From 5db71edc2cd67e4abbd1c1e1cc52d140611fed5c Mon Sep 17 00:00:00 2001
From: i701 <idhaan701@outlook.com>
Date: Fri, 4 Jul 2025 16:32:34 +0500
Subject: [PATCH] =?UTF-8?q?feat(billing):=20Implement=20DeleteTopupView=20?=
 =?UTF-8?q?with=20expiration=20and=20authorization=20checks=20=E2=9C=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 billing/views.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/billing/views.py b/billing/views.py
index 2ccb5e7..063f9cd 100644
--- a/billing/views.py
+++ b/billing/views.py
@@ -367,3 +367,33 @@ class VerifyTopupPaymentAPIView(StaffEditorPermissionMixin, generics.UpdateAPIVi
                 {"message": "Topup payment verification failed."},
                 status=status.HTTP_400_BAD_REQUEST,
             )
+
+
+class DeleteTopupView(StaffEditorPermissionMixin, generics.DestroyAPIView):
+    queryset = Topup.objects.all()
+    serializer_class = TopupSerializer
+    lookup_field = "pk"
+
+    def delete(self, request, *args, **kwargs):
+        instance = self.get_object()
+        user = request.user
+        if instance.is_expired:
+            return Response(
+                {"message": "Expired topups cannot be deleted."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if (
+            instance.user != user
+            and getattr(user, "is_admin")
+            and not user.is_superuser
+        ):
+            return Response(
+                {"message": "You are not authorized to delete this topup."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        if instance.paid:
+            return Response(
+                {"message": "Paid topups cannot be deleted."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        return super().delete(request, *args, **kwargs)