Merge pull request #13 from mohamad-liyaghi/customer-orders

Customer Orders

Author: mohamad-liyaghi

apps/orders/exceptions.py

@@ -1,2 +1,6 @@
 class EmptyCartException(Exception):
     pass
+
+
+class InsufficientBalanceException(Exception):
+    pass

apps/orders/migrations/0004_alter_orderitem_order.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.0.7 on 2024-08-08 09:31
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("orders", "0003_order_is_removed_from_balance"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="orderitem",
+            name="order",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="items",
+                to="orders.order",
+            ),
+        ),
+    ]

apps/orders/models.py

@@ -2,9 +2,9 @@
 from django.core.cache import cache
 from decouple import config
 from django.conf import settings
-from django.db.models import QuerySet, F
+from django.db.models import QuerySet
 from uuid import uuid4
-from orders.exceptions import EmptyCartException
+from orders.exceptions import EmptyCartException, InsufficientBalanceException
 from orders.enums import OrderStatus
 from restaurants.models import Restaurant
 from products.models import Product
@@ -25,6 +25,8 @@ def __str__(self):
 
     def save(self, *args, **kwargs):
         if self.status == OrderStatus.PROCESSING and not self.is_removed_from_balance:
+            if self.user.balance < self.total_price:
+                raise InsufficientBalanceException
             self.user.balance -= self.total_price
             self.user.save()
         return super().save(*args, **kwargs)
@@ -74,7 +76,7 @@ def create_order(cls, user: settings.AUTH_USER_MODEL, cart: dict) -> QuerySet:
 
 
 class OrderItem(models.Model):
-    order = models.ForeignKey(Order, on_delete=models.CASCADE)
+    order = models.ForeignKey(Order, on_delete=models.CASCADE, related_name="items")
     product = models.ForeignKey(Product, on_delete=models.CASCADE)
     quantity = models.PositiveIntegerField()
     price = models.DecimalField(max_digits=10, decimal_places=2)

apps/orders/serializers.py

@@ -0,0 +1,40 @@
+from rest_framework import serializers
+from carts.services import CartService
+from orders.exceptions import EmptyCartException
+from products.serializers import ProductSerializer
+from users.serializers import UserProfileSerializer
+from restaurants.serializers import RestaurantSerializer
+from .models import Order, OrderItem
+
+
+class OrderItemSerializer(serializers.ModelSerializer):
+    product = ProductSerializer()
+
+    class Meta:
+        model = OrderItem
+        fields = ("product", "quantity", "price")
+
+
+class OrderSerializer(serializers.ModelSerializer):
+    items = OrderItemSerializer(many=True, read_only=True)
+    user = UserProfileSerializer(read_only=True)
+    restaurant = RestaurantSerializer(read_only=True)
+
+    class Meta:
+        model = Order
+        fields = ("user", "restaurant", "get_status_display", "total_price", "items")
+        read_only_fields = (
+            "user",
+            "restaurant",
+            "get_status_display",
+            "total_price",
+            "items",
+        )
+
+    def create(self, validated_data):
+        user = self.context["user"]
+        cart = CartService.get_items(user)
+        try:
+            return Order.create_order(user, cart)
+        except EmptyCartException:
+            raise serializers.ValidationError("Cart is empty")

apps/orders/tests/test_views/__init__.py

@@ -0,0 +1,39 @@
+import pytest
+from django.urls import reverse
+from rest_framework import status
+from orders.enums import OrderStatus
+
+
+@pytest.mark.django_db
+class TestOrderCancelView:
+    @pytest.fixture(autouse=True)
+    def setup_method(self, user, api_client, pending_order):
+        self.url = reverse("orders:customer-cancel", kwargs={"uuid": pending_order.uuid})
+        self.client = api_client
+        self.user = user
+        self.order = pending_order
+
+    def test_cancel_unauthorized_fails(self):
+        response = self.client.delete(self.url)
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    def test_cancel_by_another_user_fails(self, another_user):
+        self.client.force_authenticate(another_user)
+        response = self.client.delete(self.url)
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    def test_cancel_for_paid_order_fails(self, shipped_order):
+        self.client.force_authenticate(self.user)
+        response = self.client.delete(
+            reverse("orders:customer-cancel", kwargs={"uuid": shipped_order.uuid}),
+        )
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    def test_update_with_valid_data_succeeds(self):
+        self.client.force_authenticate(self.user)
+        response = self.client.delete(self.url)
+        assert response.status_code == status.HTTP_204_NO_CONTENT
+        self.order.refresh_from_db()
+        assert self.order.status == OrderStatus.CANCELLED
+        self.order.status = OrderStatus.PENDING_PAYMENT
+        self.order.save()

apps/orders/tests/test_views/test_customer/__init__.py

@@ -0,0 +1,30 @@
+import pytest
+from django.urls import reverse
+from rest_framework import status
+from carts.services import CartService
+
+
+@pytest.mark.django_db
+class TestOrderCreateView:
+    @pytest.fixture(autouse=True)
+    def setup(self, api_client, user):
+        self.url = reverse("orders:customer-list-create")
+        self.client = api_client
+        self.user = user
+        self.data = {}
+
+    def test_create_unauthorized_fails(self):
+        response = self.client.post(self.url, self.data)
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    def test_create_with_empty_cart_fails(self):
+        self.client.force_authenticate(self.user)
+        response = self.client.post(self.url, self.data)
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+        assert response.json() == ["Cart is empty"]
+
+    def test_create_with_items_succeeds(self, available_drink_product):
+        CartService.add_item(self.user, available_drink_product, 2)
+        self.client.force_authenticate(self.user)
+        response = self.client.post(self.url, self.data)
+        assert response.status_code == status.HTTP_201_CREATED

apps/orders/tests/test_views/test_customer/test_cancel.py

@@ -0,0 +1,21 @@
+import pytest
+from django.urls import reverse
+from rest_framework import status
+
+
+@pytest.mark.django_db
+class TestOrderListView:
+    @pytest.fixture(autouse=True)
+    def setup(self, api_client, user):
+        self.url = reverse("orders:customer-list-create")
+        self.client = api_client
+        self.user = user
+
+    def test_get_unauthorized_fails(self):
+        response = self.client.get(self.url)
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    def test_get_by_user_succeeds(self):
+        self.client.force_authenticate(self.user)
+        response = self.client.get(self.url)
+        assert response.status_code == status.HTTP_200_OK

apps/orders/tests/test_views/test_customer/test_create.py

@@ -0,0 +1,41 @@
+import pytest
+from django.urls import reverse
+from rest_framework import status
+from orders.enums import OrderStatus
+
+
+@pytest.mark.django_db
+class TestOrderPayView:
+    @pytest.fixture(autouse=True)
+    def setup_method(self, user, api_client, pending_order):
+        self.url = reverse("orders:customer-pay", kwargs={"uuid": pending_order.uuid})
+        self.client = api_client
+        self.user = user
+        self.order = pending_order
+        self.data = {}
+
+    def test_pay_unauthorized_fails(self):
+        response = self.client.post(self.url, self.data)
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    def test_pay_by_another_user_fails(self, another_user):
+        self.client.force_authenticate(another_user)
+        response = self.client.post(self.url, self.data)
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    def test_pay_for_paid_order_fails(self, shipped_order):
+        self.client.force_authenticate(self.user)
+        response = self.client.post(
+            reverse("orders:customer-pay", kwargs={"uuid": shipped_order.uuid}),
+            self.data,
+        )
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    def test_update_with_valid_data_succeeds(self):
+        self.client.force_authenticate(self.user)
+        response = self.client.post(self.url, self.data)
+        assert response.status_code == status.HTTP_200_OK
+        self.order.refresh_from_db()
+        assert self.order.status == OrderStatus.PROCESSING
+        self.order.status = OrderStatus.PENDING_PAYMENT
+        self.order.save()

apps/orders/tests/test_views/test_customer/test_list.py

@@ -1,9 +1,14 @@
 from django.urls import path, include
+from orders.views.customer import OrderListCreateView, OrderPayView, OrderCancelView
 
 app_name = "orders"
 
 VENDOR_URLS = []
-CUSTOMER_URLS = []
+CUSTOMER_URLS = [
+    path("", OrderListCreateView.as_view(), name="customer-list-create"),
+    path("<uuid:uuid>/pay/", OrderPayView.as_view(), name="customer-pay"),
+    path("<uuid:uuid>/cancel/", OrderCancelView.as_view(), name="customer-cancel"),
+]
 
 urlpatterns = [
     path("vendor/", include(VENDOR_URLS)),

apps/orders/tests/test_views/test_customer/test_pay.py

@@ -0,0 +1,114 @@
+from django.shortcuts import get_object_or_404
+from rest_framework.generics import ListCreateAPIView
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import status
+from drf_spectacular.utils import extend_schema_view, OpenApiResponse, extend_schema
+from orders.enums import OrderStatus
+from orders.exceptions import InsufficientBalanceException
+from orders.models import Order
+from orders.serializers import OrderSerializer
+
+
+@extend_schema_view(
+    get=extend_schema(
+        summary="List of a users orders",
+        description="List all orders for",
+        responses={
+            200: OrderSerializer(many=True),
+            403: OpenApiResponse(description="Unauthorized"),
+        },
+        tags=["Customer Orders"],
+    ),
+    post=extend_schema(
+        summary="Create an order",
+        description="Create an order for the user",
+        responses={
+            201: OrderSerializer(),
+            400: OpenApiResponse(description="Bad Request"),
+            403: OpenApiResponse(description="Unauthorized"),
+        },
+        tags=["Customer Orders"],
+    ),
+)
+class OrderListCreateView(ListCreateAPIView):
+    permission_classes = (IsAuthenticated,)
+    serializer_class = OrderSerializer
+
+    def get_queryset(self):
+        return (
+            Order.objects.select_related("restaurant", "user")
+            .prefetch_related("items", "items__product")
+            .filter(user=self.request.user)
+            .order_by("-created_at")
+        )
+
+    def get_serializer_context(self):
+        context = super().get_serializer_context()
+        context["user"] = self.request.user
+        return context
+
+
+@extend_schema_view(
+    post=extend_schema(
+        summary="Pay for an order",
+        description="Pay for an order",
+        responses={
+            200: OrderSerializer(),
+            400: OpenApiResponse(description="Bad Request"),
+            403: OpenApiResponse(description="Unauthorized"),
+        },
+        tags=["Customer Orders"],
+    ),
+)
+class OrderPayView(APIView):
+    permission_classes = (IsAuthenticated,)
+
+    def get_object(self):
+        return get_object_or_404(
+            Order,
+            uuid=self.kwargs["uuid"],
+            user=self.request.user,
+            status=OrderStatus.PENDING_PAYMENT,
+        )
+
+    def post(self, request, *args, **kwargs):
+        order = self.get_object()
+        try:
+            order.status = OrderStatus.PROCESSING
+            order.save()
+            return Response({"message": "Order is being processed"}, status=status.HTTP_200_OK)
+
+        except InsufficientBalanceException:
+            return Response({"error": "Insufficient balance"}, status=status.HTTP_400_BAD_REQUEST)
+
+
+@extend_schema_view(
+    delete=extend_schema(
+        summary="Cancel an order",
+        description="Cancel an order",
+        responses={
+            204: OpenApiResponse(description="Cancelled"),
+            400: OpenApiResponse(description="Bad Request"),
+            403: OpenApiResponse(description="Unauthorized"),
+        },
+        tags=["Customer Orders"],
+    ),
+)
+class OrderCancelView(APIView):
+    permission_classes = (IsAuthenticated,)
+
+    def get_object(self):
+        return get_object_or_404(
+            Order,
+            uuid=self.kwargs["uuid"],
+            user=self.request.user,
+            status=OrderStatus.PENDING_PAYMENT,
+        )
+
+    def delete(self, request, *args, **kwargs):
+        order = self.get_object()
+        order.status = OrderStatus.CANCELLED
+        order.save()
+        return Response({"message": "Order has been cancelled"}, status=status.HTTP_204_NO_CONTENT)

apps/orders/urls.py

@@ -2,7 +2,7 @@
 from rest_framework.permissions import IsAuthenticated
 from drf_spectacular.utils import extend_schema_view, OpenApiResponse, extend_schema
 from transactions.models import Transaction
-from transactions.enums import TransactionStatus, TransactionType
+from transactions.enums import TransactionType
 from transactions.permissions import WithdrawalLimitPermission
 from transactions.serializers import WithdrawalSerializer