feat(billing): Implement DeleteTopupView with expiration and authorization checks ✨

billing/views.py

@@ -367,3 +367,33 @@ class VerifyTopupPaymentAPIView(StaffEditorPermissionMixin, generics.UpdateAPIVi
                 {"message": "Topup payment verification failed."},
                 status=status.HTTP_400_BAD_REQUEST,
             )
+
+
+class DeleteTopupView(StaffEditorPermissionMixin, generics.DestroyAPIView):
+    queryset = Topup.objects.all()
+    serializer_class = TopupSerializer
+    lookup_field = "pk"
+
+    def delete(self, request, *args, **kwargs):
+        instance = self.get_object()
+        user = request.user
+        if instance.is_expired:
+            return Response(
+                {"message": "Expired topups cannot be deleted."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if (
+            instance.user != user
+            and getattr(user, "is_admin")
+            and not user.is_superuser
+        ):
+            return Response(
+                {"message": "You are not authorized to delete this topup."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        if instance.paid:
+            return Response(
+                {"message": "Paid topups cannot be deleted."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        return super().delete(request, *args, **kwargs)