feat: Add blog, media, and support apps, implement ride credits and image API, and remove toplist feature.

backend/apps/support/views.py

@@ -0,0 +1,32 @@
+from rest_framework import viewsets, permissions, filters
+from django_filters.rest_framework import DjangoFilterBackend
+from .models import Ticket
+from .serializers import TicketSerializer
+
+class TicketViewSet(viewsets.ModelViewSet):
+    """
+    Standard users/guests can CREATE.
+    Only Staff can LIST/RETRIEVE/UPDATE all.
+    Users can LIST/RETRIEVE their own.
+    """
+    queryset = Ticket.objects.all()
+    serializer_class = TicketSerializer
+    permission_classes = [permissions.AllowAny] # We handle granular perms in get_queryset/perform_create
+    filter_backends = [DjangoFilterBackend, filters.OrderingFilter]
+    filterset_fields = ["status"]
+    ordering_fields = ["created_at", "status"]
+    ordering = ["-created_at"]
+
+    def get_queryset(self):
+        user = self.request.user
+        if user.is_staff:
+            return Ticket.objects.all()
+        if user.is_authenticated:
+            return Ticket.objects.filter(user=user)
+        return Ticket.objects.none() # Guests can't list tickets
+
+    def perform_create(self, serializer):
+        if self.request.user.is_authenticated:
+            serializer.save(user=self.request.user, email=self.request.user.email)
+        else:
+            serializer.save()