added order model and api files

Author: emelineniyogisubizo

.gitignore

@@ -8,3 +8,6 @@ __pycache__/
 env/
 __pycache__/
 env/
+env/
+__pycache__/
+*.pyc

api/serializers.py

@@ -1,22 +1,47 @@
 from rest_framework import serializers
-from orders.models import Order, WasteClaim
+from orders.models import Order, OrderItem, WasteClaim
+
+
+
+class OrderItemSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = OrderItem
+        fields = ['id', 'order', 'quantity', 'price']
+
+    def validate_quantity(self, value):
+        if value <= 0:
+            raise serializers.ValidationError("Quantity must be a positive integer.")
+        return value
 
 class OrderSerializer(serializers.ModelSerializer):
+    items = OrderItemSerializer(many=True, required=False, read_only=True)
+
     class Meta:
         model = Order
-        fields = [
-            'order_id', 'order_date', 'order_status', 'payment_status',
-            'total_amount', 'pin', 'created_at', 'updated_at'
-        ]
-        read_only_fields = ['order_id', 'pin', 'order_date', 'created_at', 'updated_at']
+        fields = ['order_id', 'order_date', 'order_status', 'payment_status', 'total_amount', 'pin', 'items']
+        read_only_fields = ['order_id', 'order_date', 'total_amount', 'pin'] 
+
+    def create(self, validated_data):
+        items_data = validated_data.pop('items', [])
+        order = Order.objects.create(total_amount=0, **validated_data)
+        for item_data in items_data:
+            OrderItem.objects.create(order=order, **item_data)
+        order.update_total_amount()
+        return order
+
+    def update(self, instance, validated_data):
+    
+        allowed = ['order_status', 'payment_status']
+        for field in list(validated_data.keys()):
+            if field not in allowed:
+                validated_data.pop(field)
+        for attr, value in validated_data.items():
+            setattr(instance, attr, value)
+        instance.save()
+        return instance
 
 class WasteClaimSerializer(serializers.ModelSerializer):
     class Meta:
         model = WasteClaim
-        fields = [
-            'waste_id', 'claim_status', 'claim_time', 'pickup_window_end',
-            'pin', 'created_at', 'updated_at'
-        ]
-        read_only_fields = ['waste_id', 'pin', 'claim_time', 'created_at', 'updated_at']
-
-
+        fields = '__all__'
+        read_only_fields = ['waste_id', 'pin', 'created_at', 'updated_at']

api/urls.py

@@ -1,9 +1,10 @@
 from django.urls import path, include
 from rest_framework.routers import DefaultRouter
-from .views import OrderViewSet, WasteClaimViewSet
+from .views import OrderViewSet, WasteClaimViewSet, OrderItemViewSet
 
 router = DefaultRouter()
 router.register(r'orders', OrderViewSet)
+router.register(r'item', OrderItemViewSet)
 router.register(r'wasteclaims', WasteClaimViewSet)
 
 urlpatterns = [

api/views.py

@@ -1,17 +1,51 @@
-from django.shortcuts import render
-from django.utils import timezone
 from rest_framework import viewsets
-from orders.models import Order, WasteClaim
-from .serializers import OrderSerializer, WasteClaimSerializer
+from rest_framework.permissions import AllowAny
+from rest_framework.permissions import IsAuthenticated
+from orders.models import Order, WasteClaim, OrderItem
+from .serializers import OrderSerializer, WasteClaimSerializer, OrderItemSerializer
+from orders.permissions import OrderPermission,WasteClaimPermission
+from django.utils import timezone
 
 class OrderViewSet(viewsets.ModelViewSet):
     queryset = Order.objects.all()
     serializer_class = OrderSerializer
+    permission_classes = [AllowAny]
+    http_method_names = ['get', 'post', 'put', 'patch', 'head', 'options']
+
+    # def get_queryset(self):
+    #     user = self.request.user
+        
+    #     if user.is_staff or getattr(user, 'role', None) == 'producer':
+    #         return Order.objects.all()
+     
+    #     return Order.objects.filter(user=user)
+
+    # def perform_create(self, serializer):
+    #     serializer.save(user=self.request.user)
+
 
+class OrderItemViewSet(viewsets.ModelViewSet):
+    queryset = OrderItem.objects.all()
+    serializer_class = OrderItemSerializer
+    permission_classes = [AllowAny]  
+    
+    def get_queryset(self):
+        order_id = self.request.query_params.get('order_id')
+        if order_id:
+            return self.queryset.filter(order_id=order_id)
+        return self.queryset
+
+
+    
+    
 class WasteClaimViewSet(viewsets.ModelViewSet):
     queryset = WasteClaim.objects.all()
     serializer_class = WasteClaimSerializer
+    permission_classes = [AllowAny]
+    http_method_names = ['get', 'post', 'put', 'patch', 'head', 'options']
 
     def perform_create(self, serializer):
         serializer.save(claim_time=timezone.now())
 
+
+

feedlink/settings.py

@@ -39,12 +39,18 @@
     'django.contrib.staticfiles',
     'orders',
     'rest_framework',
+    'rest_framework.authtoken',
 ]
 
-rest_FRAMEWORK ={
-    "DEFAULT_RENDERER_CLASSES": [
-        "rest_framework.renderers.JSONRenderer",
-    ]
+REST_FRAMEWORK = {
+    # 'DEFAULT_AUTHENTICATION_CLASSES': [
+    #     'rest_framework.authentication.TokenAuthentication',
+    #     # or 'rest_framework_simplejwt.authentication.JWTAuthentication' if using JWT
+    # ],
+    'DEFAULT_PERMISSION_CLASSES': [
+        # 'rest_framework.permissions.IsAuthenticated',
+        'rest_framework.permissions.AllowAny',
+    ],
 }
 
 MIDDLEWARE = [

orders/migrations/0004_orderitem.py

@@ -0,0 +1,25 @@
+# Generated by Django 5.2.6 on 2025-09-10 05:46
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('orders', '0003_alter_order_pin'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='OrderItem',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('quantity', models.PositiveIntegerField()),
+                ('price', models.DecimalField(decimal_places=2, max_digits=10)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('order', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='items', to='orders.order')),
+            ],
+        ),
+    ]

orders/models.py

@@ -17,7 +17,6 @@ class Order(models.Model):
 
     order_id = models.AutoField(primary_key=True)
     # user = models.ForeignKey(User, on_delete=models.CASCADE, related_name='orders')
-    # listing = models.ForeignKey(Inventory, on_delete=models.CASCADE)
     order_date = models.DateTimeField(default=timezone.now)
     order_status = models.CharField(max_length=10, choices=STATUS, default='pending')
     payment_status = models.CharField(max_length=10, choices=PAYMENT_STATUS, default='unpaid')
@@ -33,9 +32,34 @@ def save(self, *args, **kwargs):
                 pin = generate_pin()
             self.pin = pin
         super().save(*args, **kwargs)
+        self.update_total_amount()
+
+    def update_total_amount(self):
+        total = self.items.aggregate(
+            total=models.Sum(models.F('quantity') * models.F('price'), output_field=models.DecimalField())
+        )['total'] or 0
+        if self.total_amount != total:
+            self.total_amount = total
+            super().save(update_fields=['total_amount'])
+
+    def __str__(self):
+        return f"Order {self.order_id}"
+
+
+class OrderItem(models.Model):
+    order = models.ForeignKey(Order, on_delete=models.CASCADE, related_name='items')
+    # listing = models.ForeignKey(Inventory, on_delete=models.CASCADE)
+    quantity = models.PositiveIntegerField()
+    price = models.DecimalField(max_digits=10, decimal_places=2)  
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    def save(self, *args, **kwargs):
+        super().save(*args, **kwargs)
+        self.order.update_total_amount()
 
     def __str__(self):
-        return f"Order {self.order_id} "
+        return f"OrderItem {self.id} for Order {self.order.order_id}"
 
 class WasteClaim(models.Model):
     STATUS = [('pending', 'Pending'), ('collected', 'Collected')]

orders/permissions.py

@@ -0,0 +1,42 @@
+from rest_framework.permissions import BasePermission, SAFE_METHODS
+
+class OrderPermission(BasePermission):
+  
+    def has_permission(self, request, view):
+        user = request.user
+        if not user or not user.is_authenticated:
+            return False
+        if request.method in SAFE_METHODS:
+            return True  
+        if request.method == 'POST':
+            
+            is_buyer = not user.is_staff and getattr(user, 'role', None) != 'producer'
+            return is_buyer
+        if request.method in ['PUT', 'PATCH']:
+            return user.is_staff or getattr(user, 'role', None) == 'producer'
+        if request.method == 'DELETE':
+            return False  
+        return False
+
+    def has_object_permission(self, request, view, obj):
+        return self.has_permission(request, view)
+
+
+class WasteClaimPermission(BasePermission):
+  
+    def has_permission(self, request, view):
+        user = request.user
+        if not user or not user.is_authenticated:
+            return False
+        if request.method in SAFE_METHODS:
+            return True
+        if request.method == 'POST':
+            return getattr(user, 'role', None) == 'recycler'
+        if request.method in ['PUT', 'PATCH']:
+            return user.is_staff or getattr(user, 'role', None) == 'producer'
+        if request.method == 'DELETE':
+            return False
+        return False
+
+    def has_object_permission(self, request, view, obj):
+        return self.has_permission(request, view)