feat(loyalty): attribute transactions to the acting POS tablet

Adds acting_terminal_device_id to loyalty_transactions so the audit log can distinguish between operations performed via the web terminal (human user JWT) and operations performed via a paired tablet (device JWT). The principal-of-record stays the pairing user — existing reports keep working — and this column adds "which tablet did it" alongside. Threaded through every store-API endpoint that creates a transaction (stamp add/redeem/void, points earn/redeem/void/adjust, enrollment + welcome bonus, card deactivate/reactivate). The route reads current_user.terminal_device_id, which the bearer-auth dep populates when a device JWT is presented. User-token requests leave the column NULL, as covered by the new test. Bulk admin operations (GDPR anonymization, bulk deactivate) and Celery tasks (point expiration) are not threaded — they always come from a human admin or the scheduler, never a tablet. - Migration loyalty_011 + LoyaltyTransaction.acting_terminal_device_id - 9 service signatures gain the optional kwarg - 8 store-API routes pass it through - Integration tests: device JWT populates the column, user JWT leaves it NULL Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 21:04:56 +02:00
parent c267452dc6
commit d99633345f
7 changed files with 182 additions and 2 deletions
--- a/app/modules/loyalty/migrations/versions/loyalty_011_add_acting_terminal_device.py
+++ b/app/modules/loyalty/migrations/versions/loyalty_011_add_acting_terminal_device.py
@@ -0,0 +1,51 @@
+"""loyalty 011 - add acting_terminal_device_id to loyalty_transactions
+
+Lets the audit log distinguish between actions a human user performed
+directly via the web terminal and actions a paired POS tablet
+performed via its device JWT. The principal-of-record stays the
+pairing user (so existing reports keep working); this column adds
+"which tablet did it" alongside.
+
+Revision ID: loyalty_011
+Revises: loyalty_010
+Create Date: 2026-05-05
+"""
+import sqlalchemy as sa
+
+from alembic import op
+
+revision = "loyalty_011"
+down_revision = "loyalty_010"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.add_column(
+        "loyalty_transactions",
+        sa.Column(
+            "acting_terminal_device_id",
+            sa.Integer(),
+            sa.ForeignKey(
+                "loyalty_terminal_devices.id", ondelete="SET NULL"
+            ),
+            nullable=True,
+            comment=(
+                "Paired POS terminal device that performed this transaction "
+                "(NULL when the action came from a human user via the web)"
+            ),
+        ),
+    )
+    op.create_index(
+        "ix_loyalty_transactions_acting_terminal_device_id",
+        "loyalty_transactions",
+        ["acting_terminal_device_id"],
+    )
+
+
+def downgrade() -> None:
+    op.drop_index(
+        "ix_loyalty_transactions_acting_terminal_device_id",
+        table_name="loyalty_transactions",
+    )
+    op.drop_column("loyalty_transactions", "acting_terminal_device_id")