.objects.filter(pk=instance.pk).update(
       search_vector=SearchVector(...)
   )
   ```
   - Single database query
   - No additional model save overhead
   - Bypasses signal recursion
 2. **Change detection**:
   - Only cascades updates when names actually change
   - Avoids unnecessary database operations
   - Checks `created` flag to skip cascades on new objects
 3. **PostgreSQL-only execution**:
   - All signals wrapped in `if _using_postgis:` guard
   - Zero overhead on SQLite (development)
 ### Bulk Operations Consideration
 For large bulk updates, consider temporarily disconnecting signals:
 ```python
 from django.db.models.signals import post_save
 from apps.entities.signals import update_company_search_vector
 from apps.entities.models import Company
 # Disconnect signal
 post_save.disconnect(update_company_search_vector, sender=Company)
 # Perform bulk operations
 Company.objects.bulk_create([...])
 # Reconnect signal
 post_save.connect(update_company_search_vector, sender=Company)
 # Manually update search vectors if needed
 from django.contrib.postgres.search import SearchVector
 Company.objects.update(
    search_vector=SearchVector('name', weight='A') + 
                  SearchVector('description', weight='B')
 )
 ```
 ## Testing Strategy
 ### Manual Testing
 1. **Create new entity**:
   ```python
   company = Company.objects.create(
       name="Test Manufacturer",
       description="A test company"
   )
   # Check: company.search_vector should be populated
   ```
 2. **Update entity**:
   ```python
   company.description = "Updated description"
   company.save()
   # Check: company.search_vector should be updated
   ```
 3. **Cascading updates**:
   ```python
   # Change company name
   company.name = "New Name"
   company.save()
   # Check: Related RideModels and Rides should have updated search vectors
   ```
 ### Automated Testing (Recommended)
 Create tests in `django/apps/entities/tests/test_signals.py`:
 ```python
 from django.test import TestCase
 from django.contrib.postgres.search import SearchQuery
 from apps.entities.models import Company, Park, Ride
 class SearchVectorSignalTests(TestCase):
    def test_company_search_vector_on_create(self):
        """Test search vector is populated on company creation."""
        company = Company.objects.create(
            name="Intamin",
            description="Ride manufacturer"
        )
        self.assertIsNotNone(company.search_vector)
    def test_company_name_change_cascades(self):
        """Test company name changes cascade to rides."""
        company = Company.objects.create(name="Old Name")
        park = Park.objects.create(name="Test Park")
        ride = Ride.objects.create(
            name="Test Ride",
            park=park,
            manufacturer=company
        )
        # Change company name
        company.name = "New Name"
        company.save()
        # Verify ride search vector updated
        ride.refresh_from_db()
        results = Ride.objects.filter(
            search_vector=SearchQuery("New Name")
        )
        self.assertIn(ride, results)
 ```
 ## Benefits
 ✅ **Automatic synchronization**: Search vectors always up-to-date
 ✅ **No manual re-indexing**: Zero maintenance overhead
 ✅ **Cascading updates**: Related objects stay synchronized
 ✅ **Performance optimized**: Minimal database queries
 ✅ **PostgreSQL-only**: No overhead on development (SQLite)
 ✅ **Transparent**: Works seamlessly with existing code
 ## Integration with Previous Phases
 ### Phase 1: SearchVectorField Implementation
 - ✅ Added `search_vector` fields to models
 - ✅ Conditional for PostgreSQL-only
 ### Phase 2: GIN Indexes and Population
 - ✅ Created GIN indexes for fast search
 - ✅ Initial population of search vectors
 ### Phase 3: SearchService Optimization
 - ✅ Optimized queries to use pre-computed vectors
 - ✅ 5-10x performance improvement
 ### Phase 4: Automatic Updates (Current)
 - ✅ Signal handlers for automatic updates
 - ✅ Cascading updates for related objects
 - ✅ Zero-maintenance search infrastructure
 ## Complete Search Architecture
 ```
 ┌─────────────────────────────────────────────────────────┐
 │                     Phase 1: Foundation                  │
 │  SearchVectorField added to all entity models            │
 └────────────────────┬────────────────────────────────────┘
                     │
 ┌────────────────────▼────────────────────────────────────┐
 │              Phase 2: Indexing & Population              │
 │  - GIN indexes for fast search                           │
 │  - Initial search vector population via migration        │
 └────────────────────┬────────────────────────────────────┘
                     │
 ┌────────────────────▼────────────────────────────────────┐
 │            Phase 3: Query Optimization                   │
 │  - SearchService uses pre-computed vectors               │
 │  - 5-10x faster than real-time computation               │
 └────────────────────┬────────────────────────────────────┘
                     │
 ┌────────────────────▼────────────────────────────────────┐
 │            Phase 4: Automatic Updates (NEW)              │
 │  - Django signals keep vectors synchronized              │
 │  - Cascading updates for related objects                 │
 │  - Zero maintenance required                             │
 └─────────────────────────────────────────────────────────┘
 ```
 ## Files Modified
 1. **`django/apps/entities/signals.py`** (NEW)
   - Complete signal handler implementation
   - 200+ lines of well-documented code
 2. **`django/apps/entities/apps.py`** (MODIFIED)
   - Added `ready()` method to register signals
 ## Next Steps (Optional Enhancements)
 1. **Performance Monitoring**:
   - Add metrics for signal execution time
   - Monitor cascading update frequency
 2. **Bulk Operation Optimization**:
   - Create management command for bulk re-indexing
   - Add signal disconnect context manager
 3. **Advanced Features**:
   - Language-specific search configurations
   - Partial word matching
   - Synonym support
 ## Verification
 Run system check to verify implementation:
 ```bash
 cd django
 python manage.py check
 ```
 Expected output: `System check identified no issues (0 silenced).`
 ## Conclusion
 Phase 4 completes the full-text search infrastructure by adding automatic search vector updates. The system now:
 1. ✅ Has optimized search fields (Phase 1)
 2. ✅ Has GIN indexes for performance (Phase 2)
 3. ✅ Uses pre-computed vectors (Phase 3)
 4. ✅ **Automatically updates vectors (Phase 4)** ← NEW
 The search system is now production-ready with zero maintenance overhead!
 ---
 **Implementation Date**: 2025-11-08
 **Status**: ✅ COMPLETE
 **Verified**: Django system check passed
--- a/django/PHASE_5_AUTHENTICATION_COMPLETE.md
+++ b/django/PHASE_5_AUTHENTICATION_COMPLETE.md
@@ -1,578 +0,0 @@
 # Phase 5: Authentication System - COMPLETE ✅
 **Implementation Date:** November 8, 2025
 **Duration:** ~2 hours
 **Status:** Production Ready
 ---
 ## 🎯 Overview
 Phase 5 implements a complete, enterprise-grade authentication system with JWT tokens, MFA support, role-based access control, and comprehensive user management.
 ## ✅ What Was Implemented
 ### 1. **Authentication Services Layer** (`apps/users/services.py`)
 #### AuthenticationService
 - ✅ **User Registration**
  - Email-based with password validation
  - Automatic username generation
  - Profile & role creation on signup
  - Duplicate email prevention
 - ✅ **User Authentication**
  - Email/password login
  - Banned user detection
  - Last login timestamp tracking
  - OAuth user creation (Google, Discord)
 - ✅ **Password Management**
  - Secure password changes
  - Password reset functionality
  - Django password validation integration
 #### MFAService (Multi-Factor Authentication)
 - ✅ **TOTP-based 2FA**
  - Device creation and management
  - QR code generation for authenticator apps
  - Token verification
  - Enable/disable MFA per user
 #### RoleService
 - ✅ **Role Management**
  - Three-tier role system (user, moderator, admin)
  - Role assignment with audit trail
  - Permission checking
  - Role-based capabilities
 #### UserManagementService
 - ✅ **Profile Management**
  - Update user information
  - Manage preferences
  - User statistics tracking
  - Ban/unban functionality
 ### 2. **Permission System** (`apps/users/permissions.py`)
 #### JWT Authentication
 - ✅ **JWTAuth Class**
  - Bearer token authentication
  - Token validation and decoding
  - Banned user filtering
  - Automatic user lookup
 #### Permission Decorators
 - ✅ `@require_auth` - Require any authenticated user
 - ✅ `@require_role(role)` - Require specific role
 - ✅ `@require_moderator` - Require moderator or admin
 - ✅ `@require_admin` - Require admin only
 #### Permission Helpers
 - ✅ `is_owner_or_moderator()` - Check ownership or moderation rights
 - ✅ `can_moderate()` - Check moderation permissions
 - ✅ `can_submit()` - Check submission permissions
 - ✅ `PermissionChecker` class - Comprehensive permission checks
 ### 3. **API Schemas** (`api/v1/schemas.py`)
 #### 26 New Authentication Schemas
 - User registration and login
 - Token management
 - Profile and preferences
 - MFA setup and verification
 - User administration
 - Role management
 ### 4. **Authentication API Endpoints** (`api/v1/endpoints/auth.py`)
 #### Public Endpoints
 - ✅ `POST /auth/register` - User registration
 - ✅ `POST /auth/login` - Login with email/password
 - ✅ `POST /auth/token/refresh` - Refresh JWT tokens
 - ✅ `POST /auth/logout` - Logout (blacklist token)
 - ✅ `POST /auth/password/reset` - Request password reset
 #### Authenticated Endpoints
 - ✅ `GET /auth/me` - Get current user profile
 - ✅ `PATCH /auth/me` - Update profile
 - ✅ `GET /auth/me/role` - Get user role
 - ✅ `GET /auth/me/permissions` - Get permissions
 - ✅ `GET /auth/me/stats` - Get user statistics
 - ✅ `GET /auth/me/preferences` - Get preferences
 - ✅ `PATCH /auth/me/preferences` - Update preferences
 - ✅ `POST /auth/password/change` - Change password
 #### MFA Endpoints
 - ✅ `POST /auth/mfa/enable` - Enable MFA
 - ✅ `POST /auth/mfa/confirm` - Confirm MFA setup
 - ✅ `POST /auth/mfa/disable` - Disable MFA
 - ✅ `POST /auth/mfa/verify` - Verify MFA token
 #### Admin Endpoints
 - ✅ `GET /auth/users` - List all users (with filters)
 - ✅ `GET /auth/users/{id}` - Get user by ID
 - ✅ `POST /auth/users/ban` - Ban user
 - ✅ `POST /auth/users/unban` - Unban user
 - ✅ `POST /auth/users/assign-role` - Assign role
 **Total:** 23 authentication endpoints
 ### 5. **Admin Interface** (`apps/users/admin.py`)
 #### User Admin
 - ✅ Rich list view with badges (role, status, MFA, reputation)
 - ✅ Advanced filtering (active, staff, banned, MFA, OAuth)
 - ✅ Search by email, username, name
 - ✅ Inline editing of role and profile
 - ✅ Import/export functionality
 - ✅ Bulk actions (ban, unban, role assignment)
 #### Role Admin
 - ✅ Role assignment tracking
 - ✅ Audit trail (who granted role, when)
 - ✅ Role filtering
 #### Profile Admin
 - ✅ Statistics display
 - ✅ Approval rate calculation
 - ✅ Preference management
 - ✅ Privacy settings
 ### 6. **API Documentation Updates** (`api/v1/api.py`)
 - ✅ Added authentication section to API docs
 - ✅ JWT workflow explanation
 - ✅ Permission levels documentation
 - ✅ MFA setup instructions
 - ✅ Added `/auth` to endpoint list
 ---
 ## 📊 Architecture
 ### Authentication Flow
 ```
 ┌─────────────┐
 │   Register  │
 │  /register  │
 └──────┬──────┘
       │
       ├─ Create User
       ├─ Create UserRole (default: 'user')
       ├─ Create UserProfile
       └─ Return User
 ┌─────────────┐
 │    Login    │
 │   /login    │
 └──────┬──────┘
       │
       ├─ Authenticate (email + password)
       ├─ Check if banned
       ├─ Verify MFA if enabled
       ├─ Generate JWT tokens
       └─ Return access & refresh tokens
 ┌─────────────┐
 │ API Request │
 │ with Bearer │
 │    Token    │
 └──────┬──────┘
       │
       ├─ JWTAuth.authenticate()
       ├─ Decode JWT
       ├─ Get User
       ├─ Check not banned
       └─ Attach user to request.auth
 ┌─────────────┐
 │  Protected  │
 │  Endpoint   │
 └──────┬──────┘
       │
       ├─ @require_auth decorator
       ├─ Check request.auth exists
       ├─ @require_role decorator (optional)
       └─ Execute endpoint
 ```
 ### Permission Hierarchy
 ```
 ┌──────────┐
 │  Admin   │ ← Full access to everything
 └────┬─────┘
     │
 ┌────┴─────────┐
 │  Moderator   │ ← Can moderate, approve submissions
 └────┬─────────┘
     │
 ┌────┴─────┐
 │   User   │ ← Can submit, edit own content
 └──────────┘
 ```
 ### Role-Based Permissions
 | Role      | Submit | Edit Own | Moderate | Admin | Ban Users | Assign Roles |
 |-----------|--------|----------|----------|-------|-----------|--------------|
 | User      | ✅     | ✅       | ❌       | ❌    | ❌        | ❌           |
 | Moderator | ✅     | ✅       | ✅       | ❌    | ❌        | ❌           |
 | Admin     | ✅     | ✅       | ✅       | ✅    | ✅        | ✅           |
 ---
 ## 🔐 Security Features
 ### 1. **JWT Token Security**
 - HS256 algorithm
 - 60-minute access token lifetime
 - 7-day refresh token lifetime
 - Automatic token rotation
 - Token blacklisting on rotation
 ### 2. **Password Security**
 - Django password validation
 - Minimum 8 characters
 - Common password prevention
 - User attribute similarity check
 - Numeric-only prevention
 ### 3. **MFA/2FA Support**
 - TOTP-based (RFC 6238)
 - Compatible with Google Authenticator, Authy, etc.
 - QR code generation
 - Backup codes (TODO)
 ### 4. **Account Protection**
 - Failed login tracking (django-defender)
 - Account lockout after 5 failed attempts
 - 5-minute cooldown period
 - Ban system for problematic users
 ### 5. **OAuth Integration**
 - Google OAuth 2.0
 - Discord OAuth 2.0
 - Automatic account linking
 - Provider tracking
 ---
 ## 📝 API Usage Examples
 ### 1. **Register a New User**
 ```bash
 POST /api/v1/auth/register
 Content-Type: application/json
 {
  "email": "user@example.com",
  "password": "SecurePass123",
  "password_confirm": "SecurePass123",
  "first_name": "John",
  "last_name": "Doe"
 }
 # Response
 {
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "user@example.com",
  "username": "user",
  "display_name": "John Doe",
  "reputation_score": 0,
  "mfa_enabled": false,
  ...
 }
 ```
 ### 2. **Login**
 ```bash
 POST /api/v1/auth/login
 Content-Type: application/json
 {
  "email": "user@example.com",
  "password": "SecurePass123"
 }
 # Response
 {
  "access": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "refresh": "eyJ0eXAiOiJKV1QiLCJhbGc...",
  "token_type": "Bearer"
 }
 ```
 ### 3. **Access Protected Endpoint**
 ```bash
 GET /api/v1/auth/me
 Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...
 # Response
 {
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "email": "user@example.com",
  "username": "user",
  "display_name": "John Doe",
  ...
 }
 ```
 ### 4. **Enable MFA**
 ```bash
 # Step 1: Enable MFA
 POST /api/v1/auth/mfa/enable
 Authorization: Bearer <token>
 # Response
 {
  "secret": "JBSWY3DPEHPK3PXP",
  "qr_code_url": "otpauth://totp/ThrillWiki:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=ThrillWiki",
  "backup_codes": []
 }
 # Step 2: Scan QR code with authenticator app
 # Step 3: Confirm with 6-digit token
 POST /api/v1/auth/mfa/confirm
 Authorization: Bearer <token>
 Content-Type: application/json
 {
  "token": "123456"
 }
 # Response
 {
  "message": "MFA enabled successfully",
  "success": true
 }
 ```
 ### 5. **Login with MFA**
 ```bash
 POST /api/v1/auth/login
 Content-Type: application/json
 {
  "email": "user@example.com",
  "password": "SecurePass123",
  "mfa_token": "123456"
 }
 ```
 ---
 ## 🛠️ Integration with Existing Systems
 ### Moderation System Integration
 The authentication system integrates seamlessly with the existing moderation system:
 ```python
 # In moderation endpoints
 from apps.users.permissions import jwt_auth, require_moderator
@router.post("/submissions/{id}/approve", auth=jwt_auth)
@require_moderator
 def approve_submission(request: HttpRequest, id: UUID):
    user = request.auth  # Authenticated user
    # Moderator can approve submissions
    ...
 ```
 ### Versioning System Integration
 User information is automatically tracked in version records:
 ```python
 # Versions automatically track who made changes
 version = EntityVersion.objects.create(
    entity_type='park',
    entity_id=park.id,
    changed_by=request.auth,  # User from JWT
    ...
 )
 ```
 ---
 ## 📈 Statistics
 | Metric | Count |
 |--------|-------|
 | **New Files Created** | 3 |
 | **Files Modified** | 2 |
 | **Lines of Code** | ~2,500 |
 | **API Endpoints** | 23 |
 | **Pydantic Schemas** | 26 |
 | **Services** | 4 classes |
 | **Permission Decorators** | 4 |
 | **Admin Interfaces** | 3 |
 | **System Check Issues** | 0 ✅ |
 ---
 ## 🎓 Next Steps for Frontend Integration
 ### 1. **Authentication Flow**
 ```typescript
 // Login
 const response = await fetch('/api/v1/auth/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'password123'
  })
 });
 const { access, refresh } = await response.json();
 // Store tokens
 localStorage.setItem('access_token', access);
 localStorage.setItem('refresh_token', refresh);
 // Use token in requests
 const protectedResponse = await fetch('/api/v1/auth/me', {
  headers: {
    'Authorization': `Bearer ${access}`
  }
 });
 ```
 ### 2. **Token Refresh**
 ```typescript
 // Refresh token when access token expires
 async function refreshToken() {
  const refresh = localStorage.getItem('refresh_token');
  const response = await fetch('/api/v1/auth/token/refresh', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ refresh })
  });
  const { access } = await response.json();
  localStorage.setItem('access_token', access);
  return access;
 }
 ```
 ### 3. **Permission Checks**
 ```typescript
 // Get user permissions
 const permissions = await fetch('/api/v1/auth/me/permissions', {
  headers: {
    'Authorization': `Bearer ${access_token}`
  }
 }).then(r => r.json());
 // {
 //   can_submit: true,
 //   can_moderate: false,
 //   can_admin: false,
 //   can_edit_own: true,
 //   can_delete_own: true
 // }
 // Conditional rendering
 {permissions.can_moderate && (
  <button>Moderate Content</button>
 )}
 ```
 ---
 ## 🔧 Configuration
 ### Environment Variables
 Add to `.env`:
 ```bash
 # JWT Settings (already configured in settings.py)
 SECRET_KEY=your-secret-key-here
 # OAuth (if using)
 GOOGLE_OAUTH_CLIENT_ID=your-google-client-id
 GOOGLE_OAUTH_CLIENT_SECRET=your-google-client-secret
 DISCORD_OAUTH_CLIENT_ID=your-discord-client-id
 DISCORD_OAUTH_CLIENT_SECRET=your-discord-client-secret
 # Email (for password reset - TODO)
 EMAIL_HOST=smtp.gmail.com
 EMAIL_PORT=587
 EMAIL_HOST_USER=your-email@gmail.com
 EMAIL_HOST_PASSWORD=your-email-password
 EMAIL_USE_TLS=True
 ```
 ---
 ## 🐛 Known Limitations
 1. **Password Reset Email**: Currently a placeholder - needs email backend configuration
 2. **OAuth Redirect URLs**: Need to be configured in Google/Discord consoles
 3. **Backup Codes**: MFA backup codes generation not yet implemented
 4. **Rate Limiting**: Uses django-defender, but API-specific rate limiting to be added
 5. **Session Management**: No "view all sessions" or "logout everywhere" yet
 ---
 ## ✅ Testing Checklist
 - [x] User can register
 - [x] User can login
 - [x] JWT tokens are generated
 - [x] Protected endpoints require authentication
 - [x] Role-based access control works
 - [x] MFA can be enabled/disabled
 - [x] User profile can be updated
 - [x] Preferences can be managed
 - [x] Admin can ban/unban users
 - [x] Admin can assign roles
 - [x] Admin interface works
 - [x] Django system check passes
 - [ ] Password reset email (needs email backend)
 - [ ] OAuth flows (needs provider setup)
 ---
 ## 📚 Additional Resources
 - **Django REST JWT**: https://django-rest-framework-simplejwt.readthedocs.io/
 - **Django Allauth**: https://django-allauth.readthedocs.io/
 - **Django OTP**: https://django-otp-official.readthedocs.io/
 - **Django Guardian**: https://django-guardian.readthedocs.io/
 - **TOTP RFC**: https://tools.ietf.org/html/rfc6238
 ---
 ## 🎉 Summary
 Phase 5 delivers a **complete, production-ready authentication system** that:
 - ✅ Provides secure JWT-based authentication
 - ✅ Supports MFA/2FA for enhanced security
 - ✅ Implements role-based access control
 - ✅ Includes comprehensive user management
 - ✅ Integrates seamlessly with existing systems
 - ✅ Offers a beautiful admin interface
 - ✅ Passes all Django system checks
 - ✅ Ready for frontend integration
 **The ThrillWiki Django backend now has complete authentication!** 🚀
 Users can register, login, enable MFA, manage their profiles, and admins have full user management capabilities. The system is secure, scalable, and ready for production use.
--- a/django/PHASE_6_MEDIA_COMPLETE.md
+++ b/django/PHASE_6_MEDIA_COMPLETE.md
@@ -1,463 +0,0 @@
 # Phase 6: Media Management System - COMPLETE ✅
 ## Overview
 Phase 6 successfully implements a comprehensive media management system with CloudFlare Images integration, photo moderation, and entity attachment. The system provides a complete API for uploading, managing, and moderating photos with CDN delivery.
 **Completion Date:** November 8, 2025  
 **Total Implementation Time:** ~4 hours  
 **Files Created:** 3  
 **Files Modified:** 5  
 **Total Lines Added:** ~1,800 lines
 ---
 ## ✅ Completed Components
 ### 1. CloudFlare Service Layer ✅
 **File:** `django/apps/media/services.py` (~500 lines)
 **CloudFlareService Features:**
 - ✅ Image upload to CloudFlare Images API
 - ✅ Image deletion from CloudFlare
 - ✅ CDN URL generation for image variants
 - ✅ Automatic mock mode for development (no CloudFlare credentials needed)
 - ✅ Error handling and retry logic
 - ✅ Support for multiple image variants (public, thumbnail, banner)
 **PhotoService Features:**
 - ✅ Photo creation with CloudFlare upload
 - ✅ Entity attachment/detachment
 - ✅ Photo moderation (approve/reject/flag)
 - ✅ Gallery reordering
 - ✅ Photo deletion with CloudFlare cleanup
 - ✅ Dimension extraction from uploads
 ### 2. Image Validators ✅
 **File:** `django/apps/media/validators.py` (~170 lines)
 **Validation Features:**
 - ✅ File type validation (JPEG, PNG, WebP, GIF)
 - ✅ File size validation (1KB - 10MB)
 - ✅ Image dimension validation (100x100 - 8000x8000)
 - ✅ Aspect ratio validation for specific photo types
 - ✅ Content type verification with python-magic
 - ✅ Placeholder for content safety API integration
 ### 3. API Schemas ✅
 **File:** `django/api/v1/schemas.py` (added ~200 lines)
 **New Schemas:**
 - ✅ `PhotoBase` - Base photo fields
 - ✅ `PhotoUploadRequest` - Multipart upload with entity attachment
 - ✅ `PhotoUpdate` - Metadata updates
 - ✅ `PhotoOut` - Complete photo response with CDN URLs
 - ✅ `PhotoListOut` - Paginated photo list
 - ✅ `PhotoUploadResponse` - Upload confirmation
 - ✅ `PhotoModerateRequest` - Moderation actions
 - ✅ `PhotoReorderRequest` - Gallery reordering
 - ✅ `PhotoAttachRequest` - Entity attachment
 - ✅ `PhotoStatsOut` - Photo statistics
 ### 4. API Endpoints ✅
 **File:** `django/api/v1/endpoints/photos.py` (~650 lines)
 **Public Endpoints (No Auth Required):**
 - ✅ `GET /photos` - List approved photos with filters
 - ✅ `GET /photos/{id}` - Get photo details
 - ✅ `GET /{entity_type}/{entity_id}/photos` - Get entity photos
 **Authenticated Endpoints (JWT Required):**
 - ✅ `POST /photos/upload` - Upload new photo with multipart form data
 - ✅ `PATCH /photos/{id}` - Update photo metadata
 - ✅ `DELETE /photos/{id}` - Delete own photo
 - ✅ `POST /{entity_type}/{entity_id}/photos` - Attach photo to entity
 **Moderator Endpoints:**
 - ✅ `GET /photos/pending` - List pending photos
 - ✅ `POST /photos/{id}/approve` - Approve photo
 - ✅ `POST /photos/{id}/reject` - Reject photo with notes
 - ✅ `POST /photos/{id}/flag` - Flag photo for review
 - ✅ `GET /photos/stats` - Photo statistics
 **Admin Endpoints:**
 - ✅ `DELETE /photos/{id}/admin` - Force delete any photo
 - ✅ `POST /{entity_type}/{entity_id}/photos/reorder` - Reorder photos
 ### 5. Enhanced Admin Interface ✅
 **File:** `django/apps/media/admin.py` (expanded to ~190 lines)
 **PhotoAdmin Features:**
 - ✅ Thumbnail previews in list view (60x60px)
 - ✅ Entity information display
 - ✅ File size and dimension display
 - ✅ Moderation status filters
 - ✅ Photo statistics in changelist
 - ✅ Bulk actions (approve, reject, flag, feature)
 - ✅ Date hierarchy navigation
 - ✅ Optimized queries with select_related
 **PhotoInline for Entity Admin:**
 - ✅ Thumbnail previews (40x40px)
 - ✅ Title, type, and status display
 - ✅ Display order management
 - ✅ Quick delete capability
 ### 6. Entity Integration ✅
 **File:** `django/apps/entities/models.py` (added ~100 lines)
 **Added to All Entity Models (Company, RideModel, Park, Ride):**
 - ✅ `photos` GenericRelation for photo attachment
 - ✅ `get_photos(photo_type, approved_only)` method
 - ✅ `main_photo` property
 - ✅ Type-specific properties (logo_photo, banner_photo, gallery_photos)
 **File:** `django/apps/entities/admin.py` (modified)
 - ✅ PhotoInline added to all entity admin pages
 - ✅ Photos manageable directly from entity edit pages
 ### 7. API Router Registration ✅
 **File:** `django/api/v1/api.py` (modified)
 - ✅ Photos router registered
 - ✅ Photo endpoints documented in API info
 - ✅ Available at `/api/v1/photos/` and entity-nested routes
 ---
 ## 📊 System Capabilities
 ### Photo Upload Flow
 ```
 1. User uploads photo via API → Validation
 2. Image validated → CloudFlare upload
 3. Photo record created → Moderation status: pending
 4. Optional entity attachment
 5. Moderator reviews → Approve/Reject
 6. Approved photos visible publicly
 ```
 ### Supported Photo Types
 - `main` - Main/hero photo
 - `gallery` - Gallery photos
 - `banner` - Wide banner images
 - `logo` - Square logo images
 - `thumbnail` - Thumbnail images
 - `other` - Other photo types
 ### Supported Formats
 - JPEG/JPG
 - PNG
 - WebP
 - GIF
 ### File Constraints
 - **Size:** 1 KB - 10 MB
 - **Dimensions:** 100x100 - 8000x8000 pixels
 - **Aspect Ratios:** Enforced for banner (2:1 to 4:1) and logo (1:2 to 2:1)
 ### CloudFlare Integration
 - **Mock Mode:** Works without CloudFlare credentials (development)
 - **Production Mode:** Full CloudFlare Images API integration
 - **CDN Delivery:** Global CDN for fast image delivery
 - **Image Variants:** Automatic generation of thumbnails, banners, etc.
 - **URL Format:** `https://imagedelivery.net/{hash}/{image_id}/{variant}`
 ---
 ## 🔒 Security & Permissions
 ### Upload Permissions
 - **Any Authenticated User:** Can upload photos
 - **Photo enters moderation queue automatically**
 - **Users can edit/delete own photos**
 ### Moderation Permissions
 - **Moderators:** Approve, reject, flag photos
 - **Admins:** Force delete any photo, reorder galleries
 ### API Security
 - **JWT Authentication:** Required for uploads and management
 - **Permission Checks:** Enforced on all write operations
 - **User Isolation:** Users only see/edit own pending photos
 ---
 ## 📁 File Structure
 ```
 django/apps/media/
 ├── models.py          # Photo model (already existed)
 ├── services.py        # NEW: CloudFlare + Photo services
 ├── validators.py      # NEW: Image validation
 └── admin.py           # ENHANCED: Admin with thumbnails
 django/api/v1/
 ├── schemas.py         # ENHANCED: Photo schemas added
 ├── endpoints/
 │   └── photos.py      # NEW: Photo API endpoints
 └── api.py             # MODIFIED: Router registration
 django/apps/entities/
 ├── models.py          # ENHANCED: Photo relationships
 └── admin.py           # ENHANCED: Photo inlines
 ```
 ---
 ## 🎯 Usage Examples
 ### Upload Photo (API)
 ```bash
 curl -X POST http://localhost:8000/api/v1/photos/upload \
  -H "Authorization: Bearer {token}" \
  -F "file=@photo.jpg" \
  -F "title=Amazing Roller Coaster" \
  -F "photo_type=gallery" \
  -F "entity_type=park" \
  -F "entity_id={park_uuid}"
 ```
 ### Get Entity Photos (API)
 ```bash
 curl http://localhost:8000/api/v1/park/{park_id}/photos?photo_type=gallery
 ```
 ### In Python Code
 ```python
 from apps.entities.models import Park
 from apps.media.services import PhotoService
 # Get a park
 park = Park.objects.get(slug='cedar-point')
 # Get photos
 main_photo = park.main_photo
 gallery = park.gallery_photos
 all_photos = park.get_photos(approved_only=True)
 # Upload programmatically
 service = PhotoService()
 photo = service.create_photo(
    file=uploaded_file,
    user=request.user,
    entity=park,
    photo_type='gallery'
 )
 ```
 ---
 ## ✨ Key Features
 ### 1. Development-Friendly
 - **Mock Mode:** Works without CloudFlare (uses placeholder URLs)
 - **Automatic Fallback:** Detects missing credentials
 - **Local Testing:** Full functionality in development
 ### 2. Production-Ready
 - **CDN Integration:** CloudFlare Images for global delivery
 - **Scalable Storage:** No local file storage needed
 - **Image Optimization:** Automatic variant generation
 ### 3. Moderation System
 - **Queue-Based:** All uploads enter moderation
 - **Bulk Actions:** Approve/reject multiple photos
 - **Status Tracking:** Pending, approved, rejected, flagged
 - **Notes:** Moderators can add rejection reasons
 ### 4. Entity Integration
 - **Generic Relations:** Photos attach to any entity
 - **Helper Methods:** Easy photo access on entities
 - **Admin Inlines:** Manage photos directly on entity pages
 - **Type Filtering:** Get specific photo types (main, gallery, etc.)
 ### 5. API Completeness
 - **Full CRUD:** Create, Read, Update, Delete
 - **Pagination:** All list endpoints paginated
 - **Filtering:** Filter by type, status, entity
 - **Permission Control:** Role-based access
 - **Error Handling:** Comprehensive validation and error responses
 ---
 ## 🧪 Testing Checklist
 ### Basic Functionality
 - [x] Upload photo via API
 - [x] Photo enters moderation queue
 - [x] Moderator can approve photo
 - [x] Approved photo visible publicly
 - [x] User can edit own photo metadata
 - [x] User can delete own photo
 ### CloudFlare Integration
 - [x] Mock mode works without credentials
 - [x] Upload succeeds in mock mode
 - [x] Placeholder URLs generated
 - [x] Delete works in mock mode
 ### Entity Integration
 - [x] Photos attach to entities
 - [x] Entity helper methods work
 - [x] Photo inlines appear in admin
 - [x] Gallery ordering works
 ### Admin Interface
 - [x] Thumbnail previews display
 - [x] Bulk approve works
 - [x] Bulk reject works
 - [x] Statistics display correctly
 ### API Endpoints
 - [x] All endpoints registered
 - [x] Authentication enforced
 - [x] Permission checks work
 - [x] Pagination functions
 - [x] Filtering works
 ---
 ## 📈 Performance Considerations
 ### Optimizations Implemented
 - ✅ `select_related` for user and content_type
 - ✅ Indexed fields (moderation_status, photo_type, content_type)
 - ✅ CDN delivery for images (not served through Django)
 - ✅ Efficient queryset filtering
 ### Recommended Database Indexes
 Already in Photo model:
 ```python
 indexes = [
    models.Index(fields=['moderation_status']),
    models.Index(fields=['photo_type']),
    models.Index(fields=['is_approved']),
    models.Index(fields=['created_at']),
 ]
 ```
 ---
 ## 🔮 Future Enhancements (Not in Phase 6)
 ### Phase 7 Candidates
 - [ ] Image processing with Celery (resize, watermark)
 - [ ] Automatic thumbnail generation fallback
 - [ ] Duplicate detection
 - [ ] Bulk upload via ZIP
 - [ ] Image metadata extraction (EXIF)
 - [ ] Content safety API integration
 - [ ] Photo tagging system
 - [ ] Advanced search
 ### Possible Improvements
 - [ ] Integration with ContentSubmission workflow
 - [ ] Photo change history tracking
 - [ ] Photo usage tracking (which entities use which photos)
 - [ ] Photo performance analytics
 - [ ] User photo quotas
 - [ ] Photo quality scoring
 ---
 ## 📝 Configuration Required
 ### Environment Variables
 Add to `.env`:
 ```bash
 # CloudFlare Images (optional for development)
 CLOUDFLARE_ACCOUNT_ID=your-account-id
 CLOUDFLARE_IMAGE_TOKEN=your-api-token
 CLOUDFLARE_IMAGE_HASH=your-delivery-hash
 ```
 ### Development Setup
 1. **Without CloudFlare:** System works in mock mode automatically
 2. **With CloudFlare:** Add credentials to `.env` file
 ### Production Setup
 1. Create CloudFlare Images account
 2. Generate API token
 3. Add credentials to production environment
 4. Test upload flow
 5. Monitor CDN delivery
 ---
 ## 🎉 Success Metrics
 ### Code Quality
 - ✅ Comprehensive docstrings
 - ✅ Type hints throughout
 - ✅ Error handling on all operations
 - ✅ Logging for debugging
 - ✅ Consistent code style
 ### Functionality
 - ✅ All planned features implemented
 - ✅ Full API coverage
 - ✅ Admin interface complete
 - ✅ Entity integration seamless
 ### Performance
 - ✅ Efficient database queries
 - ✅ CDN delivery for images
 - ✅ No bottlenecks identified
 ---
 ## 🚀 What's Next?
 With Phase 6 complete, the system now has:
 1. ✅ Complete entity models (Phases 1-2)
 2. ✅ Moderation system (Phase 3)
 3. ✅ Version history (Phase 4)
 4. ✅ Authentication & permissions (Phase 5)
 5. ✅ **Media management (Phase 6)** ← JUST COMPLETED
 ### Recommended Next Steps
 **Option A: Phase 7 - Background Tasks with Celery**
 - Async image processing
 - Email notifications
 - Scheduled cleanup tasks
 - Stats generation
 - Report generation
 **Option B: Phase 8 - Search & Discovery**
 - Elasticsearch integration
 - Full-text search across entities
 - Geographic search improvements
 - Related content recommendations
 - Advanced filtering
 **Option C: Polish & Testing**
 - Comprehensive test suite
 - API documentation
 - User guides
 - Performance optimization
 - Bug fixes
 ---
 ## 📚 Documentation References
 - **API Guide:** `django/API_GUIDE.md`
 - **Admin Guide:** `django/ADMIN_GUIDE.md`
 - **Photo Model:** `django/apps/media/models.py`
 - **Photo Service:** `django/apps/media/services.py`
 - **Photo API:** `django/api/v1/endpoints/photos.py`
 ---
 ## ✅ Phase 6 Complete!
 The Media Management System is fully functional and ready for use. Photos can be uploaded, moderated, and displayed across all entities with CloudFlare CDN delivery.
 **Estimated Build Time:** 4 hours  
 **Actual Build Time:** ~4 hours ✅  
 **Lines of Code:** ~1,800 lines  
 **Files Created:** 3  
 **Files Modified:** 5
 **Status:** ✅ **PRODUCTION READY**
--- a/django/PHASE_7_CELERY_COMPLETE.md
+++ b/django/PHASE_7_CELERY_COMPLETE.md
@@ -1,451 +0,0 @@
 # Phase 7: Background Tasks with Celery - COMPLETE ✅
 **Completion Date:** November 8, 2025  
 **Status:** Successfully Implemented
 ## Overview
 Phase 7 implements a comprehensive background task processing system using Celery with Redis as the message broker. This phase adds asynchronous processing capabilities for long-running operations, scheduled tasks, and email notifications.
 ## What Was Implemented
 ### 1. Celery Infrastructure ✅
 - **Celery App Configuration** (`config/celery.py`)
  - Auto-discovery of tasks from all apps
  - Signal handlers for task failure/success logging
  - Integration with Sentry for error tracking
 - **Django Integration** (`config/__init__.py`)
  - Celery app loaded on Django startup
  - Shared task decorators available throughout the project
 ### 2. Email System ✅
 - **Email Templates** (`templates/emails/`)
  - `base.html` - Base template with ThrillWiki branding
  - `welcome.html` - Welcome email for new users
  - `password_reset.html` - Password reset instructions
  - `moderation_approved.html` - Submission approved notification
  - `moderation_rejected.html` - Submission rejection notification
 - **Email Configuration**
  - Development: Console backend (emails print to console)
  - Production: SMTP/SendGrid (configurable via environment variables)
 ### 3. Background Tasks ✅
 #### Media Tasks (`apps/media/tasks.py`)
 - `process_uploaded_image(photo_id)` - Post-upload image processing
 - `cleanup_rejected_photos(days_old=30)` - Remove old rejected photos
 - `generate_photo_thumbnails(photo_id)` - On-demand thumbnail generation
 - `cleanup_orphaned_cloudflare_images()` - Remove orphaned images
 - `update_photo_statistics()` - Update photo-related statistics
 #### Moderation Tasks (`apps/moderation/tasks.py`)
 - `send_moderation_notification(submission_id, status)` - Email notifications
 - `cleanup_expired_locks()` - Remove stale moderation locks
 - `send_batch_moderation_summary(moderator_id)` - Daily moderator summaries
 - `update_moderation_statistics()` - Update moderation statistics
 - `auto_unlock_stale_reviews(hours=1)` - Auto-unlock stale submissions
 - `notify_moderators_of_queue_size()` - Alert on queue threshold
 #### User Tasks (`apps/users/tasks.py`)
 - `send_welcome_email(user_id)` - Welcome new users
 - `send_password_reset_email(user_id, token, reset_url)` - Password resets
 - `cleanup_expired_tokens()` - Remove expired JWT tokens
 - `send_account_notification(user_id, type, data)` - Generic notifications
 - `cleanup_inactive_users(days_inactive=365)` - Flag inactive accounts
 - `update_user_statistics()` - Update user statistics
 - `send_bulk_notification(user_ids, subject, message)` - Bulk emails
 - `send_email_verification_reminder(user_id)` - Verification reminders
 #### Entity Tasks (`apps/entities/tasks.py`)
 - `update_entity_statistics(entity_type, entity_id)` - Update entity stats
 - `update_all_statistics()` - Bulk statistics update
 - `generate_entity_report(entity_type, entity_id)` - Generate reports
 - `cleanup_duplicate_entities()` - Detect duplicates
 - `calculate_global_statistics()` - Global statistics
 - `validate_entity_data(entity_type, entity_id)` - Data validation
 ### 4. Scheduled Tasks (Celery Beat) ✅
 Configured in `config/settings/base.py`:
 | Task | Schedule | Purpose |
 |------|----------|---------|
 | `cleanup-expired-locks` | Every 5 minutes | Remove expired moderation locks |
 | `cleanup-expired-tokens` | Daily at 2 AM | Clean up expired JWT tokens |
 | `update-all-statistics` | Every 6 hours | Update entity statistics |
 | `cleanup-rejected-photos` | Weekly Mon 3 AM | Remove old rejected photos |
 | `auto-unlock-stale-reviews` | Every 30 minutes | Auto-unlock stale reviews |
 | `check-moderation-queue` | Every hour | Check queue size threshold |
 | `update-photo-statistics` | Daily at 1 AM | Update photo statistics |
 | `update-moderation-statistics` | Daily at 1:30 AM | Update moderation statistics |
 | `update-user-statistics` | Daily at 4 AM | Update user statistics |
 | `calculate-global-statistics` | Every 12 hours | Calculate global statistics |
 ### 5. Service Integration ✅
 - **PhotoService** - Triggers `process_uploaded_image` on photo creation
 - **ModerationService** - Sends email notifications on approval/rejection
 - Error handling ensures service operations don't fail if tasks fail to queue
 ### 6. Monitoring ✅
 - **Flower** - Web-based Celery monitoring (production only)
 - **Task Logging** - Success/failure logging for all tasks
 - **Sentry Integration** - Error tracking for failed tasks
 ## Setup Instructions
 ### Development Setup
 1. **Install Redis** (if not using eager mode):
   ```bash
   # macOS with Homebrew
   brew install redis
   brew services start redis
   # Or using Docker
   docker run -d -p 6379:6379 redis:latest
   ```
 2. **Configure Environment** (`.env`):
   ```env
   # Redis Configuration
   REDIS_URL=redis://localhost:6379/0
   CELERY_BROKER_URL=redis://localhost:6379/0
   CELERY_RESULT_BACKEND=redis://localhost:6379/1
   # Email Configuration (Development)
   EMAIL_BACKEND=django.core.mail.backends.console.EmailBackend
   DEFAULT_FROM_EMAIL=noreply@thrillwiki.com
   SITE_URL=http://localhost:8000
   ```
 3. **Run Celery Worker** (in separate terminal):
   ```bash
   cd django
   celery -A config worker --loglevel=info
   ```
 4. **Run Celery Beat** (in separate terminal):
   ```bash
   cd django
   celery -A config beat --loglevel=info
   ```
 5. **Development Mode** (No Redis Required):
   - Tasks run synchronously when `CELERY_TASK_ALWAYS_EAGER = True` (default in `local.py`)
   - Useful for debugging and testing without Redis
 ### Production Setup
 1. **Configure Environment**:
   ```env
   # Redis Configuration
   REDIS_URL=redis://your-redis-host:6379/0
   CELERY_BROKER_URL=redis://your-redis-host:6379/0
   CELERY_RESULT_BACKEND=redis://your-redis-host:6379/1
   # Email Configuration (Production)
   EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
   EMAIL_HOST=smtp.sendgrid.net
   EMAIL_PORT=587
   EMAIL_USE_TLS=True
   EMAIL_HOST_USER=apikey
   EMAIL_HOST_PASSWORD=your-sendgrid-api-key
   DEFAULT_FROM_EMAIL=noreply@thrillwiki.com
   SITE_URL=https://thrillwiki.com
   # Flower Monitoring (Optional)
   FLOWER_ENABLED=True
   FLOWER_BASIC_AUTH=username:password
   ```
 2. **Run Celery Worker** (systemd service):
   ```ini
   [Unit]
   Description=ThrillWiki Celery Worker
   After=network.target redis.target
   [Service]
   Type=forking
   User=www-data
   Group=www-data
   WorkingDirectory=/var/www/thrillwiki/django
   Environment="PATH=/var/www/thrillwiki/venv/bin"
   ExecStart=/var/www/thrillwiki/venv/bin/celery -A config worker \
             --loglevel=info \
             --logfile=/var/log/celery/worker.log \
             --pidfile=/var/run/celery/worker.pid
   [Install]
   WantedBy=multi-user.target
   ```
 3. **Run Celery Beat** (systemd service):
   ```ini
   [Unit]
   Description=ThrillWiki Celery Beat
   After=network.target redis.target
   [Service]
   Type=forking
   User=www-data
   Group=www-data
   WorkingDirectory=/var/www/thrillwiki/django
   Environment="PATH=/var/www/thrillwiki/venv/bin"
   ExecStart=/var/www/thrillwiki/venv/bin/celery -A config beat \
             --loglevel=info \
             --logfile=/var/log/celery/beat.log \
             --pidfile=/var/run/celery/beat.pid \
             --schedule=/var/run/celery/celerybeat-schedule
   [Install]
   WantedBy=multi-user.target
   ```
 4. **Run Flower** (optional):
   ```bash
   celery -A config flower --port=5555 --basic_auth=$FLOWER_BASIC_AUTH
   ```
   Access at: `https://your-domain.com/flower/`
 ## Testing
 ### Manual Testing
 1. **Test Photo Upload Task**:
   ```python
   from apps.media.tasks import process_uploaded_image
   result = process_uploaded_image.delay(photo_id)
   print(result.get())  # Wait for result
   ```
 2. **Test Email Notification**:
   ```python
   from apps.moderation.tasks import send_moderation_notification
   result = send_moderation_notification.delay(str(submission_id), 'approved')
   # Check console output for email
   ```
 3. **Test Scheduled Task**:
   ```python
   from apps.moderation.tasks import cleanup_expired_locks
   result = cleanup_expired_locks.delay()
   print(result.get())
   ```
 ### Integration Testing
 Test that services properly queue tasks:
 ```python
 # Test PhotoService integration
 from apps.media.services import PhotoService
 service = PhotoService()
 photo = service.create_photo(file, user)
 # Task should be queued automatically
 # Test ModerationService integration
 from apps.moderation.services import ModerationService
 ModerationService.approve_submission(submission_id, reviewer)
 # Email notification should be queued
 ```
 ## Task Catalog
 ### Task Retry Configuration
 All tasks implement retry logic:
 - **Max Retries:** 2-3 (task-dependent)
 - **Retry Delay:** 60 seconds base (exponential backoff)
 - **Failure Handling:** Logged to Sentry and application logs
 ### Task Priority
 Tasks are executed in the order they're queued. For priority queuing, configure Celery with multiple queues:
 ```python
 # config/celery.py (future enhancement)
 CELERY_TASK_ROUTES = {
    'apps.media.tasks.process_uploaded_image': {'queue': 'media'},
    'apps.moderation.tasks.send_moderation_notification': {'queue': 'notifications'},
 }
 ```
 ## Monitoring & Debugging
 ### View Task Status
 ```python
 from celery.result import AsyncResult
 result = AsyncResult('task-id-here')
 print(result.state)  # PENDING, STARTED, SUCCESS, FAILURE
 print(result.info)   # Result or error details
 ```
 ### Flower Dashboard
 Access Flower at `/flower/` (production only) to:
 - View active tasks
 - Monitor worker status
 - View task history
 - Inspect failed tasks
 - Retry failed tasks
 ### Logs
 ```bash
 # View worker logs
 tail -f /var/log/celery/worker.log
 # View beat logs
 tail -f /var/log/celery/beat.log
 # View Django logs (includes task execution)
 tail -f django/logs/django.log
 ```
 ## Troubleshooting
 ### Common Issues
 1. **Tasks not executing**
   - Check Redis connection: `redis-cli ping`
   - Verify Celery worker is running: `ps aux | grep celery`
   - Check for errors in worker logs
 2. **Emails not sending**
   - Verify EMAIL_BACKEND configuration
   - Check SMTP credentials
   - Review email logs in console (development)
 3. **Scheduled tasks not running**
   - Ensure Celery Beat is running
   - Check Beat logs for scheduling errors
   - Verify CELERY_BEAT_SCHEDULE configuration
 4. **Task failures**
   - Check Sentry for error reports
   - Review worker logs
   - Test task in Django shell
 ### Performance Tuning
 ```python
 # Increase worker concurrency
 celery -A config worker --concurrency=4
 # Use different pool implementation
 celery -A config worker --pool=gevent
 # Set task time limits
 CELERY_TASK_TIME_LIMIT = 30 * 60  # 30 minutes (already configured)
 ```
 ## Configuration Options
 ### Environment Variables
 | Variable | Required | Default | Description |
 |----------|----------|---------|-------------|
 | `REDIS_URL` | Yes* | `redis://localhost:6379/0` | Redis connection URL |
 | `CELERY_BROKER_URL` | Yes* | Same as REDIS_URL | Celery message broker |
 | `CELERY_RESULT_BACKEND` | Yes* | `redis://localhost:6379/1` | Task result storage |
 | `EMAIL_BACKEND` | No | Console (dev) / SMTP (prod) | Email backend |
 | `EMAIL_HOST` | Yes** | - | SMTP host |
 | `EMAIL_PORT` | Yes** | 587 | SMTP port |
 | `EMAIL_HOST_USER` | Yes** | - | SMTP username |
 | `EMAIL_HOST_PASSWORD` | Yes** | - | SMTP password |
 | `DEFAULT_FROM_EMAIL` | Yes | `noreply@thrillwiki.com` | From email address |
 | `SITE_URL` | Yes | `http://localhost:8000` | Site URL for emails |
 | `FLOWER_ENABLED` | No | False | Enable Flower monitoring |
 | `FLOWER_BASIC_AUTH` | No** | - | Flower authentication |
 \* Not required if using eager mode in development  
 \*\* Required for production email sending
 ## Next Steps
 ### Future Enhancements
 1. **Task Prioritization**
   - Implement multiple queues for different priority levels
   - Critical tasks (password reset) in high-priority queue
   - Bulk operations in low-priority queue
 2. **Advanced Monitoring**
   - Set up Prometheus metrics
   - Configure Grafana dashboards
   - Add task duration tracking
 3. **Email Improvements**
   - Add plain text email versions
   - Implement email templates for all notification types
   - Add email preference management
 4. **Scalability**
   - Configure multiple Celery workers
   - Implement auto-scaling based on queue size
   - Add Redis Sentinel for high availability
 5. **Additional Tasks**
   - Backup generation tasks
   - Data export tasks
   - Analytics report generation
 ## Success Criteria ✅
 All success criteria for Phase 7 have been met:
 - ✅ Celery workers running successfully
 - ✅ Tasks executing asynchronously
 - ✅ Email notifications working (console backend configured)
 - ✅ Scheduled tasks configured and ready
 - ✅ Flower monitoring configured for production
 - ✅ Error handling and retries implemented
 - ✅ Integration with existing services complete
 - ✅ Comprehensive documentation created
 ## Files Created
 - `config/celery.py` - Celery app configuration
 - `config/__init__.py` - Updated to load Celery
 - `templates/emails/base.html` - Base email template
 - `templates/emails/welcome.html` - Welcome email
 - `templates/emails/password_reset.html` - Password reset email
 - `templates/emails/moderation_approved.html` - Approval notification
 - `templates/emails/moderation_rejected.html` - Rejection notification
 - `apps/media/tasks.py` - Media processing tasks
 - `apps/moderation/tasks.py` - Moderation workflow tasks
 - `apps/users/tasks.py` - User management tasks
 - `apps/entities/tasks.py` - Entity statistics tasks
 - `PHASE_7_CELERY_COMPLETE.md` - This documentation
 ## Files Modified
 - `config/settings/base.py` - Added Celery Beat schedule, SITE_URL, DEFAULT_FROM_EMAIL
 - `config/urls.py` - Added Flower URL routing
 - `apps/media/services.py` - Integrated photo processing task
 - `apps/moderation/services.py` - Integrated email notification tasks
 ## Dependencies
 All dependencies were already included in `requirements/base.txt`:
 - `celery[redis]==5.3.4`
 - `django-celery-beat==2.5.0`
 - `django-celery-results==2.5.1`
 - `flower==2.0.1`
 ## Summary
 Phase 7 successfully implements a complete background task processing system with Celery. The system handles:
 - Asynchronous image processing
 - Email notifications for moderation workflow
 - Scheduled maintenance tasks
 - Statistics updates
 - Token cleanup
 The implementation is production-ready with proper error handling, retry logic, monitoring, and documentation.
 **Phase 7: COMPLETE** ✅
--- a/django/PHASE_8_SEARCH_COMPLETE.md
+++ b/django/PHASE_8_SEARCH_COMPLETE.md
@@ -1,411 +0,0 @@
 # Phase 8: Search & Filtering System - COMPLETE
 **Status:** ✅ Complete  
 **Date:** November 8, 2025  
 **Django Version:** 5.x  
 **Database:** PostgreSQL (production) / SQLite (development)
 ---
 ## Overview
 Phase 8 implements a comprehensive search and filtering system for ThrillWiki entities with PostgreSQL full-text search capabilities and SQLite fallback support.
 ## Implementation Summary
 ### 1. Search Service (`apps/entities/search.py`)
 ✅ **Created**
 **Features:**
 - PostgreSQL full-text search with ranking and relevance scoring
 - SQLite fallback using case-insensitive LIKE queries
 - Search across all entity types (Company, RideModel, Park, Ride)
 - Global search and entity-specific search methods
 - Autocomplete functionality for quick suggestions
 **Key Methods:**
 - `search_all()` - Search across all entity types
 - `search_companies()` - Company-specific search with filters
 - `search_ride_models()` - Ride model search with manufacturer filters
 - `search_parks()` - Park search with location-based filtering (PostGIS)
 - `search_rides()` - Ride search with extensive filtering options
 - `autocomplete()` - Fast name-based suggestions
 **PostgreSQL Features:**
 - Uses `SearchVector`, `SearchQuery`, `SearchRank` for full-text search
 - Weighted search (name='A', description='B' for relevance)
 - `websearch` search type for natural language queries
 - English language configuration for stemming/stop words
 **SQLite Fallback:**
 - Case-insensitive LIKE queries (`__icontains`)
 - Basic text matching without ranking
 - Functional but less performant than PostgreSQL
 ### 2. Filter Classes (`apps/entities/filters.py`)
 ✅ **Created**
 **Base Filter Class:**
 - `BaseEntityFilter` - Common filtering methods
  - Date range filtering
  - Status filtering
 **Entity-Specific Filters:**
 - `CompanyFilter` - Company types, founding dates, location
 - `RideModelFilter` - Manufacturer, model type, height/speed
 - `ParkFilter` - Status, park type, operator, dates, location (PostGIS)
 - `RideFilter` - Park, manufacturer, model, category, statistics
 **Location-Based Filtering (PostGIS):**
 - Distance-based queries using Point geometries
 - Radius filtering in kilometers
 - Automatic ordering by distance
 ### 3. API Schemas (`api/v1/schemas.py`)
 ✅ **Updated**
 **Added Search Schemas:**
 - `SearchResultBase` - Base search result schema
 - `CompanySearchResult` - Company search result with counts
 - `RideModelSearchResult` - Ride model result with manufacturer
 - `ParkSearchResult` - Park result with location and stats
 - `RideSearchResult` - Ride result with park and category
 - `GlobalSearchResponse` - Combined search results by type
 - `AutocompleteItem` - Autocomplete suggestion item
 - `AutocompleteResponse` - Autocomplete response wrapper
 **Filter Schemas:**
 - `SearchFilters` - Base search filters
 - `CompanySearchFilters` - Company-specific filters
 - `RideModelSearchFilters` - Ride model filters
 - `ParkSearchFilters` - Park filters with location
 - `RideSearchFilters` - Extensive ride filters
 ### 4. Search API Endpoints (`api/v1/endpoints/search.py`)
 ✅ **Created**
 **Global Search:**
 - `GET /api/v1/search` - Search across all entity types
  - Query parameter: `q` (min 2 chars)
  - Optional: `entity_types` list to filter results
  - Returns results grouped by entity type
 **Entity-Specific Search:**
 - `GET /api/v1/search/companies` - Search companies
  - Filters: company_types, founded_after, founded_before
 - `GET /api/v1/search/ride-models` - Search ride models
  - Filters: manufacturer_id, model_type
 - `GET /api/v1/search/parks` - Search parks
  - Filters: status, park_type, operator_id, dates
  - Location: latitude, longitude, radius (PostGIS only)
 - `GET /api/v1/search/rides` - Search rides
  - Filters: park_id, manufacturer_id, model_id, status
  - Category: ride_category, is_coaster
  - Stats: min/max height, speed
 **Autocomplete:**
 - `GET /api/v1/search/autocomplete` - Fast suggestions
  - Query parameter: `q` (min 2 chars)
  - Optional: `entity_type` to filter suggestions
  - Returns up to 10-20 quick suggestions
 ### 5. API Integration (`api/v1/api.py`)
 ✅ **Updated**
 **Changes:**
 - Added search router import
 - Registered search router at `/search`
 - Updated API info endpoint with search endpoint
 **Available Endpoints:**
 ```
 GET /api/v1/search                      - Global search
 GET /api/v1/search/companies            - Company search
 GET /api/v1/search/ride-models          - Ride model search
 GET /api/v1/search/parks                - Park search
 GET /api/v1/search/rides                - Ride search
 GET /api/v1/search/autocomplete         - Autocomplete
 ```
 ---
 ## Database Compatibility
 ### PostgreSQL (Production)
 - ✅ Full-text search with ranking
 - ✅ Location-based filtering with PostGIS
 - ✅ SearchVector, SearchQuery, SearchRank
 - ✅ Optimized for performance
 ### SQLite (Development)
 - ✅ Basic text search with LIKE queries
 - ⚠️  No search ranking
 - ⚠️  No location-based filtering
 - ⚠️  Acceptable for development, not production
 **Note:** For full search capabilities in development, you can optionally set up PostgreSQL locally. See `POSTGIS_SETUP.md` for instructions.
 ---
 ## Search Features
 ### Full-Text Search
 - **Natural Language Queries**: "Six Flags roller coaster"
 - **Phrase Matching**: Search for exact phrases
 - **Stemming**: Matches word variations (PostgreSQL only)
 - **Relevance Ranking**: Results ordered by relevance score
 ### Filtering Options
 **Companies:**
 - Company types (manufacturer, operator, designer, supplier, contractor)
 - Founded date range
 - Location
 **Ride Models:**
 - Manufacturer
 - Model type
 - Height/speed ranges
 **Parks:**
 - Status (operating, closed, SBNO, under construction, planned)
 - Park type (theme park, amusement park, water park, FEC, etc.)
 - Operator
 - Opening/closing dates
 - Location + radius (PostGIS)
 - Minimum ride/coaster counts
 **Rides:**
 - Park, manufacturer, model
 - Status
 - Ride category (roller coaster, flat ride, water ride, etc.)
 - Coaster filter
 - Opening/closing dates
 - Height, speed, length ranges
 - Duration, inversions
 ### Autocomplete
 - Fast prefix matching on entity names
 - Returns id, name, slug, entity_type
 - Contextual information (park name for rides, manufacturer for models)
 - Sorted by relevance (exact matches first)
 ---
 ## API Examples
 ### Global Search
 ```bash
 # Search across all entities
 curl "http://localhost:8000/api/v1/search?q=six%20flags"
 # Search specific entity types
 curl "http://localhost:8000/api/v1/search?q=coaster&entity_types=park&entity_types=ride"
 ```
 ### Company Search
 ```bash
 # Search companies
 curl "http://localhost:8000/api/v1/search/companies?q=bolliger"
 # Filter by company type
 curl "http://localhost:8000/api/v1/search/companies?q=manufacturer&company_types=manufacturer"
 ```
 ### Park Search
 ```bash
 # Basic park search
 curl "http://localhost:8000/api/v1/search/parks?q=cedar%20point"
 # Filter by status
 curl "http://localhost:8000/api/v1/search/parks?q=park&status=operating"
 # Location-based search (PostGIS only)
 curl "http://localhost:8000/api/v1/search/parks?q=park&latitude=41.4779&longitude=-82.6830&radius=50"
 ```
 ### Ride Search
 ```bash
 # Search rides
 curl "http://localhost:8000/api/v1/search/rides?q=millennium%20force"
 # Filter coasters only
 curl "http://localhost:8000/api/v1/search/rides?q=coaster&is_coaster=true"
 # Filter by height
 curl "http://localhost:8000/api/v1/search/rides?q=coaster&min_height=200&max_height=400"
 ```
 ### Autocomplete
 ```bash
 # Get suggestions
 curl "http://localhost:8000/api/v1/search/autocomplete?q=six"
 # Filter by entity type
 curl "http://localhost:8000/api/v1/search/autocomplete?q=cedar&entity_type=park"
 ```
 ---
 ## Response Examples
 ### Global Search Response
 ```json
 {
  "query": "six flags",
  "total_results": 15,
  "companies": [
    {
      "id": "uuid",
      "name": "Six Flags Entertainment Corporation",
      "slug": "six-flags",
      "entity_type": "company",
      "description": "...",
      "company_types": ["operator"],
      "park_count": 27,
      "ride_count": 0
    }
  ],
  "parks": [
    {
      "id": "uuid",
      "name": "Six Flags Magic Mountain",
      "slug": "six-flags-magic-mountain",
      "entity_type": "park",
      "park_type": "theme_park",
      "status": "operating",
      "ride_count": 45,
      "coaster_count": 19
    }
  ],
  "ride_models": [],
  "rides": []
 }
 ```
 ### Autocomplete Response
 ```json
 {
  "query": "cedar",
  "suggestions": [
    {
      "id": "uuid",
      "name": "Cedar Point",
      "slug": "cedar-point",
      "entity_type": "park"
    },
    {
      "id": "uuid",
      "name": "Cedar Creek Mine Ride",
      "slug": "cedar-creek-mine-ride",
      "entity_type": "ride",
      "park_name": "Cedar Point"
    }
  ]
 }
 ```
 ---
 ## Performance Considerations
 ### PostgreSQL Optimization
 - Uses GIN indexes for fast full-text search (would be added with migration)
 - Weighted search vectors prioritize name matches
 - Efficient query execution with proper indexing
 ### Query Limits
 - Default limit: 20 results per entity type
 - Maximum limit: 100 results per entity type
 - Autocomplete: 10 suggestions default, max 20
 ### SQLite Performance
 - Acceptable for development with small datasets
 - LIKE queries can be slow with large datasets
 - No search ranking means less relevant results
 ---
 ## Testing
 ### Manual Testing
 ```bash
 # Run Django server
 cd django
 python manage.py runserver
 # Test endpoints (requires data)
 curl "http://localhost:8000/api/v1/search?q=test"
 curl "http://localhost:8000/api/v1/search/autocomplete?q=test"
 ```
 ### Django Check
 ```bash
 cd django
 python manage.py check
 # ✅ System check identified no issues (0 silenced)
 ```
 ---
 ## Future Enhancements
 ### Search Analytics (Optional - Not Implemented)
 - Track popular searches
 - User search history
 - Click tracking for search results
 - Search term suggestions based on popularity
 ### Potential Improvements
 1. **Search Vector Fields**: Add SearchVectorField to models with database triggers
 2. **Search Indexes**: Create GIN indexes for better performance
 3. **Trigram Similarity**: Use pg_trgm for fuzzy matching
 4. **Search Highlighting**: Highlight matching terms in results
 5. **Saved Searches**: Allow users to save and reuse searches
 6. **Advanced Operators**: Support AND/OR/NOT operators
 7. **Faceted Search**: Add result facets/filters based on results
 ---
 ## Files Created/Modified
 ### New Files
 - ✅ `django/apps/entities/search.py` - Search service
 - ✅ `django/apps/entities/filters.py` - Filter classes
 - ✅ `django/api/v1/endpoints/search.py` - Search API endpoints
 - ✅ `django/PHASE_8_SEARCH_COMPLETE.md` - This documentation
 ### Modified Files
 - ✅ `django/api/v1/schemas.py` - Added search schemas
 - ✅ `django/api/v1/api.py` - Added search router
 ---
 ## Dependencies
 All required dependencies already present in `requirements/base.txt`:
 - ✅ Django 5.x with `django.contrib.postgres`
 - ✅ psycopg[binary] for PostgreSQL
 - ✅ django-ninja for API endpoints
 - ✅ pydantic for schemas
 ---
 ## Conclusion
 Phase 8 successfully implements a comprehensive search and filtering system with:
 - ✅ Full-text search with PostgreSQL (and SQLite fallback)
 - ✅ Advanced filtering for all entity types
 - ✅ Location-based search with PostGIS
 - ✅ Fast autocomplete functionality
 - ✅ Clean API with extensive documentation
 - ✅ Backward compatible with existing system
 - ✅ Production-ready code
 The search system is ready for use and can be further enhanced with search vector fields and indexes when needed.
 **Next Steps:**
 - Consider adding SearchVectorField to models for better performance
 - Create database migration for GIN indexes
 - Implement search analytics if desired
 - Test with production data
--- a/django/POSTGIS_SETUP.md
+++ b/django/POSTGIS_SETUP.md
@@ -1,297 +0,0 @@
 # PostGIS Integration - Dual-Mode Setup
 ## Overview
 ThrillWiki Django backend uses a **conditional PostGIS setup** that allows geographic data to work in both local development (SQLite) and production (PostgreSQL with PostGIS).
 ## How It Works
 ### Database Backends
 - **Local Development**: Uses regular SQLite without GIS extensions
  - Geographic coordinates stored in `latitude` and `longitude` DecimalFields
  - No spatial query capabilities
  - Simpler setup, easier for local development
 - **Production**: Uses PostgreSQL with PostGIS extension
  - Geographic coordinates stored in `location_point` PointField (PostGIS)
  - Full spatial query capabilities (distance calculations, geographic searches, etc.)
  - Automatically syncs with legacy `latitude`/`longitude` fields
 ### Model Implementation
 The `Park` model uses conditional field definition:
 ```python
 # Conditionally import GIS models only if using PostGIS backend
 _using_postgis = (
    'postgis' in settings.DATABASES['default']['ENGINE']
 )
 if _using_postgis:
    from django.contrib.gis.db import models as gis_models
    from django.contrib.gis.geos import Point
 ```
 **Fields in SQLite mode:**
 - `latitude` (DecimalField) - Primary coordinate storage
 - `longitude` (DecimalField) - Primary coordinate storage
 **Fields in PostGIS mode:**
 - `location_point` (PointField) - Primary coordinate storage with GIS capabilities
 - `latitude` (DecimalField) - Deprecated, kept for backward compatibility
 - `longitude` (DecimalField) - Deprecated, kept for backward compatibility
 ### Helper Methods
 The Park model provides methods that work in both modes:
 #### `set_location(longitude, latitude)`
 Sets park location from coordinates. Works in both modes:
 - SQLite: Updates latitude/longitude fields
 - PostGIS: Updates location_point and syncs to latitude/longitude
 ```python
 park.set_location(-118.2437, 34.0522)
 ```
 #### `coordinates` property
 Returns coordinates as `(longitude, latitude)` tuple:
 - SQLite: Returns from latitude/longitude fields
 - PostGIS: Returns from location_point (falls back to lat/lng if not set)
 ```python
 coords = park.coordinates  # (-118.2437, 34.0522)
 ```
 #### `latitude_value` property
 Returns latitude value:
 - SQLite: Returns from latitude field
 - PostGIS: Returns from location_point.y
 #### `longitude_value` property
 Returns longitude value:
 - SQLite: Returns from longitude field
 - PostGIS: Returns from location_point.x
 ## Setup Instructions
 ### Local Development (SQLite)
 1. **No special setup required!** Just use the standard SQLite database:
   ```python
   # django/config/settings/local.py
   DATABASES = {
       'default': {
           'ENGINE': 'django.db.backends.sqlite3',
           'NAME': BASE_DIR / 'db.sqlite3',
       }
   }
   ```
 2. Run migrations as normal:
   ```bash
   python manage.py migrate
   ```
 3. Use latitude/longitude fields for coordinates:
   ```python
   park = Park.objects.create(
       name="Test Park",
       latitude=40.7128,
       longitude=-74.0060
   )
   ```
 ### Production (PostgreSQL with PostGIS)
 1. **Install PostGIS extension in PostgreSQL:**
   ```sql
   CREATE EXTENSION postgis;
   ```
 2. **Configure production settings:**
   ```python
   # django/config/settings/production.py
   DATABASES = {
       'default': {
           'ENGINE': 'django.contrib.gis.db.backends.postgis',
           'NAME': 'thrillwiki',
           'USER': 'your_user',
           'PASSWORD': 'your_password',
           'HOST': 'your_host',
           'PORT': '5432',
       }
   }
   ```
 3. **Run migrations:**
   ```bash
   python manage.py migrate
   ```
   This will create the `location_point` PointField in addition to the latitude/longitude fields.
 4. **Use location_point for geographic queries:**
   ```python
   from django.contrib.gis.geos import Point
   from django.contrib.gis.measure import D
   # Create park with PostGIS Point
   park = Park.objects.create(
       name="Test Park",
       location_point=Point(-118.2437, 34.0522, srid=4326)
   )
   # Geographic queries (only in PostGIS mode)
   nearby_parks = Park.objects.filter(
       location_point__distance_lte=(
           Point(-118.2500, 34.0500, srid=4326),
           D(km=10)
       )
   )
   ```
 ## Migration Strategy
 ### From SQLite to PostgreSQL
 When migrating from local development (SQLite) to production (PostgreSQL):
 1. Export your data from SQLite
 2. Set up PostgreSQL with PostGIS
 3. Run migrations (will create location_point field)
 4. Import your data (latitude/longitude fields will be populated)
 5. Run a data migration to populate location_point from lat/lng:
 ```python
 # Example data migration
 from django.contrib.gis.geos import Point
 for park in Park.objects.filter(latitude__isnull=False, longitude__isnull=False):
    if not park.location_point:
        park.location_point = Point(
            float(park.longitude),
            float(park.latitude),
            srid=4326
        )
        park.save(update_fields=['location_point'])
 ```
 ## Benefits
 1. **Easy Local Development**: No need to install PostGIS or SpatiaLite for local development
 2. **Production Power**: Full GIS capabilities in production with PostGIS
 3. **Backward Compatible**: Keeps latitude/longitude fields for compatibility
 4. **Unified API**: Helper methods work the same in both modes
 5. **Gradual Migration**: Can migrate from SQLite to PostGIS without data loss
 ## Limitations
 ### In SQLite Mode (Local Development)
 - **No spatial queries**: Cannot use PostGIS query features like:
  - `distance_lte`, `distance_gte` (distance-based searches)
  - `dwithin` (within distance)
  - `contains`, `intersects` (geometric operations)
  - Geographic indexing for performance
 - **Workarounds for local development:**
  - Use simple filters on latitude/longitude ranges
  - Implement basic distance calculations in Python if needed
  - Most development work doesn't require spatial queries
 ### In PostGIS Mode (Production)
 - **Use location_point for queries**: Always use the `location_point` field for geographic queries, not lat/lng
 - **Sync fields**: If updating location_point directly, remember to sync to lat/lng if needed for compatibility
 ## Testing
 ### Test in SQLite (Local)
 ```bash
 cd django
 python manage.py shell
 # Test basic CRUD
 from apps.entities.models import Park
 from decimal import Decimal
 park = Park.objects.create(
    name="Test Park",
    park_type="theme_park",
    latitude=Decimal("40.7128"),
    longitude=Decimal("-74.0060")
 )
 print(park.coordinates)  # Should work
 print(park.latitude_value)  # Should work
 ```
 ### Test in PostGIS (Production)
 ```bash
 cd django
 python manage.py shell
 # Test GIS features
 from apps.entities.models import Park
 from django.contrib.gis.geos import Point
 from django.contrib.gis.measure import D
 park = Park.objects.create(
    name="Test Park",
    park_type="theme_park",
    location_point=Point(-118.2437, 34.0522, srid=4326)
 )
 # Test distance query
 nearby = Park.objects.filter(
    location_point__distance_lte=(
        Point(-118.2500, 34.0500, srid=4326),
        D(km=10)
    )
 )
 ```
 ## Future Considerations
 1. **Remove Legacy Fields**: Once fully migrated to PostGIS in production and all code uses location_point, the latitude/longitude fields can be deprecated and eventually removed
 2. **Add Spatial Indexes**: In production, add spatial indexes for better query performance:
   ```python
   class Meta:
       indexes = [
           models.Index(fields=['location_point']),  # Spatial index
       ]
   ```
 3. **Geographic Search API**: Build geographic search endpoints that work differently based on backend:
   - SQLite: Simple bounding box searches
   - PostGIS: Advanced spatial queries with distance calculations
 ## Troubleshooting
 ### "AttributeError: 'DatabaseOperations' object has no attribute 'geo_db_type'"
 This error occurs when trying to use PostGIS PointField with regular SQLite. Solution:
 - Ensure you're using the local.py settings which uses regular SQLite
 - Make sure migrations were created with SQLite active (no location_point field)
 ### "No such column: location_point"
 This occurs when:
 - Code tries to access location_point in SQLite mode
 - Solution: Use the helper methods (coordinates, latitude_value, longitude_value) instead
 ### "GDAL library not found"
 This occurs when django.contrib.gis is loaded but GDAL is not installed:
 - Even with SQLite, GDAL libraries must be available because django.contrib.gis is in INSTALLED_APPS
 - Install GDAL via Homebrew: `brew install gdal geos`
 - Configure paths in settings if needed
 ## References
 - [Django GIS Documentation](https://docs.djangoproject.com/en/stable/ref/contrib/gis/)
 - [PostGIS Documentation](https://postgis.net/documentation/)
 - [GeoDjango Tutorial](https://docs.djangoproject.com/en/stable/ref/contrib/gis/tutorial/)
--- a/django/README.md
+++ b/django/README.md
@@ -1,281 +0,0 @@
 # ThrillWiki Django Backend
 ## 🚀 Overview
 This is the Django REST API backend for ThrillWiki, replacing the previous Supabase backend. Built with modern Django best practices and production-ready packages.
 ## 📦 Tech Stack
 - **Framework**: Django 4.2 LTS
 - **API**: django-ninja (FastAPI-style)
 - **Database**: PostgreSQL 15+
 - **Cache**: Redis + django-cacheops
 - **Tasks**: Celery + Redis
 - **Real-time**: Django Channels + WebSockets
 - **Auth**: django-allauth + django-otp
 - **Storage**: CloudFlare Images
 - **Monitoring**: Sentry + structlog
 ## 🏗️ Project Structure
 ```
 django/
 ├── manage.py
 ├── config/                 # Django settings
 ├── apps/                   # Django applications
 │   ├── core/              # Base models & utilities
 │   ├── entities/          # Parks, Rides, Companies
 │   ├── moderation/        # Content moderation system
 │   ├── versioning/        # Entity versioning
 │   ├── users/             # User management
 │   ├── media/             # Image/photo management
 │   └── notifications/     # Notification system
 ├── api/                   # REST API layer
 └── scripts/               # Utility scripts
 ```
 ## 🛠️ Setup
 ### Prerequisites
 - Python 3.11+
 - PostgreSQL 15+
 - Redis 7+
 ### Installation
 ```bash
 # 1. Create virtual environment
 python3 -m venv venv
 source venv/bin/activate  # On Windows: venv\Scripts\activate
 # 2. Install dependencies
 pip install -r requirements/local.txt
 # 3. Set up environment variables
 cp .env.example .env
 # Edit .env with your configuration
 # 4. Run migrations
 python manage.py migrate
 # 5. Create superuser
 python manage.py createsuperuser
 # 6. Run development server
 python manage.py runserver
 ```
 ### Running Services
 ```bash
 # Terminal 1: Django dev server
 python manage.py runserver
 # Terminal 2: Celery worker
 celery -A config worker -l info
 # Terminal 3: Celery beat (periodic tasks)
 celery -A config beat -l info
 # Terminal 4: Flower (task monitoring)
 celery -A config flower
 ```
 ## 📚 Documentation
 - **Migration Plan**: See `MIGRATION_PLAN.md` for full migration details
 - **Architecture**: See project documentation in `/docs/`
 - **API Docs**: Available at `/api/docs` when server is running
 ## 🧪 Testing
 ```bash
 # Run all tests
 pytest
 # Run with coverage
 pytest --cov=apps --cov-report=html
 # Run specific app tests
 pytest apps/moderation/
 # Run specific test file
 pytest apps/moderation/tests/test_services.py -v
 ```
 ## 📋 Key Features
 ### Moderation System
 - State machine workflow with django-fsm
 - Atomic transaction handling
 - Selective approval support
 - Automatic lock/unlock mechanism
 - Real-time queue updates
 ### Versioning System
 - Automatic version tracking with django-lifecycle
 - Full change history for all entities
 - Diff generation
 - Rollback capability
 ### Authentication
 - JWT-based API authentication
 - OAuth2 (Google, Discord)
 - Two-factor authentication (TOTP)
 - Role-based permissions
 ### Performance
 - Automatic query caching with django-cacheops
 - Redis-based session storage
 - Optimized database queries
 - Background task processing with Celery
 ## 🔧 Management Commands
 ```bash
 # Create test data
 python manage.py seed_data
 # Export data from Supabase
 python manage.py export_supabase_data
 # Import data to Django
 python manage.py import_supabase_data
 # Update cached counts
 python manage.py update_counts
 # Clean old data
 python manage.py cleanup_old_data
 ```
 ## 🚀 Deployment
 ### Docker
 ```bash
 # Build image
 docker build -t thrillwiki-backend .
 # Run with docker-compose
 docker-compose up -d
 ```
 ### Production Checklist
 - [ ] Set `DEBUG=False` in production
 - [ ] Configure `ALLOWED_HOSTS`
 - [ ] Set strong `SECRET_KEY`
 - [ ] Configure PostgreSQL connection
 - [ ] Set up Redis
 - [ ] Configure Celery workers
 - [ ] Set up SSL/TLS
 - [ ] Configure CORS origins
 - [ ] Set up Sentry for error tracking
 - [ ] Configure CloudFlare Images
 - [ ] Set up monitoring/logging
 ## 📊 Development Status
 **Current Phase**: Foundation  
 **Branch**: `django-backend`
 ### Completed
 - ✅ Project structure created
 - ✅ Dependencies installed
 - ✅ Environment configuration
 ### In Progress
 - 🔄 Django settings configuration
 - 🔄 Base models creation
 - 🔄 Database connection setup
 ### Upcoming
 - ⏳ Entity models implementation
 - ⏳ Authentication system
 - ⏳ Moderation system
 - ⏳ API layer with django-ninja
 See `MIGRATION_PLAN.md` for detailed roadmap.
 ## 🤝 Contributing
 1. Create a feature branch from `django-backend`
 2. Make your changes
 3. Write/update tests
 4. Run test suite
 5. Submit pull request
 ## 📝 Environment Variables
 Required environment variables (see `.env.example`):
 ```bash
 # Django
 DEBUG=True
 SECRET_KEY=your-secret-key
 ALLOWED_HOSTS=localhost
 # Database
 DATABASE_URL=postgresql://user:pass@localhost:5432/thrillwiki
 # Redis
 REDIS_URL=redis://localhost:6379/0
 # External Services
 CLOUDFLARE_ACCOUNT_ID=xxx
 CLOUDFLARE_IMAGE_TOKEN=xxx
 NOVU_API_KEY=xxx
 SENTRY_DSN=xxx
 # OAuth
 GOOGLE_CLIENT_ID=xxx
 GOOGLE_CLIENT_SECRET=xxx
 DISCORD_CLIENT_ID=xxx
 DISCORD_CLIENT_SECRET=xxx
 ```
 ## 🐛 Troubleshooting
 ### Database Connection Issues
 ```bash
 # Check PostgreSQL is running
 pg_isready
 # Verify connection string
 python manage.py dbshell
 ```
 ### Celery Not Processing Tasks
 ```bash
 # Check Redis is running
 redis-cli ping
 # Restart Celery worker
 celery -A config worker --purge -l info
 ```
 ### Import Errors
 ```bash
 # Ensure virtual environment is activated
 which python  # Should point to venv/bin/python
 # Reinstall dependencies
 pip install -r requirements/local.txt --force-reinstall
 ```
 ## 📞 Support
 - **Documentation**: See `/docs/` directory
 - **Issues**: GitHub Issues
 - **Migration Questions**: See `MIGRATION_PLAN.md`
 ## 📄 License
 Same as main ThrillWiki project.
 ---
 **Last Updated**: November 8, 2025  
 **Status**: Foundation Phase - Active Development
--- a/django/README_MONITORING.md
+++ b/django/README_MONITORING.md
@@ -1,250 +0,0 @@
 # ThrillWiki Monitoring Setup
 ## Overview
 This document describes the automatic metric collection system for anomaly detection and system monitoring.
 ## Architecture
 The system collects metrics from two sources:
 1. **Django Backend (Celery Tasks)**: Collects Django-specific metrics like error rates, response times, queue sizes
 2. **Supabase Edge Function**: Collects Supabase-specific metrics like API errors, rate limits, submission queues
 ## Components
 ### Django Components
 #### 1. Metrics Collector (`apps/monitoring/metrics_collector.py`)
 - Collects system metrics from various sources
 - Records metrics to Supabase `metric_time_series` table
 - Provides utilities for tracking:
  - Error rates
  - API response times
  - Celery queue sizes
  - Database connection counts
  - Cache hit rates
 #### 2. Celery Tasks (`apps/monitoring/tasks.py`)
 Periodic background tasks:
 - `collect_system_metrics`: Collects all metrics every minute
 - `collect_error_metrics`: Tracks error rates
 - `collect_performance_metrics`: Tracks response times and cache performance
 - `collect_queue_metrics`: Monitors Celery queue health
 #### 3. Metrics Middleware (`apps/monitoring/middleware.py`)
 - Tracks API response times for every request
 - Records errors and exceptions
 - Updates cache with performance data
 ### Supabase Components
 #### Edge Function (`supabase/functions/collect-metrics`)
 Collects Supabase-specific metrics:
 - API error counts
 - Rate limit violations
 - Pending submissions
 - Active incidents
 - Unresolved alerts
 - Submission approval rates
 - Average moderation times
 ## Setup Instructions
 ### 1. Django Setup
 Add the monitoring app to your Django `INSTALLED_APPS`:
 ```python
 INSTALLED_APPS = [
    # ... other apps
    'apps.monitoring',
 ]
 ```
 Add the metrics middleware to `MIDDLEWARE`:
 ```python
 MIDDLEWARE = [
    # ... other middleware
    'apps.monitoring.middleware.MetricsMiddleware',
 ]
 ```
 Import and use the Celery Beat schedule in your Django settings:
 ```python
 from config.celery_beat_schedule import CELERY_BEAT_SCHEDULE
 CELERY_BEAT_SCHEDULE = CELERY_BEAT_SCHEDULE
 ```
 Configure environment variables:
 ```bash
 SUPABASE_URL=https://api.thrillwiki.com
 SUPABASE_SERVICE_ROLE_KEY=your_service_role_key
 ```
 ### 2. Start Celery Workers
 Start Celery worker for processing tasks:
 ```bash
 celery -A config worker -l info -Q monitoring,maintenance,analytics
 ```
 Start Celery Beat for periodic task scheduling:
 ```bash
 celery -A config beat -l info
 ```
 ### 3. Supabase Edge Function Setup
 The `collect-metrics` edge function should be called periodically. Set up a cron job in Supabase:
 ```sql
 SELECT cron.schedule(
  'collect-metrics-every-minute',
  '* * * * *', -- Every minute
  $$
  SELECT net.http_post(
    url:='https://api.thrillwiki.com/functions/v1/collect-metrics',
    headers:='{"Content-Type": "application/json", "Authorization": "Bearer YOUR_ANON_KEY"}'::jsonb,
    body:=concat('{"time": "', now(), '"}')::jsonb
  ) as request_id;
  $$
 );
 ```
 ### 4. Anomaly Detection Setup
 The `detect-anomalies` edge function should also run periodically:
 ```sql
 SELECT cron.schedule(
  'detect-anomalies-every-5-minutes',
  '*/5 * * * *', -- Every 5 minutes
  $$
  SELECT net.http_post(
    url:='https://api.thrillwiki.com/functions/v1/detect-anomalies',
    headers:='{"Content-Type": "application/json", "Authorization": "Bearer YOUR_ANON_KEY"}'::jsonb,
    body:=concat('{"time": "', now(), '"}')::jsonb
  ) as request_id;
  $$
 );
 ```
 ### 5. Data Retention Cleanup Setup
 The `data-retention-cleanup` edge function should run daily:
 ```sql
 SELECT cron.schedule(
  'data-retention-cleanup-daily',
  '0 3 * * *', -- Daily at 3:00 AM
  $$
  SELECT net.http_post(
    url:='https://api.thrillwiki.com/functions/v1/data-retention-cleanup',
    headers:='{"Content-Type": "application/json", "Authorization": "Bearer YOUR_ANON_KEY"}'::jsonb,
    body:=concat('{"time": "', now(), '"}')::jsonb
  ) as request_id;
  $$
 );
 ```
 ## Metrics Collected
 ### Django Metrics
 - `error_rate`: Percentage of error logs (performance)
 - `api_response_time`: Average API response time in ms (performance)
 - `celery_queue_size`: Number of queued Celery tasks (system)
 - `database_connections`: Active database connections (system)
 - `cache_hit_rate`: Cache hit percentage (performance)
 ### Supabase Metrics
 - `api_error_count`: Recent API errors (performance)
 - `rate_limit_violations`: Rate limit blocks (security)
 - `pending_submissions`: Submissions awaiting moderation (workflow)
 - `active_incidents`: Open/investigating incidents (monitoring)
 - `unresolved_alerts`: Unresolved system alerts (monitoring)
 - `submission_approval_rate`: Percentage of approved submissions (workflow)
 - `avg_moderation_time`: Average time to moderate in minutes (workflow)
 ## Data Retention Policies
 The system automatically cleans up old data to manage database size:
 ### Retention Periods
 - **Metrics** (`metric_time_series`): 30 days
 - **Anomaly Detections**: 30 days (resolved alerts archived after 7 days)
 - **Resolved Alerts**: 90 days
 - **Resolved Incidents**: 90 days
 ### Cleanup Functions
 The following database functions manage data retention:
 1. **`cleanup_old_metrics(retention_days)`**: Deletes metrics older than specified days (default: 30)
 2. **`cleanup_old_anomalies(retention_days)`**: Archives resolved anomalies and deletes old unresolved ones (default: 30)
 3. **`cleanup_old_alerts(retention_days)`**: Deletes old resolved alerts (default: 90)
 4. **`cleanup_old_incidents(retention_days)`**: Deletes old resolved incidents (default: 90)
 5. **`run_data_retention_cleanup()`**: Master function that runs all cleanup operations
 ### Automated Cleanup Schedule
 Django Celery tasks run retention cleanup automatically:
 - Full cleanup: Daily at 3:00 AM
 - Metrics cleanup: Daily at 3:30 AM
 - Anomaly cleanup: Daily at 4:00 AM
 View retention statistics in the Admin Dashboard's Data Retention panel.
 ## Monitoring
 View collected metrics in the Admin Monitoring Dashboard:
 - Navigate to `/admin/monitoring`
 - View anomaly detections, alerts, and incidents
 - Manually trigger metric collection or anomaly detection
 - View real-time system health
 ## Troubleshooting
 ### No metrics being collected
 1. Check Celery workers are running:
   ```bash
   celery -A config inspect active
   ```
 2. Check Celery Beat is running:
   ```bash
   celery -A config inspect scheduled
   ```
 3. Verify environment variables are set
 4. Check logs for errors:
   ```bash
   tail -f logs/celery.log
   ```
 ### Edge function not collecting metrics
 1. Verify cron job is scheduled in Supabase
 2. Check edge function logs in Supabase dashboard
 3. Verify service role key is correct
 4. Test edge function manually
 ## Production Considerations
 1. **Resource Usage**: Collecting metrics every minute generates significant database writes. Consider adjusting frequency for production.
 2. **Data Retention**: Set up periodic cleanup of old metrics (older than 30 days) to manage database size.
 3. **Alert Fatigue**: Fine-tune anomaly detection sensitivity to reduce false positives.
 4. **Scaling**: As traffic grows, consider moving to a time-series database like TimescaleDB or InfluxDB.
 5. **Monitoring the Monitors**: Set up external health checks to ensure metric collection is working.
--- a/django/api/init.py
+++ b/django/api/init.py
@@ -1,3 +0,0 @@
 """
 REST API package for ThrillWiki Django backend.
 """
--- a/django/api/pycache/init.cpython-313.pyc
+++ b/django/api/pycache/init.cpython-313.pyc
--- a/django/api/v1/init.py
+++ b/django/api/v1/init.py
@@ -1,3 +0,0 @@
 """
 API v1 package.
 """
--- a/django/api/v1/pycache/init.cpython-313.pyc
+++ b/django/api/v1/pycache/init.cpython-313.pyc
--- a/django/api/v1/pycache/api.cpython-313.pyc
+++ b/django/api/v1/pycache/api.cpython-313.pyc
--- a/django/api/v1/pycache/schemas.cpython-313.pyc
+++ b/django/api/v1/pycache/schemas.cpython-313.pyc
--- a/django/api/v1/api.py
+++ b/django/api/v1/api.py
@@ -1,158 +0,0 @@
 """
 Main API v1 router.
 This module combines all endpoint routers and provides the main API interface.
 """
 from ninja import NinjaAPI
 from ninja.security import django_auth
 from .endpoints.companies import router as companies_router
 from .endpoints.ride_models import router as ride_models_router
 from .endpoints.parks import router as parks_router
 from .endpoints.rides import router as rides_router
 from .endpoints.moderation import router as moderation_router
 from .endpoints.versioning import router as versioning_router
 from .endpoints.auth import router as auth_router
 from .endpoints.photos import router as photos_router
 from .endpoints.search import router as search_router
 # Create the main API instance
 api = NinjaAPI(
    title="ThrillWiki API",
    version="1.0.0",
    description="""
 # ThrillWiki REST API
 A comprehensive API for amusement park, ride, and company data.
 ## Features
 - **Companies**: Manufacturers, operators, and designers in the amusement industry
 - **Ride Models**: Specific ride models from manufacturers
 - **Parks**: Theme parks, amusement parks, water parks, and FECs
 - **Rides**: Individual rides and roller coasters
 ## Authentication
 The API uses JWT (JSON Web Token) authentication for secure access.
 ### Getting Started
 1. Register: `POST /api/v1/auth/register`
 2. Login: `POST /api/v1/auth/login` (returns access & refresh tokens)
 3. Use token: Include `Authorization: Bearer <access_token>` header in requests
 4. Refresh: `POST /api/v1/auth/token/refresh` when access token expires
 ### Permissions
 - **Public**: Read operations (GET) on entities
 - **Authenticated**: Create submissions, manage own profile
 - **Moderator**: Approve/reject submissions, moderate content
 - **Admin**: Full access, user management, role assignment
 ### Optional: Multi-Factor Authentication (MFA)
 Users can enable TOTP-based 2FA for enhanced security:
 1. Enable: `POST /api/v1/auth/mfa/enable`
 2. Confirm: `POST /api/v1/auth/mfa/confirm`
 3. Login with MFA: Include `mfa_token` in login request
 ## Pagination
 List endpoints return paginated results:
 - Default page size: 50 items
 - Use `page` parameter to navigate (e.g., `?page=2`)
 ## Filtering & Search
 Most list endpoints support filtering and search parameters.
 See individual endpoint documentation for available filters.
 ## Geographic Search
 The parks endpoint includes a special `/parks/nearby/` endpoint for geographic searches:
 - **Production (PostGIS)**: Uses accurate distance-based queries
 - **Local Development (SQLite)**: Uses bounding box approximation
 ## Rate Limiting
 Rate limiting will be implemented in future versions.
 ## Data Format
 All dates are in ISO 8601 format (YYYY-MM-DD).
 All timestamps are in ISO 8601 format with timezone.
 UUIDs are used for all entity IDs.
    """,
    docs_url="/docs",
    openapi_url="/openapi.json",
 )
 # Add authentication router
 api.add_router("/auth", auth_router)
 # Add routers for each entity
 api.add_router("/companies", companies_router)
 api.add_router("/ride-models", ride_models_router)
 api.add_router("/parks", parks_router)
 api.add_router("/rides", rides_router)
 # Add moderation router
 api.add_router("/moderation", moderation_router)
 # Add versioning router
 api.add_router("", versioning_router)  # Versioning endpoints are nested under entity paths
 # Add photos router
 api.add_router("", photos_router)  # Photos endpoints include both /photos and entity-nested routes
 # Add search router
 api.add_router("/search", search_router)
 # Health check endpoint
@api.get("/health", tags=["System"], summary="Health check")
 def health_check(request):
    """
    Health check endpoint.
    Returns system status and API version.
    """
    return {
        "status": "healthy",
        "version": "1.0.0",
        "api": "ThrillWiki API v1"
    }
 # API info endpoint
@api.get("/info", tags=["System"], summary="API information")
 def api_info(request):
    """
    Get API information and statistics.
    Returns basic API metadata and available endpoints.
    """
    from apps.entities.models import Company, RideModel, Park, Ride
    return {
        "version": "1.0.0",
        "title": "ThrillWiki API",
        "endpoints": {
            "auth": "/api/v1/auth/",
            "companies": "/api/v1/companies/",
            "ride_models": "/api/v1/ride-models/",
            "parks": "/api/v1/parks/",
            "rides": "/api/v1/rides/",
            "moderation": "/api/v1/moderation/",
            "photos": "/api/v1/photos/",
            "search": "/api/v1/search/",
        },
        "statistics": {
            "companies": Company.objects.count(),
            "ride_models": RideModel.objects.count(),
            "parks": Park.objects.count(),
            "rides": Ride.objects.count(),
            "coasters": Ride.objects.filter(is_coaster=True).count(),
        },
        "documentation": "/api/v1/docs",
        "openapi_schema": "/api/v1/openapi.json",
    }
--- a/django/api/v1/endpoints/init.py
+++ b/django/api/v1/endpoints/init.py
@@ -1,3 +0,0 @@
 """
 API v1 endpoints package.
 """
--- a/django/api/v1/endpoints/pycache/init.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/init.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/auth.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/auth.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/companies.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/companies.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/moderation.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/moderation.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/parks.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/parks.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/photos.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/photos.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/ride_models.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/ride_models.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/rides.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/rides.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/search.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/search.cpython-313.pyc
--- a/django/api/v1/endpoints/pycache/versioning.cpython-313.pyc
+++ b/django/api/v1/endpoints/pycache/versioning.cpython-313.pyc
--- a/django/api/v1/endpoints/auth.py
+++ b/django/api/v1/endpoints/auth.py
@@ -1,596 +0,0 @@
 """
 Authentication API endpoints.
 Provides endpoints for:
 - User registration and login
 - JWT token management
 - MFA/2FA
 - Password management
 - User profile and preferences
 - User administration
 """
 from typing import List, Optional
 from django.http import HttpRequest
 from django.core.exceptions import ValidationError, PermissionDenied
 from django.db.models import Q
 from ninja import Router
 from rest_framework_simplejwt.tokens import RefreshToken
 from rest_framework_simplejwt.exceptions import TokenError
 import logging
 from apps.users.models import User, UserRole, UserProfile
 from apps.users.services import (
    AuthenticationService,
    MFAService,
    RoleService,
    UserManagementService
 )
 from apps.users.permissions import (
    jwt_auth,
    require_auth,
    require_admin,
    get_permission_checker
 )
 from api.v1.schemas import (
    UserRegisterRequest,
    UserLoginRequest,
    TokenResponse,
    TokenRefreshRequest,
    UserProfileOut,
    UserProfileUpdate,
    ChangePasswordRequest,
    ResetPasswordRequest,
    TOTPEnableResponse,
    TOTPConfirmRequest,
    TOTPVerifyRequest,
    UserRoleOut,
    UserPermissionsOut,
    UserStatsOut,
    UserProfilePreferencesOut,
    UserProfilePreferencesUpdate,
    BanUserRequest,
    UnbanUserRequest,
    AssignRoleRequest,
    UserListOut,
    MessageSchema,
    ErrorSchema,
 )
 router = Router(tags=["Authentication"])
 logger = logging.getLogger(__name__)
 # ============================================================================
 # Public Authentication Endpoints
 # ============================================================================
@router.post("/register", response={201: UserProfileOut, 400: ErrorSchema})
 def register(request: HttpRequest, data: UserRegisterRequest):
    """
    Register a new user account.
    - **email**: User's email address (required)
    - **password**: Password (min 8 characters, required)
    - **password_confirm**: Password confirmation (required)
    - **username**: Username (optional, auto-generated if not provided)
    - **first_name**: First name (optional)
    - **last_name**: Last name (optional)
    Returns the created user profile and automatically logs in the user.
    """
    try:
        # Register user
        user = AuthenticationService.register_user(
            email=data.email,
            password=data.password,
            username=data.username,
            first_name=data.first_name or '',
            last_name=data.last_name or ''
        )
        logger.info(f"New user registered: {user.email}")
        return 201, user
    except ValidationError as e:
        error_msg = str(e.message_dict) if hasattr(e, 'message_dict') else str(e)
        return 400, {"error": "Registration failed", "detail": error_msg}
    except Exception as e:
        logger.error(f"Registration error: {e}")
        return 400, {"error": "Registration failed", "detail": str(e)}
@router.post("/login", response={200: TokenResponse, 401: ErrorSchema})
 def login(request: HttpRequest, data: UserLoginRequest):
    """
    Login with email and password.
    - **email**: User's email address
    - **password**: Password
    - **mfa_token**: MFA token (required if MFA is enabled)
    Returns JWT access and refresh tokens on successful authentication.
    """
    try:
        # Authenticate user
        user = AuthenticationService.authenticate_user(data.email, data.password)
        if not user:
            return 401, {"error": "Invalid credentials", "detail": "Email or password is incorrect"}
        # Check MFA if enabled
        if user.mfa_enabled:
            if not data.mfa_token:
                return 401, {"error": "MFA required", "detail": "Please provide MFA token"}
            if not MFAService.verify_totp(user, data.mfa_token):
                return 401, {"error": "Invalid MFA token", "detail": "The MFA token is invalid"}
        # Generate tokens
        refresh = RefreshToken.for_user(user)
        return 200, {
            "access": str(refresh.access_token),
            "refresh": str(refresh),
            "token_type": "Bearer"
        }
    except ValidationError as e:
        return 401, {"error": "Authentication failed", "detail": str(e)}
    except Exception as e:
        logger.error(f"Login error: {e}")
        return 401, {"error": "Authentication failed", "detail": str(e)}
@router.post("/token/refresh", response={200: TokenResponse, 401: ErrorSchema})
 def refresh_token(request: HttpRequest, data: TokenRefreshRequest):
    """
    Refresh JWT access token using refresh token.
    - **refresh**: Refresh token
    Returns new access token and optionally a new refresh token.
    """
    try:
        refresh = RefreshToken(data.refresh)
        return 200, {
            "access": str(refresh.access_token),
            "refresh": str(refresh),
            "token_type": "Bearer"
        }
    except TokenError as e:
        return 401, {"error": "Invalid token", "detail": str(e)}
    except Exception as e:
        logger.error(f"Token refresh error: {e}")
        return 401, {"error": "Token refresh failed", "detail": str(e)}
@router.post("/logout", auth=jwt_auth, response={200: MessageSchema})
@require_auth
 def logout(request: HttpRequest):
    """
    Logout (blacklist refresh token).
    Note: Requires authentication. The client should also discard the access token.
    """
    # Note: Token blacklisting is handled by djangorestframework-simplejwt
    # when BLACKLIST_AFTER_ROTATION is True in settings
    return 200, {"message": "Logged out successfully", "success": True}
 # ============================================================================
 # User Profile Endpoints
 # ============================================================================
@router.get("/me", auth=jwt_auth, response={200: UserProfileOut, 401: ErrorSchema})
@require_auth
 def get_my_profile(request: HttpRequest):
    """
    Get current user's profile.
    Returns detailed profile information for the authenticated user.
    """
    user = request.auth
    return 200, user
@router.patch("/me", auth=jwt_auth, response={200: UserProfileOut, 400: ErrorSchema})
@require_auth
 def update_my_profile(request: HttpRequest, data: UserProfileUpdate):
    """
    Update current user's profile.
    - **first_name**: First name (optional)
    - **last_name**: Last name (optional)
    - **username**: Username (optional)
    - **bio**: User biography (optional, max 500 characters)
    - **avatar_url**: Avatar image URL (optional)
    """
    try:
        user = request.auth
        # Prepare update data
        update_data = data.dict(exclude_unset=True)
        # Update profile
        updated_user = UserManagementService.update_profile(user, **update_data)
        return 200, updated_user
    except ValidationError as e:
        return 400, {"error": "Update failed", "detail": str(e)}
    except Exception as e:
        logger.error(f"Profile update error: {e}")
        return 400, {"error": "Update failed", "detail": str(e)}
@router.get("/me/role", auth=jwt_auth, response={200: UserRoleOut, 404: ErrorSchema})
@require_auth
 def get_my_role(request: HttpRequest):
    """
    Get current user's role.
    Returns role information including permissions.
    """
    try:
        user = request.auth
        role = user.role
        response_data = {
            "role": role.role,
            "is_moderator": role.is_moderator,
            "is_admin": role.is_admin,
            "granted_at": role.granted_at,
            "granted_by_email": role.granted_by.email if role.granted_by else None
        }
        return 200, response_data
    except UserRole.DoesNotExist:
        return 404, {"error": "Role not found", "detail": "User role not assigned"}
@router.get("/me/permissions", auth=jwt_auth, response={200: UserPermissionsOut})
@require_auth
 def get_my_permissions(request: HttpRequest):
    """
    Get current user's permissions.
    Returns a summary of what the user can do.
    """
    user = request.auth
    permissions = RoleService.get_user_permissions(user)
    return 200, permissions
@router.get("/me/stats", auth=jwt_auth, response={200: UserStatsOut})
@require_auth
 def get_my_stats(request: HttpRequest):
    """
    Get current user's statistics.
    Returns submission stats, reputation score, and activity information.
    """
    user = request.auth
    stats = UserManagementService.get_user_stats(user)
    return 200, stats
 # ============================================================================
 # User Preferences Endpoints
 # ============================================================================
@router.get("/me/preferences", auth=jwt_auth, response={200: UserProfilePreferencesOut})
@require_auth
 def get_my_preferences(request: HttpRequest):
    """
    Get current user's preferences.
    Returns notification and privacy preferences.
    """
    user = request.auth
    profile = user.profile
    return 200, profile
@router.patch("/me/preferences", auth=jwt_auth, response={200: UserProfilePreferencesOut, 400: ErrorSchema})
@require_auth
 def update_my_preferences(request: HttpRequest, data: UserProfilePreferencesUpdate):
    """
    Update current user's preferences.
    - **email_notifications**: Receive email notifications
    - **email_on_submission_approved**: Email when submissions approved
    - **email_on_submission_rejected**: Email when submissions rejected
    - **profile_public**: Make profile publicly visible
    - **show_email**: Show email on public profile
    """
    try:
        user = request.auth
        # Prepare update data
        update_data = data.dict(exclude_unset=True)
        # Update preferences
        updated_profile = UserManagementService.update_preferences(user, **update_data)
        return 200, updated_profile
    except Exception as e:
        logger.error(f"Preferences update error: {e}")
        return 400, {"error": "Update failed", "detail": str(e)}
 # ============================================================================
 # Password Management Endpoints
 # ============================================================================
@router.post("/password/change", auth=jwt_auth, response={200: MessageSchema, 400: ErrorSchema})
@require_auth
 def change_password(request: HttpRequest, data: ChangePasswordRequest):
    """
    Change current user's password.
    - **old_password**: Current password (required)
    - **new_password**: New password (min 8 characters, required)
    - **new_password_confirm**: New password confirmation (required)
    """
    try:
        user = request.auth
        AuthenticationService.change_password(
            user=user,
            old_password=data.old_password,
            new_password=data.new_password
        )
        return 200, {"message": "Password changed successfully", "success": True}
    except ValidationError as e:
        error_msg = str(e.message_dict) if hasattr(e, 'message_dict') else str(e)
        return 400, {"error": "Password change failed", "detail": error_msg}
@router.post("/password/reset", response={200: MessageSchema})
 def request_password_reset(request: HttpRequest, data: ResetPasswordRequest):
    """
    Request password reset email.
    - **email**: User's email address
    Note: This is a placeholder. In production, this should send a reset email.
    For now, it returns success regardless of whether the email exists.
    """
    # TODO: Implement email sending with password reset token
    # For security, always return success even if email doesn't exist
    return 200, {
        "message": "If the email exists, a password reset link has been sent",
        "success": True
    }
 # ============================================================================
 # MFA/2FA Endpoints
 # ============================================================================
@router.post("/mfa/enable", auth=jwt_auth, response={200: TOTPEnableResponse, 400: ErrorSchema})
@require_auth
 def enable_mfa(request: HttpRequest):
    """
    Enable MFA/2FA for current user.
    Returns TOTP secret and QR code URL for authenticator apps.
    User must confirm with a valid token to complete setup.
    """
    try:
        user = request.auth
        # Create TOTP device
        device = MFAService.enable_totp(user)
        # Generate QR code URL
        issuer = "ThrillWiki"
        qr_url = device.config_url
        return 200, {
            "secret": device.key,
            "qr_code_url": qr_url,
            "backup_codes": []  # TODO: Generate backup codes
        }
    except Exception as e:
        logger.error(f"MFA enable error: {e}")
        return 400, {"error": "MFA setup failed", "detail": str(e)}
@router.post("/mfa/confirm", auth=jwt_auth, response={200: MessageSchema, 400: ErrorSchema})
@require_auth
 def confirm_mfa(request: HttpRequest, data: TOTPConfirmRequest):
    """
    Confirm MFA setup with verification token.
    - **token**: 6-digit TOTP token from authenticator app
    Completes MFA setup after verifying the token is valid.
    """
    try:
        user = request.auth
        MFAService.confirm_totp(user, data.token)
        return 200, {"message": "MFA enabled successfully", "success": True}
    except ValidationError as e:
        return 400, {"error": "Confirmation failed", "detail": str(e)}
@router.post("/mfa/disable", auth=jwt_auth, response={200: MessageSchema})
@require_auth
 def disable_mfa(request: HttpRequest):
    """
    Disable MFA/2FA for current user.
    Removes all TOTP devices and disables MFA requirement.
    """
    user = request.auth
    MFAService.disable_totp(user)
    return 200, {"message": "MFA disabled successfully", "success": True}
@router.post("/mfa/verify", auth=jwt_auth, response={200: MessageSchema, 400: ErrorSchema})
@require_auth
 def verify_mfa_token(request: HttpRequest, data: TOTPVerifyRequest):
    """
    Verify MFA token (for testing).
    - **token**: 6-digit TOTP token
    Returns whether the token is valid.
    """
    user = request.auth
    if MFAService.verify_totp(user, data.token):
        return 200, {"message": "Token is valid", "success": True}
    else:
        return 400, {"error": "Invalid token", "detail": "The token is not valid"}
 # ============================================================================
 # User Management Endpoints (Admin Only)
 # ============================================================================
@router.get("/users", auth=jwt_auth, response={200: UserListOut, 403: ErrorSchema})
@require_admin
 def list_users(
    request: HttpRequest,
    page: int = 1,
    page_size: int = 50,
    search: Optional[str] = None,
    role: Optional[str] = None,
    banned: Optional[bool] = None
 ):
    """
    List all users (admin only).
    - **page**: Page number (default: 1)
    - **page_size**: Items per page (default: 50, max: 100)
    - **search**: Search by email or username
    - **role**: Filter by role (user, moderator, admin)
    - **banned**: Filter by banned status
    """
    # Build query
    queryset = User.objects.select_related('role').all()
    # Apply filters
    if search:
        queryset = queryset.filter(
            Q(email__icontains=search) |
            Q(username__icontains=search) |
            Q(first_name__icontains=search) |
            Q(last_name__icontains=search)
        )
    if role:
        queryset = queryset.filter(role__role=role)
    if banned is not None:
        queryset = queryset.filter(banned=banned)
    # Pagination
    page_size = min(page_size, 100)  # Max 100 items per page
    total = queryset.count()
    total_pages = (total + page_size - 1) // page_size
    start = (page - 1) * page_size
    end = start + page_size
    users = list(queryset[start:end])
    return 200, {
        "items": users,
        "total": total,
        "page": page,
        "page_size": page_size,
        "total_pages": total_pages
    }
@router.get("/users/{user_id}", auth=jwt_auth, response={200: UserProfileOut, 404: ErrorSchema})
@require_admin
 def get_user(request: HttpRequest, user_id: str):
    """
    Get user by ID (admin only).
    Returns detailed profile information for the specified user.
    """
    try:
        user = User.objects.get(id=user_id)
        return 200, user
    except User.DoesNotExist:
        return 404, {"error": "User not found", "detail": f"No user with ID {user_id}"}
@router.post("/users/ban", auth=jwt_auth, response={200: MessageSchema, 400: ErrorSchema})
@require_admin
 def ban_user(request: HttpRequest, data: BanUserRequest):
    """
    Ban a user (admin only).
    - **user_id**: User ID to ban
    - **reason**: Reason for ban
    """
    try:
        user = User.objects.get(id=data.user_id)
        admin = request.auth
        UserManagementService.ban_user(user, data.reason, admin)
        return 200, {"message": f"User {user.email} has been banned", "success": True}
    except User.DoesNotExist:
        return 400, {"error": "User not found", "detail": f"No user with ID {data.user_id}"}
@router.post("/users/unban", auth=jwt_auth, response={200: MessageSchema, 400: ErrorSchema})
@require_admin
 def unban_user(request: HttpRequest, data: UnbanUserRequest):
    """
    Unban a user (admin only).
    - **user_id**: User ID to unban
    """
    try:
        user = User.objects.get(id=data.user_id)
        UserManagementService.unban_user(user)
        return 200, {"message": f"User {user.email} has been unbanned", "success": True}
    except User.DoesNotExist:
        return 400, {"error": "User not found", "detail": f"No user with ID {data.user_id}"}
@router.post("/users/assign-role", auth=jwt_auth, response={200: MessageSchema, 400: ErrorSchema})
@require_admin
 def assign_role(request: HttpRequest, data: AssignRoleRequest):
    """
    Assign role to user (admin only).
    - **user_id**: User ID
    - **role**: Role to assign (user, moderator, admin)
    """
    try:
        user = User.objects.get(id=data.user_id)
        admin = request.auth
        RoleService.assign_role(user, data.role, admin)
        return 200, {"message": f"Role '{data.role}' assigned to {user.email}", "success": True}
    except User.DoesNotExist:
        return 400, {"error": "User not found", "detail": f"No user with ID {data.user_id}"}
    except ValidationError as e:
        return 400, {"error": "Invalid role", "detail": str(e)}
--- a/django/api/v1/endpoints/companies.py
+++ b/django/api/v1/endpoints/companies.py
@@ -1,254 +0,0 @@
 """
 Company endpoints for API v1.
 Provides CRUD operations for Company entities with filtering and search.
 """
 from typing import List, Optional
 from uuid import UUID
 from django.shortcuts import get_object_or_404
 from django.db.models import Q
 from ninja import Router, Query
 from ninja.pagination import paginate, PageNumberPagination
 from apps.entities.models import Company
 from ..schemas import (
    CompanyCreate,
    CompanyUpdate,
    CompanyOut,
    CompanyListOut,
    ErrorResponse
 )
 router = Router(tags=["Companies"])
 class CompanyPagination(PageNumberPagination):
    """Custom pagination for companies."""
    page_size = 50
@router.get(
    "/",
    response={200: List[CompanyOut]},
    summary="List companies",
    description="Get a paginated list of companies with optional filtering"
 )
@paginate(CompanyPagination)
 def list_companies(
    request,
    search: Optional[str] = Query(None, description="Search by company name"),
    company_type: Optional[str] = Query(None, description="Filter by company type"),
    location_id: Optional[UUID] = Query(None, description="Filter by location"),
    ordering: Optional[str] = Query("-created", description="Sort by field (prefix with - for descending)")
 ):
    """
    List all companies with optional filters.
    **Filters:**
    - search: Search company names (case-insensitive partial match)
    - company_type: Filter by specific company type
    - location_id: Filter by headquarters location
    - ordering: Sort results (default: -created)
    **Returns:** Paginated list of companies
    """
    queryset = Company.objects.all()
    # Apply search filter
    if search:
        queryset = queryset.filter(
            Q(name__icontains=search) | Q(description__icontains=search)
        )
    # Apply company type filter
    if company_type:
        queryset = queryset.filter(company_types__contains=[company_type])
    # Apply location filter
    if location_id:
        queryset = queryset.filter(location_id=location_id)
    # Apply ordering
    valid_order_fields = ['name', 'created', 'modified', 'founded_date', 'park_count', 'ride_count']
    order_field = ordering.lstrip('-')
    if order_field in valid_order_fields:
        queryset = queryset.order_by(ordering)
    else:
        queryset = queryset.order_by('-created')
    return queryset
@router.get(
    "/{company_id}",
    response={200: CompanyOut, 404: ErrorResponse},
    summary="Get company",
    description="Retrieve a single company by ID"
 )
 def get_company(request, company_id: UUID):
    """
    Get a company by ID.
    **Parameters:**
    - company_id: UUID of the company
    **Returns:** Company details
    """
    company = get_object_or_404(Company, id=company_id)
    return company
@router.post(
    "/",
    response={201: CompanyOut, 400: ErrorResponse},
    summary="Create company",
    description="Create a new company (requires authentication)"
 )
 def create_company(request, payload: CompanyCreate):
    """
    Create a new company.
    **Authentication:** Required
    **Parameters:**
    - payload: Company data
    **Returns:** Created company
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    company = Company.objects.create(**payload.dict())
    return 201, company
@router.put(
    "/{company_id}",
    response={200: CompanyOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Update company",
    description="Update an existing company (requires authentication)"
 )
 def update_company(request, company_id: UUID, payload: CompanyUpdate):
    """
    Update a company.
    **Authentication:** Required
    **Parameters:**
    - company_id: UUID of the company
    - payload: Updated company data
    **Returns:** Updated company
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    company = get_object_or_404(Company, id=company_id)
    # Update only provided fields
    for key, value in payload.dict(exclude_unset=True).items():
        setattr(company, key, value)
    company.save()
    return company
@router.patch(
    "/{company_id}",
    response={200: CompanyOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Partial update company",
    description="Partially update an existing company (requires authentication)"
 )
 def partial_update_company(request, company_id: UUID, payload: CompanyUpdate):
    """
    Partially update a company.
    **Authentication:** Required
    **Parameters:**
    - company_id: UUID of the company
    - payload: Fields to update
    **Returns:** Updated company
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    company = get_object_or_404(Company, id=company_id)
    # Update only provided fields
    for key, value in payload.dict(exclude_unset=True).items():
        setattr(company, key, value)
    company.save()
    return company
@router.delete(
    "/{company_id}",
    response={204: None, 404: ErrorResponse},
    summary="Delete company",
    description="Delete a company (requires authentication)"
 )
 def delete_company(request, company_id: UUID):
    """
    Delete a company.
    **Authentication:** Required
    **Parameters:**
    - company_id: UUID of the company
    **Returns:** No content (204)
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    company = get_object_or_404(Company, id=company_id)
    company.delete()
    return 204, None
@router.get(
    "/{company_id}/parks",
    response={200: List[dict], 404: ErrorResponse},
    summary="Get company parks",
    description="Get all parks operated by a company"
 )
 def get_company_parks(request, company_id: UUID):
    """
    Get parks operated by a company.
    **Parameters:**
    - company_id: UUID of the company
    **Returns:** List of parks
    """
    company = get_object_or_404(Company, id=company_id)
    parks = company.operated_parks.all().values('id', 'name', 'slug', 'status', 'park_type')
    return list(parks)
@router.get(
    "/{company_id}/rides",
    response={200: List[dict], 404: ErrorResponse},
    summary="Get company rides",
    description="Get all rides manufactured by a company"
 )
 def get_company_rides(request, company_id: UUID):
    """
    Get rides manufactured by a company.
    **Parameters:**
    - company_id: UUID of the company
    **Returns:** List of rides
    """
    company = get_object_or_404(Company, id=company_id)
    rides = company.manufactured_rides.all().values('id', 'name', 'slug', 'status', 'ride_category')
    return list(rides)
--- a/django/api/v1/endpoints/moderation.py
+++ b/django/api/v1/endpoints/moderation.py
@@ -1,496 +0,0 @@
 """
 Moderation API endpoints.
 Provides REST API for content submission and moderation workflow.
 """
 from typing import List, Optional
 from uuid import UUID
 from ninja import Router
 from django.shortcuts import get_object_or_404
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ValidationError, PermissionDenied
 from apps.moderation.models import ContentSubmission, SubmissionItem
 from apps.moderation.services import ModerationService
 from api.v1.schemas import (
    ContentSubmissionCreate,
    ContentSubmissionOut,
    ContentSubmissionDetail,
    SubmissionListOut,
    StartReviewRequest,
    ApproveRequest,
    ApproveSelectiveRequest,
    RejectRequest,
    RejectSelectiveRequest,
    ApprovalResponse,
    SelectiveApprovalResponse,
    SelectiveRejectionResponse,
    ErrorResponse,
 )
 router = Router(tags=['Moderation'])
 # ============================================================================
 # Helper Functions
 # ============================================================================
 def _submission_to_dict(submission: ContentSubmission) -> dict:
    """Convert submission model to dict for schema."""
    return {
        'id': submission.id,
        'status': submission.status,
        'submission_type': submission.submission_type,
        'title': submission.title,
        'description': submission.description or '',
        'entity_type': submission.entity_type.model,
        'entity_id': submission.entity_id,
        'user_id': submission.user.id,
        'user_email': submission.user.email,
        'locked_by_id': submission.locked_by.id if submission.locked_by else None,
        'locked_by_email': submission.locked_by.email if submission.locked_by else None,
        'locked_at': submission.locked_at,
        'reviewed_by_id': submission.reviewed_by.id if submission.reviewed_by else None,
        'reviewed_by_email': submission.reviewed_by.email if submission.reviewed_by else None,
        'reviewed_at': submission.reviewed_at,
        'rejection_reason': submission.rejection_reason or '',
        'source': submission.source,
        'metadata': submission.metadata,
        'items_count': submission.get_items_count(),
        'approved_items_count': submission.get_approved_items_count(),
        'rejected_items_count': submission.get_rejected_items_count(),
        'created': submission.created,
        'modified': submission.modified,
    }
 def _item_to_dict(item: SubmissionItem) -> dict:
    """Convert submission item model to dict for schema."""
    return {
        'id': item.id,
        'submission_id': item.submission.id,
        'field_name': item.field_name,
        'field_label': item.field_label or item.field_name,
        'old_value': item.old_value,
        'new_value': item.new_value,
        'change_type': item.change_type,
        'is_required': item.is_required,
        'order': item.order,
        'status': item.status,
        'reviewed_by_id': item.reviewed_by.id if item.reviewed_by else None,
        'reviewed_by_email': item.reviewed_by.email if item.reviewed_by else None,
        'reviewed_at': item.reviewed_at,
        'rejection_reason': item.rejection_reason or '',
        'old_value_display': item.old_value_display,
        'new_value_display': item.new_value_display,
        'created': item.created,
        'modified': item.modified,
    }
 def _get_entity(entity_type: str, entity_id: UUID):
    """Get entity instance from type string and ID."""
    # Map entity type strings to models
    type_map = {
        'park': 'entities.Park',
        'ride': 'entities.Ride',
        'company': 'entities.Company',
        'ridemodel': 'entities.RideModel',
    }
    app_label, model = type_map.get(entity_type.lower(), '').split('.')
    content_type = ContentType.objects.get(app_label=app_label, model=model.lower())
    model_class = content_type.model_class()
    return get_object_or_404(model_class, id=entity_id)
 # ============================================================================
 # Submission Endpoints
 # ============================================================================
@router.post('/submissions', response={201: ContentSubmissionOut, 400: ErrorResponse, 401: ErrorResponse})
 def create_submission(request, data: ContentSubmissionCreate):
    """
    Create a new content submission.
    Creates a submission with multiple items representing field changes.
    If auto_submit is True, the submission is immediately moved to pending state.
    """
    # TODO: Require authentication
    # For now, use a test user or get from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP: Get first user for testing
    if not user:
        return 401, {'detail': 'Authentication required'}
    try:
        # Get entity
        entity = _get_entity(data.entity_type, data.entity_id)
        # Prepare items data
        items_data = [
            {
                'field_name': item.field_name,
                'field_label': item.field_label,
                'old_value': item.old_value,
                'new_value': item.new_value,
                'change_type': item.change_type,
                'is_required': item.is_required,
                'order': item.order,
            }
            for item in data.items
        ]
        # Create submission
        submission = ModerationService.create_submission(
            user=user,
            entity=entity,
            submission_type=data.submission_type,
            title=data.title,
            description=data.description or '',
            items_data=items_data,
            metadata=data.metadata,
            auto_submit=data.auto_submit,
            source='api'
        )
        return 201, _submission_to_dict(submission)
    except Exception as e:
        return 400, {'detail': str(e)}
@router.get('/submissions', response=SubmissionListOut)
 def list_submissions(
    request,
    status: Optional[str] = None,
    page: int = 1,
    page_size: int = 50
 ):
    """
    List content submissions with optional filtering.
    Query Parameters:
    - status: Filter by status (draft, pending, reviewing, approved, rejected)
    - page: Page number (default: 1)
    - page_size: Items per page (default: 50, max: 100)
    """
    # Validate page_size
    page_size = min(page_size, 100)
    offset = (page - 1) * page_size
    # Get submissions
    submissions = ModerationService.get_queue(
        status=status,
        limit=page_size,
        offset=offset
    )
    # Get total count
    total_queryset = ContentSubmission.objects.all()
    if status:
        total_queryset = total_queryset.filter(status=status)
    total = total_queryset.count()
    # Calculate total pages
    total_pages = (total + page_size - 1) // page_size
    # Convert to dicts
    items = [_submission_to_dict(sub) for sub in submissions]
    return {
        'items': items,
        'total': total,
        'page': page,
        'page_size': page_size,
        'total_pages': total_pages,
    }
@router.get('/submissions/{submission_id}', response={200: ContentSubmissionDetail, 404: ErrorResponse})
 def get_submission(request, submission_id: UUID):
    """
    Get detailed submission information with all items.
    """
    try:
        submission = ModerationService.get_submission_details(submission_id)
        # Convert to dict with items
        data = _submission_to_dict(submission)
        data['items'] = [_item_to_dict(item) for item in submission.items.all()]
        return 200, data
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
@router.delete('/submissions/{submission_id}', response={204: None, 403: ErrorResponse, 404: ErrorResponse})
 def delete_submission(request, submission_id: UUID):
    """
    Delete a submission (only if draft/pending and owned by user).
    """
    # TODO: Get current user from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    try:
        ModerationService.delete_submission(submission_id, user)
        return 204, None
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
    except PermissionDenied as e:
        return 403, {'detail': str(e)}
    except ValidationError as e:
        return 400, {'detail': str(e)}
 # ============================================================================
 # Review Endpoints
 # ============================================================================
@router.post(
    '/submissions/{submission_id}/start-review',
    response={200: ContentSubmissionOut, 400: ErrorResponse, 403: ErrorResponse, 404: ErrorResponse}
 )
 def start_review(request, submission_id: UUID, data: StartReviewRequest):
    """
    Start reviewing a submission (lock it for 15 minutes).
    Only moderators can start reviews.
    """
    # TODO: Get current user (moderator) from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    try:
        submission = ModerationService.start_review(submission_id, user)
        return 200, _submission_to_dict(submission)
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
    except PermissionDenied as e:
        return 403, {'detail': str(e)}
    except ValidationError as e:
        return 400, {'detail': str(e)}
@router.post(
    '/submissions/{submission_id}/approve',
    response={200: ApprovalResponse, 400: ErrorResponse, 403: ErrorResponse, 404: ErrorResponse}
 )
 def approve_submission(request, submission_id: UUID, data: ApproveRequest):
    """
    Approve an entire submission and apply all changes.
    Uses atomic transactions - all changes are applied or none are.
    Only moderators can approve submissions.
    """
    # TODO: Get current user (moderator) from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    try:
        submission = ModerationService.approve_submission(submission_id, user)
        return 200, {
            'success': True,
            'message': 'Submission approved successfully',
            'submission': _submission_to_dict(submission)
        }
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
    except PermissionDenied as e:
        return 403, {'detail': str(e)}
    except ValidationError as e:
        return 400, {'detail': str(e)}
@router.post(
    '/submissions/{submission_id}/approve-selective',
    response={200: SelectiveApprovalResponse, 400: ErrorResponse, 403: ErrorResponse, 404: ErrorResponse}
 )
 def approve_selective(request, submission_id: UUID, data: ApproveSelectiveRequest):
    """
    Approve only specific items in a submission.
    Allows moderators to approve some changes while leaving others pending or rejected.
    Uses atomic transactions for data integrity.
    """
    # TODO: Get current user (moderator) from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    try:
        result = ModerationService.approve_selective(
            submission_id,
            user,
            [str(item_id) for item_id in data.item_ids]
        )
        return 200, {
            'success': True,
            'message': f"Approved {result['approved']} of {result['total']} items",
            **result
        }
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
    except PermissionDenied as e:
        return 403, {'detail': str(e)}
    except ValidationError as e:
        return 400, {'detail': str(e)}
@router.post(
    '/submissions/{submission_id}/reject',
    response={200: ApprovalResponse, 400: ErrorResponse, 403: ErrorResponse, 404: ErrorResponse}
 )
 def reject_submission(request, submission_id: UUID, data: RejectRequest):
    """
    Reject an entire submission.
    All pending items are rejected with the provided reason.
    Only moderators can reject submissions.
    """
    # TODO: Get current user (moderator) from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    try:
        submission = ModerationService.reject_submission(submission_id, user, data.reason)
        return 200, {
            'success': True,
            'message': 'Submission rejected',
            'submission': _submission_to_dict(submission)
        }
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
    except PermissionDenied as e:
        return 403, {'detail': str(e)}
    except ValidationError as e:
        return 400, {'detail': str(e)}
@router.post(
    '/submissions/{submission_id}/reject-selective',
    response={200: SelectiveRejectionResponse, 400: ErrorResponse, 403: ErrorResponse, 404: ErrorResponse}
 )
 def reject_selective(request, submission_id: UUID, data: RejectSelectiveRequest):
    """
    Reject only specific items in a submission.
    Allows moderators to reject some changes while leaving others pending or approved.
    """
    # TODO: Get current user (moderator) from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    try:
        result = ModerationService.reject_selective(
            submission_id,
            user,
            [str(item_id) for item_id in data.item_ids],
            data.reason or ''
        )
        return 200, {
            'success': True,
            'message': f"Rejected {result['rejected']} of {result['total']} items",
            **result
        }
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
    except PermissionDenied as e:
        return 403, {'detail': str(e)}
    except ValidationError as e:
        return 400, {'detail': str(e)}
@router.post(
    '/submissions/{submission_id}/unlock',
    response={200: ContentSubmissionOut, 404: ErrorResponse}
 )
 def unlock_submission(request, submission_id: UUID):
    """
    Manually unlock a submission.
    Removes the review lock. Can be used by moderators or automatically by cleanup tasks.
    """
    try:
        submission = ModerationService.unlock_submission(submission_id)
        return 200, _submission_to_dict(submission)
    except ContentSubmission.DoesNotExist:
        return 404, {'detail': 'Submission not found'}
 # ============================================================================
 # Queue Endpoints
 # ============================================================================
@router.get('/queue/pending', response=SubmissionListOut)
 def get_pending_queue(request, page: int = 1, page_size: int = 50):
    """
    Get pending submissions queue.
    Returns all submissions awaiting review.
    """
    return list_submissions(request, status='pending', page=page, page_size=page_size)
@router.get('/queue/reviewing', response=SubmissionListOut)
 def get_reviewing_queue(request, page: int = 1, page_size: int = 50):
    """
    Get submissions currently under review.
    Returns all submissions being reviewed by moderators.
    """
    return list_submissions(request, status='reviewing', page=page, page_size=page_size)
@router.get('/queue/my-submissions', response=SubmissionListOut)
 def get_my_submissions(request, page: int = 1, page_size: int = 50):
    """
    Get current user's submissions.
    Returns all submissions created by the authenticated user.
    """
    # TODO: Get current user from request
    from apps.users.models import User
    user = User.objects.first()  # TEMP
    # Validate page_size
    page_size = min(page_size, 100)
    offset = (page - 1) * page_size
    # Get user's submissions
    submissions = ModerationService.get_queue(
        user=user,
        limit=page_size,
        offset=offset
    )
    # Get total count
    total = ContentSubmission.objects.filter(user=user).count()
    # Calculate total pages
    total_pages = (total + page_size - 1) // page_size
    # Convert to dicts
    items = [_submission_to_dict(sub) for sub in submissions]
    return {
        'items': items,
        'total': total,
        'page': page,
        'page_size': page_size,
        'total_pages': total_pages,
    }
--- a/django/api/v1/endpoints/parks.py
+++ b/django/api/v1/endpoints/parks.py
@@ -1,362 +0,0 @@
 """
 Park endpoints for API v1.
 Provides CRUD operations for Park entities with filtering, search, and geographic queries.
 Supports both SQLite (lat/lng) and PostGIS (location_point) modes.
 """
 from typing import List, Optional
 from uuid import UUID
 from decimal import Decimal
 from django.shortcuts import get_object_or_404
 from django.db.models import Q
 from django.conf import settings
 from ninja import Router, Query
 from ninja.pagination import paginate, PageNumberPagination
 import math
 from apps.entities.models import Park, Company, _using_postgis
 from ..schemas import (
    ParkCreate,
    ParkUpdate,
    ParkOut,
    ParkListOut,
    ErrorResponse
 )
 router = Router(tags=["Parks"])
 class ParkPagination(PageNumberPagination):
    """Custom pagination for parks."""
    page_size = 50
@router.get(
    "/",
    response={200: List[ParkOut]},
    summary="List parks",
    description="Get a paginated list of parks with optional filtering"
 )
@paginate(ParkPagination)
 def list_parks(
    request,
    search: Optional[str] = Query(None, description="Search by park name"),
    park_type: Optional[str] = Query(None, description="Filter by park type"),
    status: Optional[str] = Query(None, description="Filter by status"),
    operator_id: Optional[UUID] = Query(None, description="Filter by operator"),
    ordering: Optional[str] = Query("-created", description="Sort by field (prefix with - for descending)")
 ):
    """
    List all parks with optional filters.
    **Filters:**
    - search: Search park names (case-insensitive partial match)
    - park_type: Filter by park type
    - status: Filter by operational status
    - operator_id: Filter by operator company
    - ordering: Sort results (default: -created)
    **Returns:** Paginated list of parks
    """
    queryset = Park.objects.select_related('operator').all()
    # Apply search filter
    if search:
        queryset = queryset.filter(
            Q(name__icontains=search) | Q(description__icontains=search)
        )
    # Apply park type filter
    if park_type:
        queryset = queryset.filter(park_type=park_type)
    # Apply status filter
    if status:
        queryset = queryset.filter(status=status)
    # Apply operator filter
    if operator_id:
        queryset = queryset.filter(operator_id=operator_id)
    # Apply ordering
    valid_order_fields = ['name', 'created', 'modified', 'opening_date', 'ride_count', 'coaster_count']
    order_field = ordering.lstrip('-')
    if order_field in valid_order_fields:
        queryset = queryset.order_by(ordering)
    else:
        queryset = queryset.order_by('-created')
    # Annotate with operator name
    for park in queryset:
        park.operator_name = park.operator.name if park.operator else None
    return queryset
@router.get(
    "/{park_id}",
    response={200: ParkOut, 404: ErrorResponse},
    summary="Get park",
    description="Retrieve a single park by ID"
 )
 def get_park(request, park_id: UUID):
    """
    Get a park by ID.
    **Parameters:**
    - park_id: UUID of the park
    **Returns:** Park details
    """
    park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
    park.operator_name = park.operator.name if park.operator else None
    park.coordinates = park.coordinates
    return park
@router.get(
    "/nearby/",
    response={200: List[ParkOut]},
    summary="Find nearby parks",
    description="Find parks within a radius of given coordinates. Uses PostGIS in production, bounding box in SQLite."
 )
 def find_nearby_parks(
    request,
    latitude: float = Query(..., description="Latitude coordinate"),
    longitude: float = Query(..., description="Longitude coordinate"),
    radius: float = Query(50, description="Search radius in kilometers"),
    limit: int = Query(50, description="Maximum number of results")
 ):
    """
    Find parks near a geographic point.
    **Geographic Search Modes:**
    - **PostGIS (Production)**: Uses accurate distance-based search with location_point field
    - **SQLite (Local Dev)**: Uses bounding box approximation with latitude/longitude fields
    **Parameters:**
    - latitude: Center point latitude
    - longitude: Center point longitude
    - radius: Search radius in kilometers (default: 50)
    - limit: Maximum results to return (default: 50)
    **Returns:** List of nearby parks
    """
    if _using_postgis:
        # Use PostGIS for accurate distance-based search
        try:
            from django.contrib.gis.measure import D
            from django.contrib.gis.geos import Point
            user_point = Point(longitude, latitude, srid=4326)
            nearby_parks = Park.objects.filter(
                location_point__distance_lte=(user_point, D(km=radius))
            ).select_related('operator')[:limit]
        except Exception as e:
            return {"detail": f"Geographic search error: {str(e)}"}, 500
    else:
        # Use bounding box approximation for SQLite
        # Calculate rough bounding box (1 degree ≈ 111 km at equator)
        lat_offset = radius / 111.0
        lng_offset = radius / (111.0 * math.cos(math.radians(latitude)))
        min_lat = latitude - lat_offset
        max_lat = latitude + lat_offset
        min_lng = longitude - lng_offset
        max_lng = longitude + lng_offset
        nearby_parks = Park.objects.filter(
            latitude__gte=Decimal(str(min_lat)),
            latitude__lte=Decimal(str(max_lat)),
            longitude__gte=Decimal(str(min_lng)),
            longitude__lte=Decimal(str(max_lng))
        ).select_related('operator')[:limit]
    # Annotate results
    results = []
    for park in nearby_parks:
        park.operator_name = park.operator.name if park.operator else None
        park.coordinates = park.coordinates
        results.append(park)
    return results
@router.post(
    "/",
    response={201: ParkOut, 400: ErrorResponse},
    summary="Create park",
    description="Create a new park (requires authentication)"
 )
 def create_park(request, payload: ParkCreate):
    """
    Create a new park.
    **Authentication:** Required
    **Parameters:**
    - payload: Park data
    **Returns:** Created park
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    data = payload.dict()
    # Extract coordinates to use set_location method
    latitude = data.pop('latitude', None)
    longitude = data.pop('longitude', None)
    park = Park.objects.create(**data)
    # Set location using helper method (handles both SQLite and PostGIS)
    if latitude is not None and longitude is not None:
        park.set_location(longitude, latitude)
        park.save()
    park.coordinates = park.coordinates
    if park.operator:
        park.operator_name = park.operator.name
    return 201, park
@router.put(
    "/{park_id}",
    response={200: ParkOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Update park",
    description="Update an existing park (requires authentication)"
 )
 def update_park(request, park_id: UUID, payload: ParkUpdate):
    """
    Update a park.
    **Authentication:** Required
    **Parameters:**
    - park_id: UUID of the park
    - payload: Updated park data
    **Returns:** Updated park
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
    data = payload.dict(exclude_unset=True)
    # Handle coordinates separately
    latitude = data.pop('latitude', None)
    longitude = data.pop('longitude', None)
    # Update other fields
    for key, value in data.items():
        setattr(park, key, value)
    # Update location if coordinates provided
    if latitude is not None and longitude is not None:
        park.set_location(longitude, latitude)
    park.save()
    park.operator_name = park.operator.name if park.operator else None
    park.coordinates = park.coordinates
    return park
@router.patch(
    "/{park_id}",
    response={200: ParkOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Partial update park",
    description="Partially update an existing park (requires authentication)"
 )
 def partial_update_park(request, park_id: UUID, payload: ParkUpdate):
    """
    Partially update a park.
    **Authentication:** Required
    **Parameters:**
    - park_id: UUID of the park
    - payload: Fields to update
    **Returns:** Updated park
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    park = get_object_or_404(Park.objects.select_related('operator'), id=park_id)
    data = payload.dict(exclude_unset=True)
    # Handle coordinates separately
    latitude = data.pop('latitude', None)
    longitude = data.pop('longitude', None)
    # Update other fields
    for key, value in data.items():
        setattr(park, key, value)
    # Update location if coordinates provided
    if latitude is not None and longitude is not None:
        park.set_location(longitude, latitude)
    park.save()
    park.operator_name = park.operator.name if park.operator else None
    park.coordinates = park.coordinates
    return park
@router.delete(
    "/{park_id}",
    response={204: None, 404: ErrorResponse},
    summary="Delete park",
    description="Delete a park (requires authentication)"
 )
 def delete_park(request, park_id: UUID):
    """
    Delete a park.
    **Authentication:** Required
    **Parameters:**
    - park_id: UUID of the park
    **Returns:** No content (204)
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    park = get_object_or_404(Park, id=park_id)
    park.delete()
    return 204, None
@router.get(
    "/{park_id}/rides",
    response={200: List[dict], 404: ErrorResponse},
    summary="Get park rides",
    description="Get all rides at a park"
 )
 def get_park_rides(request, park_id: UUID):
    """
    Get all rides at a park.
    **Parameters:**
    - park_id: UUID of the park
    **Returns:** List of rides
    """
    park = get_object_or_404(Park, id=park_id)
    rides = park.rides.select_related('manufacturer').all().values(
        'id', 'name', 'slug', 'status', 'ride_category', 'is_coaster', 'manufacturer__name'
    )
    return list(rides)
--- a/django/api/v1/endpoints/photos.py
+++ b/django/api/v1/endpoints/photos.py
@@ -1,600 +0,0 @@
 """
 Photo management API endpoints.
 Provides endpoints for photo upload, management, moderation, and entity attachment.
 """
 import logging
 from typing import List, Optional
 from uuid import UUID
 from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ValidationError as DjangoValidationError
 from django.db.models import Q, Count, Sum
 from django.http import HttpRequest
 from ninja import Router, File, Form
 from ninja.files import UploadedFile
 from ninja.pagination import paginate
 from api.v1.schemas import (
    PhotoOut,
    PhotoListOut,
    PhotoUpdate,
    PhotoUploadResponse,
    PhotoModerateRequest,
    PhotoReorderRequest,
    PhotoAttachRequest,
    PhotoStatsOut,
    MessageSchema,
    ErrorSchema,
 )
 from apps.media.models import Photo
 from apps.media.services import PhotoService, CloudFlareError
 from apps.media.validators import validate_image
 from apps.users.permissions import jwt_auth, require_moderator, require_admin
 from apps.entities.models import Park, Ride, Company, RideModel
 logger = logging.getLogger(__name__)
 router = Router(tags=["Photos"])
 photo_service = PhotoService()
 # ============================================================================
 # Helper Functions
 # ============================================================================
 def serialize_photo(photo: Photo) -> dict:
    """
    Serialize a Photo instance to dict for API response.
    Args:
        photo: Photo instance
    Returns:
        Dict with photo data
    """
    # Get entity info if attached
    entity_type = None
    entity_id = None
    entity_name = None
    if photo.content_type and photo.object_id:
        entity = photo.content_object
        entity_type = photo.content_type.model
        entity_id = str(photo.object_id)
        entity_name = getattr(entity, 'name', str(entity)) if entity else None
    # Generate variant URLs
    cloudflare_service = photo_service.cloudflare
    thumbnail_url = cloudflare_service.get_image_url(photo.cloudflare_image_id, 'thumbnail')
    banner_url = cloudflare_service.get_image_url(photo.cloudflare_image_id, 'banner')
    return {
        'id': photo.id,
        'cloudflare_image_id': photo.cloudflare_image_id,
        'cloudflare_url': photo.cloudflare_url,
        'title': photo.title,
        'description': photo.description,
        'credit': photo.credit,
        'photo_type': photo.photo_type,
        'is_visible': photo.is_visible,
        'uploaded_by_id': photo.uploaded_by_id,
        'uploaded_by_email': photo.uploaded_by.email if photo.uploaded_by else None,
        'moderation_status': photo.moderation_status,
        'moderated_by_id': photo.moderated_by_id,
        'moderated_by_email': photo.moderated_by.email if photo.moderated_by else None,
        'moderated_at': photo.moderated_at,
        'moderation_notes': photo.moderation_notes,
        'entity_type': entity_type,
        'entity_id': entity_id,
        'entity_name': entity_name,
        'width': photo.width,
        'height': photo.height,
        'file_size': photo.file_size,
        'mime_type': photo.mime_type,
        'display_order': photo.display_order,
        'thumbnail_url': thumbnail_url,
        'banner_url': banner_url,
        'created': photo.created_at,
        'modified': photo.modified_at,
    }
 def get_entity_by_type(entity_type: str, entity_id: UUID):
    """
    Get entity instance by type and ID.
    Args:
        entity_type: Entity type (park, ride, company, ridemodel)
        entity_id: Entity UUID
    Returns:
        Entity instance
    Raises:
        ValueError: If entity type is invalid or not found
    """
    entity_map = {
        'park': Park,
        'ride': Ride,
        'company': Company,
        'ridemodel': RideModel,
    }
    model = entity_map.get(entity_type.lower())
    if not model:
        raise ValueError(f"Invalid entity type: {entity_type}")
    try:
        return model.objects.get(id=entity_id)
    except model.DoesNotExist:
        raise ValueError(f"{entity_type} with ID {entity_id} not found")
 # ============================================================================
 # Public Endpoints
 # ============================================================================
@router.get("/photos", response=List[PhotoOut], auth=None)
@paginate
 def list_photos(
    request: HttpRequest,
    status: Optional[str] = None,
    photo_type: Optional[str] = None,
    entity_type: Optional[str] = None,
    entity_id: Optional[UUID] = None,
 ):
    """
    List approved photos (public endpoint).
    Query Parameters:
        - status: Filter by moderation status (defaults to 'approved')
        - photo_type: Filter by photo type
        - entity_type: Filter by entity type
        - entity_id: Filter by entity ID
    """
    queryset = Photo.objects.select_related(
        'uploaded_by', 'moderated_by', 'content_type'
    )
    # Default to approved photos for public
    if status:
        queryset = queryset.filter(moderation_status=status)
    else:
        queryset = queryset.approved()
    if photo_type:
        queryset = queryset.filter(photo_type=photo_type)
    if entity_type and entity_id:
        try:
            entity = get_entity_by_type(entity_type, entity_id)
            content_type = ContentType.objects.get_for_model(entity)
            queryset = queryset.filter(
                content_type=content_type,
                object_id=entity_id
            )
        except ValueError as e:
            return []
    queryset = queryset.filter(is_visible=True).order_by('display_order', '-created_at')
    return queryset
@router.get("/photos/{photo_id}", response=PhotoOut, auth=None)
 def get_photo(request: HttpRequest, photo_id: UUID):
    """
    Get photo details by ID (public endpoint).
    Only returns approved photos for non-authenticated users.
    """
    try:
        photo = Photo.objects.select_related(
            'uploaded_by', 'moderated_by', 'content_type'
        ).get(id=photo_id)
        # Only show approved photos to public
        if not request.auth and photo.moderation_status != 'approved':
            return 404, {"detail": "Photo not found"}
        return serialize_photo(photo)
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.get("/{entity_type}/{entity_id}/photos", response=List[PhotoOut], auth=None)
 def get_entity_photos(
    request: HttpRequest,
    entity_type: str,
    entity_id: UUID,
    photo_type: Optional[str] = None,
 ):
    """
    Get photos for a specific entity (public endpoint).
    Path Parameters:
        - entity_type: Entity type (park, ride, company, ridemodel)
        - entity_id: Entity UUID
    Query Parameters:
        - photo_type: Filter by photo type
    """
    try:
        entity = get_entity_by_type(entity_type, entity_id)
        photos = photo_service.get_entity_photos(
            entity,
            photo_type=photo_type,
            approved_only=not request.auth
        )
        return [serialize_photo(photo) for photo in photos]
    except ValueError as e:
        return 404, {"detail": str(e)}
 # ============================================================================
 # Authenticated Endpoints
 # ============================================================================
@router.post("/photos/upload", response=PhotoUploadResponse, auth=jwt_auth)
 def upload_photo(
    request: HttpRequest,
    file: UploadedFile = File(...),
    title: Optional[str] = Form(None),
    description: Optional[str] = Form(None),
    credit: Optional[str] = Form(None),
    photo_type: str = Form('gallery'),
    entity_type: Optional[str] = Form(None),
    entity_id: Optional[str] = Form(None),
 ):
    """
    Upload a new photo.
    Requires authentication. Photo enters moderation queue.
    Form Data:
        - file: Image file (required)
        - title: Photo title
        - description: Photo description
        - credit: Photo credit/attribution
        - photo_type: Type of photo (main, gallery, banner, logo, thumbnail, other)
        - entity_type: Entity type to attach to (optional)
        - entity_id: Entity ID to attach to (optional)
    """
    user = request.auth
    try:
        # Validate image
        validate_image(file, photo_type)
        # Get entity if provided
        entity = None
        if entity_type and entity_id:
            try:
                entity = get_entity_by_type(entity_type, UUID(entity_id))
            except (ValueError, TypeError) as e:
                return 400, {"detail": f"Invalid entity: {str(e)}"}
        # Create photo
        photo = photo_service.create_photo(
            file=file,
            user=user,
            entity=entity,
            photo_type=photo_type,
            title=title or file.name,
            description=description or '',
            credit=credit or '',
            is_visible=True,
        )
        return {
            'success': True,
            'message': 'Photo uploaded successfully and pending moderation',
            'photo': serialize_photo(photo),
        }
    except DjangoValidationError as e:
        return 400, {"detail": str(e)}
    except CloudFlareError as e:
        logger.error(f"CloudFlare upload failed: {str(e)}")
        return 500, {"detail": "Failed to upload image"}
    except Exception as e:
        logger.error(f"Photo upload failed: {str(e)}")
        return 500, {"detail": "An error occurred during upload"}
@router.patch("/photos/{photo_id}", response=PhotoOut, auth=jwt_auth)
 def update_photo(
    request: HttpRequest,
    photo_id: UUID,
    payload: PhotoUpdate,
 ):
    """
    Update photo metadata.
    Users can only update their own photos.
    Moderators can update any photo.
    """
    user = request.auth
    try:
        photo = Photo.objects.get(id=photo_id)
        # Check permissions
        if photo.uploaded_by_id != user.id and not user.is_moderator:
            return 403, {"detail": "Permission denied"}
        # Update fields
        update_fields = []
        if payload.title is not None:
            photo.title = payload.title
            update_fields.append('title')
        if payload.description is not None:
            photo.description = payload.description
            update_fields.append('description')
        if payload.credit is not None:
            photo.credit = payload.credit
            update_fields.append('credit')
        if payload.photo_type is not None:
            photo.photo_type = payload.photo_type
            update_fields.append('photo_type')
        if payload.is_visible is not None:
            photo.is_visible = payload.is_visible
            update_fields.append('is_visible')
        if payload.display_order is not None:
            photo.display_order = payload.display_order
            update_fields.append('display_order')
        if update_fields:
            photo.save(update_fields=update_fields)
            logger.info(f"Photo {photo_id} updated by user {user.id}")
        return serialize_photo(photo)
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.delete("/photos/{photo_id}", response=MessageSchema, auth=jwt_auth)
 def delete_photo(request: HttpRequest, photo_id: UUID):
    """
    Delete own photo.
    Users can only delete their own photos.
    Photos are soft-deleted and removed from CloudFlare.
    """
    user = request.auth
    try:
        photo = Photo.objects.get(id=photo_id)
        # Check permissions
        if photo.uploaded_by_id != user.id and not user.is_moderator:
            return 403, {"detail": "Permission denied"}
        photo_service.delete_photo(photo)
        return {
            'success': True,
            'message': 'Photo deleted successfully',
        }
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.post("/{entity_type}/{entity_id}/photos", response=MessageSchema, auth=jwt_auth)
 def attach_photo_to_entity(
    request: HttpRequest,
    entity_type: str,
    entity_id: UUID,
    payload: PhotoAttachRequest,
 ):
    """
    Attach an existing photo to an entity.
    Requires authentication.
    """
    user = request.auth
    try:
        # Get entity
        entity = get_entity_by_type(entity_type, entity_id)
        # Get photo
        photo = Photo.objects.get(id=payload.photo_id)
        # Check permissions (can only attach own photos unless moderator)
        if photo.uploaded_by_id != user.id and not user.is_moderator:
            return 403, {"detail": "Permission denied"}
        # Attach photo
        photo_service.attach_to_entity(photo, entity)
        # Update photo type if provided
        if payload.photo_type:
            photo.photo_type = payload.photo_type
            photo.save(update_fields=['photo_type'])
        return {
            'success': True,
            'message': f'Photo attached to {entity_type} successfully',
        }
    except ValueError as e:
        return 400, {"detail": str(e)}
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
 # ============================================================================
 # Moderator Endpoints
 # ============================================================================
@router.get("/photos/pending", response=List[PhotoOut], auth=require_moderator)
@paginate
 def list_pending_photos(request: HttpRequest):
    """
    List photos pending moderation (moderators only).
    """
    queryset = Photo.objects.select_related(
        'uploaded_by', 'moderated_by', 'content_type'
    ).pending().order_by('-created_at')
    return queryset
@router.post("/photos/{photo_id}/approve", response=PhotoOut, auth=require_moderator)
 def approve_photo(request: HttpRequest, photo_id: UUID):
    """
    Approve a photo (moderators only).
    """
    user = request.auth
    try:
        photo = Photo.objects.get(id=photo_id)
        photo = photo_service.moderate_photo(
            photo=photo,
            status='approved',
            moderator=user,
        )
        return serialize_photo(photo)
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.post("/photos/{photo_id}/reject", response=PhotoOut, auth=require_moderator)
 def reject_photo(
    request: HttpRequest,
    photo_id: UUID,
    payload: PhotoModerateRequest,
 ):
    """
    Reject a photo (moderators only).
    """
    user = request.auth
    try:
        photo = Photo.objects.get(id=photo_id)
        photo = photo_service.moderate_photo(
            photo=photo,
            status='rejected',
            moderator=user,
            notes=payload.notes or '',
        )
        return serialize_photo(photo)
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.post("/photos/{photo_id}/flag", response=PhotoOut, auth=require_moderator)
 def flag_photo(
    request: HttpRequest,
    photo_id: UUID,
    payload: PhotoModerateRequest,
 ):
    """
    Flag a photo for review (moderators only).
    """
    user = request.auth
    try:
        photo = Photo.objects.get(id=photo_id)
        photo = photo_service.moderate_photo(
            photo=photo,
            status='flagged',
            moderator=user,
            notes=payload.notes or '',
        )
        return serialize_photo(photo)
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.get("/photos/stats", response=PhotoStatsOut, auth=require_moderator)
 def get_photo_stats(request: HttpRequest):
    """
    Get photo statistics (moderators only).
    """
    stats = Photo.objects.aggregate(
        total=Count('id'),
        pending=Count('id', filter=Q(moderation_status='pending')),
        approved=Count('id', filter=Q(moderation_status='approved')),
        rejected=Count('id', filter=Q(moderation_status='rejected')),
        flagged=Count('id', filter=Q(moderation_status='flagged')),
        total_size=Sum('file_size'),
    )
    return {
        'total_photos': stats['total'] or 0,
        'pending_photos': stats['pending'] or 0,
        'approved_photos': stats['approved'] or 0,
        'rejected_photos': stats['rejected'] or 0,
        'flagged_photos': stats['flagged'] or 0,
        'total_size_mb': round((stats['total_size'] or 0) / (1024 * 1024), 2),
    }
 # ============================================================================
 # Admin Endpoints
 # ============================================================================
@router.delete("/photos/{photo_id}/admin", response=MessageSchema, auth=require_admin)
 def admin_delete_photo(request: HttpRequest, photo_id: UUID):
    """
    Force delete any photo (admins only).
    Permanently removes photo from database and CloudFlare.
    """
    try:
        photo = Photo.objects.get(id=photo_id)
        photo_service.delete_photo(photo, delete_from_cloudflare=True)
        logger.info(f"Photo {photo_id} force deleted by admin {request.auth.id}")
        return {
            'success': True,
            'message': 'Photo permanently deleted',
        }
    except Photo.DoesNotExist:
        return 404, {"detail": "Photo not found"}
@router.post(
    "/{entity_type}/{entity_id}/photos/reorder",
    response=MessageSchema,
    auth=require_admin
 )
 def reorder_entity_photos(
    request: HttpRequest,
    entity_type: str,
    entity_id: UUID,
    payload: PhotoReorderRequest,
 ):
    """
    Reorder photos for an entity (admins only).
    """
    try:
        entity = get_entity_by_type(entity_type, entity_id)
        photo_service.reorder_photos(
            entity=entity,
            photo_ids=payload.photo_ids,
            photo_type=payload.photo_type,
        )
        return {
            'success': True,
            'message': 'Photos reordered successfully',
        }
    except ValueError as e:
        return 400, {"detail": str(e)}
--- a/django/api/v1/endpoints/ride_models.py
+++ b/django/api/v1/endpoints/ride_models.py
@@ -1,247 +0,0 @@
 """
 Ride Model endpoints for API v1.
 Provides CRUD operations for RideModel entities with filtering and search.
 """
 from typing import List, Optional
 from uuid import UUID
 from django.shortcuts import get_object_or_404
 from django.db.models import Q
 from ninja import Router, Query
 from ninja.pagination import paginate, PageNumberPagination
 from apps.entities.models import RideModel, Company
 from ..schemas import (
    RideModelCreate,
    RideModelUpdate,
    RideModelOut,
    RideModelListOut,
    ErrorResponse
 )
 router = Router(tags=["Ride Models"])
 class RideModelPagination(PageNumberPagination):
    """Custom pagination for ride models."""
    page_size = 50
@router.get(
    "/",
    response={200: List[RideModelOut]},
    summary="List ride models",
    description="Get a paginated list of ride models with optional filtering"
 )
@paginate(RideModelPagination)
 def list_ride_models(
    request,
    search: Optional[str] = Query(None, description="Search by model name"),
    manufacturer_id: Optional[UUID] = Query(None, description="Filter by manufacturer"),
    model_type: Optional[str] = Query(None, description="Filter by model type"),
    ordering: Optional[str] = Query("-created", description="Sort by field (prefix with - for descending)")
 ):
    """
    List all ride models with optional filters.
    **Filters:**
    - search: Search model names (case-insensitive partial match)
    - manufacturer_id: Filter by manufacturer
    - model_type: Filter by model type
    - ordering: Sort results (default: -created)
    **Returns:** Paginated list of ride models
    """
    queryset = RideModel.objects.select_related('manufacturer').all()
    # Apply search filter
    if search:
        queryset = queryset.filter(
            Q(name__icontains=search) | Q(description__icontains=search)
        )
    # Apply manufacturer filter
    if manufacturer_id:
        queryset = queryset.filter(manufacturer_id=manufacturer_id)
    # Apply model type filter
    if model_type:
        queryset = queryset.filter(model_type=model_type)
    # Apply ordering
    valid_order_fields = ['name', 'created', 'modified', 'installation_count']
    order_field = ordering.lstrip('-')
    if order_field in valid_order_fields:
        queryset = queryset.order_by(ordering)
    else:
        queryset = queryset.order_by('-created')
    # Annotate with manufacturer name
    for model in queryset:
        model.manufacturer_name = model.manufacturer.name if model.manufacturer else None
    return queryset
@router.get(
    "/{model_id}",
    response={200: RideModelOut, 404: ErrorResponse},
    summary="Get ride model",
    description="Retrieve a single ride model by ID"
 )
 def get_ride_model(request, model_id: UUID):
    """
    Get a ride model by ID.
    **Parameters:**
    - model_id: UUID of the ride model
    **Returns:** Ride model details
    """
    model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
    model.manufacturer_name = model.manufacturer.name if model.manufacturer else None
    return model
@router.post(
    "/",
    response={201: RideModelOut, 400: ErrorResponse, 404: ErrorResponse},
    summary="Create ride model",
    description="Create a new ride model (requires authentication)"
 )
 def create_ride_model(request, payload: RideModelCreate):
    """
    Create a new ride model.
    **Authentication:** Required
    **Parameters:**
    - payload: Ride model data
    **Returns:** Created ride model
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    # Verify manufacturer exists
    manufacturer = get_object_or_404(Company, id=payload.manufacturer_id)
    model = RideModel.objects.create(**payload.dict())
    model.manufacturer_name = manufacturer.name
    return 201, model
@router.put(
    "/{model_id}",
    response={200: RideModelOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Update ride model",
    description="Update an existing ride model (requires authentication)"
 )
 def update_ride_model(request, model_id: UUID, payload: RideModelUpdate):
    """
    Update a ride model.
    **Authentication:** Required
    **Parameters:**
    - model_id: UUID of the ride model
    - payload: Updated ride model data
    **Returns:** Updated ride model
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
    # Update only provided fields
    for key, value in payload.dict(exclude_unset=True).items():
        setattr(model, key, value)
    model.save()
    model.manufacturer_name = model.manufacturer.name if model.manufacturer else None
    return model
@router.patch(
    "/{model_id}",
    response={200: RideModelOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Partial update ride model",
    description="Partially update an existing ride model (requires authentication)"
 )
 def partial_update_ride_model(request, model_id: UUID, payload: RideModelUpdate):
    """
    Partially update a ride model.
    **Authentication:** Required
    **Parameters:**
    - model_id: UUID of the ride model
    - payload: Fields to update
    **Returns:** Updated ride model
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    model = get_object_or_404(RideModel.objects.select_related('manufacturer'), id=model_id)
    # Update only provided fields
    for key, value in payload.dict(exclude_unset=True).items():
        setattr(model, key, value)
    model.save()
    model.manufacturer_name = model.manufacturer.name if model.manufacturer else None
    return model
@router.delete(
    "/{model_id}",
    response={204: None, 404: ErrorResponse},
    summary="Delete ride model",
    description="Delete a ride model (requires authentication)"
 )
 def delete_ride_model(request, model_id: UUID):
    """
    Delete a ride model.
    **Authentication:** Required
    **Parameters:**
    - model_id: UUID of the ride model
    **Returns:** No content (204)
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    model = get_object_or_404(RideModel, id=model_id)
    model.delete()
    return 204, None
@router.get(
    "/{model_id}/installations",
    response={200: List[dict], 404: ErrorResponse},
    summary="Get ride model installations",
    description="Get all ride installations of this model"
 )
 def get_ride_model_installations(request, model_id: UUID):
    """
    Get all installations of a ride model.
    **Parameters:**
    - model_id: UUID of the ride model
    **Returns:** List of rides using this model
    """
    model = get_object_or_404(RideModel, id=model_id)
    rides = model.rides.select_related('park').all().values(
        'id', 'name', 'slug', 'status', 'park__name', 'park__id'
    )
    return list(rides)
--- a/django/api/v1/endpoints/rides.py
+++ b/django/api/v1/endpoints/rides.py
@@ -1,360 +0,0 @@
 """
 Ride endpoints for API v1.
 Provides CRUD operations for Ride entities with filtering and search.
 """
 from typing import List, Optional
 from uuid import UUID
 from django.shortcuts import get_object_or_404
 from django.db.models import Q
 from ninja import Router, Query
 from ninja.pagination import paginate, PageNumberPagination
 from apps.entities.models import Ride, Park, Company, RideModel
 from ..schemas import (
    RideCreate,
    RideUpdate,
    RideOut,
    RideListOut,
    ErrorResponse
 )
 router = Router(tags=["Rides"])
 class RidePagination(PageNumberPagination):
    """Custom pagination for rides."""
    page_size = 50
@router.get(
    "/",
    response={200: List[RideOut]},
    summary="List rides",
    description="Get a paginated list of rides with optional filtering"
 )
@paginate(RidePagination)
 def list_rides(
    request,
    search: Optional[str] = Query(None, description="Search by ride name"),
    park_id: Optional[UUID] = Query(None, description="Filter by park"),
    ride_category: Optional[str] = Query(None, description="Filter by ride category"),
    status: Optional[str] = Query(None, description="Filter by status"),
    is_coaster: Optional[bool] = Query(None, description="Filter for roller coasters only"),
    manufacturer_id: Optional[UUID] = Query(None, description="Filter by manufacturer"),
    ordering: Optional[str] = Query("-created", description="Sort by field (prefix with - for descending)")
 ):
    """
    List all rides with optional filters.
    **Filters:**
    - search: Search ride names (case-insensitive partial match)
    - park_id: Filter by park
    - ride_category: Filter by ride category
    - status: Filter by operational status
    - is_coaster: Filter for roller coasters (true/false)
    - manufacturer_id: Filter by manufacturer
    - ordering: Sort results (default: -created)
    **Returns:** Paginated list of rides
    """
    queryset = Ride.objects.select_related('park', 'manufacturer', 'model').all()
    # Apply search filter
    if search:
        queryset = queryset.filter(
            Q(name__icontains=search) | Q(description__icontains=search)
        )
    # Apply park filter
    if park_id:
        queryset = queryset.filter(park_id=park_id)
    # Apply ride category filter
    if ride_category:
        queryset = queryset.filter(ride_category=ride_category)
    # Apply status filter
    if status:
        queryset = queryset.filter(status=status)
    # Apply coaster filter
    if is_coaster is not None:
        queryset = queryset.filter(is_coaster=is_coaster)
    # Apply manufacturer filter
    if manufacturer_id:
        queryset = queryset.filter(manufacturer_id=manufacturer_id)
    # Apply ordering
    valid_order_fields = ['name', 'created', 'modified', 'opening_date', 'height', 'speed', 'length']
    order_field = ordering.lstrip('-')
    if order_field in valid_order_fields:
        queryset = queryset.order_by(ordering)
    else:
        queryset = queryset.order_by('-created')
    # Annotate with related names
    for ride in queryset:
        ride.park_name = ride.park.name if ride.park else None
        ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
        ride.model_name = ride.model.name if ride.model else None
    return queryset
@router.get(
    "/{ride_id}",
    response={200: RideOut, 404: ErrorResponse},
    summary="Get ride",
    description="Retrieve a single ride by ID"
 )
 def get_ride(request, ride_id: UUID):
    """
    Get a ride by ID.
    **Parameters:**
    - ride_id: UUID of the ride
    **Returns:** Ride details
    """
    ride = get_object_or_404(
        Ride.objects.select_related('park', 'manufacturer', 'model'),
        id=ride_id
    )
    ride.park_name = ride.park.name if ride.park else None
    ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
    ride.model_name = ride.model.name if ride.model else None
    return ride
@router.post(
    "/",
    response={201: RideOut, 400: ErrorResponse, 404: ErrorResponse},
    summary="Create ride",
    description="Create a new ride (requires authentication)"
 )
 def create_ride(request, payload: RideCreate):
    """
    Create a new ride.
    **Authentication:** Required
    **Parameters:**
    - payload: Ride data
    **Returns:** Created ride
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    # Verify park exists
    park = get_object_or_404(Park, id=payload.park_id)
    # Verify manufacturer if provided
    if payload.manufacturer_id:
        get_object_or_404(Company, id=payload.manufacturer_id)
    # Verify model if provided
    if payload.model_id:
        get_object_or_404(RideModel, id=payload.model_id)
    ride = Ride.objects.create(**payload.dict())
    # Reload with related objects
    ride = Ride.objects.select_related('park', 'manufacturer', 'model').get(id=ride.id)
    ride.park_name = ride.park.name if ride.park else None
    ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
    ride.model_name = ride.model.name if ride.model else None
    return 201, ride
@router.put(
    "/{ride_id}",
    response={200: RideOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Update ride",
    description="Update an existing ride (requires authentication)"
 )
 def update_ride(request, ride_id: UUID, payload: RideUpdate):
    """
    Update a ride.
    **Authentication:** Required
    **Parameters:**
    - ride_id: UUID of the ride
    - payload: Updated ride data
    **Returns:** Updated ride
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    ride = get_object_or_404(
        Ride.objects.select_related('park', 'manufacturer', 'model'),
        id=ride_id
    )
    # Update only provided fields
    for key, value in payload.dict(exclude_unset=True).items():
        setattr(ride, key, value)
    ride.save()
    # Reload to get updated relationships
    ride = Ride.objects.select_related('park', 'manufacturer', 'model').get(id=ride.id)
    ride.park_name = ride.park.name if ride.park else None
    ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
    ride.model_name = ride.model.name if ride.model else None
    return ride
@router.patch(
    "/{ride_id}",
    response={200: RideOut, 404: ErrorResponse, 400: ErrorResponse},
    summary="Partial update ride",
    description="Partially update an existing ride (requires authentication)"
 )
 def partial_update_ride(request, ride_id: UUID, payload: RideUpdate):
    """
    Partially update a ride.
    **Authentication:** Required
    **Parameters:**
    - ride_id: UUID of the ride
    - payload: Fields to update
    **Returns:** Updated ride
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    ride = get_object_or_404(
        Ride.objects.select_related('park', 'manufacturer', 'model'),
        id=ride_id
    )
    # Update only provided fields
    for key, value in payload.dict(exclude_unset=True).items():
        setattr(ride, key, value)
    ride.save()
    # Reload to get updated relationships
    ride = Ride.objects.select_related('park', 'manufacturer', 'model').get(id=ride.id)
    ride.park_name = ride.park.name if ride.park else None
    ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
    ride.model_name = ride.model.name if ride.model else None
    return ride
@router.delete(
    "/{ride_id}",
    response={204: None, 404: ErrorResponse},
    summary="Delete ride",
    description="Delete a ride (requires authentication)"
 )
 def delete_ride(request, ride_id: UUID):
    """
    Delete a ride.
    **Authentication:** Required
    **Parameters:**
    - ride_id: UUID of the ride
    **Returns:** No content (204)
    """
    # TODO: Add authentication check
    # if not request.auth:
    #     return 401, {"detail": "Authentication required"}
    ride = get_object_or_404(Ride, id=ride_id)
    ride.delete()
    return 204, None
@router.get(
    "/coasters/",
    response={200: List[RideOut]},
    summary="List roller coasters",
    description="Get a paginated list of roller coasters only"
 )
@paginate(RidePagination)
 def list_coasters(
    request,
    search: Optional[str] = Query(None, description="Search by ride name"),
    park_id: Optional[UUID] = Query(None, description="Filter by park"),
    status: Optional[str] = Query(None, description="Filter by status"),
    manufacturer_id: Optional[UUID] = Query(None, description="Filter by manufacturer"),
    min_height: Optional[float] = Query(None, description="Minimum height in feet"),
    min_speed: Optional[float] = Query(None, description="Minimum speed in mph"),
    ordering: Optional[str] = Query("-height", description="Sort by field (prefix with - for descending)")
 ):
    """
    List only roller coasters with optional filters.
    **Filters:**
    - search: Search coaster names
    - park_id: Filter by park
    - status: Filter by operational status
    - manufacturer_id: Filter by manufacturer
    - min_height: Minimum height filter
    - min_speed: Minimum speed filter
    - ordering: Sort results (default: -height)
    **Returns:** Paginated list of roller coasters
    """
    queryset = Ride.objects.filter(is_coaster=True).select_related(
        'park', 'manufacturer', 'model'
    )
    # Apply search filter
    if search:
        queryset = queryset.filter(
            Q(name__icontains=search) | Q(description__icontains=search)
        )
    # Apply park filter
    if park_id:
        queryset = queryset.filter(park_id=park_id)
    # Apply status filter
    if status:
        queryset = queryset.filter(status=status)
    # Apply manufacturer filter
    if manufacturer_id:
        queryset = queryset.filter(manufacturer_id=manufacturer_id)
    # Apply height filter
    if min_height is not None:
        queryset = queryset.filter(height__gte=min_height)
    # Apply speed filter
    if min_speed is not None:
        queryset = queryset.filter(speed__gte=min_speed)
    # Apply ordering
    valid_order_fields = ['name', 'height', 'speed', 'length', 'opening_date', 'inversions']
    order_field = ordering.lstrip('-')
    if order_field in valid_order_fields:
        queryset = queryset.order_by(ordering)
    else:
        queryset = queryset.order_by('-height')
    # Annotate with related names
    for ride in queryset:
        ride.park_name = ride.park.name if ride.park else None
        ride.manufacturer_name = ride.manufacturer.name if ride.manufacturer else None
        ride.model_name = ride.model.name if ride.model else None
    return queryset
--- a/django/api/v1/endpoints/search.py
+++ b/django/api/v1/endpoints/search.py
@@ -1,438 +0,0 @@
 """
 Search and autocomplete endpoints for ThrillWiki API.
 Provides full-text search and filtering across all entity types.
 """
 from typing import List, Optional
 from uuid import UUID
 from datetime import date
 from decimal import Decimal
 from django.http import HttpRequest
 from ninja import Router, Query
 from apps.entities.search import SearchService
 from apps.users.permissions import jwt_auth
 from api.v1.schemas import (
    GlobalSearchResponse,
    CompanySearchResult,
    RideModelSearchResult,
    ParkSearchResult,
    RideSearchResult,
    AutocompleteResponse,
    AutocompleteItem,
    ErrorResponse,
 )
 router = Router(tags=["Search"])
 search_service = SearchService()
 # ============================================================================
 # Helper Functions
 # ============================================================================
 def _company_to_search_result(company) -> CompanySearchResult:
    """Convert Company model to search result."""
    return CompanySearchResult(
        id=company.id,
        name=company.name,
        slug=company.slug,
        entity_type='company',
        description=company.description,
        image_url=company.logo_image_url or None,
        company_types=company.company_types or [],
        park_count=company.park_count,
        ride_count=company.ride_count,
    )
 def _ride_model_to_search_result(model) -> RideModelSearchResult:
    """Convert RideModel to search result."""
    return RideModelSearchResult(
        id=model.id,
        name=model.name,
        slug=model.slug,
        entity_type='ride_model',
        description=model.description,
        image_url=model.image_url or None,
        manufacturer_name=model.manufacturer.name if model.manufacturer else '',
        model_type=model.model_type,
        installation_count=model.installation_count,
    )
 def _park_to_search_result(park) -> ParkSearchResult:
    """Convert Park model to search result."""
    return ParkSearchResult(
        id=park.id,
        name=park.name,
        slug=park.slug,
        entity_type='park',
        description=park.description,
        image_url=park.banner_image_url or park.logo_image_url or None,
        park_type=park.park_type,
        status=park.status,
        operator_name=park.operator.name if park.operator else None,
        ride_count=park.ride_count,
        coaster_count=park.coaster_count,
        coordinates=park.coordinates,
    )
 def _ride_to_search_result(ride) -> RideSearchResult:
    """Convert Ride model to search result."""
    return RideSearchResult(
        id=ride.id,
        name=ride.name,
        slug=ride.slug,
        entity_type='ride',
        description=ride.description,
        image_url=ride.image_url or None,
        park_name=ride.park.name if ride.park else '',
        park_slug=ride.park.slug if ride.park else '',
        manufacturer_name=ride.manufacturer.name if ride.manufacturer else None,
        ride_category=ride.ride_category,
        status=ride.status,
        is_coaster=ride.is_coaster,
    )
 # ============================================================================
 # Search Endpoints
 # ============================================================================
@router.get(
    "",
    response={200: GlobalSearchResponse, 400: ErrorResponse},
    summary="Global search across all entities"
 )
 def search_all(
    request: HttpRequest,
    q: str = Query(..., min_length=2, max_length=200, description="Search query"),
    entity_types: Optional[List[str]] = Query(None, description="Filter by entity types (company, ride_model, park, ride)"),
    limit: int = Query(20, ge=1, le=100, description="Maximum results per entity type"),
 ):
    """
    Search across all entity types with full-text search.
    - **q**: Search query (minimum 2 characters)
    - **entity_types**: Optional list of entity types to search (defaults to all)
    - **limit**: Maximum results per entity type (1-100, default 20)
    Returns results grouped by entity type.
    """
    try:
        results = search_service.search_all(
            query=q,
            entity_types=entity_types,
            limit=limit
        )
        # Convert to schema objects
        response_data = {
            'query': q,
            'total_results': 0,
            'companies': [],
            'ride_models': [],
            'parks': [],
            'rides': [],
        }
        if 'companies' in results:
            response_data['companies'] = [
                _company_to_search_result(c) for c in results['companies']
            ]
            response_data['total_results'] += len(response_data['companies'])
        if 'ride_models' in results:
            response_data['ride_models'] = [
                _ride_model_to_search_result(m) for m in results['ride_models']
            ]
            response_data['total_results'] += len(response_data['ride_models'])
        if 'parks' in results:
            response_data['parks'] = [
                _park_to_search_result(p) for p in results['parks']
            ]
            response_data['total_results'] += len(response_data['parks'])
        if 'rides' in results:
            response_data['rides'] = [
                _ride_to_search_result(r) for r in results['rides']
            ]
            response_data['total_results'] += len(response_data['rides'])
        return GlobalSearchResponse(**response_data)
    except Exception as e:
        return 400, ErrorResponse(detail=str(e))
@router.get(
    "/companies",
    response={200: List[CompanySearchResult], 400: ErrorResponse},
    summary="Search companies"
 )
 def search_companies(
    request: HttpRequest,
    q: str = Query(..., min_length=2, max_length=200, description="Search query"),
    company_types: Optional[List[str]] = Query(None, description="Filter by company types"),
    founded_after: Optional[date] = Query(None, description="Founded after date"),
    founded_before: Optional[date] = Query(None, description="Founded before date"),
    limit: int = Query(20, ge=1, le=100, description="Maximum results"),
 ):
    """
    Search companies with optional filters.
    - **q**: Search query
    - **company_types**: Filter by types (manufacturer, operator, designer, etc.)
    - **founded_after/before**: Filter by founding date range
    - **limit**: Maximum results (1-100, default 20)
    """
    try:
        filters = {}
        if company_types:
            filters['company_types'] = company_types
        if founded_after:
            filters['founded_after'] = founded_after
        if founded_before:
            filters['founded_before'] = founded_before
        results = search_service.search_companies(
            query=q,
            filters=filters if filters else None,
            limit=limit
        )
        return [_company_to_search_result(c) for c in results]
    except Exception as e:
        return 400, ErrorResponse(detail=str(e))
@router.get(
    "/ride-models",
    response={200: List[RideModelSearchResult], 400: ErrorResponse},
    summary="Search ride models"
 )
 def search_ride_models(
    request: HttpRequest,
    q: str = Query(..., min_length=2, max_length=200, description="Search query"),
    manufacturer_id: Optional[UUID] = Query(None, description="Filter by manufacturer"),
    model_type: Optional[str] = Query(None, description="Filter by model type"),
    limit: int = Query(20, ge=1, le=100, description="Maximum results"),
 ):
    """
    Search ride models with optional filters.
    - **q**: Search query
    - **manufacturer_id**: Filter by specific manufacturer
    - **model_type**: Filter by model type
    - **limit**: Maximum results (1-100, default 20)
    """
    try:
        filters = {}
        if manufacturer_id:
            filters['manufacturer_id'] = manufacturer_id
        if model_type:
            filters['model_type'] = model_type
        results = search_service.search_ride_models(
            query=q,
            filters=filters if filters else None,
            limit=limit
        )
        return [_ride_model_to_search_result(m) for m in results]
    except Exception as e:
        return 400, ErrorResponse(detail=str(e))
@router.get(
    "/parks",
    response={200: List[ParkSearchResult], 400: ErrorResponse},
    summary="Search parks"
 )
 def search_parks(
    request: HttpRequest,
    q: str = Query(..., min_length=2, max_length=200, description="Search query"),
    status: Optional[str] = Query(None, description="Filter by status"),
    park_type: Optional[str] = Query(None, description="Filter by park type"),
    operator_id: Optional[UUID] = Query(None, description="Filter by operator"),
    opening_after: Optional[date] = Query(None, description="Opened after date"),
    opening_before: Optional[date] = Query(None, description="Opened before date"),
    latitude: Optional[float] = Query(None, description="Search center latitude"),
    longitude: Optional[float] = Query(None, description="Search center longitude"),
    radius: Optional[float] = Query(None, ge=0, le=500, description="Search radius in km (PostGIS only)"),
    limit: int = Query(20, ge=1, le=100, description="Maximum results"),
 ):
    """
    Search parks with optional filters including location-based search.
    - **q**: Search query
    - **status**: Filter by operational status
    - **park_type**: Filter by park type
    - **operator_id**: Filter by operator company
    - **opening_after/before**: Filter by opening date range
    - **latitude/longitude/radius**: Location-based filtering (PostGIS only)
    - **limit**: Maximum results (1-100, default 20)
    """
    try:
        filters = {}
        if status:
            filters['status'] = status
        if park_type:
            filters['park_type'] = park_type
        if operator_id:
            filters['operator_id'] = operator_id
        if opening_after:
            filters['opening_after'] = opening_after
        if opening_before:
            filters['opening_before'] = opening_before
        # Location-based search (PostGIS only)
        if latitude is not None and longitude is not None and radius is not None:
            filters['location'] = (longitude, latitude)
            filters['radius'] = radius
        results = search_service.search_parks(
            query=q,
            filters=filters if filters else None,
            limit=limit
        )
        return [_park_to_search_result(p) for p in results]
    except Exception as e:
        return 400, ErrorResponse(detail=str(e))
@router.get(
    "/rides",
    response={200: List[RideSearchResult], 400: ErrorResponse},
    summary="Search rides"
 )
 def search_rides(
    request: HttpRequest,
    q: str = Query(..., min_length=2, max_length=200, description="Search query"),
    park_id: Optional[UUID] = Query(None, description="Filter by park"),
    manufacturer_id: Optional[UUID] = Query(None, description="Filter by manufacturer"),
    model_id: Optional[UUID] = Query(None, description="Filter by model"),
    status: Optional[str] = Query(None, description="Filter by status"),
    ride_category: Optional[str] = Query(None, description="Filter by category"),
    is_coaster: Optional[bool] = Query(None, description="Filter coasters only"),
    opening_after: Optional[date] = Query(None, description="Opened after date"),
    opening_before: Optional[date] = Query(None, description="Opened before date"),
    min_height: Optional[Decimal] = Query(None, description="Minimum height in feet"),
    max_height: Optional[Decimal] = Query(None, description="Maximum height in feet"),
    min_speed: Optional[Decimal] = Query(None, description="Minimum speed in mph"),
    max_speed: Optional[Decimal] = Query(None, description="Maximum speed in mph"),
    limit: int = Query(20, ge=1, le=100, description="Maximum results"),
 ):
    """
    Search rides with extensive filtering options.
    - **q**: Search query
    - **park_id**: Filter by specific park
    - **manufacturer_id**: Filter by manufacturer
    - **model_id**: Filter by specific ride model
    - **status**: Filter by operational status
    - **ride_category**: Filter by category (roller_coaster, flat_ride, etc.)
    - **is_coaster**: Filter to show only coasters
    - **opening_after/before**: Filter by opening date range
    - **min_height/max_height**: Filter by height range (feet)
    - **min_speed/max_speed**: Filter by speed range (mph)
    - **limit**: Maximum results (1-100, default 20)
    """
    try:
        filters = {}
        if park_id:
            filters['park_id'] = park_id
        if manufacturer_id:
            filters['manufacturer_id'] = manufacturer_id
        if model_id:
            filters['model_id'] = model_id
        if status:
            filters['status'] = status
        if ride_category:
            filters['ride_category'] = ride_category
        if is_coaster is not None:
            filters['is_coaster'] = is_coaster
        if opening_after:
            filters['opening_after'] = opening_after
        if opening_before:
            filters['opening_before'] = opening_before
        if min_height:
            filters['min_height'] = min_height
        if max_height:
            filters['max_height'] = max_height
        if min_speed:
            filters['min_speed'] = min_speed
        if max_speed:
            filters['max_speed'] = max_speed
        results = search_service.search_rides(
            query=q,
            filters=filters if filters else None,
            limit=limit
        )
        return [_ride_to_search_result(r) for r in results]
    except Exception as e:
        return 400, ErrorResponse(detail=str(e))
 # ============================================================================
 # Autocomplete Endpoint
 # ============================================================================
@router.get(
    "/autocomplete",
    response={200: AutocompleteResponse, 400: ErrorResponse},
    summary="Autocomplete suggestions"
 )
 def autocomplete(
    request: HttpRequest,
    q: str = Query(..., min_length=2, max_length=100, description="Partial search query"),
    entity_type: Optional[str] = Query(None, description="Filter by entity type (company, park, ride, ride_model)"),
    limit: int = Query(10, ge=1, le=20, description="Maximum suggestions"),
 ):
    """
    Get autocomplete suggestions for search.
    - **q**: Partial query (minimum 2 characters)
    - **entity_type**: Optional entity type filter
    - **limit**: Maximum suggestions (1-20, default 10)
    Returns quick name-based suggestions for autocomplete UIs.
    """
    try:
        suggestions = search_service.autocomplete(
            query=q,
            entity_type=entity_type,
            limit=limit
        )
        # Convert to schema objects
        items = [
            AutocompleteItem(
                id=s['id'],
                name=s['name'],
                slug=s['slug'],
                entity_type=s['entity_type'],
                park_name=s.get('park_name'),
                manufacturer_name=s.get('manufacturer_name'),
            )
            for s in suggestions
        ]
        return AutocompleteResponse(
            query=q,
            suggestions=items
        )
    except Exception as e:
        return 400, ErrorResponse(detail=str(e))
--- a/django/api/v1/endpoints/versioning.py
+++ b/django/api/v1/endpoints/versioning.py
@@ -1,369 +0,0 @@
 """
 Versioning API endpoints for ThrillWiki.
 Provides REST API for:
 - Version history for entities
 - Specific version details
 - Comparing versions
 - Diff with current state
 - Version restoration (optional)
 """
 from typing import List
 from uuid import UUID
 from django.shortcuts import get_object_or_404
 from django.http import Http404
 from ninja import Router
 from apps.entities.models import Park, Ride, Company, RideModel
 from apps.versioning.models import EntityVersion
 from apps.versioning.services import VersionService
 from api.v1.schemas import (
    EntityVersionSchema,
    VersionHistoryResponseSchema,
    VersionDiffSchema,
    VersionComparisonSchema,
    ErrorSchema,
    MessageSchema
 )
 router = Router(tags=['Versioning'])
 # Park Versions
@router.get(
    '/parks/{park_id}/versions',
    response={200: VersionHistoryResponseSchema, 404: ErrorSchema},
    summary="Get park version history"
 )
 def get_park_versions(request, park_id: UUID, limit: int = 50):
    """
    Get version history for a park.
    Returns up to `limit` versions in reverse chronological order (newest first).
    """
    park = get_object_or_404(Park, id=park_id)
    versions = VersionService.get_version_history(park, limit=limit)
    return {
        'entity_id': str(park.id),
        'entity_type': 'park',
        'entity_name': park.name,
        'total_versions': VersionService.get_version_count(park),
        'versions': [
            EntityVersionSchema.from_orm(v) for v in versions
        ]
    }
@router.get(
    '/parks/{park_id}/versions/{version_number}',
    response={200: EntityVersionSchema, 404: ErrorSchema},
    summary="Get specific park version"
 )
 def get_park_version(request, park_id: UUID, version_number: int):
    """Get a specific version of a park by version number."""
    park = get_object_or_404(Park, id=park_id)
    version = VersionService.get_version_by_number(park, version_number)
    if not version:
        raise Http404("Version not found")
    return EntityVersionSchema.from_orm(version)
@router.get(
    '/parks/{park_id}/versions/{version_number}/diff',
    response={200: VersionDiffSchema, 404: ErrorSchema},
    summary="Compare park version with current"
 )
 def get_park_version_diff(request, park_id: UUID, version_number: int):
    """
    Compare a specific version with the current park state.
    Returns the differences between the version and current values.
    """
    park = get_object_or_404(Park, id=park_id)
    version = VersionService.get_version_by_number(park, version_number)
    if not version:
        raise Http404("Version not found")
    diff = VersionService.get_diff_with_current(version)
    return {
        'entity_id': str(park.id),
        'entity_type': 'park',
        'entity_name': park.name,
        'version_number': version.version_number,
        'version_date': version.created,
        'differences': diff['differences'],
        'changed_field_count': diff['changed_field_count']
    }
 # Ride Versions
@router.get(
    '/rides/{ride_id}/versions',
    response={200: VersionHistoryResponseSchema, 404: ErrorSchema},
    summary="Get ride version history"
 )
 def get_ride_versions(request, ride_id: UUID, limit: int = 50):
    """Get version history for a ride."""
    ride = get_object_or_404(Ride, id=ride_id)
    versions = VersionService.get_version_history(ride, limit=limit)
    return {
        'entity_id': str(ride.id),
        'entity_type': 'ride',
        'entity_name': ride.name,
        'total_versions': VersionService.get_version_count(ride),
        'versions': [
            EntityVersionSchema.from_orm(v) for v in versions
        ]
    }
@router.get(
    '/rides/{ride_id}/versions/{version_number}',
    response={200: EntityVersionSchema, 404: ErrorSchema},
    summary="Get specific ride version"
 )
 def get_ride_version(request, ride_id: UUID, version_number: int):
    """Get a specific version of a ride by version number."""
    ride = get_object_or_404(Ride, id=ride_id)
    version = VersionService.get_version_by_number(ride, version_number)
    if not version:
        raise Http404("Version not found")
    return EntityVersionSchema.from_orm(version)
@router.get(
    '/rides/{ride_id}/versions/{version_number}/diff',
    response={200: VersionDiffSchema, 404: ErrorSchema},
    summary="Compare ride version with current"
 )
 def get_ride_version_diff(request, ride_id: UUID, version_number: int):
    """Compare a specific version with the current ride state."""
    ride = get_object_or_404(Ride, id=ride_id)
    version = VersionService.get_version_by_number(ride, version_number)
    if not version:
        raise Http404("Version not found")
    diff = VersionService.get_diff_with_current(version)
    return {
        'entity_id': str(ride.id),
        'entity_type': 'ride',
        'entity_name': ride.name,
        'version_number': version.version_number,
        'version_date': version.created,
        'differences': diff['differences'],
        'changed_field_count': diff['changed_field_count']
    }
 # Company Versions
@router.get(
    '/companies/{company_id}/versions',
    response={200: VersionHistoryResponseSchema, 404: ErrorSchema},
    summary="Get company version history"
 )
 def get_company_versions(request, company_id: UUID, limit: int = 50):
    """Get version history for a company."""
    company = get_object_or_404(Company, id=company_id)
    versions = VersionService.get_version_history(company, limit=limit)
    return {
        'entity_id': str(company.id),
        'entity_type': 'company',
        'entity_name': company.name,
        'total_versions': VersionService.get_version_count(company),
        'versions': [
            EntityVersionSchema.from_orm(v) for v in versions
        ]
    }
@router.get(
    '/companies/{company_id}/versions/{version_number}',
    response={200: EntityVersionSchema, 404: ErrorSchema},
    summary="Get specific company version"
 )
 def get_company_version(request, company_id: UUID, version_number: int):
    """Get a specific version of a company by version number."""
    company = get_object_or_404(Company, id=company_id)
    version = VersionService.get_version_by_number(company, version_number)
    if not version:
        raise Http404("Version not found")
    return EntityVersionSchema.from_orm(version)
@router.get(
    '/companies/{company_id}/versions/{version_number}/diff',
    response={200: VersionDiffSchema, 404: ErrorSchema},
    summary="Compare company version with current"
 )
 def get_company_version_diff(request, company_id: UUID, version_number: int):
    """Compare a specific version with the current company state."""
    company = get_object_or_404(Company, id=company_id)
    version = VersionService.get_version_by_number(company, version_number)
    if not version:
        raise Http404("Version not found")
    diff = VersionService.get_diff_with_current(version)
    return {
        'entity_id': str(company.id),
        'entity_type': 'company',
        'entity_name': company.name,
        'version_number': version.version_number,
        'version_date': version.created,
        'differences': diff['differences'],
        'changed_field_count': diff['changed_field_count']
    }
 # Ride Model Versions
@router.get(
    '/ride-models/{model_id}/versions',
    response={200: VersionHistoryResponseSchema, 404: ErrorSchema},
    summary="Get ride model version history"
 )
 def get_ride_model_versions(request, model_id: UUID, limit: int = 50):
    """Get version history for a ride model."""
    model = get_object_or_404(RideModel, id=model_id)
    versions = VersionService.get_version_history(model, limit=limit)
    return {
        'entity_id': str(model.id),
        'entity_type': 'ride_model',
        'entity_name': str(model),
        'total_versions': VersionService.get_version_count(model),
        'versions': [
            EntityVersionSchema.from_orm(v) for v in versions
        ]
    }
@router.get(
    '/ride-models/{model_id}/versions/{version_number}',
    response={200: EntityVersionSchema, 404: ErrorSchema},
    summary="Get specific ride model version"
 )
 def get_ride_model_version(request, model_id: UUID, version_number: int):
    """Get a specific version of a ride model by version number."""
    model = get_object_or_404(RideModel, id=model_id)
    version = VersionService.get_version_by_number(model, version_number)
    if not version:
        raise Http404("Version not found")
    return EntityVersionSchema.from_orm(version)
@router.get(
    '/ride-models/{model_id}/versions/{version_number}/diff',
    response={200: VersionDiffSchema, 404: ErrorSchema},
    summary="Compare ride model version with current"
 )
 def get_ride_model_version_diff(request, model_id: UUID, version_number: int):
    """Compare a specific version with the current ride model state."""
    model = get_object_or_404(RideModel, id=model_id)
    version = VersionService.get_version_by_number(model, version_number)
    if not version:
        raise Http404("Version not found")
    diff = VersionService.get_diff_with_current(version)
    return {
        'entity_id': str(model.id),
        'entity_type': 'ride_model',
        'entity_name': str(model),
        'version_number': version.version_number,
        'version_date': version.created,
        'differences': diff['differences'],
        'changed_field_count': diff['changed_field_count']
    }
 # Generic Version Endpoints
@router.get(
    '/versions/{version_id}',
    response={200: EntityVersionSchema, 404: ErrorSchema},
    summary="Get version by ID"
 )
 def get_version(request, version_id: UUID):
    """Get a specific version by its ID."""
    version = get_object_or_404(EntityVersion, id=version_id)
    return EntityVersionSchema.from_orm(version)
@router.get(
    '/versions/{version_id}/compare/{other_version_id}',
    response={200: VersionComparisonSchema, 404: ErrorSchema},
    summary="Compare two versions"
 )
 def compare_versions(request, version_id: UUID, other_version_id: UUID):
    """
    Compare two versions of the same entity.
    Both versions must be for the same entity.
    """
    version1 = get_object_or_404(EntityVersion, id=version_id)
    version2 = get_object_or_404(EntityVersion, id=other_version_id)
    comparison = VersionService.compare_versions(version1, version2)
    return {
        'version1': EntityVersionSchema.from_orm(version1),
        'version2': EntityVersionSchema.from_orm(version2),
        'differences': comparison['differences'],
        'changed_field_count': comparison['changed_field_count']
    }
 # Optional: Version Restoration
 # Uncomment if you want to enable version restoration via API
 # @router.post(
 #     '/versions/{version_id}/restore',
 #     response={200: MessageSchema, 404: ErrorSchema},
 #     summary="Restore a version"
 # )
 # def restore_version(request, version_id: UUID):
 #     """
 #     Restore an entity to a previous version.
 #     
 #     This creates a new version with change_type='restored'.
 #     Requires authentication and appropriate permissions.
 #     """
 #     version = get_object_or_404(EntityVersion, id=version_id)
 #     
 #     # Check authentication
 #     if not request.user.is_authenticated:
 #         return 401, {'error': 'Authentication required'}
 #     
 #     # Restore version
 #     restored_version = VersionService.restore_version(
 #         version,
 #         user=request.user,
 #         comment='Restored via API'
 #     )
 #     
 #     return {
 #         'message': f'Successfully restored to version {version.version_number}',
 #         'new_version_number': restored_version.version_number
 #     }
--- a/django/api/v1/schemas.py
+++ b/django/api/v1/schemas.py
@@ -1,969 +0,0 @@
 """
 Pydantic schemas for API v1 endpoints.
 These schemas define the structure of request and response data for the REST API.
 """
 from datetime import date, datetime
 from typing import Optional, List
 from decimal import Decimal
 from pydantic import BaseModel, Field, field_validator
 from uuid import UUID
 # ============================================================================
 # Base Schemas
 # ============================================================================
 class TimestampSchema(BaseModel):
    """Base schema with timestamps."""
    created: datetime
    modified: datetime
 # ============================================================================
 # Company Schemas
 # ============================================================================
 class CompanyBase(BaseModel):
    """Base company schema with common fields."""
    name: str = Field(..., min_length=1, max_length=255)
    description: Optional[str] = None
    company_types: List[str] = Field(default_factory=list)
    founded_date: Optional[date] = None
    founded_date_precision: str = Field(default='day')
    closed_date: Optional[date] = None
    closed_date_precision: str = Field(default='day')
    website: Optional[str] = None
    logo_image_id: Optional[str] = None
    logo_image_url: Optional[str] = None
 class CompanyCreate(CompanyBase):
    """Schema for creating a company."""
    pass
 class CompanyUpdate(BaseModel):
    """Schema for updating a company (all fields optional)."""
    name: Optional[str] = Field(None, min_length=1, max_length=255)
    description: Optional[str] = None
    company_types: Optional[List[str]] = None
    founded_date: Optional[date] = None
    founded_date_precision: Optional[str] = None
    closed_date: Optional[date] = None
    closed_date_precision: Optional[str] = None
    website: Optional[str] = None
    logo_image_id: Optional[str] = None
    logo_image_url: Optional[str] = None
 class CompanyOut(CompanyBase, TimestampSchema):
    """Schema for company output."""
    id: UUID
    slug: str
    park_count: int
    ride_count: int
    class Config:
        from_attributes = True
 # ============================================================================
 # RideModel Schemas
 # ============================================================================
 class RideModelBase(BaseModel):
    """Base ride model schema."""
    name: str = Field(..., min_length=1, max_length=255)
    description: Optional[str] = None
    manufacturer_id: UUID
    model_type: str
    typical_height: Optional[Decimal] = None
    typical_speed: Optional[Decimal] = None
    typical_capacity: Optional[int] = None
    image_id: Optional[str] = None
    image_url: Optional[str] = None
 class RideModelCreate(RideModelBase):
    """Schema for creating a ride model."""
    pass
 class RideModelUpdate(BaseModel):
    """Schema for updating a ride model (all fields optional)."""
    name: Optional[str] = Field(None, min_length=1, max_length=255)
    description: Optional[str] = None
    manufacturer_id: Optional[UUID] = None
    model_type: Optional[str] = None
    typical_height: Optional[Decimal] = None
    typical_speed: Optional[Decimal] = None
    typical_capacity: Optional[int] = None
    image_id: Optional[str] = None
    image_url: Optional[str] = None
 class RideModelOut(RideModelBase, TimestampSchema):
    """Schema for ride model output."""
    id: UUID
    slug: str
    installation_count: int
    manufacturer_name: Optional[str] = None
    class Config:
        from_attributes = True
 # ============================================================================
 # Park Schemas
 # ============================================================================
 class ParkBase(BaseModel):
    """Base park schema."""
    name: str = Field(..., min_length=1, max_length=255)
    description: Optional[str] = None
    park_type: str
    status: str = Field(default='operating')
    opening_date: Optional[date] = None
    opening_date_precision: str = Field(default='day')
    closing_date: Optional[date] = None
    closing_date_precision: str = Field(default='day')
    latitude: Optional[Decimal] = None
    longitude: Optional[Decimal] = None
    operator_id: Optional[UUID] = None
    website: Optional[str] = None
    banner_image_id: Optional[str] = None
    banner_image_url: Optional[str] = None
    logo_image_id: Optional[str] = None
    logo_image_url: Optional[str] = None
 class ParkCreate(ParkBase):
    """Schema for creating a park."""
    pass
 class ParkUpdate(BaseModel):
    """Schema for updating a park (all fields optional)."""
    name: Optional[str] = Field(None, min_length=1, max_length=255)
    description: Optional[str] = None
    park_type: Optional[str] = None
    status: Optional[str] = None
    opening_date: Optional[date] = None
    opening_date_precision: Optional[str] = None
    closing_date: Optional[date] = None
    closing_date_precision: Optional[str] = None
    latitude: Optional[Decimal] = None
    longitude: Optional[Decimal] = None
    operator_id: Optional[UUID] = None
    website: Optional[str] = None
    banner_image_id: Optional[str] = None
    banner_image_url: Optional[str] = None
    logo_image_id: Optional[str] = None
    logo_image_url: Optional[str] = None
 class ParkOut(ParkBase, TimestampSchema):
    """Schema for park output."""
    id: UUID
    slug: str
    ride_count: int
    coaster_count: int
    operator_name: Optional[str] = None
    coordinates: Optional[tuple[float, float]] = None
    class Config:
        from_attributes = True
 # ============================================================================
 # Ride Schemas
 # ============================================================================
 class RideBase(BaseModel):
    """Base ride schema."""
    name: str = Field(..., min_length=1, max_length=255)
    description: Optional[str] = None
    park_id: UUID
    ride_category: str
    ride_type: Optional[str] = None
    is_coaster: bool = Field(default=False)
    status: str = Field(default='operating')
    opening_date: Optional[date] = None
    opening_date_precision: str = Field(default='day')
    closing_date: Optional[date] = None
    closing_date_precision: str = Field(default='day')
    manufacturer_id: Optional[UUID] = None
    model_id: Optional[UUID] = None
    height: Optional[Decimal] = None
    speed: Optional[Decimal] = None
    length: Optional[Decimal] = None
    duration: Optional[int] = None
    inversions: Optional[int] = None
    capacity: Optional[int] = None
    image_id: Optional[str] = None
    image_url: Optional[str] = None
 class RideCreate(RideBase):
    """Schema for creating a ride."""
    pass
 class RideUpdate(BaseModel):
    """Schema for updating a ride (all fields optional)."""
    name: Optional[str] = Field(None, min_length=1, max_length=255)
    description: Optional[str] = None
    park_id: Optional[UUID] = None
    ride_category: Optional[str] = None
    ride_type: Optional[str] = None
    is_coaster: Optional[bool] = None
    status: Optional[str] = None
    opening_date: Optional[date] = None
    opening_date_precision: Optional[str] = None
    closing_date: Optional[date] = None
    closing_date_precision: Optional[str] = None
    manufacturer_id: Optional[UUID] = None
    model_id: Optional[UUID] = None
    height: Optional[Decimal] = None
    speed: Optional[Decimal] = None
    length: Optional[Decimal] = None
    duration: Optional[int] = None
    inversions: Optional[int] = None
    capacity: Optional[int] = None
    image_id: Optional[str] = None
    image_url: Optional[str] = None
 class RideOut(RideBase, TimestampSchema):
    """Schema for ride output."""
    id: UUID
    slug: str
    park_name: Optional[str] = None
    manufacturer_name: Optional[str] = None
    model_name: Optional[str] = None
    class Config:
        from_attributes = True
 # ============================================================================
 # Pagination Schemas
 # ============================================================================
 class PaginatedResponse(BaseModel):
    """Generic paginated response schema."""
    items: List
    total: int
    page: int
    page_size: int
    total_pages: int
 class CompanyListOut(BaseModel):
    """Paginated company list response."""
    items: List[CompanyOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 class RideModelListOut(BaseModel):
    """Paginated ride model list response."""
    items: List[RideModelOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 class ParkListOut(BaseModel):
    """Paginated park list response."""
    items: List[ParkOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 class RideListOut(BaseModel):
    """Paginated ride list response."""
    items: List[RideOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 # ============================================================================
 # Error Schemas
 # ============================================================================
 class ErrorResponse(BaseModel):
    """Standard error response schema."""
    detail: str
    code: Optional[str] = None
 class ValidationErrorResponse(BaseModel):
    """Validation error response schema."""
    detail: str
    errors: Optional[List[dict]] = None
 # ============================================================================
 # Moderation Schemas
 # ============================================================================
 class SubmissionItemBase(BaseModel):
    """Base submission item schema."""
    field_name: str = Field(..., min_length=1, max_length=100)
    field_label: Optional[str] = None
    old_value: Optional[dict] = None
    new_value: Optional[dict] = None
    change_type: str = Field(default='modify')
    is_required: bool = Field(default=False)
    order: int = Field(default=0)
 class SubmissionItemCreate(SubmissionItemBase):
    """Schema for creating a submission item."""
    pass
 class SubmissionItemOut(SubmissionItemBase, TimestampSchema):
    """Schema for submission item output."""
    id: UUID
    submission_id: UUID
    status: str
    reviewed_by_id: Optional[UUID] = None
    reviewed_by_email: Optional[str] = None
    reviewed_at: Optional[datetime] = None
    rejection_reason: Optional[str] = None
    old_value_display: str
    new_value_display: str
    class Config:
        from_attributes = True
 class ContentSubmissionBase(BaseModel):
    """Base content submission schema."""
    submission_type: str
    title: str = Field(..., min_length=1, max_length=255)
    description: Optional[str] = None
    entity_type: str
    entity_id: UUID
 class ContentSubmissionCreate(BaseModel):
    """Schema for creating a content submission."""
    entity_type: str = Field(..., description="Entity type (park, ride, company, ridemodel)")
    entity_id: UUID = Field(..., description="ID of entity being modified")
    submission_type: str = Field(..., description="Operation type (create, update, delete)")
    title: str = Field(..., min_length=1, max_length=255, description="Brief description")
    description: Optional[str] = Field(None, description="Detailed description")
    items: List[SubmissionItemCreate] = Field(..., min_items=1, description="List of changes")
    metadata: Optional[dict] = Field(default_factory=dict)
    auto_submit: bool = Field(default=True, description="Auto-submit for review")
 class ContentSubmissionOut(TimestampSchema):
    """Schema for content submission output."""
    id: UUID
    status: str
    submission_type: str
    title: str
    description: Optional[str] = None
    entity_type: str
    entity_id: UUID
    user_id: UUID
    user_email: str
    locked_by_id: Optional[UUID] = None
    locked_by_email: Optional[str] = None
    locked_at: Optional[datetime] = None
    reviewed_by_id: Optional[UUID] = None
    reviewed_by_email: Optional[str] = None
    reviewed_at: Optional[datetime] = None
    rejection_reason: Optional[str] = None
    source: str
    metadata: dict
    items_count: int
    approved_items_count: int
    rejected_items_count: int
    class Config:
        from_attributes = True
 class ContentSubmissionDetail(ContentSubmissionOut):
    """Detailed submission with items."""
    items: List[SubmissionItemOut]
    class Config:
        from_attributes = True
 class StartReviewRequest(BaseModel):
    """Schema for starting a review."""
    pass  # No additional fields needed
 class ApproveRequest(BaseModel):
    """Schema for approving a submission."""
    pass  # No additional fields needed
 class ApproveSelectiveRequest(BaseModel):
    """Schema for selective approval."""
    item_ids: List[UUID] = Field(..., min_items=1, description="List of item IDs to approve")
 class RejectRequest(BaseModel):
    """Schema for rejecting a submission."""
    reason: str = Field(..., min_length=1, description="Reason for rejection")
 class RejectSelectiveRequest(BaseModel):
    """Schema for selective rejection."""
    item_ids: List[UUID] = Field(..., min_items=1, description="List of item IDs to reject")
    reason: Optional[str] = Field(None, description="Reason for rejection")
 class ApprovalResponse(BaseModel):
    """Response for approval operations."""
    success: bool
    message: str
    submission: ContentSubmissionOut
 class SelectiveApprovalResponse(BaseModel):
    """Response for selective approval."""
    success: bool
    message: str
    approved: int
    total: int
    pending: int
    submission_approved: bool
 class SelectiveRejectionResponse(BaseModel):
    """Response for selective rejection."""
    success: bool
    message: str
    rejected: int
    total: int
    pending: int
    submission_complete: bool
 class SubmissionListOut(BaseModel):
    """Paginated submission list response."""
    items: List[ContentSubmissionOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 # ============================================================================
 # Versioning Schemas
 # ============================================================================
 class EntityVersionSchema(TimestampSchema):
    """Schema for entity version output."""
    id: UUID
    entity_type: str
    entity_id: UUID
    entity_name: str
    version_number: int
    change_type: str
    snapshot: dict
    changed_fields: dict
    changed_by_id: Optional[UUID] = None
    changed_by_email: Optional[str] = None
    submission_id: Optional[UUID] = None
    comment: Optional[str] = None
    diff_summary: str
    class Config:
        from_attributes = True
 class VersionHistoryResponseSchema(BaseModel):
    """Response schema for version history."""
    entity_id: str
    entity_type: str
    entity_name: str
    total_versions: int
    versions: List[EntityVersionSchema]
 class VersionDiffSchema(BaseModel):
    """Schema for version diff response."""
    entity_id: str
    entity_type: str
    entity_name: str
    version_number: int
    version_date: datetime
    differences: dict
    changed_field_count: int
 class VersionComparisonSchema(BaseModel):
    """Schema for comparing two versions."""
    version1: EntityVersionSchema
    version2: EntityVersionSchema
    differences: dict
    changed_field_count: int
 # ============================================================================
 # Generic Utility Schemas
 # ============================================================================
 class MessageSchema(BaseModel):
    """Generic message response."""
    message: str
    success: bool = True
 class ErrorSchema(BaseModel):
    """Standard error response."""
    error: str
    detail: Optional[str] = None
 # ============================================================================
 # Authentication Schemas
 # ============================================================================
 class UserBase(BaseModel):
    """Base user schema."""
    email: str = Field(..., description="Email address")
    username: Optional[str] = Field(None, description="Username")
    first_name: Optional[str] = Field(None, max_length=150)
    last_name: Optional[str] = Field(None, max_length=150)
 class UserRegisterRequest(BaseModel):
    """Schema for user registration."""
    email: str = Field(..., description="Email address")
    password: str = Field(..., min_length=8, description="Password (min 8 characters)")
    password_confirm: str = Field(..., description="Password confirmation")
    username: Optional[str] = Field(None, description="Username (auto-generated if not provided)")
    first_name: Optional[str] = Field(None, max_length=150)
    last_name: Optional[str] = Field(None, max_length=150)
    @field_validator('password_confirm')
    def passwords_match(cls, v, info):
        if 'password' in info.data and v != info.data['password']:
            raise ValueError('Passwords do not match')
        return v
 class UserLoginRequest(BaseModel):
    """Schema for user login."""
    email: str = Field(..., description="Email address")
    password: str = Field(..., description="Password")
    mfa_token: Optional[str] = Field(None, description="MFA token if enabled")
 class TokenResponse(BaseModel):
    """Schema for token response."""
    access: str = Field(..., description="JWT access token")
    refresh: str = Field(..., description="JWT refresh token")
    token_type: str = Field(default="Bearer")
 class TokenRefreshRequest(BaseModel):
    """Schema for token refresh."""
    refresh: str = Field(..., description="Refresh token")
 class UserProfileOut(BaseModel):
    """Schema for user profile output."""
    id: UUID
    email: str
    username: str
    first_name: str
    last_name: str
    display_name: str
    avatar_url: Optional[str] = None
    bio: Optional[str] = None
    reputation_score: int
    mfa_enabled: bool
    banned: bool
    date_joined: datetime
    last_login: Optional[datetime] = None
    oauth_provider: str
    class Config:
        from_attributes = True
 class UserProfileUpdate(BaseModel):
    """Schema for updating user profile."""
    first_name: Optional[str] = Field(None, max_length=150)
    last_name: Optional[str] = Field(None, max_length=150)
    username: Optional[str] = Field(None, max_length=150)
    bio: Optional[str] = Field(None, max_length=500)
    avatar_url: Optional[str] = None
 class ChangePasswordRequest(BaseModel):
    """Schema for password change."""
    old_password: str = Field(..., description="Current password")
    new_password: str = Field(..., min_length=8, description="New password")
    new_password_confirm: str = Field(..., description="New password confirmation")
    @field_validator('new_password_confirm')
    def passwords_match(cls, v, info):
        if 'new_password' in info.data and v != info.data['new_password']:
            raise ValueError('Passwords do not match')
        return v
 class ResetPasswordRequest(BaseModel):
    """Schema for password reset."""
    email: str = Field(..., description="Email address")
 class ResetPasswordConfirm(BaseModel):
    """Schema for password reset confirmation."""
    token: str = Field(..., description="Reset token")
    password: str = Field(..., min_length=8, description="New password")
    password_confirm: str = Field(..., description="Password confirmation")
    @field_validator('password_confirm')
    def passwords_match(cls, v, info):
        if 'password' in info.data and v != info.data['password']:
            raise ValueError('Passwords do not match')
        return v
 class UserRoleOut(BaseModel):
    """Schema for user role output."""
    role: str
    is_moderator: bool
    is_admin: bool
    granted_at: datetime
    granted_by_email: Optional[str] = None
    class Config:
        from_attributes = True
 class UserPermissionsOut(BaseModel):
    """Schema for user permissions."""
    can_submit: bool
    can_moderate: bool
    can_admin: bool
    can_edit_own: bool
    can_delete_own: bool
 class UserStatsOut(BaseModel):
    """Schema for user statistics."""
    total_submissions: int
    approved_submissions: int
    reputation_score: int
    member_since: datetime
    last_active: Optional[datetime] = None
 class UserProfilePreferencesOut(BaseModel):
    """Schema for user preferences."""
    email_notifications: bool
    email_on_submission_approved: bool
    email_on_submission_rejected: bool
    profile_public: bool
    show_email: bool
    class Config:
        from_attributes = True
 class UserProfilePreferencesUpdate(BaseModel):
    """Schema for updating user preferences."""
    email_notifications: Optional[bool] = None
    email_on_submission_approved: Optional[bool] = None
    email_on_submission_rejected: Optional[bool] = None
    profile_public: Optional[bool] = None
    show_email: Optional[bool] = None
 class TOTPEnableResponse(BaseModel):
    """Schema for TOTP enable response."""
    secret: str = Field(..., description="TOTP secret key")
    qr_code_url: str = Field(..., description="QR code URL for authenticator apps")
    backup_codes: List[str] = Field(default_factory=list, description="Backup codes")
 class TOTPConfirmRequest(BaseModel):
    """Schema for TOTP confirmation."""
    token: str = Field(..., min_length=6, max_length=6, description="6-digit TOTP token")
 class TOTPVerifyRequest(BaseModel):
    """Schema for TOTP verification."""
    token: str = Field(..., min_length=6, max_length=6, description="6-digit TOTP token")
 class BanUserRequest(BaseModel):
    """Schema for banning a user."""
    user_id: UUID = Field(..., description="User ID to ban")
    reason: str = Field(..., min_length=1, description="Reason for ban")
 class UnbanUserRequest(BaseModel):
    """Schema for unbanning a user."""
    user_id: UUID = Field(..., description="User ID to unban")
 class AssignRoleRequest(BaseModel):
    """Schema for assigning a role."""
    user_id: UUID = Field(..., description="User ID")
    role: str = Field(..., description="Role to assign (user, moderator, admin)")
 class UserListOut(BaseModel):
    """Paginated user list response."""
    items: List[UserProfileOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 # ============================================================================
 # Photo/Media Schemas
 # ============================================================================
 class PhotoBase(BaseModel):
    """Base photo schema."""
    title: Optional[str] = Field(None, max_length=255)
    description: Optional[str] = None
    credit: Optional[str] = Field(None, max_length=255, description="Photo credit/attribution")
    photo_type: str = Field(default='gallery', description="Type: main, gallery, banner, logo, thumbnail, other")
    is_visible: bool = Field(default=True)
 class PhotoUploadRequest(PhotoBase):
    """Schema for photo upload request (form data)."""
    entity_type: Optional[str] = Field(None, description="Entity type to attach to")
    entity_id: Optional[UUID] = Field(None, description="Entity ID to attach to")
 class PhotoUpdate(BaseModel):
    """Schema for updating photo metadata."""
    title: Optional[str] = Field(None, max_length=255)
    description: Optional[str] = None
    credit: Optional[str] = Field(None, max_length=255)
    photo_type: Optional[str] = None
    is_visible: Optional[bool] = None
    display_order: Optional[int] = None
 class PhotoOut(PhotoBase, TimestampSchema):
    """Schema for photo output."""
    id: UUID
    cloudflare_image_id: str
    cloudflare_url: str
    uploaded_by_id: UUID
    uploaded_by_email: Optional[str] = None
    moderation_status: str
    moderated_by_id: Optional[UUID] = None
    moderated_by_email: Optional[str] = None
    moderated_at: Optional[datetime] = None
    moderation_notes: Optional[str] = None
    entity_type: Optional[str] = None
    entity_id: Optional[str] = None
    entity_name: Optional[str] = None
    width: int
    height: int
    file_size: int
    mime_type: str
    display_order: int
    # Generated URLs for different variants
    thumbnail_url: Optional[str] = None
    banner_url: Optional[str] = None
    class Config:
        from_attributes = True
 class PhotoListOut(BaseModel):
    """Paginated photo list response."""
    items: List[PhotoOut]
    total: int
    page: int
    page_size: int
    total_pages: int
 class PhotoUploadResponse(BaseModel):
    """Response for photo upload."""
    success: bool
    message: str
    photo: PhotoOut
 class PhotoModerateRequest(BaseModel):
    """Schema for moderating a photo."""
    status: str = Field(..., description="Status: approved, rejected, flagged")
    notes: Optional[str] = Field(None, description="Moderation notes")
 class PhotoReorderRequest(BaseModel):
    """Schema for reordering photos."""
    photo_ids: List[int] = Field(..., min_items=1, description="Ordered list of photo IDs")
    photo_type: Optional[str] = Field(None, description="Optional photo type filter")
 class PhotoAttachRequest(BaseModel):
    """Schema for attaching photo to entity."""
    photo_id: UUID = Field(..., description="Photo ID to attach")
    photo_type: Optional[str] = Field('gallery', description="Photo type")
 class PhotoStatsOut(BaseModel):
    """Statistics about photos."""
    total_photos: int
    pending_photos: int
    approved_photos: int
    rejected_photos: int
    flagged_photos: int
    total_size_mb: float
 # ============================================================================
 # Search Schemas
 # ============================================================================
 class SearchResultBase(BaseModel):
    """Base schema for search results."""
    id: UUID
    name: str
    slug: str
    entity_type: str
    description: Optional[str] = None
    image_url: Optional[str] = None
 class CompanySearchResult(SearchResultBase):
    """Company search result."""
    company_types: List[str] = Field(default_factory=list)
    park_count: int = 0
    ride_count: int = 0
 class RideModelSearchResult(SearchResultBase):
    """Ride model search result."""
    manufacturer_name: str
    model_type: str
    installation_count: int = 0
 class ParkSearchResult(SearchResultBase):
    """Park search result."""
    park_type: str
    status: str
    operator_name: Optional[str] = None
    ride_count: int = 0
    coaster_count: int = 0
    coordinates: Optional[tuple[float, float]] = None
 class RideSearchResult(SearchResultBase):
    """Ride search result."""
    park_name: str
    park_slug: str
    manufacturer_name: Optional[str] = None
    ride_category: str
    status: str
    is_coaster: bool
 class GlobalSearchResponse(BaseModel):
    """Response for global search across all entities."""
    query: str
    total_results: int
    companies: List[CompanySearchResult] = Field(default_factory=list)
    ride_models: List[RideModelSearchResult] = Field(default_factory=list)
    parks: List[ParkSearchResult] = Field(default_factory=list)
    rides: List[RideSearchResult] = Field(default_factory=list)
 class AutocompleteItem(BaseModel):
    """Single autocomplete suggestion."""
    id: UUID
    name: str
    slug: str
    entity_type: str
    park_name: Optional[str] = None  # For rides
    manufacturer_name: Optional[str] = None  # For ride models
 class AutocompleteResponse(BaseModel):
    """Response for autocomplete suggestions."""
    query: str
    suggestions: List[AutocompleteItem]
 class SearchFilters(BaseModel):
    """Base filters for search operations."""
    q: str = Field(..., min_length=2, max_length=200, description="Search query")
    entity_types: Optional[List[str]] = Field(None, description="Filter by entity types")
    limit: int = Field(20, ge=1, le=100, description="Maximum results per entity type")
 class CompanySearchFilters(BaseModel):
    """Filters for company search."""
    q: str = Field(..., min_length=2, max_length=200, description="Search query")
    company_types: Optional[List[str]] = Field(None, description="Filter by company types")
    founded_after: Optional[date] = Field(None, description="Founded after date")
    founded_before: Optional[date] = Field(None, description="Founded before date")
    limit: int = Field(20, ge=1, le=100)
 class RideModelSearchFilters(BaseModel):
    """Filters for ride model search."""
    q: str = Field(..., min_length=2, max_length=200, description="Search query")
    manufacturer_id: Optional[UUID] = Field(None, description="Filter by manufacturer")
    model_type: Optional[str] = Field(None, description="Filter by model type")
    limit: int = Field(20, ge=1, le=100)
 class ParkSearchFilters(BaseModel):
    """Filters for park search."""
    q: str = Field(..., min_length=2, max_length=200, description="Search query")
    status: Optional[str] = Field(None, description="Filter by status")
    park_type: Optional[str] = Field(None, description="Filter by park type")
    operator_id: Optional[UUID] = Field(None, description="Filter by operator")
    opening_after: Optional[date] = Field(None, description="Opened after date")
    opening_before: Optional[date] = Field(None, description="Opened before date")
    latitude: Optional[float] = Field(None, description="Search center latitude")
    longitude: Optional[float] = Field(None, description="Search center longitude")
    radius: Optional[float] = Field(None, ge=0, le=500, description="Search radius in km")
    limit: int = Field(20, ge=1, le=100)
 class RideSearchFilters(BaseModel):
    """Filters for ride search."""
    q: str = Field(..., min_length=2, max_length=200, description="Search query")
    park_id: Optional[UUID] = Field(None, description="Filter by park")
    manufacturer_id: Optional[UUID] = Field(None, description="Filter by manufacturer")
    model_id: Optional[UUID] = Field(None, description="Filter by model")
    status: Optional[str] = Field(None, description="Filter by status")
    ride_category: Optional[str] = Field(None, description="Filter by category")
    is_coaster: Optional[bool] = Field(None, description="Filter coasters only")
    opening_after: Optional[date] = Field(None, description="Opened after date")
    opening_before: Optional[date] = Field(None, description="Opened before date")
    min_height: Optional[Decimal] = Field(None, description="Minimum height in feet")
    max_height: Optional[Decimal] = Field(None, description="Maximum height in feet")
    min_speed: Optional[Decimal] = Field(None, description="Minimum speed in mph")
    max_speed: Optional[Decimal] = Field(None, description="Maximum speed in mph")
    limit: int = Field(20, ge=1, le=100)
--- a/django/apps/init.py
+++ b/django/apps/init.py
--- a/django/apps/pycache/init.cpython-313.pyc
+++ b/django/apps/pycache/init.cpython-313.pyc
--- a/django/apps/core/init.py
+++ b/django/apps/core/init.py
--- a/django/apps/core/pycache/init.cpython-313.pyc
+++ b/django/apps/core/pycache/init.cpython-313.pyc
--- a/django/apps/core/pycache/apps.cpython-313.pyc
+++ b/django/apps/core/pycache/apps.cpython-313.pyc
--- a/django/apps/core/pycache/models.cpython-313.pyc
+++ b/django/apps/core/pycache/models.cpython-313.pyc
--- a/django/apps/core/apps.py
+++ b/django/apps/core/apps.py
@@ -1,11 +0,0 @@
 """
 Core app configuration.
 """
 from django.apps import AppConfig
 class CoreConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'apps.core'
    verbose_name = 'Core'
--- a/django/apps/core/migrations/0001_initial.py
+++ b/django/apps/core/migrations/0001_initial.py
@@ -1,194 +0,0 @@
 # Generated by Django 4.2.8 on 2025-11-08 16:35
 from django.db import migrations, models
 import django.db.models.deletion
 import django.utils.timezone
 import django_lifecycle.mixins
 import model_utils.fields
 import uuid
 class Migration(migrations.Migration):
    initial = True
    dependencies = []
    operations = [
        migrations.CreateModel(
            name="Country",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("name", models.CharField(max_length=255, unique=True)),
                (
                    "code",
                    models.CharField(
                        help_text="ISO 3166-1 alpha-2 country code",
                        max_length=2,
                        unique=True,
                    ),
                ),
                (
                    "code3",
                    models.CharField(
                        blank=True,
                        help_text="ISO 3166-1 alpha-3 country code",
                        max_length=3,
                    ),
                ),
            ],
            options={
                "verbose_name_plural": "countries",
                "db_table": "countries",
                "ordering": ["name"],
            },
            bases=(django_lifecycle.mixins.LifecycleModelMixin, models.Model),
        ),
        migrations.CreateModel(
            name="Subdivision",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("name", models.CharField(max_length=255)),
                (
                    "code",
                    models.CharField(
                        help_text="ISO 3166-2 subdivision code (without country prefix)",
                        max_length=10,
                    ),
                ),
                (
                    "subdivision_type",
                    models.CharField(
                        blank=True,
                        help_text="Type of subdivision (state, province, region, etc.)",
                        max_length=50,
                    ),
                ),
                (
                    "country",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name="subdivisions",
                        to="core.country",
                    ),
                ),
            ],
            options={
                "db_table": "subdivisions",
                "ordering": ["country", "name"],
                "unique_together": {("country", "code")},
            },
            bases=(django_lifecycle.mixins.LifecycleModelMixin, models.Model),
        ),
        migrations.CreateModel(
            name="Locality",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                ("name", models.CharField(max_length=255)),
                (
                    "latitude",
                    models.DecimalField(
                        blank=True, decimal_places=6, max_digits=9, null=True
                    ),
                ),
                (
                    "longitude",
                    models.DecimalField(
                        blank=True, decimal_places=6, max_digits=9, null=True
                    ),
                ),
                (
                    "subdivision",
                    models.ForeignKey(
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name="localities",
                        to="core.subdivision",
                    ),
                ),
            ],
            options={
                "verbose_name_plural": "localities",
                "db_table": "localities",
                "ordering": ["subdivision", "name"],
                "indexes": [
                    models.Index(
                        fields=["subdivision", "name"],
                        name="localities_subdivi_675d5a_idx",
                    )
                ],
            },
            bases=(django_lifecycle.mixins.LifecycleModelMixin, models.Model),
        ),
    ]
--- a/django/apps/core/migrations/init.py
+++ b/django/apps/core/migrations/init.py
--- a/django/apps/core/migrations/pycache/0001_initial.cpython-313.pyc
+++ b/django/apps/core/migrations/pycache/0001_initial.cpython-313.pyc
--- a/django/apps/core/migrations/pycache/init.cpython-313.pyc
+++ b/django/apps/core/migrations/pycache/init.cpython-313.pyc
--- a/django/apps/core/models.py
+++ b/django/apps/core/models.py
@@ -1,264 +0,0 @@
 """
 Core base models and utilities for ThrillWiki.
 These abstract models provide common functionality for all entities.
 """
 import uuid
 from django.db import models
 from model_utils.models import TimeStampedModel
 from django_lifecycle import LifecycleModel, hook, AFTER_CREATE, AFTER_UPDATE
 from dirtyfields import DirtyFieldsMixin
 class BaseModel(LifecycleModel, TimeStampedModel):
    """
    Abstract base model for all entities.
    Provides:
    - UUID primary key
    - created_at and updated_at timestamps (from TimeStampedModel)
    - Lifecycle hooks for versioning
    """
    id = models.UUIDField(
        primary_key=True,
        default=uuid.uuid4,
        editable=False
    )
    class Meta:
        abstract = True
    def __str__(self):
        return f"{self.__class__.__name__}({self.id})"
 class VersionedModel(DirtyFieldsMixin, BaseModel):
    """
    Abstract base model for entities that need version tracking.
    Automatically creates a version record whenever the model is created or updated.
    Uses DirtyFieldsMixin to track which fields changed.
    """
    @hook(AFTER_CREATE)
    def create_version_on_create(self):
        """Create initial version when entity is created"""
        self._create_version('created')
    @hook(AFTER_UPDATE)
    def create_version_on_update(self):
        """Create version when entity is updated"""
        if self.get_dirty_fields():
            self._create_version('updated')
    def _create_version(self, change_type):
        """
        Create a version record for this entity.
        Deferred import to avoid circular dependencies.
        """
        try:
            from apps.versioning.services import VersionService
            VersionService.create_version(
                entity=self,
                change_type=change_type,
                changed_fields=self.get_dirty_fields() if change_type == 'updated' else {}
            )
        except ImportError:
            # Versioning app not yet available (e.g., during initial migrations)
            pass
    class Meta:
        abstract = True
 # Location Models
 class Country(BaseModel):
    """
    Country reference data (ISO 3166-1).
    Examples: United States, Canada, United Kingdom, etc.
    """
    name = models.CharField(max_length=255, unique=True)
    code = models.CharField(
        max_length=2,
        unique=True,
        help_text="ISO 3166-1 alpha-2 country code"
    )
    code3 = models.CharField(
        max_length=3,
        blank=True,
        help_text="ISO 3166-1 alpha-3 country code"
    )
    class Meta:
        db_table = 'countries'
        ordering = ['name']
        verbose_name_plural = 'countries'
    def __str__(self):
        return self.name
 class Subdivision(BaseModel):
    """
    State/Province/Region reference data (ISO 3166-2).
    Examples: California, Ontario, England, etc.
    """
    country = models.ForeignKey(
        Country,
        on_delete=models.CASCADE,
        related_name='subdivisions'
    )
    name = models.CharField(max_length=255)
    code = models.CharField(
        max_length=10,
        help_text="ISO 3166-2 subdivision code (without country prefix)"
    )
    subdivision_type = models.CharField(
        max_length=50,
        blank=True,
        help_text="Type of subdivision (state, province, region, etc.)"
    )
    class Meta:
        db_table = 'subdivisions'
        ordering = ['country', 'name']
        unique_together = [['country', 'code']]
    def __str__(self):
        return f"{self.name}, {self.country.code}"
 class Locality(BaseModel):
    """
    City/Town reference data.
    Examples: Los Angeles, Toronto, London, etc.
    """
    subdivision = models.ForeignKey(
        Subdivision,
        on_delete=models.CASCADE,
        related_name='localities'
    )
    name = models.CharField(max_length=255)
    latitude = models.DecimalField(
        max_digits=9,
        decimal_places=6,
        null=True,
        blank=True
    )
    longitude = models.DecimalField(
        max_digits=9,
        decimal_places=6,
        null=True,
        blank=True
    )
    class Meta:
        db_table = 'localities'
        ordering = ['subdivision', 'name']
        verbose_name_plural = 'localities'
        indexes = [
            models.Index(fields=['subdivision', 'name']),
        ]
    def __str__(self):
        return f"{self.name}, {self.subdivision.code}"
    @property
    def full_location(self):
        """Return full location string: City, State, Country"""
        return f"{self.name}, {self.subdivision.name}, {self.subdivision.country.name}"
 # Date Precision Tracking
 class DatePrecisionMixin(models.Model):
    """
    Mixin for models that need to track date precision.
    Allows tracking whether a date is known to year, month, or day precision.
    This is important for historical records where exact dates may not be known.
    """
    DATE_PRECISION_CHOICES = [
        ('year', 'Year'),
        ('month', 'Month'),
        ('day', 'Day'),
    ]
    class Meta:
        abstract = True
    @classmethod
    def add_date_precision_field(cls, field_name):
        """
        Helper to add a precision field for a date field.
        Usage in subclass:
            opening_date = models.DateField(null=True, blank=True)
            opening_date_precision = models.CharField(...)
        """
        return models.CharField(
            max_length=20,
            choices=cls.DATE_PRECISION_CHOICES,
            default='day',
            help_text=f"Precision level for {field_name}"
        )
 # Soft Delete Mixin
 class SoftDeleteMixin(models.Model):
    """
    Mixin for soft-deletable models.
    Instead of actually deleting records, mark them as deleted.
    This preserves data integrity and allows for undelete functionality.
    """
    is_deleted = models.BooleanField(default=False, db_index=True)
    deleted_at = models.DateTimeField(null=True, blank=True)
    deleted_by = models.ForeignKey(
        'users.User',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='%(class)s_deletions'
    )
    class Meta:
        abstract = True
    def soft_delete(self, user=None):
        """Mark this record as deleted"""
        from django.utils import timezone
        self.is_deleted = True
        self.deleted_at = timezone.now()
        if user:
            self.deleted_by = user
        self.save(update_fields=['is_deleted', 'deleted_at', 'deleted_by'])
    def undelete(self):
        """Restore a soft-deleted record"""
        self.is_deleted = False
        self.deleted_at = None
        self.deleted_by = None
        self.save(update_fields=['is_deleted', 'deleted_at', 'deleted_by'])
 # Model Managers
 class ActiveManager(models.Manager):
    """Manager that filters out soft-deleted records by default"""
    def get_queryset(self):
        return super().get_queryset().filter(is_deleted=False)
 class AllObjectsManager(models.Manager):
    """Manager that includes all records, even soft-deleted ones"""
    def get_queryset(self):
        return super().get_queryset()
--- a/django/apps/entities/init.py
+++ b/django/apps/entities/init.py
--- a/django/apps/entities/pycache/init.cpython-313.pyc
+++ b/django/apps/entities/pycache/init.cpython-313.pyc
--- a/django/apps/entities/pycache/admin.cpython-313.pyc
+++ b/django/apps/entities/pycache/admin.cpython-313.pyc
--- a/django/apps/entities/pycache/apps.cpython-313.pyc
+++ b/django/apps/entities/pycache/apps.cpython-313.pyc
--- a/django/apps/entities/pycache/models.cpython-313.pyc
+++ b/django/apps/entities/pycache/models.cpython-313.pyc
--- a/django/apps/entities/pycache/search.cpython-313.pyc
+++ b/django/apps/entities/pycache/search.cpython-313.pyc
--- a/django/apps/entities/pycache/signals.cpython-313.pyc
+++ b/django/apps/entities/pycache/signals.cpython-313.pyc
--- a/django/apps/entities/admin.py
+++ b/django/apps/entities/admin.py
@@ -1,706 +0,0 @@
 """
 Django Admin configuration for entity models with Unfold theme.
 """
 from django.contrib import admin
 from django.contrib.gis import admin as gis_admin
 from django.db.models import Count, Q
 from django.utils.html import format_html
 from django.urls import reverse
 from django.conf import settings
 from unfold.admin import ModelAdmin, TabularInline
 from unfold.contrib.filters.admin import RangeDateFilter, RangeNumericFilter, RelatedDropdownFilter, ChoicesDropdownFilter
 from unfold.contrib.import_export.forms import ImportForm, ExportForm
 from import_export.admin import ImportExportModelAdmin
 from import_export import resources, fields
 from import_export.widgets import ForeignKeyWidget
 from .models import Company, RideModel, Park, Ride
 from apps.media.admin import PhotoInline
 # ============================================================================
 # IMPORT/EXPORT RESOURCES
 # ============================================================================
 class CompanyResource(resources.ModelResource):
    """Import/Export resource for Company model."""
    class Meta:
        model = Company
        fields = (
            'id', 'name', 'slug', 'description', 'location',
            'company_types', 'founded_date', 'founded_date_precision',
            'closed_date', 'closed_date_precision', 'website',
            'logo_image_url', 'created', 'modified'
        )
        export_order = fields
 class RideModelResource(resources.ModelResource):
    """Import/Export resource for RideModel model."""
    manufacturer = fields.Field(
        column_name='manufacturer',
        attribute='manufacturer',
        widget=ForeignKeyWidget(Company, 'name')
    )
    class Meta:
        model = RideModel
        fields = (
            'id', 'name', 'slug', 'description', 'manufacturer',
            'model_type', 'typical_height', 'typical_speed',
            'typical_capacity', 'image_url', 'created', 'modified'
        )
        export_order = fields
 class ParkResource(resources.ModelResource):
    """Import/Export resource for Park model."""
    operator = fields.Field(
        column_name='operator',
        attribute='operator',
        widget=ForeignKeyWidget(Company, 'name')
    )
    class Meta:
        model = Park
        fields = (
            'id', 'name', 'slug', 'description', 'park_type', 'status',
            'latitude', 'longitude', 'operator', 'opening_date',
            'opening_date_precision', 'closing_date', 'closing_date_precision',
            'website', 'banner_image_url', 'logo_image_url',
            'created', 'modified'
        )
        export_order = fields
 class RideResource(resources.ModelResource):
    """Import/Export resource for Ride model."""
    park = fields.Field(
        column_name='park',
        attribute='park',
        widget=ForeignKeyWidget(Park, 'name')
    )
    manufacturer = fields.Field(
        column_name='manufacturer',
        attribute='manufacturer',
        widget=ForeignKeyWidget(Company, 'name')
    )
    model = fields.Field(
        column_name='model',
        attribute='model',
        widget=ForeignKeyWidget(RideModel, 'name')
    )
    class Meta:
        model = Ride
        fields = (
            'id', 'name', 'slug', 'description', 'park', 'ride_category',
            'ride_type', 'status', 'manufacturer', 'model', 'height',
            'speed', 'length', 'duration', 'inversions', 'capacity',
            'opening_date', 'opening_date_precision', 'closing_date',
            'closing_date_precision', 'image_url', 'created', 'modified'
        )
        export_order = fields
 # ============================================================================
 # INLINE ADMIN CLASSES
 # ============================================================================
 class RideInline(TabularInline):
    """Inline for Rides within a Park."""
    model = Ride
    extra = 0
    fields = ['name', 'ride_category', 'status', 'manufacturer', 'opening_date']
    readonly_fields = ['name']
    show_change_link = True
    classes = ['collapse']
    def has_add_permission(self, request, obj=None):
        return False
 class CompanyParksInline(TabularInline):
    """Inline for Parks operated by a Company."""
    model = Park
    fk_name = 'operator'
    extra = 0
    fields = ['name', 'park_type', 'status', 'ride_count', 'opening_date']
    readonly_fields = ['name', 'ride_count']
    show_change_link = True
    classes = ['collapse']
    def has_add_permission(self, request, obj=None):
        return False
 class RideModelInstallationsInline(TabularInline):
    """Inline for Ride installations of a RideModel."""
    model = Ride
    fk_name = 'model'
    extra = 0
    fields = ['name', 'park', 'status', 'opening_date']
    readonly_fields = ['name', 'park']
    show_change_link = True
    classes = ['collapse']
    def has_add_permission(self, request, obj=None):
        return False
 # ============================================================================
 # MAIN ADMIN CLASSES
 # ============================================================================
@admin.register(Company)
 class CompanyAdmin(ModelAdmin, ImportExportModelAdmin):
    """Enhanced admin interface for Company model."""
    resource_class = CompanyResource
    import_form_class = ImportForm
    export_form_class = ExportForm
    list_display = [
        'name_with_icon',
        'location',
        'company_types_display',
        'park_count',
        'ride_count',
        'founded_date',
        'status_indicator',
        'created'
    ]
    list_filter = [
        ('company_types', ChoicesDropdownFilter),
        ('founded_date', RangeDateFilter),
        ('closed_date', RangeDateFilter),
    ]
    search_fields = ['name', 'slug', 'description', 'location']
    readonly_fields = ['id', 'created', 'modified', 'park_count', 'ride_count', 'slug']
    prepopulated_fields = {}  # Slug is auto-generated via lifecycle hook
    autocomplete_fields = []
    inlines = [CompanyParksInline, PhotoInline]
    list_per_page = 50
    list_max_show_all = 200
    fieldsets = (
        ('Basic Information', {
            'fields': ('name', 'slug', 'description', 'company_types')
        }),
        ('Location & Contact', {
            'fields': ('location', 'website')
        }),
        ('History', {
            'fields': (
                'founded_date', 'founded_date_precision',
                'closed_date', 'closed_date_precision'
            )
        }),
        ('Media', {
            'fields': ('logo_image_id', 'logo_image_url'),
            'classes': ['collapse']
        }),
        ('Statistics', {
            'fields': ('park_count', 'ride_count'),
            'classes': ['collapse']
        }),
        ('System Information', {
            'fields': ('id', 'created', 'modified'),
            'classes': ['collapse']
        }),
    )
    def name_with_icon(self, obj):
        """Display name with company type icon."""
        icons = {
            'manufacturer': '🏭',
            'operator': '🎡',
            'designer': '✏️',
        }
        icon = '🏢'  # Default company icon
        if obj.company_types:
            for ctype in obj.company_types:
                if ctype in icons:
                    icon = icons[ctype]
                    break
        return format_html('{} {}', icon, obj.name)
    name_with_icon.short_description = 'Company'
    name_with_icon.admin_order_field = 'name'
    def company_types_display(self, obj):
        """Display company types as badges."""
        if not obj.company_types:
            return '-'
        badges = []
        for ctype in obj.company_types:
            color = {
                'manufacturer': 'blue',
                'operator': 'green',
                'designer': 'purple',
            }.get(ctype, 'gray')
            badges.append(
                f'<span style="background-color: {color}; color: white; '
                f'padding: 2px 8px; border-radius: 4px; font-size: 11px; '
                f'margin-right: 4px;">{ctype.upper()}</span>'
            )
        return format_html(' '.join(badges))
    company_types_display.short_description = 'Types'
    def status_indicator(self, obj):
        """Visual status indicator."""
        if obj.closed_date:
            return format_html(
                '<span style="color: red;">●</span> Closed'
            )
        return format_html(
            '<span style="color: green;">●</span> Active'
        )
    status_indicator.short_description = 'Status'
    actions = ['export_admin_action']
@admin.register(RideModel)
 class RideModelAdmin(ModelAdmin, ImportExportModelAdmin):
    """Enhanced admin interface for RideModel model."""
    resource_class = RideModelResource
    import_form_class = ImportForm
    export_form_class = ExportForm
    list_display = [
        'name_with_type',
        'manufacturer',
        'model_type',
        'typical_specs',
        'installation_count',
        'created'
    ]
    list_filter = [
        ('model_type', ChoicesDropdownFilter),
        ('manufacturer', RelatedDropdownFilter),
        ('typical_height', RangeNumericFilter),
        ('typical_speed', RangeNumericFilter),
    ]
    search_fields = ['name', 'slug', 'description', 'manufacturer__name']
    readonly_fields = ['id', 'created', 'modified', 'installation_count', 'slug']
    prepopulated_fields = {}
    autocomplete_fields = ['manufacturer']
    inlines = [RideModelInstallationsInline, PhotoInline]
    list_per_page = 50
    fieldsets = (
        ('Basic Information', {
            'fields': ('name', 'slug', 'description', 'manufacturer', 'model_type')
        }),
        ('Typical Specifications', {
            'fields': (
                'typical_height', 'typical_speed', 'typical_capacity'
            ),
            'description': 'Standard specifications for this ride model'
        }),
        ('Media', {
            'fields': ('image_id', 'image_url'),
            'classes': ['collapse']
        }),
        ('Statistics', {
            'fields': ('installation_count',),
            'classes': ['collapse']
        }),
        ('System Information', {
            'fields': ('id', 'created', 'modified'),
            'classes': ['collapse']
        }),
    )
    def name_with_type(self, obj):
        """Display name with model type icon."""
        icons = {
            'roller_coaster': '🎢',
            'water_ride': '🌊',
            'flat_ride': '🎡',
            'dark_ride': '🎭',
            'transport': '🚂',
        }
        icon = icons.get(obj.model_type, '🎪')
        return format_html('{} {}', icon, obj.name)
    name_with_type.short_description = 'Model Name'
    name_with_type.admin_order_field = 'name'
    def typical_specs(self, obj):
        """Display typical specifications."""
        specs = []
        if obj.typical_height:
            specs.append(f'H: {obj.typical_height}m')
        if obj.typical_speed:
            specs.append(f'S: {obj.typical_speed}km/h')
        if obj.typical_capacity:
            specs.append(f'C: {obj.typical_capacity}')
        return ' | '.join(specs) if specs else '-'
    typical_specs.short_description = 'Typical Specs'
    actions = ['export_admin_action']
@admin.register(Park)
 class ParkAdmin(ModelAdmin, ImportExportModelAdmin):
    """Enhanced admin interface for Park model with geographic features."""
    resource_class = ParkResource
    import_form_class = ImportForm
    export_form_class = ExportForm
    list_display = [
        'name_with_icon',
        'location_display',
        'park_type',
        'status_badge',
        'ride_count',
        'coaster_count',
        'opening_date',
        'operator'
    ]
    list_filter = [
        ('park_type', ChoicesDropdownFilter),
        ('status', ChoicesDropdownFilter),
        ('operator', RelatedDropdownFilter),
        ('opening_date', RangeDateFilter),
        ('closing_date', RangeDateFilter),
    ]
    search_fields = ['name', 'slug', 'description', 'location']
    readonly_fields = [
        'id', 'created', 'modified', 'ride_count', 'coaster_count',
        'slug', 'coordinates_display'
    ]
    prepopulated_fields = {}
    autocomplete_fields = ['operator']
    inlines = [RideInline, PhotoInline]
    list_per_page = 50
    # Use GeoDjango admin for PostGIS mode
    if hasattr(settings, 'DATABASES') and 'postgis' in settings.DATABASES['default'].get('ENGINE', ''):
        change_form_template = 'gis/admin/change_form.html'
    fieldsets = (
        ('Basic Information', {
            'fields': ('name', 'slug', 'description', 'park_type', 'status')
        }),
        ('Geographic Location', {
            'fields': ('location', 'latitude', 'longitude', 'coordinates_display'),
            'description': 'Enter latitude and longitude for the park location'
        }),
        ('Dates', {
            'fields': (
                'opening_date', 'opening_date_precision',
                'closing_date', 'closing_date_precision'
            )
        }),
        ('Operator', {
            'fields': ('operator',)
        }),
        ('Media & Web', {
            'fields': (
                'banner_image_id', 'banner_image_url',
                'logo_image_id', 'logo_image_url',
                'website'
            ),
            'classes': ['collapse']
        }),
        ('Statistics', {
            'fields': ('ride_count', 'coaster_count'),
            'classes': ['collapse']
        }),
        ('Custom Data', {
            'fields': ('custom_fields',),
            'classes': ['collapse'],
            'description': 'Additional custom data in JSON format'
        }),
        ('System Information', {
            'fields': ('id', 'created', 'modified'),
            'classes': ['collapse']
        }),
    )
    def name_with_icon(self, obj):
        """Display name with park type icon."""
        icons = {
            'theme_park': '🎡',
            'amusement_park': '🎢',
            'water_park': '🌊',
            'indoor_park': '🏢',
            'fairground': '🎪',
        }
        icon = icons.get(obj.park_type, '🎠')
        return format_html('{} {}', icon, obj.name)
    name_with_icon.short_description = 'Park Name'
    name_with_icon.admin_order_field = 'name'
    def location_display(self, obj):
        """Display location with coordinates."""
        if obj.location:
            coords = obj.coordinates
            if coords:
                return format_html(
                    '{}<br><small style="color: gray;">({:.4f}, {:.4f})</small>',
                    obj.location, coords[0], coords[1]
                )
            return obj.location
        return '-'
    location_display.short_description = 'Location'
    def coordinates_display(self, obj):
        """Read-only display of coordinates."""
        coords = obj.coordinates
        if coords:
            return f"Longitude: {coords[0]:.6f}, Latitude: {coords[1]:.6f}"
        return "No coordinates set"
    coordinates_display.short_description = 'Current Coordinates'
    def status_badge(self, obj):
        """Display status as colored badge."""
        colors = {
            'operating': 'green',
            'closed_temporarily': 'orange',
            'closed_permanently': 'red',
            'under_construction': 'blue',
            'planned': 'purple',
        }
        color = colors.get(obj.status, 'gray')
        return format_html(
            '<span style="background-color: {}; color: white; '
            'padding: 3px 10px; border-radius: 12px; font-size: 11px;">'
            '{}</span>',
            color, obj.get_status_display()
        )
    status_badge.short_description = 'Status'
    status_badge.admin_order_field = 'status'
    actions = ['export_admin_action', 'activate_parks', 'close_parks']
    def activate_parks(self, request, queryset):
        """Bulk action to activate parks."""
        updated = queryset.update(status='operating')
        self.message_user(request, f'{updated} park(s) marked as operating.')
    activate_parks.short_description = 'Mark selected parks as operating'
    def close_parks(self, request, queryset):
        """Bulk action to close parks temporarily."""
        updated = queryset.update(status='closed_temporarily')
        self.message_user(request, f'{updated} park(s) marked as temporarily closed.')
    close_parks.short_description = 'Mark selected parks as temporarily closed'
@admin.register(Ride)
 class RideAdmin(ModelAdmin, ImportExportModelAdmin):
    """Enhanced admin interface for Ride model."""
    resource_class = RideResource
    import_form_class = ImportForm
    export_form_class = ExportForm
    list_display = [
        'name_with_icon',
        'park',
        'ride_category',
        'status_badge',
        'manufacturer',
        'stats_display',
        'opening_date',
        'coaster_badge'
    ]
    list_filter = [
        ('ride_category', ChoicesDropdownFilter),
        ('status', ChoicesDropdownFilter),
        ('is_coaster', admin.BooleanFieldListFilter),
        ('park', RelatedDropdownFilter),
        ('manufacturer', RelatedDropdownFilter),
        ('opening_date', RangeDateFilter),
        ('height', RangeNumericFilter),
        ('speed', RangeNumericFilter),
    ]
    search_fields = [
        'name', 'slug', 'description',
        'park__name', 'manufacturer__name'
    ]
    readonly_fields = ['id', 'created', 'modified', 'is_coaster', 'slug']
    prepopulated_fields = {}
    autocomplete_fields = ['park', 'manufacturer', 'model']
    inlines = [PhotoInline]
    list_per_page = 50
    fieldsets = (
        ('Basic Information', {
            'fields': ('name', 'slug', 'description', 'park')
        }),
        ('Classification', {
            'fields': ('ride_category', 'ride_type', 'is_coaster', 'status')
        }),
        ('Dates', {
            'fields': (
                'opening_date', 'opening_date_precision',
                'closing_date', 'closing_date_precision'
            )
        }),
        ('Manufacturer & Model', {
            'fields': ('manufacturer', 'model')
        }),
        ('Ride Statistics', {
            'fields': (
                'height', 'speed', 'length',
                'duration', 'inversions', 'capacity'
            ),
            'description': 'Technical specifications and statistics'
        }),
        ('Media', {
            'fields': ('image_id', 'image_url'),
            'classes': ['collapse']
        }),
        ('Custom Data', {
            'fields': ('custom_fields',),
            'classes': ['collapse']
        }),
        ('System Information', {
            'fields': ('id', 'created', 'modified'),
            'classes': ['collapse']
        }),
    )
    def name_with_icon(self, obj):
        """Display name with category icon."""
        icons = {
            'roller_coaster': '🎢',
            'water_ride': '🌊',
            'dark_ride': '🎭',
            'flat_ride': '🎡',
            'transport': '🚂',
            'show': '🎪',
        }
        icon = icons.get(obj.ride_category, '🎠')
        return format_html('{} {}', icon, obj.name)
    name_with_icon.short_description = 'Ride Name'
    name_with_icon.admin_order_field = 'name'
    def stats_display(self, obj):
        """Display key statistics."""
        stats = []
        if obj.height:
            stats.append(f'H: {obj.height}m')
        if obj.speed:
            stats.append(f'S: {obj.speed}km/h')
        if obj.inversions:
            stats.append(f'🔄 {obj.inversions}')
        return ' | '.join(stats) if stats else '-'
    stats_display.short_description = 'Key Stats'
    def coaster_badge(self, obj):
        """Display coaster indicator."""
        if obj.is_coaster:
            return format_html(
                '<span style="background-color: #ff6b6b; color: white; '
                'padding: 2px 8px; border-radius: 10px; font-size: 10px;">'
                '🎢 COASTER</span>'
            )
        return ''
    coaster_badge.short_description = 'Type'
    def status_badge(self, obj):
        """Display status as colored badge."""
        colors = {
            'operating': 'green',
            'closed_temporarily': 'orange',
            'closed_permanently': 'red',
            'under_construction': 'blue',
            'sbno': 'gray',
        }
        color = colors.get(obj.status, 'gray')
        return format_html(
            '<span style="background-color: {}; color: white; '
            'padding: 3px 10px; border-radius: 12px; font-size: 11px;">'
            '{}</span>',
            color, obj.get_status_display()
        )
    status_badge.short_description = 'Status'
    status_badge.admin_order_field = 'status'
    actions = ['export_admin_action', 'activate_rides', 'close_rides']
    def activate_rides(self, request, queryset):
        """Bulk action to activate rides."""
        updated = queryset.update(status='operating')
        self.message_user(request, f'{updated} ride(s) marked as operating.')
    activate_rides.short_description = 'Mark selected rides as operating'
    def close_rides(self, request, queryset):
        """Bulk action to close rides temporarily."""
        updated = queryset.update(status='closed_temporarily')
        self.message_user(request, f'{updated} ride(s) marked as temporarily closed.')
    close_rides.short_description = 'Mark selected rides as temporarily closed'
 # ============================================================================
 # DASHBOARD CALLBACK
 # ============================================================================
 def dashboard_callback(request, context):
    """
    Callback function for Unfold dashboard.
    Provides statistics and overview data.
    """
    # Entity counts
    total_parks = Park.objects.count()
    total_rides = Ride.objects.count()
    total_companies = Company.objects.count()
    total_models = RideModel.objects.count()
    # Operating counts
    operating_parks = Park.objects.filter(status='operating').count()
    operating_rides = Ride.objects.filter(status='operating').count()
    # Coaster count
    total_coasters = Ride.objects.filter(is_coaster=True).count()
    # Recent additions (last 30 days)
    from django.utils import timezone
    from datetime import timedelta
    thirty_days_ago = timezone.now() - timedelta(days=30)
    recent_parks = Park.objects.filter(created__gte=thirty_days_ago).count()
    recent_rides = Ride.objects.filter(created__gte=thirty_days_ago).count()
    # Top manufacturers by ride count
    top_manufacturers = Company.objects.filter(
        company_types__contains=['manufacturer']
    ).annotate(
        ride_count_actual=Count('manufactured_rides')
    ).order_by('-ride_count_actual')[:5]
    # Parks by type
    parks_by_type = Park.objects.values('park_type').annotate(
        count=Count('id')
    ).order_by('-count')
    context.update({
        'total_parks': total_parks,
        'total_rides': total_rides,
        'total_companies': total_companies,
        'total_models': total_models,
        'operating_parks': operating_parks,
        'operating_rides': operating_rides,
        'total_coasters': total_coasters,
        'recent_parks': recent_parks,
        'recent_rides': recent_rides,
        'top_manufacturers': top_manufacturers,
        'parks_by_type': parks_by_type,
    })
    return context
--- a/django/apps/entities/apps.py
+++ b/django/apps/entities/apps.py
@@ -1,15 +0,0 @@
 """
 Entities app configuration.
 """
 from django.apps import AppConfig
 class EntitiesConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'apps.entities'
    verbose_name = 'Entities'
    def ready(self):
        """Import signal handlers when app is ready."""
        import apps.entities.signals  # noqa
--- a/django/apps/entities/filters.py
+++ b/django/apps/entities/filters.py
@@ -1,418 +0,0 @@
 """
 Filter classes for advanced entity filtering.
 Provides reusable filter logic for complex queries.
 """
 from typing import Optional, Any, Dict
 from datetime import date
 from django.db.models import QuerySet, Q
 from django.conf import settings
 # Check if using PostGIS for location-based filtering
 _using_postgis = 'postgis' in settings.DATABASES['default']['ENGINE']
 if _using_postgis:
    from django.contrib.gis.geos import Point
    from django.contrib.gis.measure import D
 class BaseEntityFilter:
    """Base filter class with common filtering methods."""
    @staticmethod
    def filter_by_date_range(
        queryset: QuerySet,
        field_name: str,
        start_date: Optional[date] = None,
        end_date: Optional[date] = None
    ) -> QuerySet:
        """
        Filter by date range.
        Args:
            queryset: Base queryset to filter
            field_name: Name of the date field
            start_date: Start of date range (inclusive)
            end_date: End of date range (inclusive)
        Returns:
            Filtered queryset
        """
        if start_date:
            queryset = queryset.filter(**{f"{field_name}__gte": start_date})
        if end_date:
            queryset = queryset.filter(**{f"{field_name}__lte": end_date})
        return queryset
    @staticmethod
    def filter_by_status(
        queryset: QuerySet,
        status: Optional[str] = None,
        exclude_status: Optional[list] = None
    ) -> QuerySet:
        """
        Filter by status.
        Args:
            queryset: Base queryset to filter
            status: Single status to filter by
            exclude_status: List of statuses to exclude
        Returns:
            Filtered queryset
        """
        if status:
            queryset = queryset.filter(status=status)
        if exclude_status:
            queryset = queryset.exclude(status__in=exclude_status)
        return queryset
 class CompanyFilter(BaseEntityFilter):
    """Filter class for Company entities."""
    @staticmethod
    def filter_by_types(
        queryset: QuerySet,
        company_types: Optional[list] = None
    ) -> QuerySet:
        """
        Filter companies by type.
        Args:
            queryset: Base queryset to filter
            company_types: List of company types to filter by
        Returns:
            Filtered queryset
        """
        if company_types:
            # Since company_types is a JSONField containing a list,
            # we need to check if any of the requested types are in the field
            q = Q()
            for company_type in company_types:
                q |= Q(company_types__contains=[company_type])
            queryset = queryset.filter(q)
        return queryset
    @staticmethod
    def apply_filters(
        queryset: QuerySet,
        filters: Dict[str, Any]
    ) -> QuerySet:
        """
        Apply all company filters.
        Args:
            queryset: Base queryset to filter
            filters: Dictionary of filter parameters
        Returns:
            Filtered queryset
        """
        # Company types
        if filters.get('company_types'):
            queryset = CompanyFilter.filter_by_types(
                queryset,
                company_types=filters['company_types']
            )
        # Founded date range
        queryset = CompanyFilter.filter_by_date_range(
            queryset,
            'founded_date',
            start_date=filters.get('founded_after'),
            end_date=filters.get('founded_before')
        )
        # Closed date range
        queryset = CompanyFilter.filter_by_date_range(
            queryset,
            'closed_date',
            start_date=filters.get('closed_after'),
            end_date=filters.get('closed_before')
        )
        # Location
        if filters.get('location_id'):
            queryset = queryset.filter(location_id=filters['location_id'])
        return queryset
 class RideModelFilter(BaseEntityFilter):
    """Filter class for RideModel entities."""
    @staticmethod
    def apply_filters(
        queryset: QuerySet,
        filters: Dict[str, Any]
    ) -> QuerySet:
        """
        Apply all ride model filters.
        Args:
            queryset: Base queryset to filter
            filters: Dictionary of filter parameters
        Returns:
            Filtered queryset
        """
        # Manufacturer
        if filters.get('manufacturer_id'):
            queryset = queryset.filter(manufacturer_id=filters['manufacturer_id'])
        # Model type
        if filters.get('model_type'):
            queryset = queryset.filter(model_type=filters['model_type'])
        # Height range
        if filters.get('min_height'):
            queryset = queryset.filter(typical_height__gte=filters['min_height'])
        if filters.get('max_height'):
            queryset = queryset.filter(typical_height__lte=filters['max_height'])
        # Speed range
        if filters.get('min_speed'):
            queryset = queryset.filter(typical_speed__gte=filters['min_speed'])
        if filters.get('max_speed'):
            queryset = queryset.filter(typical_speed__lte=filters['max_speed'])
        return queryset
 class ParkFilter(BaseEntityFilter):
    """Filter class for Park entities."""
    @staticmethod
    def filter_by_location(
        queryset: QuerySet,
        longitude: float,
        latitude: float,
        radius_km: float
    ) -> QuerySet:
        """
        Filter parks by proximity to a location (PostGIS only).
        Args:
            queryset: Base queryset to filter
            longitude: Longitude coordinate
            latitude: Latitude coordinate
            radius_km: Search radius in kilometers
        Returns:
            Filtered queryset ordered by distance
        """
        if not _using_postgis:
            # Fallback: No spatial filtering in SQLite
            return queryset
        point = Point(longitude, latitude, srid=4326)
        # Filter by distance and annotate with distance
        queryset = queryset.filter(
            location_point__distance_lte=(point, D(km=radius_km))
        )
        # This will be ordered by distance in the search service
        return queryset
    @staticmethod
    def apply_filters(
        queryset: QuerySet,
        filters: Dict[str, Any]
    ) -> QuerySet:
        """
        Apply all park filters.
        Args:
            queryset: Base queryset to filter
            filters: Dictionary of filter parameters
        Returns:
            Filtered queryset
        """
        # Status
        queryset = ParkFilter.filter_by_status(
            queryset,
            status=filters.get('status'),
            exclude_status=filters.get('exclude_status')
        )
        # Park type
        if filters.get('park_type'):
            queryset = queryset.filter(park_type=filters['park_type'])
        # Operator
        if filters.get('operator_id'):
            queryset = queryset.filter(operator_id=filters['operator_id'])
        # Opening date range
        queryset = ParkFilter.filter_by_date_range(
            queryset,
            'opening_date',
            start_date=filters.get('opening_after'),
            end_date=filters.get('opening_before')
        )
        # Closing date range
        queryset = ParkFilter.filter_by_date_range(
            queryset,
            'closing_date',
            start_date=filters.get('closing_after'),
            end_date=filters.get('closing_before')
        )
        # Location-based filtering (PostGIS only)
        if _using_postgis and filters.get('location') and filters.get('radius'):
            longitude, latitude = filters['location']
            queryset = ParkFilter.filter_by_location(
                queryset,
                longitude=longitude,
                latitude=latitude,
                radius_km=filters['radius']
            )
        # Location (locality)
        if filters.get('location_id'):
            queryset = queryset.filter(location_id=filters['location_id'])
        # Ride counts
        if filters.get('min_ride_count'):
            queryset = queryset.filter(ride_count__gte=filters['min_ride_count'])
        if filters.get('min_coaster_count'):
            queryset = queryset.filter(coaster_count__gte=filters['min_coaster_count'])
        return queryset
 class RideFilter(BaseEntityFilter):
    """Filter class for Ride entities."""
    @staticmethod
    def filter_by_statistics(
        queryset: QuerySet,
        filters: Dict[str, Any]
    ) -> QuerySet:
        """
        Filter rides by statistical attributes (height, speed, length, etc.).
        Args:
            queryset: Base queryset to filter
            filters: Dictionary of filter parameters
        Returns:
            Filtered queryset
        """
        # Height range
        if filters.get('min_height'):
            queryset = queryset.filter(height__gte=filters['min_height'])
        if filters.get('max_height'):
            queryset = queryset.filter(height__lte=filters['max_height'])
        # Speed range
        if filters.get('min_speed'):
            queryset = queryset.filter(speed__gte=filters['min_speed'])
        if filters.get('max_speed'):
            queryset = queryset.filter(speed__lte=filters['max_speed'])
        # Length range
        if filters.get('min_length'):
            queryset = queryset.filter(length__gte=filters['min_length'])
        if filters.get('max_length'):
            queryset = queryset.filter(length__lte=filters['max_length'])
        # Duration range
        if filters.get('min_duration'):
            queryset = queryset.filter(duration__gte=filters['min_duration'])
        if filters.get('max_duration'):
            queryset = queryset.filter(duration__lte=filters['max_duration'])
        # Inversions
        if filters.get('min_inversions') is not None:
            queryset = queryset.filter(inversions__gte=filters['min_inversions'])
        if filters.get('max_inversions') is not None:
            queryset = queryset.filter(inversions__lte=filters['max_inversions'])
        return queryset
    @staticmethod
    def apply_filters(
        queryset: QuerySet,
        filters: Dict[str, Any]
    ) -> QuerySet:
        """
        Apply all ride filters.
        Args:
            queryset: Base queryset to filter
            filters: Dictionary of filter parameters
        Returns:
            Filtered queryset
        """
        # Park
        if filters.get('park_id'):
            queryset = queryset.filter(park_id=filters['park_id'])
        # Manufacturer
        if filters.get('manufacturer_id'):
            queryset = queryset.filter(manufacturer_id=filters['manufacturer_id'])
        # Model
        if filters.get('model_id'):
            queryset = queryset.filter(model_id=filters['model_id'])
        # Status
        queryset = RideFilter.filter_by_status(
            queryset,
            status=filters.get('status'),
            exclude_status=filters.get('exclude_status')
        )
        # Ride category
        if filters.get('ride_category'):
            queryset = queryset.filter(ride_category=filters['ride_category'])
        # Ride type
        if filters.get('ride_type'):
            queryset = queryset.filter(ride_type__icontains=filters['ride_type'])
        # Is coaster
        if filters.get('is_coaster') is not None:
            queryset = queryset.filter(is_coaster=filters['is_coaster'])
        # Opening date range
        queryset = RideFilter.filter_by_date_range(
            queryset,
            'opening_date',
            start_date=filters.get('opening_after'),
            end_date=filters.get('opening_before')
        )
        # Closing date range
        queryset = RideFilter.filter_by_date_range(
            queryset,
            'closing_date',
            start_date=filters.get('closing_after'),
            end_date=filters.get('closing_before')
        )
        # Statistical filters
        queryset = RideFilter.filter_by_statistics(queryset, filters)
        return queryset
--- a/django/apps/entities/migrations/0001_initial.py
+++ b/django/apps/entities/migrations/0001_initial.py
@@ -1,846 +0,0 @@
 # Generated by Django 4.2.8 on 2025-11-08 16:41
 import dirtyfields.dirtyfields
 from django.db import migrations, models
 import django.db.models.deletion
 import django.utils.timezone
 import django_lifecycle.mixins
 import model_utils.fields
 import uuid
 class Migration(migrations.Migration):
    initial = True
    dependencies = [
        ("core", "0001_initial"),
    ]
    operations = [
        migrations.CreateModel(
            name="Company",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                (
                    "name",
                    models.CharField(
                        db_index=True,
                        help_text="Official company name",
                        max_length=255,
                        unique=True,
                    ),
                ),
                (
                    "slug",
                    models.SlugField(
                        help_text="URL-friendly identifier", max_length=255, unique=True
                    ),
                ),
                (
                    "description",
                    models.TextField(
                        blank=True, help_text="Company description and history"
                    ),
                ),
                (
                    "company_types",
                    models.JSONField(
                        default=list,
                        help_text="List of company types (manufacturer, operator, etc.)",
                    ),
                ),
                (
                    "founded_date",
                    models.DateField(
                        blank=True, help_text="Company founding date", null=True
                    ),
                ),
                (
                    "founded_date_precision",
                    models.CharField(
                        choices=[("year", "Year"), ("month", "Month"), ("day", "Day")],
                        default="day",
                        help_text="Precision of founded date",
                        max_length=20,
                    ),
                ),
                (
                    "closed_date",
                    models.DateField(
                        blank=True,
                        help_text="Company closure date (if applicable)",
                        null=True,
                    ),
                ),
                (
                    "closed_date_precision",
                    models.CharField(
                        choices=[("year", "Year"), ("month", "Month"), ("day", "Day")],
                        default="day",
                        help_text="Precision of closed date",
                        max_length=20,
                    ),
                ),
                (
                    "website",
                    models.URLField(blank=True, help_text="Official company website"),
                ),
                (
                    "logo_image_id",
                    models.CharField(
                        blank=True,
                        help_text="CloudFlare image ID for company logo",
                        max_length=255,
                    ),
                ),
                (
                    "logo_image_url",
                    models.URLField(
                        blank=True, help_text="CloudFlare image URL for company logo"
                    ),
                ),
                (
                    "park_count",
                    models.IntegerField(
                        default=0, help_text="Number of parks operated (for operators)"
                    ),
                ),
                (
                    "ride_count",
                    models.IntegerField(
                        default=0,
                        help_text="Number of rides manufactured (for manufacturers)",
                    ),
                ),
                (
                    "location",
                    models.ForeignKey(
                        blank=True,
                        help_text="Company headquarters location",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="companies",
                        to="core.locality",
                    ),
                ),
            ],
            options={
                "verbose_name": "Company",
                "verbose_name_plural": "Companies",
                "ordering": ["name"],
            },
            bases=(
                dirtyfields.dirtyfields.DirtyFieldsMixin,
                django_lifecycle.mixins.LifecycleModelMixin,
                models.Model,
            ),
        ),
        migrations.CreateModel(
            name="Park",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                (
                    "name",
                    models.CharField(
                        db_index=True, help_text="Official park name", max_length=255
                    ),
                ),
                (
                    "slug",
                    models.SlugField(
                        help_text="URL-friendly identifier", max_length=255, unique=True
                    ),
                ),
                (
                    "description",
                    models.TextField(
                        blank=True, help_text="Park description and history"
                    ),
                ),
                (
                    "park_type",
                    models.CharField(
                        choices=[
                            ("theme_park", "Theme Park"),
                            ("amusement_park", "Amusement Park"),
                            ("water_park", "Water Park"),
                            (
                                "family_entertainment_center",
                                "Family Entertainment Center",
                            ),
                            ("traveling_park", "Traveling Park"),
                            ("zoo", "Zoo"),
                            ("aquarium", "Aquarium"),
                        ],
                        db_index=True,
                        help_text="Type of park",
                        max_length=50,
                    ),
                ),
                (
                    "status",
                    models.CharField(
                        choices=[
                            ("operating", "Operating"),
                            ("closed", "Closed"),
                            ("sbno", "Standing But Not Operating"),
                            ("under_construction", "Under Construction"),
                            ("planned", "Planned"),
                        ],
                        db_index=True,
                        default="operating",
                        help_text="Current operational status",
                        max_length=50,
                    ),
                ),
                (
                    "opening_date",
                    models.DateField(
                        blank=True,
                        db_index=True,
                        help_text="Park opening date",
                        null=True,
                    ),
                ),
                (
                    "opening_date_precision",
                    models.CharField(
                        choices=[("year", "Year"), ("month", "Month"), ("day", "Day")],
                        default="day",
                        help_text="Precision of opening date",
                        max_length=20,
                    ),
                ),
                (
                    "closing_date",
                    models.DateField(
                        blank=True, help_text="Park closing date (if closed)", null=True
                    ),
                ),
                (
                    "closing_date_precision",
                    models.CharField(
                        choices=[("year", "Year"), ("month", "Month"), ("day", "Day")],
                        default="day",
                        help_text="Precision of closing date",
                        max_length=20,
                    ),
                ),
                (
                    "latitude",
                    models.DecimalField(
                        blank=True,
                        decimal_places=7,
                        help_text="Latitude coordinate",
                        max_digits=10,
                        null=True,
                    ),
                ),
                (
                    "longitude",
                    models.DecimalField(
                        blank=True,
                        decimal_places=7,
                        help_text="Longitude coordinate",
                        max_digits=10,
                        null=True,
                    ),
                ),
                (
                    "website",
                    models.URLField(blank=True, help_text="Official park website"),
                ),
                (
                    "banner_image_id",
                    models.CharField(
                        blank=True,
                        help_text="CloudFlare image ID for park banner",
                        max_length=255,
                    ),
                ),
                (
                    "banner_image_url",
                    models.URLField(
                        blank=True, help_text="CloudFlare image URL for park banner"
                    ),
                ),
                (
                    "logo_image_id",
                    models.CharField(
                        blank=True,
                        help_text="CloudFlare image ID for park logo",
                        max_length=255,
                    ),
                ),
                (
                    "logo_image_url",
                    models.URLField(
                        blank=True, help_text="CloudFlare image URL for park logo"
                    ),
                ),
                (
                    "ride_count",
                    models.IntegerField(default=0, help_text="Total number of rides"),
                ),
                (
                    "coaster_count",
                    models.IntegerField(
                        default=0, help_text="Number of roller coasters"
                    ),
                ),
                (
                    "custom_fields",
                    models.JSONField(
                        blank=True,
                        default=dict,
                        help_text="Additional park-specific data",
                    ),
                ),
                (
                    "location",
                    models.ForeignKey(
                        blank=True,
                        help_text="Park location",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="parks",
                        to="core.locality",
                    ),
                ),
                (
                    "operator",
                    models.ForeignKey(
                        blank=True,
                        help_text="Current park operator",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="operated_parks",
                        to="entities.company",
                    ),
                ),
            ],
            options={
                "verbose_name": "Park",
                "verbose_name_plural": "Parks",
                "ordering": ["name"],
            },
            bases=(
                dirtyfields.dirtyfields.DirtyFieldsMixin,
                django_lifecycle.mixins.LifecycleModelMixin,
                models.Model,
            ),
        ),
        migrations.CreateModel(
            name="RideModel",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                (
                    "name",
                    models.CharField(
                        db_index=True,
                        help_text="Model name (e.g., 'Inverted Coaster', 'Boomerang')",
                        max_length=255,
                    ),
                ),
                (
                    "slug",
                    models.SlugField(
                        help_text="URL-friendly identifier", max_length=255, unique=True
                    ),
                ),
                (
                    "description",
                    models.TextField(
                        blank=True, help_text="Model description and technical details"
                    ),
                ),
                (
                    "model_type",
                    models.CharField(
                        choices=[
                            ("coaster_model", "Roller Coaster Model"),
                            ("flat_ride_model", "Flat Ride Model"),
                            ("water_ride_model", "Water Ride Model"),
                            ("dark_ride_model", "Dark Ride Model"),
                            ("transport_ride_model", "Transport Ride Model"),
                        ],
                        db_index=True,
                        help_text="Type of ride model",
                        max_length=50,
                    ),
                ),
                (
                    "typical_height",
                    models.DecimalField(
                        blank=True,
                        decimal_places=1,
                        help_text="Typical height in feet",
                        max_digits=6,
                        null=True,
                    ),
                ),
                (
                    "typical_speed",
                    models.DecimalField(
                        blank=True,
                        decimal_places=1,
                        help_text="Typical speed in mph",
                        max_digits=6,
                        null=True,
                    ),
                ),
                (
                    "typical_capacity",
                    models.IntegerField(
                        blank=True, help_text="Typical hourly capacity", null=True
                    ),
                ),
                (
                    "image_id",
                    models.CharField(
                        blank=True, help_text="CloudFlare image ID", max_length=255
                    ),
                ),
                (
                    "image_url",
                    models.URLField(blank=True, help_text="CloudFlare image URL"),
                ),
                (
                    "installation_count",
                    models.IntegerField(
                        default=0, help_text="Number of installations worldwide"
                    ),
                ),
                (
                    "manufacturer",
                    models.ForeignKey(
                        help_text="Manufacturer of this ride model",
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name="ride_models",
                        to="entities.company",
                    ),
                ),
            ],
            options={
                "verbose_name": "Ride Model",
                "verbose_name_plural": "Ride Models",
                "ordering": ["manufacturer__name", "name"],
            },
            bases=(
                dirtyfields.dirtyfields.DirtyFieldsMixin,
                django_lifecycle.mixins.LifecycleModelMixin,
                models.Model,
            ),
        ),
        migrations.CreateModel(
            name="Ride",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                (
                    "name",
                    models.CharField(
                        db_index=True, help_text="Ride name", max_length=255
                    ),
                ),
                (
                    "slug",
                    models.SlugField(
                        help_text="URL-friendly identifier", max_length=255, unique=True
                    ),
                ),
                (
                    "description",
                    models.TextField(
                        blank=True, help_text="Ride description and history"
                    ),
                ),
                (
                    "ride_category",
                    models.CharField(
                        choices=[
                            ("roller_coaster", "Roller Coaster"),
                            ("flat_ride", "Flat Ride"),
                            ("water_ride", "Water Ride"),
                            ("dark_ride", "Dark Ride"),
                            ("transport_ride", "Transport Ride"),
                            ("other", "Other"),
                        ],
                        db_index=True,
                        help_text="Broad ride category",
                        max_length=50,
                    ),
                ),
                (
                    "ride_type",
                    models.CharField(
                        blank=True,
                        db_index=True,
                        help_text="Specific ride type (e.g., 'Inverted Coaster', 'Drop Tower')",
                        max_length=100,
                    ),
                ),
                (
                    "is_coaster",
                    models.BooleanField(
                        db_index=True,
                        default=False,
                        help_text="Is this ride a roller coaster?",
                    ),
                ),
                (
                    "status",
                    models.CharField(
                        choices=[
                            ("operating", "Operating"),
                            ("closed", "Closed"),
                            ("sbno", "Standing But Not Operating"),
                            ("relocated", "Relocated"),
                            ("under_construction", "Under Construction"),
                            ("planned", "Planned"),
                        ],
                        db_index=True,
                        default="operating",
                        help_text="Current operational status",
                        max_length=50,
                    ),
                ),
                (
                    "opening_date",
                    models.DateField(
                        blank=True,
                        db_index=True,
                        help_text="Ride opening date",
                        null=True,
                    ),
                ),
                (
                    "opening_date_precision",
                    models.CharField(
                        choices=[("year", "Year"), ("month", "Month"), ("day", "Day")],
                        default="day",
                        help_text="Precision of opening date",
                        max_length=20,
                    ),
                ),
                (
                    "closing_date",
                    models.DateField(
                        blank=True, help_text="Ride closing date (if closed)", null=True
                    ),
                ),
                (
                    "closing_date_precision",
                    models.CharField(
                        choices=[("year", "Year"), ("month", "Month"), ("day", "Day")],
                        default="day",
                        help_text="Precision of closing date",
                        max_length=20,
                    ),
                ),
                (
                    "height",
                    models.DecimalField(
                        blank=True,
                        decimal_places=1,
                        help_text="Height in feet",
                        max_digits=6,
                        null=True,
                    ),
                ),
                (
                    "speed",
                    models.DecimalField(
                        blank=True,
                        decimal_places=1,
                        help_text="Top speed in mph",
                        max_digits=6,
                        null=True,
                    ),
                ),
                (
                    "length",
                    models.DecimalField(
                        blank=True,
                        decimal_places=1,
                        help_text="Track/ride length in feet",
                        max_digits=8,
                        null=True,
                    ),
                ),
                (
                    "duration",
                    models.IntegerField(
                        blank=True, help_text="Ride duration in seconds", null=True
                    ),
                ),
                (
                    "inversions",
                    models.IntegerField(
                        blank=True,
                        help_text="Number of inversions (for coasters)",
                        null=True,
                    ),
                ),
                (
                    "capacity",
                    models.IntegerField(
                        blank=True,
                        help_text="Hourly capacity (riders per hour)",
                        null=True,
                    ),
                ),
                (
                    "image_id",
                    models.CharField(
                        blank=True,
                        help_text="CloudFlare image ID for main photo",
                        max_length=255,
                    ),
                ),
                (
                    "image_url",
                    models.URLField(
                        blank=True, help_text="CloudFlare image URL for main photo"
                    ),
                ),
                (
                    "custom_fields",
                    models.JSONField(
                        blank=True,
                        default=dict,
                        help_text="Additional ride-specific data",
                    ),
                ),
                (
                    "manufacturer",
                    models.ForeignKey(
                        blank=True,
                        help_text="Ride manufacturer",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="manufactured_rides",
                        to="entities.company",
                    ),
                ),
                (
                    "model",
                    models.ForeignKey(
                        blank=True,
                        help_text="Specific ride model",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="rides",
                        to="entities.ridemodel",
                    ),
                ),
                (
                    "park",
                    models.ForeignKey(
                        help_text="Park where ride is located",
                        on_delete=django.db.models.deletion.CASCADE,
                        related_name="rides",
                        to="entities.park",
                    ),
                ),
            ],
            options={
                "verbose_name": "Ride",
                "verbose_name_plural": "Rides",
                "ordering": ["park__name", "name"],
            },
            bases=(
                dirtyfields.dirtyfields.DirtyFieldsMixin,
                django_lifecycle.mixins.LifecycleModelMixin,
                models.Model,
            ),
        ),
        migrations.AddIndex(
            model_name="ridemodel",
            index=models.Index(
                fields=["manufacturer", "name"], name="entities_ri_manufac_1fe3c1_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="ridemodel",
            index=models.Index(
                fields=["model_type"], name="entities_ri_model_t_610d23_idx"
            ),
        ),
        migrations.AlterUniqueTogether(
            name="ridemodel",
            unique_together={("manufacturer", "name")},
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(
                fields=["park", "name"], name="entities_ri_park_id_e73e3b_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(fields=["slug"], name="entities_ri_slug_d2d6bb_idx"),
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(fields=["status"], name="entities_ri_status_b69114_idx"),
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(
                fields=["is_coaster"], name="entities_ri_is_coas_912a4d_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(
                fields=["ride_category"], name="entities_ri_ride_ca_bc4554_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(
                fields=["opening_date"], name="entities_ri_opening_c4fc53_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="ride",
            index=models.Index(
                fields=["manufacturer"], name="entities_ri_manufac_0d9a25_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="park",
            index=models.Index(fields=["name"], name="entities_pa_name_f8a746_idx"),
        ),
        migrations.AddIndex(
            model_name="park",
            index=models.Index(fields=["slug"], name="entities_pa_slug_a21c73_idx"),
        ),
        migrations.AddIndex(
            model_name="park",
            index=models.Index(fields=["status"], name="entities_pa_status_805296_idx"),
        ),
        migrations.AddIndex(
            model_name="park",
            index=models.Index(
                fields=["park_type"], name="entities_pa_park_ty_8eba41_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="park",
            index=models.Index(
                fields=["opening_date"], name="entities_pa_opening_102a60_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="park",
            index=models.Index(
                fields=["location"], name="entities_pa_locatio_20a884_idx"
            ),
        ),
        migrations.AddIndex(
            model_name="company",
            index=models.Index(fields=["name"], name="entities_co_name_d061e8_idx"),
        ),
        migrations.AddIndex(
            model_name="company",
            index=models.Index(fields=["slug"], name="entities_co_slug_00ae5c_idx"),
        ),
    ]
--- a/django/apps/entities/migrations/0002_alter_park_latitude_alter_park_longitude.py
+++ b/django/apps/entities/migrations/0002_alter_park_latitude_alter_park_longitude.py
@@ -1,35 +0,0 @@
 # Generated by Django 4.2.8 on 2025-11-08 17:03
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ("entities", "0001_initial"),
    ]
    operations = [
        migrations.AlterField(
            model_name="park",
            name="latitude",
            field=models.DecimalField(
                blank=True,
                decimal_places=7,
                help_text="Latitude coordinate. Primary in local dev, use location_point in production.",
                max_digits=10,
                null=True,
            ),
        ),
        migrations.AlterField(
            model_name="park",
            name="longitude",
            field=models.DecimalField(
                blank=True,
                decimal_places=7,
                help_text="Longitude coordinate. Primary in local dev, use location_point in production.",
                max_digits=10,
                null=True,
            ),
        ),
    ]
--- a/django/apps/entities/migrations/0003_add_search_vector_gin_indexes.py
+++ b/django/apps/entities/migrations/0003_add_search_vector_gin_indexes.py
@@ -1,141 +0,0 @@
 # Generated migration for Phase 2 - GIN Index Optimization
 from django.db import migrations, connection
 from django.contrib.postgres.indexes import GinIndex
 from django.contrib.postgres.search import SearchVector
 def is_postgresql():
    """Check if the database backend is PostgreSQL/PostGIS."""
    return 'postgis' in connection.vendor or 'postgresql' in connection.vendor
 def populate_search_vectors(apps, schema_editor):
    """Populate search_vector fields for all existing records."""
    if not is_postgresql():
        return
    # Get models
    Company = apps.get_model('entities', 'Company')
    RideModel = apps.get_model('entities', 'RideModel')
    Park = apps.get_model('entities', 'Park')
    Ride = apps.get_model('entities', 'Ride')
    # Update Company search vectors
    Company.objects.update(
        search_vector=(
            SearchVector('name', weight='A') + 
            SearchVector('description', weight='B')
        )
    )
    # Update RideModel search vectors
    RideModel.objects.update(
        search_vector=(
            SearchVector('name', weight='A') +
            SearchVector('manufacturer__name', weight='A') +
            SearchVector('description', weight='B')
        )
    )
    # Update Park search vectors
    Park.objects.update(
        search_vector=(
            SearchVector('name', weight='A') +
            SearchVector('description', weight='B')
        )
    )
    # Update Ride search vectors
    Ride.objects.update(
        search_vector=(
            SearchVector('name', weight='A') +
            SearchVector('park__name', weight='A') +
            SearchVector('manufacturer__name', weight='B') +
            SearchVector('description', weight='B')
        )
    )
 def reverse_search_vectors(apps, schema_editor):
    """Clear search_vector fields for all records."""
    if not is_postgresql():
        return
    # Get models
    Company = apps.get_model('entities', 'Company')
    RideModel = apps.get_model('entities', 'RideModel')
    Park = apps.get_model('entities', 'Park')
    Ride = apps.get_model('entities', 'Ride')
    # Clear all search vectors
    Company.objects.update(search_vector=None)
    RideModel.objects.update(search_vector=None)
    Park.objects.update(search_vector=None)
    Ride.objects.update(search_vector=None)
 def add_gin_indexes(apps, schema_editor):
    """Add GIN indexes on search_vector fields (PostgreSQL only)."""
    if not is_postgresql():
        return
    # Use raw SQL to add GIN indexes
    with schema_editor.connection.cursor() as cursor:
        cursor.execute("""
            CREATE INDEX IF NOT EXISTS entities_company_search_idx 
            ON entities_company USING gin(search_vector);
        """)
        cursor.execute("""
            CREATE INDEX IF NOT EXISTS entities_ridemodel_search_idx 
            ON entities_ridemodel USING gin(search_vector);
        """)
        cursor.execute("""
            CREATE INDEX IF NOT EXISTS entities_park_search_idx 
            ON entities_park USING gin(search_vector);
        """)
        cursor.execute("""
            CREATE INDEX IF NOT EXISTS entities_ride_search_idx 
            ON entities_ride USING gin(search_vector);
        """)
 def remove_gin_indexes(apps, schema_editor):
    """Remove GIN indexes (PostgreSQL only)."""
    if not is_postgresql():
        return
    # Use raw SQL to drop GIN indexes
    with schema_editor.connection.cursor() as cursor:
        cursor.execute("DROP INDEX IF EXISTS entities_company_search_idx;")
        cursor.execute("DROP INDEX IF EXISTS entities_ridemodel_search_idx;")
        cursor.execute("DROP INDEX IF EXISTS entities_park_search_idx;")
        cursor.execute("DROP INDEX IF EXISTS entities_ride_search_idx;")
 class Migration(migrations.Migration):
    """
    Phase 2 Migration: Add GIN indexes for search optimization.
    This migration:
    1. Adds GIN indexes on search_vector fields for optimal full-text search
    2. Populates search vectors for all existing database records
    3. Is PostgreSQL-specific and safe for SQLite environments
    """
    dependencies = [
        ('entities', '0002_alter_park_latitude_alter_park_longitude'),
    ]
    operations = [
        # First, populate search vectors for existing records
        migrations.RunPython(
            populate_search_vectors,
            reverse_search_vectors,
        ),
        # Add GIN indexes for each model's search_vector field
        migrations.RunPython(
            add_gin_indexes,
            remove_gin_indexes,
        ),
    ]
--- a/django/apps/entities/migrations/init.py
+++ b/django/apps/entities/migrations/init.py
--- a/django/apps/entities/migrations/pycache/0001_initial.cpython-313.pyc
+++ b/django/apps/entities/migrations/pycache/0001_initial.cpython-313.pyc
--- a/django/apps/entities/migrations/pycache/0002_add_postgis_location.cpython-313.pyc
+++ b/django/apps/entities/migrations/pycache/0002_add_postgis_location.cpython-313.pyc
--- a/django/apps/entities/migrations/pycache/0002_alter_park_latitude_alter_park_longitude.cpython-313.pyc
+++ b/django/apps/entities/migrations/pycache/0002_alter_park_latitude_alter_park_longitude.cpython-313.pyc
--- a/django/apps/entities/migrations/pycache/0003_add_search_vector_gin_indexes.cpython-313.pyc
+++ b/django/apps/entities/migrations/pycache/0003_add_search_vector_gin_indexes.cpython-313.pyc
--- a/django/apps/entities/migrations/pycache/init.cpython-313.pyc
+++ b/django/apps/entities/migrations/pycache/init.cpython-313.pyc
--- a/django/apps/entities/models.py
+++ b/django/apps/entities/models.py
@@ -1,930 +0,0 @@
 """
 Entity models for ThrillWiki Django backend.
 This module contains the core entity models:
 - Company: Manufacturers, operators, designers
 - RideModel: Specific ride models from manufacturers
 - Park: Theme parks, amusement parks, water parks, FECs
 - Ride: Individual rides and roller coasters
 """
 from django.db import models
 from django.conf import settings
 from django.contrib.contenttypes.fields import GenericRelation
 from django.utils.text import slugify
 from django_lifecycle import hook, AFTER_CREATE, AFTER_UPDATE, BEFORE_SAVE
 from apps.core.models import VersionedModel, BaseModel
 # Conditionally import GIS models only if using PostGIS backend
 # This allows migrations to run on SQLite during local development
 _using_postgis = (
    'postgis' in settings.DATABASES['default']['ENGINE']
 )
 if _using_postgis:
    from django.contrib.gis.db import models as gis_models
    from django.contrib.gis.geos import Point
    from django.contrib.postgres.search import SearchVectorField
 class Company(VersionedModel):
    """
    Represents a company in the amusement industry.
    Can be a manufacturer, operator, designer, or combination.
    """
    COMPANY_TYPE_CHOICES = [
        ('manufacturer', 'Manufacturer'),
        ('operator', 'Operator'),
        ('designer', 'Designer'),
        ('supplier', 'Supplier'),
        ('contractor', 'Contractor'),
    ]
    # Basic Info
    name = models.CharField(
        max_length=255,
        unique=True,
        db_index=True,
        help_text="Official company name"
    )
    slug = models.SlugField(
        max_length=255,
        unique=True,
        db_index=True,
        help_text="URL-friendly identifier"
    )
    description = models.TextField(
        blank=True,
        help_text="Company description and history"
    )
    # Company Types (can be multiple)
    company_types = models.JSONField(
        default=list,
        help_text="List of company types (manufacturer, operator, etc.)"
    )
    # Location
    location = models.ForeignKey(
        'core.Locality',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='companies',
        help_text="Company headquarters location"
    )
    # Dates with precision tracking
    founded_date = models.DateField(
        null=True,
        blank=True,
        help_text="Company founding date"
    )
    founded_date_precision = models.CharField(
        max_length=20,
        default='day',
        choices=[
            ('year', 'Year'),
            ('month', 'Month'),
            ('day', 'Day'),
        ],
        help_text="Precision of founded date"
    )
    closed_date = models.DateField(
        null=True,
        blank=True,
        help_text="Company closure date (if applicable)"
    )
    closed_date_precision = models.CharField(
        max_length=20,
        default='day',
        choices=[
            ('year', 'Year'),
            ('month', 'Month'),
            ('day', 'Day'),
        ],
        help_text="Precision of closed date"
    )
    # External Links
    website = models.URLField(
        blank=True,
        help_text="Official company website"
    )
    # CloudFlare Images
    logo_image_id = models.CharField(
        max_length=255,
        blank=True,
        help_text="CloudFlare image ID for company logo"
    )
    logo_image_url = models.URLField(
        blank=True,
        help_text="CloudFlare image URL for company logo"
    )
    # Cached statistics
    park_count = models.IntegerField(
        default=0,
        help_text="Number of parks operated (for operators)"
    )
    ride_count = models.IntegerField(
        default=0,
        help_text="Number of rides manufactured (for manufacturers)"
    )
    # Generic relation to photos
    photos = GenericRelation(
        'media.Photo',
        related_query_name='company'
    )
    # Full-text search vector (PostgreSQL only)
    # Populated automatically via signals or database triggers
    # Includes: name (weight A) + description (weight B)
    class Meta:
        verbose_name = 'Company'
        verbose_name_plural = 'Companies'
        ordering = ['name']
        indexes = [
            models.Index(fields=['name']),
            models.Index(fields=['slug']),
        ]
    def __str__(self):
        return self.name
    @hook(BEFORE_SAVE, when='slug', is_now=None)
    def auto_generate_slug(self):
        """Auto-generate slug from name if not provided."""
        if not self.slug and self.name:
            base_slug = slugify(self.name)
            slug = base_slug
            counter = 1
            while Company.objects.filter(slug=slug).exists():
                slug = f"{base_slug}-{counter}"
                counter += 1
            self.slug = slug
    def update_counts(self):
        """Update cached park and ride counts."""
        self.park_count = self.operated_parks.count()
        self.ride_count = self.manufactured_rides.count()
        self.save(update_fields=['park_count', 'ride_count'])
    def get_photos(self, photo_type=None, approved_only=True):
        """Get photos for this company."""
        from apps.media.services import PhotoService
        service = PhotoService()
        return service.get_entity_photos(self, photo_type=photo_type, approved_only=approved_only)
    @property
    def main_photo(self):
        """Get the main photo."""
        photos = self.photos.filter(photo_type='main', moderation_status='approved').first()
        return photos
    @property
    def logo_photo(self):
        """Get the logo photo."""
        photos = self.photos.filter(photo_type='logo', moderation_status='approved').first()
        return photos
 class RideModel(VersionedModel):
    """
    Represents a specific ride model from a manufacturer.
    E.g., "B&M Inverted Coaster", "Vekoma Boomerang", "Zamperla Family Gravity Coaster"
    """
    MODEL_TYPE_CHOICES = [
        ('coaster_model', 'Roller Coaster Model'),
        ('flat_ride_model', 'Flat Ride Model'),
        ('water_ride_model', 'Water Ride Model'),
        ('dark_ride_model', 'Dark Ride Model'),
        ('transport_ride_model', 'Transport Ride Model'),
    ]
    # Basic Info
    name = models.CharField(
        max_length=255,
        db_index=True,
        help_text="Model name (e.g., 'Inverted Coaster', 'Boomerang')"
    )
    slug = models.SlugField(
        max_length=255,
        unique=True,
        db_index=True,
        help_text="URL-friendly identifier"
    )
    description = models.TextField(
        blank=True,
        help_text="Model description and technical details"
    )
    # Manufacturer
    manufacturer = models.ForeignKey(
        'Company',
        on_delete=models.CASCADE,
        related_name='ride_models',
        help_text="Manufacturer of this ride model"
    )
    # Model Type
    model_type = models.CharField(
        max_length=50,
        choices=MODEL_TYPE_CHOICES,
        db_index=True,
        help_text="Type of ride model"
    )
    # Technical Specifications (common to most instances)
    typical_height = models.DecimalField(
        max_digits=6,
        decimal_places=1,
        null=True,
        blank=True,
        help_text="Typical height in feet"
    )
    typical_speed = models.DecimalField(
        max_digits=6,
        decimal_places=1,
        null=True,
        blank=True,
        help_text="Typical speed in mph"
    )
    typical_capacity = models.IntegerField(
        null=True,
        blank=True,
        help_text="Typical hourly capacity"
    )
    # CloudFlare Images
    image_id = models.CharField(
        max_length=255,
        blank=True,
        help_text="CloudFlare image ID"
    )
    image_url = models.URLField(
        blank=True,
        help_text="CloudFlare image URL"
    )
    # Cached statistics
    installation_count = models.IntegerField(
        default=0,
        help_text="Number of installations worldwide"
    )
    # Generic relation to photos
    photos = GenericRelation(
        'media.Photo',
        related_query_name='ride_model'
    )
    class Meta:
        verbose_name = 'Ride Model'
        verbose_name_plural = 'Ride Models'
        ordering = ['manufacturer__name', 'name']
        unique_together = [['manufacturer', 'name']]
        indexes = [
            models.Index(fields=['manufacturer', 'name']),
            models.Index(fields=['model_type']),
        ]
    def __str__(self):
        return f"{self.manufacturer.name} {self.name}"
    @hook(BEFORE_SAVE, when='slug', is_now=None)
    def auto_generate_slug(self):
        """Auto-generate slug from manufacturer and name if not provided."""
        if not self.slug and self.manufacturer and self.name:
            base_slug = slugify(f"{self.manufacturer.name} {self.name}")
            slug = base_slug
            counter = 1
            while RideModel.objects.filter(slug=slug).exists():
                slug = f"{base_slug}-{counter}"
                counter += 1
            self.slug = slug
    def update_installation_count(self):
        """Update cached installation count."""
        self.installation_count = self.rides.count()
        self.save(update_fields=['installation_count'])
    def get_photos(self, photo_type=None, approved_only=True):
        """Get photos for this ride model."""
        from apps.media.services import PhotoService
        service = PhotoService()
        return service.get_entity_photos(self, photo_type=photo_type, approved_only=approved_only)
    @property
    def main_photo(self):
        """Get the main photo."""
        photos = self.photos.filter(photo_type='main', moderation_status='approved').first()
        return photos
 class Park(VersionedModel):
    """
    Represents an amusement park, theme park, water park, or FEC.
    Note: Geographic coordinates are stored differently based on database backend:
    - Production (PostGIS): Uses location_point PointField with full GIS capabilities
    - Local Dev (SQLite): Uses latitude/longitude DecimalFields (no spatial queries)
    """
    PARK_TYPE_CHOICES = [
        ('theme_park', 'Theme Park'),
        ('amusement_park', 'Amusement Park'),
        ('water_park', 'Water Park'),
        ('family_entertainment_center', 'Family Entertainment Center'),
        ('traveling_park', 'Traveling Park'),
        ('zoo', 'Zoo'),
        ('aquarium', 'Aquarium'),
    ]
    STATUS_CHOICES = [
        ('operating', 'Operating'),
        ('closed', 'Closed'),
        ('sbno', 'Standing But Not Operating'),
        ('under_construction', 'Under Construction'),
        ('planned', 'Planned'),
    ]
    # Basic Info
    name = models.CharField(
        max_length=255,
        db_index=True,
        help_text="Official park name"
    )
    slug = models.SlugField(
        max_length=255,
        unique=True,
        db_index=True,
        help_text="URL-friendly identifier"
    )
    description = models.TextField(
        blank=True,
        help_text="Park description and history"
    )
    # Type & Status
    park_type = models.CharField(
        max_length=50,
        choices=PARK_TYPE_CHOICES,
        db_index=True,
        help_text="Type of park"
    )
    status = models.CharField(
        max_length=50,
        choices=STATUS_CHOICES,
        default='operating',
        db_index=True,
        help_text="Current operational status"
    )
    # Dates with precision tracking
    opening_date = models.DateField(
        null=True,
        blank=True,
        db_index=True,
        help_text="Park opening date"
    )
    opening_date_precision = models.CharField(
        max_length=20,
        default='day',
        choices=[
            ('year', 'Year'),
            ('month', 'Month'),
            ('day', 'Day'),
        ],
        help_text="Precision of opening date"
    )
    closing_date = models.DateField(
        null=True,
        blank=True,
        help_text="Park closing date (if closed)"
    )
    closing_date_precision = models.CharField(
        max_length=20,
        default='day',
        choices=[
            ('year', 'Year'),
            ('month', 'Month'),
            ('day', 'Day'),
        ],
        help_text="Precision of closing date"
    )
    # Location
    location = models.ForeignKey(
        'core.Locality',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='parks',
        help_text="Park location"
    )
    # Precise coordinates for mapping
    # Primary in local dev (SQLite), deprecated in production (PostGIS)
    latitude = models.DecimalField(
        max_digits=10,
        decimal_places=7,
        null=True,
        blank=True,
        help_text="Latitude coordinate. Primary in local dev, use location_point in production."
    )
    longitude = models.DecimalField(
        max_digits=10,
        decimal_places=7,
        null=True,
        blank=True,
        help_text="Longitude coordinate. Primary in local dev, use location_point in production."
    )
    # NOTE: location_point PointField is added conditionally below if using PostGIS
    # Relationships
    operator = models.ForeignKey(
        'Company',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='operated_parks',
        help_text="Current park operator"
    )
    # External Links
    website = models.URLField(
        blank=True,
        help_text="Official park website"
    )
    # CloudFlare Images
    banner_image_id = models.CharField(
        max_length=255,
        blank=True,
        help_text="CloudFlare image ID for park banner"
    )
    banner_image_url = models.URLField(
        blank=True,
        help_text="CloudFlare image URL for park banner"
    )
    logo_image_id = models.CharField(
        max_length=255,
        blank=True,
        help_text="CloudFlare image ID for park logo"
    )
    logo_image_url = models.URLField(
        blank=True,
        help_text="CloudFlare image URL for park logo"
    )
    # Cached statistics (for performance)
    ride_count = models.IntegerField(
        default=0,
        help_text="Total number of rides"
    )
    coaster_count = models.IntegerField(
        default=0,
        help_text="Number of roller coasters"
    )
    # Custom fields for flexible data
    custom_fields = models.JSONField(
        default=dict,
        blank=True,
        help_text="Additional park-specific data"
    )
    # Generic relation to photos
    photos = GenericRelation(
        'media.Photo',
        related_query_name='park'
    )
    class Meta:
        verbose_name = 'Park'
        verbose_name_plural = 'Parks'
        ordering = ['name']
        indexes = [
            models.Index(fields=['name']),
            models.Index(fields=['slug']),
            models.Index(fields=['status']),
            models.Index(fields=['park_type']),
            models.Index(fields=['opening_date']),
            models.Index(fields=['location']),
        ]
    def __str__(self):
        return self.name
    @hook(BEFORE_SAVE, when='slug', is_now=None)
    def auto_generate_slug(self):
        """Auto-generate slug from name if not provided."""
        if not self.slug and self.name:
            base_slug = slugify(self.name)
            slug = base_slug
            counter = 1
            while Park.objects.filter(slug=slug).exists():
                slug = f"{base_slug}-{counter}"
                counter += 1
            self.slug = slug
    def update_counts(self):
        """Update cached ride counts."""
        self.ride_count = self.rides.count()
        self.coaster_count = self.rides.filter(is_coaster=True).count()
        self.save(update_fields=['ride_count', 'coaster_count'])
    def set_location(self, longitude, latitude):
        """
        Set park location from coordinates.
        Args:
            longitude: Longitude coordinate (X)
            latitude: Latitude coordinate (Y)
        Note: Works in both PostGIS and non-PostGIS modes.
        - PostGIS: Sets location_point and syncs to lat/lng
        - SQLite: Sets lat/lng directly
        """
        if longitude is not None and latitude is not None:
            # Always update lat/lng fields
            self.longitude = longitude
            self.latitude = latitude
            # If using PostGIS, also update location_point
            if _using_postgis and hasattr(self, 'location_point'):
                self.location_point = Point(float(longitude), float(latitude), srid=4326)
    @property
    def coordinates(self):
        """
        Get coordinates as (longitude, latitude) tuple.
        Returns:
            tuple: (longitude, latitude) or None if no location set
        """
        # Try PostGIS field first if available
        if _using_postgis and hasattr(self, 'location_point') and self.location_point:
            return (self.location_point.x, self.location_point.y)
        # Fall back to lat/lng fields
        elif self.longitude and self.latitude:
            return (float(self.longitude), float(self.latitude))
        return None
    @property
    def latitude_value(self):
        """Get latitude value (from location_point if PostGIS, else from latitude field)."""
        if _using_postgis and hasattr(self, 'location_point') and self.location_point:
            return self.location_point.y
        return float(self.latitude) if self.latitude else None
    @property
    def longitude_value(self):
        """Get longitude value (from location_point if PostGIS, else from longitude field)."""
        if _using_postgis and hasattr(self, 'location_point') and self.location_point:
            return self.location_point.x
        return float(self.longitude) if self.longitude else None
    def get_photos(self, photo_type=None, approved_only=True):
        """Get photos for this park."""
        from apps.media.services import PhotoService
        service = PhotoService()
        return service.get_entity_photos(self, photo_type=photo_type, approved_only=approved_only)
    @property
    def main_photo(self):
        """Get the main photo."""
        photos = self.photos.filter(photo_type='main', moderation_status='approved').first()
        return photos
    @property
    def banner_photo(self):
        """Get the banner photo."""
        photos = self.photos.filter(photo_type='banner', moderation_status='approved').first()
        return photos
    @property
    def logo_photo(self):
        """Get the logo photo."""
        photos = self.photos.filter(photo_type='logo', moderation_status='approved').first()
        return photos
    @property
    def gallery_photos(self):
        """Get gallery photos."""
        return self.photos.filter(photo_type='gallery', moderation_status='approved').order_by('display_order')
 # Conditionally add PostGIS PointField to Park model if using PostGIS backend
 if _using_postgis:
    Park.add_to_class(
        'location_point',
        gis_models.PointField(
            geography=True,
            null=True,
            blank=True,
            srid=4326,
            help_text="Geographic coordinates (PostGIS Point). Production only."
        )
    )
 class Ride(VersionedModel):
    """
    Represents an individual ride or roller coaster.
    """
    RIDE_CATEGORY_CHOICES = [
        ('roller_coaster', 'Roller Coaster'),
        ('flat_ride', 'Flat Ride'),
        ('water_ride', 'Water Ride'),
        ('dark_ride', 'Dark Ride'),
        ('transport_ride', 'Transport Ride'),
        ('other', 'Other'),
    ]
    STATUS_CHOICES = [
        ('operating', 'Operating'),
        ('closed', 'Closed'),
        ('sbno', 'Standing But Not Operating'),
        ('relocated', 'Relocated'),
        ('under_construction', 'Under Construction'),
        ('planned', 'Planned'),
    ]
    # Basic Info
    name = models.CharField(
        max_length=255,
        db_index=True,
        help_text="Ride name"
    )
    slug = models.SlugField(
        max_length=255,
        unique=True,
        db_index=True,
        help_text="URL-friendly identifier"
    )
    description = models.TextField(
        blank=True,
        help_text="Ride description and history"
    )
    # Park Relationship
    park = models.ForeignKey(
        'Park',
        on_delete=models.CASCADE,
        related_name='rides',
        db_index=True,
        help_text="Park where ride is located"
    )
    # Ride Classification
    ride_category = models.CharField(
        max_length=50,
        choices=RIDE_CATEGORY_CHOICES,
        db_index=True,
        help_text="Broad ride category"
    )
    ride_type = models.CharField(
        max_length=100,
        blank=True,
        db_index=True,
        help_text="Specific ride type (e.g., 'Inverted Coaster', 'Drop Tower')"
    )
    # Quick coaster identification
    is_coaster = models.BooleanField(
        default=False,
        db_index=True,
        help_text="Is this ride a roller coaster?"
    )
    # Status
    status = models.CharField(
        max_length=50,
        choices=STATUS_CHOICES,
        default='operating',
        db_index=True,
        help_text="Current operational status"
    )
    # Dates with precision tracking
    opening_date = models.DateField(
        null=True,
        blank=True,
        db_index=True,
        help_text="Ride opening date"
    )
    opening_date_precision = models.CharField(
        max_length=20,
        default='day',
        choices=[
            ('year', 'Year'),
            ('month', 'Month'),
            ('day', 'Day'),
        ],
        help_text="Precision of opening date"
    )
    closing_date = models.DateField(
        null=True,
        blank=True,
        help_text="Ride closing date (if closed)"
    )
    closing_date_precision = models.CharField(
        max_length=20,
        default='day',
        choices=[
            ('year', 'Year'),
            ('month', 'Month'),
            ('day', 'Day'),
        ],
        help_text="Precision of closing date"
    )
    # Manufacturer & Model
    manufacturer = models.ForeignKey(
        'Company',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='manufactured_rides',
        help_text="Ride manufacturer"
    )
    model = models.ForeignKey(
        'RideModel',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='rides',
        help_text="Specific ride model"
    )
    # Statistics
    height = models.DecimalField(
        max_digits=6,
        decimal_places=1,
        null=True,
        blank=True,
        help_text="Height in feet"
    )
    speed = models.DecimalField(
        max_digits=6,
        decimal_places=1,
        null=True,
        blank=True,
        help_text="Top speed in mph"
    )
    length = models.DecimalField(
        max_digits=8,
        decimal_places=1,
        null=True,
        blank=True,
        help_text="Track/ride length in feet"
    )
    duration = models.IntegerField(
        null=True,
        blank=True,
        help_text="Ride duration in seconds"
    )
    inversions = models.IntegerField(
        null=True,
        blank=True,
        help_text="Number of inversions (for coasters)"
    )
    capacity = models.IntegerField(
        null=True,
        blank=True,
        help_text="Hourly capacity (riders per hour)"
    )
    # CloudFlare Images
    image_id = models.CharField(
        max_length=255,
        blank=True,
        help_text="CloudFlare image ID for main photo"
    )
    image_url = models.URLField(
        blank=True,
        help_text="CloudFlare image URL for main photo"
    )
    # Custom fields for flexible data
    custom_fields = models.JSONField(
        default=dict,
        blank=True,
        help_text="Additional ride-specific data"
    )
    # Generic relation to photos
    photos = GenericRelation(
        'media.Photo',
        related_query_name='ride'
    )
    class Meta:
        verbose_name = 'Ride'
        verbose_name_plural = 'Rides'
        ordering = ['park__name', 'name']
        indexes = [
            models.Index(fields=['park', 'name']),
            models.Index(fields=['slug']),
            models.Index(fields=['status']),
            models.Index(fields=['is_coaster']),
            models.Index(fields=['ride_category']),
            models.Index(fields=['opening_date']),
            models.Index(fields=['manufacturer']),
        ]
    def __str__(self):
        return f"{self.name} ({self.park.name})"
    @hook(BEFORE_SAVE, when='slug', is_now=None)
    def auto_generate_slug(self):
        """Auto-generate slug from park and name if not provided."""
        if not self.slug and self.park and self.name:
            base_slug = slugify(f"{self.park.name} {self.name}")
            slug = base_slug
            counter = 1
            while Ride.objects.filter(slug=slug).exists():
                slug = f"{base_slug}-{counter}"
                counter += 1
            self.slug = slug
    @hook(BEFORE_SAVE)
    def set_is_coaster_flag(self):
        """Auto-set is_coaster flag based on ride_category."""
        self.is_coaster = (self.ride_category == 'roller_coaster')
    @hook(AFTER_CREATE)
    @hook(AFTER_UPDATE, when='park', has_changed=True)
    def update_park_counts(self):
        """Update parent park's ride counts when ride is created or moved."""
        if self.park:
            self.park.update_counts()
    def get_photos(self, photo_type=None, approved_only=True):
        """Get photos for this ride."""
        from apps.media.services import PhotoService
        service = PhotoService()
        return service.get_entity_photos(self, photo_type=photo_type, approved_only=approved_only)
    @property
    def main_photo(self):
        """Get the main photo."""
        photos = self.photos.filter(photo_type='main', moderation_status='approved').first()
        return photos
    @property
    def gallery_photos(self):
        """Get gallery photos."""
        return self.photos.filter(photo_type='gallery', moderation_status='approved').order_by('display_order')
 # Add SearchVectorField to all models for full-text search (PostgreSQL only)
 # Must be at the very end after ALL class definitions
 if _using_postgis:
    Company.add_to_class(
        'search_vector',
        SearchVectorField(
            null=True,
            blank=True,
            help_text="Pre-computed search vector for full-text search. Auto-updated via signals."
        )
    )
    RideModel.add_to_class(
        'search_vector',
        SearchVectorField(
            null=True,
            blank=True,
            help_text="Pre-computed search vector for full-text search. Auto-updated via signals."
        )
    )
    Park.add_to_class(
        'search_vector',
        SearchVectorField(
            null=True,
            blank=True,
            help_text="Pre-computed search vector for full-text search. Auto-updated via signals."
        )
    )
    Ride.add_to_class(
        'search_vector',
        SearchVectorField(
            null=True,
            blank=True,
            help_text="Pre-computed search vector for full-text search. Auto-updated via signals."
        )
    )
--- a/django/apps/entities/search.py
+++ b/django/apps/entities/search.py
@@ -1,386 +0,0 @@
 """
 Search service for ThrillWiki entities.
 Provides full-text search capabilities with PostgreSQL and fallback for SQLite.
 - PostgreSQL: Uses SearchVector, SearchQuery, SearchRank for full-text search
 - SQLite: Falls back to case-insensitive LIKE queries
 """
 from typing import List, Optional, Dict, Any
 from django.db.models import Q, QuerySet, Value, CharField, F
 from django.db.models.functions import Concat
 from django.conf import settings
 # Conditionally import PostgreSQL search features
 _using_postgis = 'postgis' in settings.DATABASES['default']['ENGINE']
 if _using_postgis:
    from django.contrib.postgres.search import SearchVector, SearchQuery, SearchRank, TrigramSimilarity
    from django.contrib.postgres.aggregates import StringAgg
 class SearchService:
    """Service for searching across all entity types."""
    def __init__(self):
        self.using_postgres = _using_postgis
    def search_all(
        self,
        query: str,
        entity_types: Optional[List[str]] = None,
        limit: int = 20
    ) -> Dict[str, Any]:
        """
        Search across all entity types.
        Args:
            query: Search query string
            entity_types: Optional list to filter by entity types
            limit: Maximum results per entity type
        Returns:
            Dictionary with results grouped by entity type
        """
        results = {}
        # Default to all entity types if not specified
        if not entity_types:
            entity_types = ['company', 'ride_model', 'park', 'ride']
        if 'company' in entity_types:
            results['companies'] = list(self.search_companies(query, limit=limit))
        if 'ride_model' in entity_types:
            results['ride_models'] = list(self.search_ride_models(query, limit=limit))
        if 'park' in entity_types:
            results['parks'] = list(self.search_parks(query, limit=limit))
        if 'ride' in entity_types:
            results['rides'] = list(self.search_rides(query, limit=limit))
        return results
    def search_companies(
        self,
        query: str,
        filters: Optional[Dict[str, Any]] = None,
        limit: int = 20
    ) -> QuerySet:
        """
        Search companies with full-text search.
        Args:
            query: Search query string
            filters: Optional filters (company_types, founded_after, etc.)
            limit: Maximum number of results
        Returns:
            QuerySet of Company objects
        """
        from apps.entities.models import Company
        if self.using_postgres:
            # PostgreSQL full-text search using pre-computed search_vector
            search_query = SearchQuery(query, search_type='websearch')
            results = Company.objects.annotate(
                rank=SearchRank(F('search_vector'), search_query)
            ).filter(search_vector=search_query).order_by('-rank')
        else:
            # SQLite fallback using LIKE
            results = Company.objects.filter(
                Q(name__icontains=query) | Q(description__icontains=query)
            ).order_by('name')
        # Apply additional filters
        if filters:
            if filters.get('company_types'):
                # Filter by company types (stored in JSONField)
                results = results.filter(
                    company_types__contains=filters['company_types']
                )
            if filters.get('founded_after'):
                results = results.filter(founded_date__gte=filters['founded_after'])
            if filters.get('founded_before'):
                results = results.filter(founded_date__lte=filters['founded_before'])
        return results[:limit]
    def search_ride_models(
        self,
        query: str,
        filters: Optional[Dict[str, Any]] = None,
        limit: int = 20
    ) -> QuerySet:
        """
        Search ride models with full-text search.
        Args:
            query: Search query string
            filters: Optional filters (manufacturer_id, model_type, etc.)
            limit: Maximum number of results
        Returns:
            QuerySet of RideModel objects
        """
        from apps.entities.models import RideModel
        if self.using_postgres:
            # PostgreSQL full-text search using pre-computed search_vector
            search_query = SearchQuery(query, search_type='websearch')
            results = RideModel.objects.select_related('manufacturer').annotate(
                rank=SearchRank(F('search_vector'), search_query)
            ).filter(search_vector=search_query).order_by('-rank')
        else:
            # SQLite fallback using LIKE
            results = RideModel.objects.select_related('manufacturer').filter(
                Q(name__icontains=query) |
                Q(manufacturer__name__icontains=query) |
                Q(description__icontains=query)
            ).order_by('manufacturer__name', 'name')
        # Apply additional filters
        if filters:
            if filters.get('manufacturer_id'):
                results = results.filter(manufacturer_id=filters['manufacturer_id'])
            if filters.get('model_type'):
                results = results.filter(model_type=filters['model_type'])
        return results[:limit]
    def search_parks(
        self,
        query: str,
        filters: Optional[Dict[str, Any]] = None,
        limit: int = 20
    ) -> QuerySet:
        """
        Search parks with full-text search and location filtering.
        Args:
            query: Search query string
            filters: Optional filters (status, park_type, location, radius, etc.)
            limit: Maximum number of results
        Returns:
            QuerySet of Park objects
        """
        from apps.entities.models import Park
        if self.using_postgres:
            # PostgreSQL full-text search using pre-computed search_vector
            search_query = SearchQuery(query, search_type='websearch')
            results = Park.objects.annotate(
                rank=SearchRank(F('search_vector'), search_query)
            ).filter(search_vector=search_query).order_by('-rank')
        else:
            # SQLite fallback using LIKE
            results = Park.objects.filter(
                Q(name__icontains=query) | Q(description__icontains=query)
            ).order_by('name')
        # Apply additional filters
        if filters:
            if filters.get('status'):
                results = results.filter(status=filters['status'])
            if filters.get('park_type'):
                results = results.filter(park_type=filters['park_type'])
            if filters.get('operator_id'):
                results = results.filter(operator_id=filters['operator_id'])
            if filters.get('opening_after'):
                results = results.filter(opening_date__gte=filters['opening_after'])
            if filters.get('opening_before'):
                results = results.filter(opening_date__lte=filters['opening_before'])
            # Location-based filtering (PostGIS only)
            if self.using_postgres and filters.get('location') and filters.get('radius'):
                from django.contrib.gis.geos import Point
                from django.contrib.gis.measure import D
                longitude, latitude = filters['location']
                point = Point(longitude, latitude, srid=4326)
                radius_km = filters['radius']
                # Use distance filter
                results = results.filter(
                    location_point__distance_lte=(point, D(km=radius_km))
                ).annotate(
                    distance=F('location_point__distance')
                ).order_by('distance')
        return results[:limit]
    def search_rides(
        self,
        query: str,
        filters: Optional[Dict[str, Any]] = None,
        limit: int = 20
    ) -> QuerySet:
        """
        Search rides with full-text search.
        Args:
            query: Search query string
            filters: Optional filters (park_id, manufacturer_id, status, etc.)
            limit: Maximum number of results
        Returns:
            QuerySet of Ride objects
        """
        from apps.entities.models import Ride
        if self.using_postgres:
            # PostgreSQL full-text search using pre-computed search_vector
            search_query = SearchQuery(query, search_type='websearch')
            results = Ride.objects.select_related('park', 'manufacturer', 'model').annotate(
                rank=SearchRank(F('search_vector'), search_query)
            ).filter(search_vector=search_query).order_by('-rank')
        else:
            # SQLite fallback using LIKE
            results = Ride.objects.select_related('park', 'manufacturer', 'model').filter(
                Q(name__icontains=query) |
                Q(park__name__icontains=query) |
                Q(manufacturer__name__icontains=query) |
                Q(description__icontains=query)
            ).order_by('park__name', 'name')
        # Apply additional filters
        if filters:
            if filters.get('park_id'):
                results = results.filter(park_id=filters['park_id'])
            if filters.get('manufacturer_id'):
                results = results.filter(manufacturer_id=filters['manufacturer_id'])
            if filters.get('model_id'):
                results = results.filter(model_id=filters['model_id'])
            if filters.get('status'):
                results = results.filter(status=filters['status'])
            if filters.get('ride_category'):
                results = results.filter(ride_category=filters['ride_category'])
            if filters.get('is_coaster') is not None:
                results = results.filter(is_coaster=filters['is_coaster'])
            if filters.get('opening_after'):
                results = results.filter(opening_date__gte=filters['opening_after'])
            if filters.get('opening_before'):
                results = results.filter(opening_date__lte=filters['opening_before'])
            # Height/speed filters
            if filters.get('min_height'):
                results = results.filter(height__gte=filters['min_height'])
            if filters.get('max_height'):
                results = results.filter(height__lte=filters['max_height'])
            if filters.get('min_speed'):
                results = results.filter(speed__gte=filters['min_speed'])
            if filters.get('max_speed'):
                results = results.filter(speed__lte=filters['max_speed'])
        return results[:limit]
    def autocomplete(
        self,
        query: str,
        entity_type: Optional[str] = None,
        limit: int = 10
    ) -> List[Dict[str, Any]]:
        """
        Get autocomplete suggestions for search.
        Args:
            query: Partial search query
            entity_type: Optional specific entity type
            limit: Maximum number of suggestions
        Returns:
            List of suggestion dictionaries with name and entity_type
        """
        suggestions = []
        if not query or len(query) < 2:
            return suggestions
        # Search in names only for autocomplete
        if entity_type == 'company' or not entity_type:
            from apps.entities.models import Company
            companies = Company.objects.filter(
                name__istartswith=query
            ).values('id', 'name', 'slug')[:limit]
            for company in companies:
                suggestions.append({
                    'id': company['id'],
                    'name': company['name'],
                    'slug': company['slug'],
                    'entity_type': 'company'
                })
        if entity_type == 'park' or not entity_type:
            from apps.entities.models import Park
            parks = Park.objects.filter(
                name__istartswith=query
            ).values('id', 'name', 'slug')[:limit]
            for park in parks:
                suggestions.append({
                    'id': park['id'],
                    'name': park['name'],
                    'slug': park['slug'],
                    'entity_type': 'park'
                })
        if entity_type == 'ride' or not entity_type:
            from apps.entities.models import Ride
            rides = Ride.objects.select_related('park').filter(
                name__istartswith=query
            ).values('id', 'name', 'slug', 'park__name')[:limit]
            for ride in rides:
                suggestions.append({
                    'id': ride['id'],
                    'name': ride['name'],
                    'slug': ride['slug'],
                    'park_name': ride['park__name'],
                    'entity_type': 'ride'
                })
        if entity_type == 'ride_model' or not entity_type:
            from apps.entities.models import RideModel
            models = RideModel.objects.select_related('manufacturer').filter(
                name__istartswith=query
            ).values('id', 'name', 'slug', 'manufacturer__name')[:limit]
            for model in models:
                suggestions.append({
                    'id': model['id'],
                    'name': model['name'],
                    'slug': model['slug'],
                    'manufacturer_name': model['manufacturer__name'],
                    'entity_type': 'ride_model'
                })
        # Sort by relevance (exact matches first, then alphabetically)
        suggestions.sort(key=lambda x: (
            not x['name'].lower().startswith(query.lower()),
            x['name'].lower()
        ))
        return suggestions[:limit]
--- a/django/apps/entities/signals.py
+++ b/django/apps/entities/signals.py
@@ -1,252 +0,0 @@
 """
 Signal handlers for automatic search vector updates.
 These signals ensure search vectors stay synchronized with model changes,
 eliminating the need for manual re-indexing.
 Signal handlers are only active when using PostgreSQL with PostGIS backend.
 """
 from django.db.models.signals import post_save, pre_save
 from django.dispatch import receiver
 from django.conf import settings
 from django.contrib.postgres.search import SearchVector
 from apps.entities.models import Company, RideModel, Park, Ride
 # Only register signals if using PostgreSQL with PostGIS
 _using_postgis = 'postgis' in settings.DATABASES['default']['ENGINE']
 if _using_postgis:
    # ==========================================
    # Company Signals
    # ==========================================
    @receiver(post_save, sender=Company)
    def update_company_search_vector(sender, instance, created, **kwargs):
        """
        Update search vector when company is created or updated.
        Search vector includes:
        - name (weight A)
        - description (weight B)
        """
        # Update the company's own search vector
        Company.objects.filter(pk=instance.pk).update(
            search_vector=(
                SearchVector('name', weight='A', config='english') +
                SearchVector('description', weight='B', config='english')
            )
        )
    @receiver(pre_save, sender=Company)
    def check_company_name_change(sender, instance, **kwargs):
        """
        Track if company name is changing to trigger cascading updates.
        Stores the old name on the instance for use in post_save signal.
        """
        if instance.pk:
            try:
                old_instance = Company.objects.get(pk=instance.pk)
                instance._old_name = old_instance.name
            except Company.DoesNotExist:
                instance._old_name = None
        else:
            instance._old_name = None
    @receiver(post_save, sender=Company)
    def cascade_company_name_updates(sender, instance, created, **kwargs):
        """
        When company name changes, update search vectors for related objects.
        Updates:
        - All RideModels from this manufacturer
        - All Rides from this manufacturer
        """
        # Skip if this is a new company or name hasn't changed
        if created or not hasattr(instance, '_old_name'):
            return
        old_name = getattr(instance, '_old_name', None)
        if old_name == instance.name:
            return
        # Update all RideModels from this manufacturer
        ride_models = RideModel.objects.filter(manufacturer=instance)
        for ride_model in ride_models:
            RideModel.objects.filter(pk=ride_model.pk).update(
                search_vector=(
                    SearchVector('name', weight='A', config='english') +
                    SearchVector('manufacturer__name', weight='A', config='english') +
                    SearchVector('description', weight='B', config='english')
                )
            )
        # Update all Rides from this manufacturer
        rides = Ride.objects.filter(manufacturer=instance)
        for ride in rides:
            Ride.objects.filter(pk=ride.pk).update(
                search_vector=(
                    SearchVector('name', weight='A', config='english') +
                    SearchVector('park__name', weight='A', config='english') +
                    SearchVector('manufacturer__name', weight='B', config='english') +
                    SearchVector('description', weight='B', config='english')
                )
            )
    # ==========================================
    # Park Signals
    # ==========================================
    @receiver(post_save, sender=Park)
    def update_park_search_vector(sender, instance, created, **kwargs):
        """
        Update search vector when park is created or updated.
        Search vector includes:
        - name (weight A)
        - description (weight B)
        """
        # Update the park's own search vector
        Park.objects.filter(pk=instance.pk).update(
            search_vector=(
                SearchVector('name', weight='A', config='english') +
                SearchVector('description', weight='B', config='english')
            )
        )
    @receiver(pre_save, sender=Park)
    def check_park_name_change(sender, instance, **kwargs):
        """
        Track if park name is changing to trigger cascading updates.
        Stores the old name on the instance for use in post_save signal.
        """
        if instance.pk:
            try:
                old_instance = Park.objects.get(pk=instance.pk)
                instance._old_name = old_instance.name
            except Park.DoesNotExist:
                instance._old_name = None
        else:
            instance._old_name = None
    @receiver(post_save, sender=Park)
    def cascade_park_name_updates(sender, instance, created, **kwargs):
        """
        When park name changes, update search vectors for related rides.
        Updates:
        - All Rides in this park
        """
        # Skip if this is a new park or name hasn't changed
        if created or not hasattr(instance, '_old_name'):
            return
        old_name = getattr(instance, '_old_name', None)
        if old_name == instance.name:
            return
        # Update all Rides in this park
        rides = Ride.objects.filter(park=instance)
        for ride in rides:
            Ride.objects.filter(pk=ride.pk).update(
                search_vector=(
                    SearchVector('name', weight='A', config='english') +
                    SearchVector('park__name', weight='A', config='english') +
                    SearchVector('manufacturer__name', weight='B', config='english') +
                    SearchVector('description', weight='B', config='english')
                )
            )
    # ==========================================
    # RideModel Signals
    # ==========================================
    @receiver(post_save, sender=RideModel)
    def update_ride_model_search_vector(sender, instance, created, **kwargs):
        """
        Update search vector when ride model is created or updated.
        Search vector includes:
        - name (weight A)
        - manufacturer__name (weight A)
        - description (weight B)
        """
        RideModel.objects.filter(pk=instance.pk).update(
            search_vector=(
                SearchVector('name', weight='A', config='english') +
                SearchVector('manufacturer__name', weight='A', config='english') +
                SearchVector('description', weight='B', config='english')
            )
        )
    @receiver(pre_save, sender=RideModel)
    def check_ride_model_manufacturer_change(sender, instance, **kwargs):
        """
        Track if ride model manufacturer is changing.
        Stores the old manufacturer on the instance for use in post_save signal.
        """
        if instance.pk:
            try:
                old_instance = RideModel.objects.get(pk=instance.pk)
                instance._old_manufacturer = old_instance.manufacturer
            except RideModel.DoesNotExist:
                instance._old_manufacturer = None
        else:
            instance._old_manufacturer = None
    # ==========================================
    # Ride Signals
    # ==========================================
    @receiver(post_save, sender=Ride)
    def update_ride_search_vector(sender, instance, created, **kwargs):
        """
        Update search vector when ride is created or updated.
        Search vector includes:
        - name (weight A)
        - park__name (weight A)
        - manufacturer__name (weight B)
        - description (weight B)
        """
        Ride.objects.filter(pk=instance.pk).update(
            search_vector=(
                SearchVector('name', weight='A', config='english') +
                SearchVector('park__name', weight='A', config='english') +
                SearchVector('manufacturer__name', weight='B', config='english') +
                SearchVector('description', weight='B', config='english')
            )
        )
    @receiver(pre_save, sender=Ride)
    def check_ride_relationships_change(sender, instance, **kwargs):
        """
        Track if ride park or manufacturer are changing.
        Stores old values on the instance for use in post_save signal.
        """
        if instance.pk:
            try:
                old_instance = Ride.objects.get(pk=instance.pk)
                instance._old_park = old_instance.park
                instance._old_manufacturer = old_instance.manufacturer
            except Ride.DoesNotExist:
                instance._old_park = None
                instance._old_manufacturer = None
        else:
            instance._old_park = None
            instance._old_manufacturer = None
--- a/django/apps/entities/tasks.py
+++ b/django/apps/entities/tasks.py
@@ -1,354 +0,0 @@
 """
 Background tasks for entity statistics and maintenance.
 """
 import logging
 from celery import shared_task
 from django.db.models import Count, Q
 from django.utils import timezone
 logger = logging.getLogger(__name__)
@shared_task(bind=True, max_retries=2)
 def update_entity_statistics(self, entity_type, entity_id):
    """
    Update cached statistics for a specific entity.
    Args:
        entity_type: Type of entity ('park', 'ride', 'company', 'ridemodel')
        entity_id: ID of the entity
    Returns:
        dict: Updated statistics
    """
    from apps.entities.models import Park, Ride, Company, RideModel
    from apps.media.models import Photo
    from apps.moderation.models import ContentSubmission
    try:
        # Get the entity model
        model_map = {
            'park': Park,
            'ride': Ride,
            'company': Company,
            'ridemodel': RideModel,
        }
        model = model_map.get(entity_type.lower())
        if not model:
            raise ValueError(f"Invalid entity type: {entity_type}")
        entity = model.objects.get(id=entity_id)
        # Calculate statistics
        stats = {}
        # Photo count
        stats['photo_count'] = Photo.objects.filter(
            content_type__model=entity_type.lower(),
            object_id=entity_id,
            moderation_status='approved'
        ).count()
        # Submission count
        stats['submission_count'] = ContentSubmission.objects.filter(
            entity_type__model=entity_type.lower(),
            entity_id=entity_id
        ).count()
        # Entity-specific stats
        if entity_type.lower() == 'park':
            stats['ride_count'] = entity.rides.count()
        elif entity_type.lower() == 'company':
            stats['park_count'] = entity.parks.count()
            stats['ride_model_count'] = entity.ride_models.count()
        elif entity_type.lower() == 'ridemodel':
            stats['installation_count'] = entity.rides.count()
        logger.info(f"Updated statistics for {entity_type} {entity_id}: {stats}")
        return stats
    except Exception as exc:
        logger.error(f"Error updating statistics for {entity_type} {entity_id}: {str(exc)}")
        raise self.retry(exc=exc, countdown=300)
@shared_task(bind=True, max_retries=2)
 def update_all_statistics(self):
    """
    Update cached statistics for all entities.
    This task runs periodically (e.g., every 6 hours) to ensure
    all entity statistics are up to date.
    Returns:
        dict: Update summary
    """
    from apps.entities.models import Park, Ride, Company, RideModel
    try:
        summary = {
            'parks_updated': 0,
            'rides_updated': 0,
            'companies_updated': 0,
            'ride_models_updated': 0,
        }
        # Update parks
        for park in Park.objects.all():
            try:
                update_entity_statistics.delay('park', park.id)
                summary['parks_updated'] += 1
            except Exception as e:
                logger.error(f"Failed to queue update for park {park.id}: {str(e)}")
        # Update rides
        for ride in Ride.objects.all():
            try:
                update_entity_statistics.delay('ride', ride.id)
                summary['rides_updated'] += 1
            except Exception as e:
                logger.error(f"Failed to queue update for ride {ride.id}: {str(e)}")
        # Update companies
        for company in Company.objects.all():
            try:
                update_entity_statistics.delay('company', company.id)
                summary['companies_updated'] += 1
            except Exception as e:
                logger.error(f"Failed to queue update for company {company.id}: {str(e)}")
        # Update ride models
        for ride_model in RideModel.objects.all():
            try:
                update_entity_statistics.delay('ridemodel', ride_model.id)
                summary['ride_models_updated'] += 1
            except Exception as e:
                logger.error(f"Failed to queue update for ride model {ride_model.id}: {str(e)}")
        logger.info(f"Statistics update queued: {summary}")
        return summary
    except Exception as exc:
        logger.error(f"Error updating all statistics: {str(exc)}")
        raise self.retry(exc=exc, countdown=300)
@shared_task
 def generate_entity_report(entity_type, entity_id):
    """
    Generate a detailed report for an entity.
    This can be used for admin dashboards, analytics, etc.
    Args:
        entity_type: Type of entity
        entity_id: ID of the entity
    Returns:
        dict: Detailed report
    """
    from apps.entities.models import Park, Ride, Company, RideModel
    from apps.media.models import Photo
    from apps.moderation.models import ContentSubmission
    from apps.versioning.models import EntityVersion
    try:
        model_map = {
            'park': Park,
            'ride': Ride,
            'company': Company,
            'ridemodel': RideModel,
        }
        model = model_map.get(entity_type.lower())
        if not model:
            raise ValueError(f"Invalid entity type: {entity_type}")
        entity = model.objects.get(id=entity_id)
        report = {
            'entity': {
                'type': entity_type,
                'id': str(entity_id),
                'name': str(entity),
            },
            'photos': {
                'total': Photo.objects.filter(
                    content_type__model=entity_type.lower(),
                    object_id=entity_id
                ).count(),
                'approved': Photo.objects.filter(
                    content_type__model=entity_type.lower(),
                    object_id=entity_id,
                    moderation_status='approved'
                ).count(),
                'pending': Photo.objects.filter(
                    content_type__model=entity_type.lower(),
                    object_id=entity_id,
                    moderation_status='pending'
                ).count(),
            },
            'submissions': {
                'total': ContentSubmission.objects.filter(
                    entity_type__model=entity_type.lower(),
                    entity_id=entity_id
                ).count(),
                'approved': ContentSubmission.objects.filter(
                    entity_type__model=entity_type.lower(),
                    entity_id=entity_id,
                    status='approved'
                ).count(),
                'pending': ContentSubmission.objects.filter(
                    entity_type__model=entity_type.lower(),
                    entity_id=entity_id,
                    status='pending'
                ).count(),
            },
            'versions': EntityVersion.objects.filter(
                content_type__model=entity_type.lower(),
                object_id=entity_id
            ).count(),
        }
        logger.info(f"Generated report for {entity_type} {entity_id}")
        return report
    except Exception as e:
        logger.error(f"Error generating report: {str(e)}")
        raise
@shared_task(bind=True, max_retries=2)
 def cleanup_duplicate_entities(self):
    """
    Detect and flag potential duplicate entities.
    This helps maintain database quality by identifying
    entities that might be duplicates based on name similarity.
    Returns:
        dict: Duplicate detection results
    """
    from apps.entities.models import Park, Ride, Company, RideModel
    try:
        # This is a simplified implementation
        # In production, you'd want more sophisticated duplicate detection
        results = {
            'parks_flagged': 0,
            'rides_flagged': 0,
            'companies_flagged': 0,
        }
        logger.info(f"Duplicate detection completed: {results}")
        return results
    except Exception as exc:
        logger.error(f"Error detecting duplicates: {str(exc)}")
        raise self.retry(exc=exc, countdown=300)
@shared_task
 def calculate_global_statistics():
    """
    Calculate global statistics across all entities.
    Returns:
        dict: Global statistics
    """
    from apps.entities.models import Park, Ride, Company, RideModel
    from apps.media.models import Photo
    from apps.moderation.models import ContentSubmission
    from apps.users.models import User
    try:
        stats = {
            'entities': {
                'parks': Park.objects.count(),
                'rides': Ride.objects.count(),
                'companies': Company.objects.count(),
                'ride_models': RideModel.objects.count(),
            },
            'photos': {
                'total': Photo.objects.count(),
                'approved': Photo.objects.filter(moderation_status='approved').count(),
            },
            'submissions': {
                'total': ContentSubmission.objects.count(),
                'pending': ContentSubmission.objects.filter(status='pending').count(),
            },
            'users': {
                'total': User.objects.count(),
                'active': User.objects.filter(is_active=True).count(),
            },
            'timestamp': timezone.now().isoformat(),
        }
        logger.info(f"Global statistics calculated: {stats}")
        return stats
    except Exception as e:
        logger.error(f"Error calculating global statistics: {str(e)}")
        raise
@shared_task(bind=True, max_retries=2)
 def validate_entity_data(self, entity_type, entity_id):
    """
    Validate entity data integrity and flag issues.
    Args:
        entity_type: Type of entity
        entity_id: ID of the entity
    Returns:
        dict: Validation results
    """
    from apps.entities.models import Park, Ride, Company, RideModel
    try:
        model_map = {
            'park': Park,
            'ride': Ride,
            'company': Company,
            'ridemodel': RideModel,
        }
        model = model_map.get(entity_type.lower())
        if not model:
            raise ValueError(f"Invalid entity type: {entity_type}")
        entity = model.objects.get(id=entity_id)
        issues = []
        # Check for missing required fields
        if not entity.name or entity.name.strip() == '':
            issues.append('Missing or empty name')
        # Entity-specific validation
        if entity_type.lower() == 'park' and not entity.country:
            issues.append('Missing country')
        if entity_type.lower() == 'ride' and not entity.park:
            issues.append('Missing park association')
        result = {
            'entity': f"{entity_type} {entity_id}",
            'valid': len(issues) == 0,
            'issues': issues,
        }
        if issues:
            logger.warning(f"Validation issues for {entity_type} {entity_id}: {issues}")
        else:
            logger.info(f"Validation passed for {entity_type} {entity_id}")
        return result
    except Exception as exc:
        logger.error(f"Error validating {entity_type} {entity_id}: {str(exc)}")
        raise self.retry(exc=exc, countdown=300)
--- a/django/apps/media/init.py
+++ b/django/apps/media/init.py
--- a/django/apps/media/pycache/init.cpython-313.pyc
+++ b/django/apps/media/pycache/init.cpython-313.pyc
--- a/django/apps/media/pycache/admin.cpython-313.pyc
+++ b/django/apps/media/pycache/admin.cpython-313.pyc
--- a/django/apps/media/pycache/apps.cpython-313.pyc
+++ b/django/apps/media/pycache/apps.cpython-313.pyc
--- a/django/apps/media/pycache/models.cpython-313.pyc
+++ b/django/apps/media/pycache/models.cpython-313.pyc
--- a/django/apps/media/pycache/services.cpython-313.pyc
+++ b/django/apps/media/pycache/services.cpython-313.pyc
--- a/django/apps/media/pycache/validators.cpython-313.pyc
+++ b/django/apps/media/pycache/validators.cpython-313.pyc
--- a/django/apps/media/admin.py
+++ b/django/apps/media/admin.py
@@ -1,206 +0,0 @@
 """
 Django Admin configuration for media models.
 """
 from django.contrib import admin
 from django.contrib.contenttypes.admin import GenericTabularInline
 from django.utils.html import format_html
 from django.utils.safestring import mark_safe
 from django.db.models import Count, Q
 from .models import Photo
@admin.register(Photo)
 class PhotoAdmin(admin.ModelAdmin):
    """Admin interface for Photo model with enhanced features."""
    list_display = [
        'thumbnail_preview', 'title', 'photo_type', 'moderation_status',
        'entity_info', 'uploaded_by', 'dimensions', 'file_size_display', 'created'
    ]
    list_filter = [
        'moderation_status', 'is_approved', 'photo_type',
        'is_featured', 'is_public', 'created'
    ]
    search_fields = [
        'title', 'description', 'cloudflare_image_id',
        'uploaded_by__email', 'uploaded_by__username'
    ]
    readonly_fields = [
        'id', 'created', 'modified', 'content_type', 'object_id',
        'moderated_at'
    ]
    raw_id_fields = ['uploaded_by', 'moderated_by']
    fieldsets = (
        ('CloudFlare Image', {
            'fields': (
                'cloudflare_image_id', 'cloudflare_url',
                'cloudflare_thumbnail_url'
            )
        }),
        ('Metadata', {
            'fields': ('title', 'description', 'credit', 'photo_type')
        }),
        ('Associated Entity', {
            'fields': ('content_type', 'object_id')
        }),
        ('Upload Information', {
            'fields': ('uploaded_by',)
        }),
        ('Moderation', {
            'fields': (
                'moderation_status', 'is_approved',
                'moderated_by', 'moderated_at', 'moderation_notes'
            )
        }),
        ('Image Details', {
            'fields': ('width', 'height', 'file_size'),
            'classes': ('collapse',)
        }),
        ('Display Settings', {
            'fields': ('display_order', 'is_featured', 'is_public')
        }),
        ('System', {
            'fields': ('id', 'created', 'modified'),
            'classes': ('collapse',)
        }),
    )
    date_hierarchy = 'created'
    actions = ['approve_photos', 'reject_photos', 'flag_photos', 'make_featured', 'remove_featured']
    def get_queryset(self, request):
        """Optimize queryset with select_related."""
        qs = super().get_queryset(request)
        return qs.select_related(
            'uploaded_by', 'moderated_by', 'content_type'
        )
    def thumbnail_preview(self, obj):
        """Display thumbnail preview in list view."""
        if obj.cloudflare_url:
            # Use thumbnail variant for preview
            from apps.media.services import CloudFlareService
            cf = CloudFlareService()
            thumbnail_url = cf.get_image_url(obj.cloudflare_image_id, 'thumbnail')
            return format_html(
                '<img src="{}" style="width: 60px; height: 60px; object-fit: cover; border-radius: 4px;" />',
                thumbnail_url
            )
        return "-"
    thumbnail_preview.short_description = "Preview"
    def entity_info(self, obj):
        """Display entity information."""
        if obj.content_type and obj.object_id:
            entity = obj.content_object
            if entity:
                entity_type = obj.content_type.model
                entity_name = getattr(entity, 'name', str(entity))
                return format_html(
                    '<strong>{}</strong><br/><small>{}</small>',
                    entity_name,
                    entity_type.upper()
                )
        return format_html('<em style="color: #999;">Not attached</em>')
    entity_info.short_description = "Entity"
    def dimensions(self, obj):
        """Display image dimensions."""
        if obj.width and obj.height:
            return f"{obj.width}×{obj.height}"
        return "-"
    dimensions.short_description = "Size"
    def file_size_display(self, obj):
        """Display file size in human-readable format."""
        if obj.file_size:
            size_kb = obj.file_size / 1024
            if size_kb > 1024:
                return f"{size_kb / 1024:.1f} MB"
            return f"{size_kb:.1f} KB"
        return "-"
    file_size_display.short_description = "File Size"
    def changelist_view(self, request, extra_context=None):
        """Add statistics to changelist."""
        extra_context = extra_context or {}
        # Get photo statistics
        stats = Photo.objects.aggregate(
            total=Count('id'),
            pending=Count('id', filter=Q(moderation_status='pending')),
            approved=Count('id', filter=Q(moderation_status='approved')),
            rejected=Count('id', filter=Q(moderation_status='rejected')),
            flagged=Count('id', filter=Q(moderation_status='flagged')),
        )
        extra_context['photo_stats'] = stats
        return super().changelist_view(request, extra_context)
    def approve_photos(self, request, queryset):
        """Bulk approve selected photos."""
        count = 0
        for photo in queryset:
            photo.approve(moderator=request.user, notes='Bulk approved')
            count += 1
        self.message_user(request, f"{count} photo(s) approved successfully.")
    approve_photos.short_description = "Approve selected photos"
    def reject_photos(self, request, queryset):
        """Bulk reject selected photos."""
        count = 0
        for photo in queryset:
            photo.reject(moderator=request.user, notes='Bulk rejected')
            count += 1
        self.message_user(request, f"{count} photo(s) rejected.")
    reject_photos.short_description = "Reject selected photos"
    def flag_photos(self, request, queryset):
        """Bulk flag selected photos for review."""
        count = 0
        for photo in queryset:
            photo.flag(moderator=request.user, notes='Flagged for review')
            count += 1
        self.message_user(request, f"{count} photo(s) flagged for review.")
    flag_photos.short_description = "Flag selected photos"
    def make_featured(self, request, queryset):
        """Mark selected photos as featured."""
        count = queryset.update(is_featured=True)
        self.message_user(request, f"{count} photo(s) marked as featured.")
    make_featured.short_description = "Mark as featured"
    def remove_featured(self, request, queryset):
        """Remove featured status from selected photos."""
        count = queryset.update(is_featured=False)
        self.message_user(request, f"{count} photo(s) removed from featured.")
    remove_featured.short_description = "Remove featured status"
 # Inline admin for use in entity admin pages
 class PhotoInline(GenericTabularInline):
    """Inline admin for photos in entity pages."""
    model = Photo
    ct_field = 'content_type'
    ct_fk_field = 'object_id'
    extra = 0
    fields = ['thumbnail_preview', 'title', 'photo_type', 'moderation_status', 'display_order']
    readonly_fields = ['thumbnail_preview']
    can_delete = True
    def thumbnail_preview(self, obj):
        """Display thumbnail preview in inline."""
        if obj.cloudflare_url:
            from apps.media.services import CloudFlareService
            cf = CloudFlareService()
            thumbnail_url = cf.get_image_url(obj.cloudflare_image_id, 'thumbnail')
            return format_html(
                '<img src="{}" style="width: 40px; height: 40px; object-fit: cover; border-radius: 4px;" />',
                thumbnail_url
            )
        return "-"
    thumbnail_preview.short_description = "Preview"
--- a/django/apps/media/apps.py
+++ b/django/apps/media/apps.py
@@ -1,11 +0,0 @@
 """
 Media app configuration.
 """
 from django.apps import AppConfig
 class MediaConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'apps.media'
    verbose_name = 'Media'
--- a/django/apps/media/migrations/0001_initial.py
+++ b/django/apps/media/migrations/0001_initial.py
@@ -1,253 +0,0 @@
 # Generated by Django 4.2.8 on 2025-11-08 16:41
 from django.conf import settings
 from django.db import migrations, models
 import django.db.models.deletion
 import django.utils.timezone
 import django_lifecycle.mixins
 import model_utils.fields
 import uuid
 class Migration(migrations.Migration):
    initial = True
    dependencies = [
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
        ("contenttypes", "0002_remove_content_type_name"),
    ]
    operations = [
        migrations.CreateModel(
            name="Photo",
            fields=[
                (
                    "created",
                    model_utils.fields.AutoCreatedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="created",
                    ),
                ),
                (
                    "modified",
                    model_utils.fields.AutoLastModifiedField(
                        default=django.utils.timezone.now,
                        editable=False,
                        verbose_name="modified",
                    ),
                ),
                (
                    "id",
                    models.UUIDField(
                        default=uuid.uuid4,
                        editable=False,
                        primary_key=True,
                        serialize=False,
                    ),
                ),
                (
                    "cloudflare_image_id",
                    models.CharField(
                        db_index=True,
                        help_text="Unique CloudFlare image identifier",
                        max_length=255,
                        unique=True,
                    ),
                ),
                (
                    "cloudflare_url",
                    models.URLField(help_text="CloudFlare CDN URL for the image"),
                ),
                (
                    "cloudflare_thumbnail_url",
                    models.URLField(
                        blank=True,
                        help_text="CloudFlare thumbnail URL (if different from main URL)",
                    ),
                ),
                (
                    "title",
                    models.CharField(
                        blank=True, help_text="Photo title or caption", max_length=255
                    ),
                ),
                (
                    "description",
                    models.TextField(
                        blank=True, help_text="Photo description or details"
                    ),
                ),
                (
                    "credit",
                    models.CharField(
                        blank=True,
                        help_text="Photo credit/photographer name",
                        max_length=255,
                    ),
                ),
                (
                    "photo_type",
                    models.CharField(
                        choices=[
                            ("main", "Main Photo"),
                            ("gallery", "Gallery Photo"),
                            ("banner", "Banner Image"),
                            ("logo", "Logo"),
                            ("thumbnail", "Thumbnail"),
                            ("other", "Other"),
                        ],
                        db_index=True,
                        default="gallery",
                        help_text="Type of photo",
                        max_length=50,
                    ),
                ),
                (
                    "object_id",
                    models.UUIDField(
                        db_index=True,
                        help_text="ID of the entity this photo belongs to",
                    ),
                ),
                (
                    "moderation_status",
                    models.CharField(
                        choices=[
                            ("pending", "Pending Review"),
                            ("approved", "Approved"),
                            ("rejected", "Rejected"),
                            ("flagged", "Flagged"),
                        ],
                        db_index=True,
                        default="pending",
                        help_text="Moderation status",
                        max_length=50,
                    ),
                ),
                (
                    "is_approved",
                    models.BooleanField(
                        db_index=True,
                        default=False,
                        help_text="Quick filter for approved photos",
                    ),
                ),
                (
                    "moderated_at",
                    models.DateTimeField(
                        blank=True, help_text="When the photo was moderated", null=True
                    ),
                ),
                (
                    "moderation_notes",
                    models.TextField(blank=True, help_text="Notes from moderator"),
                ),
                (
                    "width",
                    models.IntegerField(
                        blank=True, help_text="Image width in pixels", null=True
                    ),
                ),
                (
                    "height",
                    models.IntegerField(
                        blank=True, help_text="Image height in pixels", null=True
                    ),
                ),
                (
                    "file_size",
                    models.IntegerField(
                        blank=True, help_text="File size in bytes", null=True
                    ),
                ),
                (
                    "display_order",
                    models.IntegerField(
                        db_index=True,
                        default=0,
                        help_text="Order for displaying in galleries (lower numbers first)",
                    ),
                ),
                (
                    "is_featured",
                    models.BooleanField(
                        db_index=True,
                        default=False,
                        help_text="Is this a featured photo?",
                    ),
                ),
                (
                    "is_public",
                    models.BooleanField(
                        db_index=True,
                        default=True,
                        help_text="Is this photo publicly visible?",
                    ),
                ),
                (
                    "content_type",
                    models.ForeignKey(
                        help_text="Type of entity this photo belongs to",
                        on_delete=django.db.models.deletion.CASCADE,
                        to="contenttypes.contenttype",
                    ),
                ),
                (
                    "moderated_by",
                    models.ForeignKey(
                        blank=True,
                        help_text="Moderator who approved/rejected this photo",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="moderated_photos",
                        to=settings.AUTH_USER_MODEL,
                    ),
                ),
                (
                    "uploaded_by",
                    models.ForeignKey(
                        blank=True,
                        help_text="User who uploaded this photo",
                        null=True,
                        on_delete=django.db.models.deletion.SET_NULL,
                        related_name="uploaded_photos",
                        to=settings.AUTH_USER_MODEL,
                    ),
                ),
            ],
            options={
                "verbose_name": "Photo",
                "verbose_name_plural": "Photos",
                "ordering": ["display_order", "-created"],
                "indexes": [
                    models.Index(
                        fields=["content_type", "object_id"],
                        name="media_photo_content_0187f5_idx",
                    ),
                    models.Index(
                        fields=["cloudflare_image_id"],
                        name="media_photo_cloudfl_63ac12_idx",
                    ),
                    models.Index(
                        fields=["moderation_status"],
                        name="media_photo_moderat_2033b1_idx",
                    ),
                    models.Index(
                        fields=["is_approved"], name="media_photo_is_appr_13ab34_idx"
                    ),
                    models.Index(
                        fields=["uploaded_by"], name="media_photo_uploade_220d3a_idx"
                    ),
                    models.Index(
                        fields=["photo_type"], name="media_photo_photo_t_b387e7_idx"
                    ),
                    models.Index(
                        fields=["display_order"], name="media_photo_display_04e358_idx"
                    ),
                ],
            },
            bases=(django_lifecycle.mixins.LifecycleModelMixin, models.Model),
        ),
    ]
--- a/django/apps/media/migrations/init.py
+++ b/django/apps/media/migrations/init.py
--- a/django/apps/media/migrations/pycache/0001_initial.cpython-313.pyc
+++ b/django/apps/media/migrations/pycache/0001_initial.cpython-313.pyc
--- a/django/apps/media/migrations/pycache/init.cpython-313.pyc
+++ b/django/apps/media/migrations/pycache/init.cpython-313.pyc
--- a/django/apps/media/models.py
+++ b/django/apps/media/models.py
@@ -1,266 +0,0 @@
 """
 Media models for ThrillWiki Django backend.
 This module contains models for handling media content:
 - Photo: CloudFlare Images integration with generic relations
 """
 from django.db import models
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.contenttypes.models import ContentType
 from django_lifecycle import hook, AFTER_CREATE, AFTER_UPDATE, BEFORE_SAVE
 from apps.core.models import BaseModel
 class Photo(BaseModel):
    """
    Represents a photo stored in CloudFlare Images.
    Uses generic relations to attach to any entity (Park, Ride, Company, etc.)
    """
    PHOTO_TYPE_CHOICES = [
        ('main', 'Main Photo'),
        ('gallery', 'Gallery Photo'),
        ('banner', 'Banner Image'),
        ('logo', 'Logo'),
        ('thumbnail', 'Thumbnail'),
        ('other', 'Other'),
    ]
    MODERATION_STATUS_CHOICES = [
        ('pending', 'Pending Review'),
        ('approved', 'Approved'),
        ('rejected', 'Rejected'),
        ('flagged', 'Flagged'),
    ]
    # CloudFlare Image Integration
    cloudflare_image_id = models.CharField(
        max_length=255,
        unique=True,
        db_index=True,
        help_text="Unique CloudFlare image identifier"
    )
    cloudflare_url = models.URLField(
        help_text="CloudFlare CDN URL for the image"
    )
    cloudflare_thumbnail_url = models.URLField(
        blank=True,
        help_text="CloudFlare thumbnail URL (if different from main URL)"
    )
    # Metadata
    title = models.CharField(
        max_length=255,
        blank=True,
        help_text="Photo title or caption"
    )
    description = models.TextField(
        blank=True,
        help_text="Photo description or details"
    )
    credit = models.CharField(
        max_length=255,
        blank=True,
        help_text="Photo credit/photographer name"
    )
    # Photo Type
    photo_type = models.CharField(
        max_length=50,
        choices=PHOTO_TYPE_CHOICES,
        default='gallery',
        db_index=True,
        help_text="Type of photo"
    )
    # Generic relation to attach to any entity
    content_type = models.ForeignKey(
        ContentType,
        on_delete=models.CASCADE,
        help_text="Type of entity this photo belongs to"
    )
    object_id = models.UUIDField(
        db_index=True,
        help_text="ID of the entity this photo belongs to"
    )
    content_object = GenericForeignKey('content_type', 'object_id')
    # User who uploaded
    uploaded_by = models.ForeignKey(
        'users.User',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='uploaded_photos',
        help_text="User who uploaded this photo"
    )
    # Moderation
    moderation_status = models.CharField(
        max_length=50,
        choices=MODERATION_STATUS_CHOICES,
        default='pending',
        db_index=True,
        help_text="Moderation status"
    )
    is_approved = models.BooleanField(
        default=False,
        db_index=True,
        help_text="Quick filter for approved photos"
    )
    moderated_by = models.ForeignKey(
        'users.User',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='moderated_photos',
        help_text="Moderator who approved/rejected this photo"
    )
    moderated_at = models.DateTimeField(
        null=True,
        blank=True,
        help_text="When the photo was moderated"
    )
    moderation_notes = models.TextField(
        blank=True,
        help_text="Notes from moderator"
    )
    # Image Metadata
    width = models.IntegerField(
        null=True,
        blank=True,
        help_text="Image width in pixels"
    )
    height = models.IntegerField(
        null=True,
        blank=True,
        help_text="Image height in pixels"
    )
    file_size = models.IntegerField(
        null=True,
        blank=True,
        help_text="File size in bytes"
    )
    # Display Order
    display_order = models.IntegerField(
        default=0,
        db_index=True,
        help_text="Order for displaying in galleries (lower numbers first)"
    )
    # Visibility
    is_featured = models.BooleanField(
        default=False,
        db_index=True,
        help_text="Is this a featured photo?"
    )
    is_public = models.BooleanField(
        default=True,
        db_index=True,
        help_text="Is this photo publicly visible?"
    )
    class Meta:
        verbose_name = 'Photo'
        verbose_name_plural = 'Photos'
        ordering = ['display_order', '-created']
        indexes = [
            models.Index(fields=['content_type', 'object_id']),
            models.Index(fields=['cloudflare_image_id']),
            models.Index(fields=['moderation_status']),
            models.Index(fields=['is_approved']),
            models.Index(fields=['uploaded_by']),
            models.Index(fields=['photo_type']),
            models.Index(fields=['display_order']),
        ]
    def __str__(self):
        if self.title:
            return self.title
        return f"Photo {self.cloudflare_image_id[:8]}..."
    @hook(AFTER_UPDATE, when='moderation_status', was='pending', is_now='approved')
    def set_approved_flag_on_approval(self):
        """Set is_approved flag when status changes to approved."""
        self.is_approved = True
        self.save(update_fields=['is_approved'])
    @hook(AFTER_UPDATE, when='moderation_status', was='approved', is_not='approved')
    def clear_approved_flag_on_rejection(self):
        """Clear is_approved flag when status changes from approved."""
        self.is_approved = False
        self.save(update_fields=['is_approved'])
    def approve(self, moderator, notes=''):
        """Approve this photo."""
        from django.utils import timezone
        self.moderation_status = 'approved'
        self.is_approved = True
        self.moderated_by = moderator
        self.moderated_at = timezone.now()
        self.moderation_notes = notes
        self.save(update_fields=[
            'moderation_status',
            'is_approved',
            'moderated_by',
            'moderated_at',
            'moderation_notes'
        ])
    def reject(self, moderator, notes=''):
        """Reject this photo."""
        from django.utils import timezone
        self.moderation_status = 'rejected'
        self.is_approved = False
        self.moderated_by = moderator
        self.moderated_at = timezone.now()
        self.moderation_notes = notes
        self.save(update_fields=[
            'moderation_status',
            'is_approved',
            'moderated_by',
            'moderated_at',
            'moderation_notes'
        ])
    def flag(self, moderator, notes=''):
        """Flag this photo for review."""
        from django.utils import timezone
        self.moderation_status = 'flagged'
        self.is_approved = False
        self.moderated_by = moderator
        self.moderated_at = timezone.now()
        self.moderation_notes = notes
        self.save(update_fields=[
            'moderation_status',
            'is_approved',
            'moderated_by',
            'moderated_at',
            'moderation_notes'
        ])
 class PhotoManager(models.Manager):
    """Custom manager for Photo model."""
    def approved(self):
        """Return only approved photos."""
        return self.filter(is_approved=True)
    def pending(self):
        """Return only pending photos."""
        return self.filter(moderation_status='pending')
    def public(self):
        """Return only public, approved photos."""
        return self.filter(is_approved=True, is_public=True)
 # Add custom manager to Photo model
 Photo.add_to_class('objects', PhotoManager())
--- a/django/apps/media/services.py
+++ b/django/apps/media/services.py
@@ -1,492 +0,0 @@
 """
 Media services for photo upload, management, and CloudFlare Images integration.
 """
 import logging
 import mimetypes
 import os
 from io import BytesIO
 from typing import Optional, Dict, Any, List
 from django.conf import settings
 from django.contrib.contenttypes.models import ContentType
 from django.core.files.uploadedfile import InMemoryUploadedFile, TemporaryUploadedFile
 from django.db import transaction
 from django.db.models import Model
 import requests
 from PIL import Image
 from apps.media.models import Photo
 logger = logging.getLogger(__name__)
 class CloudFlareError(Exception):
    """Base exception for CloudFlare API errors."""
    pass
 class CloudFlareService:
    """
    Service for interacting with CloudFlare Images API.
    Provides image upload, deletion, and URL generation with automatic
    fallback to mock mode when CloudFlare credentials are not configured.
    """
    def __init__(self):
        self.account_id = settings.CLOUDFLARE_ACCOUNT_ID
        self.api_token = settings.CLOUDFLARE_IMAGE_TOKEN
        self.delivery_hash = settings.CLOUDFLARE_IMAGE_HASH
        # Enable mock mode if CloudFlare is not configured
        self.mock_mode = not all([self.account_id, self.api_token, self.delivery_hash])
        if self.mock_mode:
            logger.warning("CloudFlare Images not configured - using mock mode")
        self.base_url = f"https://api.cloudflare.com/client/v4/accounts/{self.account_id}/images/v1"
        self.headers = {"Authorization": f"Bearer {self.api_token}"}
    def upload_image(
        self,
        file: InMemoryUploadedFile | TemporaryUploadedFile,
        metadata: Optional[Dict[str, str]] = None
    ) -> Dict[str, Any]:
        """
        Upload an image to CloudFlare Images.
        Args:
            file: The uploaded file object
            metadata: Optional metadata dictionary
        Returns:
            Dict containing:
                - id: CloudFlare image ID
                - url: CDN URL for the image
                - variants: Available image variants
        Raises:
            CloudFlareError: If upload fails
        """
        if self.mock_mode:
            return self._mock_upload(file, metadata)
        try:
            # Prepare the file for upload
            file.seek(0)  # Reset file pointer
            # Prepare multipart form data
            files = {
                'file': (file.name, file.read(), file.content_type)
            }
            # Add metadata if provided
            data = {}
            if metadata:
                data['metadata'] = str(metadata)
            # Make API request
            response = requests.post(
                self.base_url,
                headers=self.headers,
                files=files,
                data=data,
                timeout=30
            )
            response.raise_for_status()
            result = response.json()
            if not result.get('success'):
                raise CloudFlareError(f"Upload failed: {result.get('errors', [])}")
            image_data = result['result']
            return {
                'id': image_data['id'],
                'url': self._get_cdn_url(image_data['id']),
                'variants': image_data.get('variants', []),
                'uploaded': image_data.get('uploaded'),
            }
        except requests.exceptions.RequestException as e:
            logger.error(f"CloudFlare upload failed: {str(e)}")
            raise CloudFlareError(f"Failed to upload image: {str(e)}")
    def delete_image(self, image_id: str) -> bool:
        """
        Delete an image from CloudFlare Images.
        Args:
            image_id: The CloudFlare image ID
        Returns:
            True if deletion was successful
        Raises:
            CloudFlareError: If deletion fails
        """
        if self.mock_mode:
            return self._mock_delete(image_id)
        try:
            url = f"{self.base_url}/{image_id}"
            response = requests.delete(
                url,
                headers=self.headers,
                timeout=30
            )
            response.raise_for_status()
            result = response.json()
            return result.get('success', False)
        except requests.exceptions.RequestException as e:
            logger.error(f"CloudFlare deletion failed: {str(e)}")
            raise CloudFlareError(f"Failed to delete image: {str(e)}")
    def get_image_url(self, image_id: str, variant: str = "public") -> str:
        """
        Generate a CloudFlare CDN URL for an image.
        Args:
            image_id: The CloudFlare image ID
            variant: Image variant (public, thumbnail, banner, etc.)
        Returns:
            CDN URL for the image
        """
        if self.mock_mode:
            return self._mock_url(image_id, variant)
        return self._get_cdn_url(image_id, variant)
    def get_image_variants(self, image_id: str) -> List[str]:
        """
        Get available variants for an image.
        Args:
            image_id: The CloudFlare image ID
        Returns:
            List of available variant names
        """
        if self.mock_mode:
            return ['public', 'thumbnail', 'banner']
        try:
            url = f"{self.base_url}/{image_id}"
            response = requests.get(
                url,
                headers=self.headers,
                timeout=30
            )
            response.raise_for_status()
            result = response.json()
            if result.get('success'):
                return list(result['result'].get('variants', []))
            return []
        except requests.exceptions.RequestException as e:
            logger.error(f"Failed to get variants: {str(e)}")
            return []
    def _get_cdn_url(self, image_id: str, variant: str = "public") -> str:
        """Generate CloudFlare CDN URL."""
        return f"https://imagedelivery.net/{self.delivery_hash}/{image_id}/{variant}"
    # Mock methods for development without CloudFlare
    def _mock_upload(self, file, metadata) -> Dict[str, Any]:
        """Mock upload for development."""
        import uuid
        mock_id = str(uuid.uuid4())
        logger.info(f"[MOCK] Uploaded image: {file.name} -> {mock_id}")
        return {
            'id': mock_id,
            'url': self._mock_url(mock_id),
            'variants': ['public', 'thumbnail', 'banner'],
            'uploaded': 'mock',
        }
    def _mock_delete(self, image_id: str) -> bool:
        """Mock deletion for development."""
        logger.info(f"[MOCK] Deleted image: {image_id}")
        return True
    def _mock_url(self, image_id: str, variant: str = "public") -> str:
        """Generate mock URL for development."""
        return f"https://placehold.co/800x600/png?text={image_id[:8]}"
 class PhotoService:
    """
    Service for managing Photo objects with CloudFlare integration.
    Handles photo creation, attachment to entities, moderation,
    and gallery management.
    """
    def __init__(self):
        self.cloudflare = CloudFlareService()
    def create_photo(
        self,
        file: InMemoryUploadedFile | TemporaryUploadedFile,
        user,
        entity: Optional[Model] = None,
        photo_type: str = "gallery",
        title: str = "",
        description: str = "",
        credit: str = "",
        is_visible: bool = True,
    ) -> Photo:
        """
        Create a new photo with CloudFlare upload.
        Args:
            file: Uploaded file object
            user: User uploading the photo
            entity: Optional entity to attach photo to
            photo_type: Type of photo (main, gallery, banner, etc.)
            title: Photo title
            description: Photo description
            credit: Photo credit/attribution
            is_visible: Whether photo is visible
        Returns:
            Created Photo instance
        Raises:
            ValidationError: If validation fails
            CloudFlareError: If upload fails
        """
        # Get image dimensions
        dimensions = self._get_image_dimensions(file)
        # Upload to CloudFlare
        upload_result = self.cloudflare.upload_image(
            file,
            metadata={
                'uploaded_by': str(user.id),
                'photo_type': photo_type,
            }
        )
        # Create Photo instance
        with transaction.atomic():
            photo = Photo.objects.create(
                cloudflare_image_id=upload_result['id'],
                cloudflare_url=upload_result['url'],
                uploaded_by=user,
                photo_type=photo_type,
                title=title or file.name,
                description=description,
                credit=credit,
                width=dimensions['width'],
                height=dimensions['height'],
                file_size=file.size,
                mime_type=file.content_type,
                is_visible=is_visible,
                moderation_status='pending',
            )
            # Attach to entity if provided
            if entity:
                self.attach_to_entity(photo, entity)
            logger.info(f"Photo created: {photo.id} by user {user.id}")
            # Trigger async post-processing
            try:
                from apps.media.tasks import process_uploaded_image
                process_uploaded_image.delay(photo.id)
            except Exception as e:
                # Don't fail the upload if async task fails to queue
                logger.warning(f"Failed to queue photo processing task: {str(e)}")
            return photo
    def attach_to_entity(self, photo: Photo, entity: Model) -> None:
        """
        Attach a photo to an entity.
        Args:
            photo: Photo instance
            entity: Entity to attach to (Park, Ride, Company, etc.)
        """
        content_type = ContentType.objects.get_for_model(entity)
        photo.content_type = content_type
        photo.object_id = entity.pk
        photo.save(update_fields=['content_type', 'object_id'])
        logger.info(f"Photo {photo.id} attached to {content_type.model} {entity.pk}")
    def detach_from_entity(self, photo: Photo) -> None:
        """
        Detach a photo from its entity.
        Args:
            photo: Photo instance
        """
        photo.content_type = None
        photo.object_id = None
        photo.save(update_fields=['content_type', 'object_id'])
        logger.info(f"Photo {photo.id} detached from entity")
    def moderate_photo(
        self,
        photo: Photo,
        status: str,
        moderator,
        notes: str = ""
    ) -> Photo:
        """
        Moderate a photo (approve/reject/flag).
        Args:
            photo: Photo instance
            status: New status (approved, rejected, flagged)
            moderator: User performing moderation
            notes: Moderation notes
        Returns:
            Updated Photo instance
        """
        with transaction.atomic():
            photo.moderation_status = status
            photo.moderated_by = moderator
            photo.moderation_notes = notes
            if status == 'approved':
                photo.approve()
            elif status == 'rejected':
                photo.reject()
            elif status == 'flagged':
                photo.flag()
            photo.save()
            logger.info(
                f"Photo {photo.id} moderated: {status} by user {moderator.id}"
            )
            return photo
    def reorder_photos(
        self,
        entity: Model,
        photo_ids: List[int],
        photo_type: Optional[str] = None
    ) -> None:
        """
        Reorder photos for an entity.
        Args:
            entity: Entity whose photos to reorder
            photo_ids: List of photo IDs in desired order
            photo_type: Optional photo type filter
        """
        content_type = ContentType.objects.get_for_model(entity)
        with transaction.atomic():
            for order, photo_id in enumerate(photo_ids):
                filters = {
                    'id': photo_id,
                    'content_type': content_type,
                    'object_id': entity.pk,
                }
                if photo_type:
                    filters['photo_type'] = photo_type
                Photo.objects.filter(**filters).update(display_order=order)
        logger.info(f"Reordered {len(photo_ids)} photos for {content_type.model} {entity.pk}")
    def get_entity_photos(
        self,
        entity: Model,
        photo_type: Optional[str] = None,
        approved_only: bool = True
    ) -> List[Photo]:
        """
        Get photos for an entity.
        Args:
            entity: Entity to get photos for
            photo_type: Optional photo type filter
            approved_only: Whether to return only approved photos
        Returns:
            List of Photo instances ordered by display_order
        """
        content_type = ContentType.objects.get_for_model(entity)
        queryset = Photo.objects.filter(
            content_type=content_type,
            object_id=entity.pk,
        )
        if photo_type:
            queryset = queryset.filter(photo_type=photo_type)
        if approved_only:
            queryset = queryset.approved()
        return list(queryset.order_by('display_order', '-created_at'))
    def delete_photo(self, photo: Photo, delete_from_cloudflare: bool = True) -> None:
        """
        Delete a photo.
        Args:
            photo: Photo instance to delete
            delete_from_cloudflare: Whether to also delete from CloudFlare
        """
        cloudflare_id = photo.cloudflare_image_id
        with transaction.atomic():
            photo.delete()
        # Delete from CloudFlare after DB deletion succeeds
        if delete_from_cloudflare and cloudflare_id:
            try:
                self.cloudflare.delete_image(cloudflare_id)
            except CloudFlareError as e:
                logger.error(f"Failed to delete from CloudFlare: {str(e)}")
                # Don't raise - photo is already deleted from DB
        logger.info(f"Photo deleted: {cloudflare_id}")
    def _get_image_dimensions(
        self,
        file: InMemoryUploadedFile | TemporaryUploadedFile
    ) -> Dict[str, int]:
        """
        Extract image dimensions from uploaded file.
        Args:
            file: Uploaded file object
        Returns:
            Dict with 'width' and 'height' keys
        """
        try:
            file.seek(0)
            image = Image.open(file)
            width, height = image.size
            file.seek(0)  # Reset for later use
            return {'width': width, 'height': height}
        except Exception as e:
            logger.warning(f"Failed to get image dimensions: {str(e)}")
            return {'width': 0, 'height': 0}
--- a/django/apps/media/tasks.py
+++ b/django/apps/media/tasks.py
@@ -1,219 +0,0 @@
 """
 Background tasks for media processing and management.
 """
 import logging
 from celery import shared_task
 from django.utils import timezone
 from datetime import timedelta
 logger = logging.getLogger(__name__)
@shared_task(bind=True, max_retries=3, default_retry_delay=60)
 def process_uploaded_image(self, photo_id):
    """
    Process an uploaded image asynchronously.
    This task runs after a photo is uploaded to perform additional
    processing like metadata extraction, validation, etc.
    Args:
        photo_id: ID of the Photo to process
    Returns:
        str: Processing result message
    """
    from apps.media.models import Photo
    try:
        photo = Photo.objects.get(id=photo_id)
        # Log processing start
        logger.info(f"Processing photo {photo_id}: {photo.title}")
        # Additional processing could include:
        # - Generating additional thumbnails
        # - Extracting EXIF data
        # - Running image quality checks
        # - Updating photo metadata
        # For now, just log that processing is complete
        logger.info(f"Photo {photo_id} processed successfully")
        return f"Photo {photo_id} processed successfully"
    except Photo.DoesNotExist:
        logger.error(f"Photo {photo_id} not found")
        raise
    except Exception as exc:
        logger.error(f"Error processing photo {photo_id}: {str(exc)}")
        # Retry with exponential backoff
        raise self.retry(exc=exc, countdown=60 * (2 ** self.request.retries))
@shared_task(bind=True, max_retries=2)
 def cleanup_rejected_photos(self, days_old=30):
    """
    Clean up photos that have been rejected for more than N days.
    This task runs periodically (e.g., weekly) to remove old rejected
    photos and free up storage space.
    Args:
        days_old: Number of days after rejection to delete (default: 30)
    Returns:
        dict: Cleanup statistics
    """
    from apps.media.models import Photo
    from apps.media.services import PhotoService
    try:
        cutoff_date = timezone.now() - timedelta(days=days_old)
        # Find rejected photos older than cutoff
        old_rejected = Photo.objects.filter(
            moderation_status='rejected',
            moderated_at__lt=cutoff_date
        )
        count = old_rejected.count()
        logger.info(f"Found {count} rejected photos to cleanup")
        # Delete each photo
        photo_service = PhotoService()
        deleted_count = 0
        for photo in old_rejected:
            try:
                photo_service.delete_photo(photo, delete_from_cloudflare=True)
                deleted_count += 1
            except Exception as e:
                logger.error(f"Failed to delete photo {photo.id}: {str(e)}")
                continue
        result = {
            'found': count,
            'deleted': deleted_count,
            'failed': count - deleted_count,
            'cutoff_date': cutoff_date.isoformat()
        }
        logger.info(f"Cleanup complete: {result}")
        return result
    except Exception as exc:
        logger.error(f"Error during photo cleanup: {str(exc)}")
        raise self.retry(exc=exc, countdown=300)  # Retry after 5 minutes
@shared_task(bind=True, max_retries=3)
 def generate_photo_thumbnails(self, photo_id, variants=None):
    """
    Generate thumbnails for a photo on demand.
    This can be used to regenerate thumbnails if the original
    is updated or if new variants are needed.
    Args:
        photo_id: ID of the Photo
        variants: List of variant names to generate (None = all)
    Returns:
        dict: Generated variants and their URLs
    """
    from apps.media.models import Photo
    from apps.media.services import CloudFlareService
    try:
        photo = Photo.objects.get(id=photo_id)
        cloudflare = CloudFlareService()
        if variants is None:
            variants = ['public', 'thumbnail', 'banner']
        result = {}
        for variant in variants:
            url = cloudflare.get_image_url(photo.cloudflare_image_id, variant)
            result[variant] = url
        logger.info(f"Generated thumbnails for photo {photo_id}: {variants}")
        return result
    except Photo.DoesNotExist:
        logger.error(f"Photo {photo_id} not found")
        raise
    except Exception as exc:
        logger.error(f"Error generating thumbnails for photo {photo_id}: {str(exc)}")
        raise self.retry(exc=exc, countdown=60 * (2 ** self.request.retries))
@shared_task(bind=True, max_retries=2)
 def cleanup_orphaned_cloudflare_images(self):
    """
    Clean up CloudFlare images that no longer have database records.
    This task helps prevent storage bloat by removing images that
    were uploaded but their database records were deleted.
    Returns:
        dict: Cleanup statistics
    """
    from apps.media.models import Photo
    from apps.media.services import CloudFlareService
    try:
        cloudflare = CloudFlareService()
        # In a real implementation, you would:
        # 1. Get list of all images from CloudFlare API
        # 2. Check which ones don't have Photo records
        # 3. Delete the orphaned images
        # For now, just log that the task ran
        logger.info("Orphaned image cleanup task completed (not implemented in mock mode)")
        return {
            'checked': 0,
            'orphaned': 0,
            'deleted': 0
        }
    except Exception as exc:
        logger.error(f"Error during orphaned image cleanup: {str(exc)}")
        raise self.retry(exc=exc, countdown=300)
@shared_task
 def update_photo_statistics():
    """
    Update photo-related statistics across the database.
    This task can update cached counts, generate reports, etc.
    Returns:
        dict: Updated statistics
    """
    from apps.media.models import Photo
    from django.db.models import Count
    try:
        stats = {
            'total_photos': Photo.objects.count(),
            'pending': Photo.objects.filter(moderation_status='pending').count(),
            'approved': Photo.objects.filter(moderation_status='approved').count(),
            'rejected': Photo.objects.filter(moderation_status='rejected').count(),
            'flagged': Photo.objects.filter(moderation_status='flagged').count(),
            'by_type': dict(
                Photo.objects.values('photo_type').annotate(count=Count('id'))
                .values_list('photo_type', 'count')
            )
        }
        logger.info(f"Photo statistics updated: {stats}")
        return stats
    except Exception as e:
        logger.error(f"Error updating photo statistics: {str(e)}")
        raise
--- a/django/apps/media/validators.py
+++ b/django/apps/media/validators.py
@@ -1,195 +0,0 @@
 """
 Validators for image uploads.
 """
 import magic
 from django.core.exceptions import ValidationError
 from django.core.files.uploadedfile import InMemoryUploadedFile, TemporaryUploadedFile
 from PIL import Image
 from typing import Optional
 # Allowed file types
 ALLOWED_MIME_TYPES = [
    'image/jpeg',
    'image/jpg',
    'image/png',
    'image/webp',
    'image/gif',
 ]
 ALLOWED_EXTENSIONS = ['.jpg', '.jpeg', '.png', '.webp', '.gif']
 # Size limits (in bytes)
 MAX_FILE_SIZE = 10 * 1024 * 1024  # 10 MB
 MIN_FILE_SIZE = 1024  # 1 KB
 # Dimension limits
 MIN_WIDTH = 100
 MIN_HEIGHT = 100
 MAX_WIDTH = 8000
 MAX_HEIGHT = 8000
 # Aspect ratio limits (for specific photo types)
 ASPECT_RATIO_LIMITS = {
    'banner': {'min': 2.0, 'max': 4.0},  # Wide banners
    'logo': {'min': 0.5, 'max': 2.0},     # Square-ish logos
 }
 def validate_image_file_type(file: InMemoryUploadedFile | TemporaryUploadedFile) -> None:
    """
    Validate that the uploaded file is an allowed image type.
    Uses python-magic to detect actual file type, not just extension.
    Args:
        file: The uploaded file object
    Raises:
        ValidationError: If file type is not allowed
    """
    # Check file extension
    file_ext = None
    if hasattr(file, 'name') and file.name:
        file_ext = '.' + file.name.split('.')[-1].lower()
        if file_ext not in ALLOWED_EXTENSIONS:
            raise ValidationError(
                f"File extension {file_ext} not allowed. "
                f"Allowed extensions: {', '.join(ALLOWED_EXTENSIONS)}"
            )
    # Check MIME type from content type
    if hasattr(file, 'content_type'):
        if file.content_type not in ALLOWED_MIME_TYPES:
            raise ValidationError(
                f"File type {file.content_type} not allowed. "
                f"Allowed types: {', '.join(ALLOWED_MIME_TYPES)}"
            )
    # Verify actual file content using python-magic
    try:
        file.seek(0)
        mime = magic.from_buffer(file.read(2048), mime=True)
        file.seek(0)
        if mime not in ALLOWED_MIME_TYPES:
            raise ValidationError(
                f"File content type {mime} does not match allowed types. "
                "File may be corrupted or incorrectly labeled."
            )
    except Exception as e:
        # If magic fails, we already validated content_type above
        pass
 def validate_image_file_size(file: InMemoryUploadedFile | TemporaryUploadedFile) -> None:
    """
    Validate that the file size is within allowed limits.
    Args:
        file: The uploaded file object
    Raises:
        ValidationError: If file size is not within limits
    """
    file_size = file.size
    if file_size < MIN_FILE_SIZE:
        raise ValidationError(
            f"File size is too small. Minimum: {MIN_FILE_SIZE / 1024:.0f} KB"
        )
    if file_size > MAX_FILE_SIZE:
        raise ValidationError(
            f"File size is too large. Maximum: {MAX_FILE_SIZE / (1024 * 1024):.0f} MB"
        )
 def validate_image_dimensions(
    file: InMemoryUploadedFile | TemporaryUploadedFile,
    photo_type: Optional[str] = None
 ) -> None:
    """
    Validate image dimensions and aspect ratio.
    Args:
        file: The uploaded file object
        photo_type: Optional photo type for specific validation
    Raises:
        ValidationError: If dimensions are not within limits
    """
    try:
        file.seek(0)
        image = Image.open(file)
        width, height = image.size
        file.seek(0)
    except Exception as e:
        raise ValidationError(f"Could not read image dimensions: {str(e)}")
    # Check minimum dimensions
    if width < MIN_WIDTH or height < MIN_HEIGHT:
        raise ValidationError(
            f"Image dimensions too small. Minimum: {MIN_WIDTH}x{MIN_HEIGHT}px, "
            f"got: {width}x{height}px"
        )
    # Check maximum dimensions
    if width > MAX_WIDTH or height > MAX_HEIGHT:
        raise ValidationError(
            f"Image dimensions too large. Maximum: {MAX_WIDTH}x{MAX_HEIGHT}px, "
            f"got: {width}x{height}px"
        )
    # Check aspect ratio for specific photo types
    if photo_type and photo_type in ASPECT_RATIO_LIMITS:
        aspect_ratio = width / height
        limits = ASPECT_RATIO_LIMITS[photo_type]
        if aspect_ratio < limits['min'] or aspect_ratio > limits['max']:
            raise ValidationError(
                f"Invalid aspect ratio for {photo_type}. "
                f"Expected ratio between {limits['min']:.2f} and {limits['max']:.2f}, "
                f"got: {aspect_ratio:.2f}"
            )
 def validate_image(
    file: InMemoryUploadedFile | TemporaryUploadedFile,
    photo_type: Optional[str] = None
 ) -> None:
    """
    Run all image validations.
    Args:
        file: The uploaded file object
        photo_type: Optional photo type for specific validation
    Raises:
        ValidationError: If any validation fails
    """
    validate_image_file_type(file)
    validate_image_file_size(file)
    validate_image_dimensions(file, photo_type)
 def validate_image_content_safety(file: InMemoryUploadedFile | TemporaryUploadedFile) -> None:
    """
    Placeholder for content safety validation.
    This could integrate with services like:
    - AWS Rekognition
    - Google Cloud Vision
    - Azure Content Moderator
    For now, this is a no-op but provides extension point.
    Args:
        file: The uploaded file object
    Raises:
        ValidationError: If content is deemed unsafe
    """
    # TODO: Integrate with content moderation API
    pass
--- a/django/apps/moderation/init.py
+++ b/django/apps/moderation/init.py
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
pacnpal	c0e4a4abf2	Merge pull request #15 from pacnpal/dev Dev	2025-11-12 13:28:51 -05:00
pacnpal	eab3ce3052	Delete django directory	2025-11-12 13:28:31 -05:00
gpt-engineer-app[bot]	7b93df8dfa	Add small doc comment Enhance a brief JSDoc in src/lib/utils.ts to verify minimal code change workflow with a harmless documentation update. X-Lovable-Edit-ID: edt-5d4e06f4-a087-42e0-80bb-a43139fa066b	2025-11-12 15:24:07 +00:00
gpt-engineer-app[bot]	87841dbacd	testing changes with virtual file cleanup	2025-11-12 15:24:06 +00:00
gpt-engineer-app[bot]	68384156ab	Fix selective-approval RPC params Update edge function to call process_approval_transaction with correct parameters: - remove p_trace_id and p_parent_span_id - add p_approval_mode: 'selective' and p_idempotency_key: idempotencyKey This aligns with database function signature and resolves 500 error. X-Lovable-Edit-ID: edt-6e45b77e-1d54-4173-af1a-dcbcd886645d	2025-11-12 15:12:31 +00:00
gpt-engineer-app[bot]	5cc5d3eab6	testing changes with virtual file cleanup	2025-11-12 15:12:30 +00:00
gpt-engineer-app[bot]	706e36c847	Add staggered expand animation Implement sequential delays for detailed view expansions: - Add staggerIndex prop support to DetailedViewCollapsible and apply per-item animation delays. - Pass item index in SubmissionItemsList when rendering detailed sections. - Ensure each detailed view expands with a 50ms incremental delay (up to a max) for a staggered effect. X-Lovable-Edit-ID: edt-6eb47d5c-853d-43ab-96a7-16a5cc006c30	2025-11-12 14:56:11 +00:00
gpt-engineer-app[bot]	a1beba6996	testing changes with virtual file cleanup	2025-11-12 14:56:11 +00:00
gpt-engineer-app[bot]	d7158756ef	Animate detailed view transitions Improve user experience by adding smooth animation transitions to expand/collapse of All Fields (Detailed View) sections, enhance collapsible base to support animation, and apply transitions to detailed view wrapper and chevron indicators. X-Lovable-Edit-ID: edt-9a567ba5-b52f-46b3-bdef-b847b9ba7963	2025-11-12 14:53:19 +00:00
gpt-engineer-app[bot]	3330a8fac9	testing changes with virtual file cleanup	2025-11-12 14:53:18 +00:00
gpt-engineer-app[bot]	c09a343d08	Add moderation_preferences column Adds a JSONB moderation_preferences column to user_preferences (with default '{}'), plus comment and GIN index, enabling per-user persistence of detailed view state and resolving TS errors. X-Lovable-Edit-ID: edt-b953d926-c053-45f2-b434-2b776f3d9569	2025-11-12 14:50:57 +00:00
gpt-engineer-app[bot]	9893567a30	testing changes with virtual file cleanup	2025-11-12 14:50:56 +00:00
gpt-engineer-app[bot]	771405961f	Add tooltip for expanded count Enhance persistence for moderator preferences - Add tooltip to moderation queue toggle showing number of items with detailed views expanded (based on global state, tooltip adapts to expanded/collapsed). - Persist expanded/collapsed state per moderator in the database instead of localStorage, integrating with user preferences and Supabase backend. X-Lovable-Edit-ID: edt-61e75a20-f83d-40b2-8bc4-b6ff40b23450	2025-11-12 14:45:07 +00:00
gpt-engineer-app[bot]	437e2b353c	testing changes with virtual file cleanup	2025-11-12 14:45:06 +00:00
gpt-engineer-app[bot]	44a713af62	Add global toggle for detailed views Implement a new global control in the moderation queue header to expand/collapse all "All Fields (Detailed View)" sections at once. This includes: - Integrating useDetailedViewState with a new header-level button in QueueFilters - Adding a button that toggles all detailed views and shows Expand/Collapse state - Ensuring the toggle updates all DetailedViewCollapsible instances via shared state - Keeping UI consistent with existing icons and styling X-Lovable-Edit-ID: edt-22d9eca7-0c70-44d8-865d-791ef884dfbd	2025-11-12 14:42:34 +00:00
gpt-engineer-app[bot]	46275e0f1e	testing changes with virtual file cleanup	2025-11-12 14:42:33 +00:00
pacnpal	7b2b6722f3	Merge pull request #14 from pacnpal/dev Merge pull request #13 from pacnpal/main	2025-11-10 10:13:41 -05:00