feat: Implement MFA authentication, add ride statistics model, and update various services, APIs, and tests across the application.

2025-12-30 08:27:00 -05:00 · 2025-12-28 17:32:53 -05:00
parent aa56c46c27
commit c95f99ca10
452 changed files with 7948 additions and 6073 deletions
--- a/backend/apps/moderation/permissions.py
+++ b/backend/apps/moderation/permissions.py
@@ -9,9 +9,11 @@ the permission to an FSM guard function, enabling alignment between API
 permissions and FSM transition checks.
 """

-from typing import Callable, Any, Optional
-from rest_framework import permissions
+from collections.abc import Callable
+from typing import Any
+
 from django.contrib.auth import get_user_model
+from rest_framework import permissions

 User = get_user_model()

@@ -35,7 +37,7 @@ class PermissionGuardAdapter:
    def __init__(
        self,
        permission_class: type,
-        error_message: Optional[str] = None,
+        error_message: str | None = None,
    ):
        """
        Initialize the guard adapter.
@@ -46,10 +48,10 @@ class PermissionGuardAdapter:
        """
        self.permission_class = permission_class
        self._custom_error_message = error_message
-        self._last_error_code: Optional[str] = None
+        self._last_error_code: str | None = None

    @property
-    def error_code(self) -> Optional[str]:
+    def error_code(self) -> str | None:
        """Return the error code from the last failed check."""
        return self._last_error_code

@@ -118,7 +120,7 @@ class GuardMixin:
    """

    @classmethod
-    def as_guard(cls, error_message: Optional[str] = None) -> Callable:
+    def as_guard(cls, error_message: str | None = None) -> Callable:
        """
        Convert this permission class to an FSM guard function.

@@ -443,9 +445,7 @@ class CanManageUserRestrictions(GuardMixin, permissions.BasePermission):
        # Admins can manage most restrictions
        if user_role == "ADMIN":
            # Admins cannot create permanent bans
-            if action_type == "USER_BAN" and request.data.get("duration_hours") is None:
-                return False
-            return True
+            return not (action_type == "USER_BAN" and request.data.get("duration_hours") is None)

        # Moderators can only manage basic restrictions
        if user_role == "MODERATOR":