feat(billing): Implement DeleteTopupView with expiration and authorization checks ✨

2025-07-07 12:16:30 +00:00 · 2025-07-04 16:32:34 +05:00
parent 6568504f5b
commit 5db71edc2c
1 changed files with 30 additions and 0 deletions
--- a/billing/views.py
+++ b/billing/views.py
@ -367,3 +367,33 @@ class VerifyTopupPaymentAPIView(StaffEditorPermissionMixin, generics.UpdateAPIVi
                {"message": "Topup payment verification failed."},
                status=status.HTTP_400_BAD_REQUEST,
            )
+
+
+class DeleteTopupView(StaffEditorPermissionMixin, generics.DestroyAPIView):
+    queryset = Topup.objects.all()
+    serializer_class = TopupSerializer
+    lookup_field = "pk"
+
+    def delete(self, request, *args, **kwargs):
+        instance = self.get_object()
+        user = request.user
+        if instance.is_expired:
+            return Response(
+                {"message": "Expired topups cannot be deleted."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if (
+            instance.user != user
+            and getattr(user, "is_admin")
+            and not user.is_superuser
+        ):
+            return Response(
+                {"message": "You are not authorized to delete this topup."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        if instance.paid:
+            return Response(
+                {"message": "Paid topups cannot be deleted."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        return super().delete(request, *args, **kwargs)