feat(loyalty): attribute transactions to the acting POS tablet

Adds acting_terminal_device_id to loyalty_transactions so the audit log can distinguish between operations performed via the web terminal (human user JWT) and operations performed via a paired tablet (device JWT). The principal-of-record stays the pairing user — existing reports keep working — and this column adds "which tablet did it" alongside. Threaded through every store-API endpoint that creates a transaction (stamp add/redeem/void, points earn/redeem/void/adjust, enrollment + welcome bonus, card deactivate/reactivate). The route reads current_user.terminal_device_id, which the bearer-auth dep populates when a device JWT is presented. User-token requests leave the column NULL, as covered by the new test. Bulk admin operations (GDPR anonymization, bulk deactivate) and Celery tasks (point expiration) are not threaded — they always come from a human admin or the scheduler, never a tablet. - Migration loyalty_011 + LoyaltyTransaction.acting_terminal_device_id - 9 service signatures gain the optional kwarg - 8 store-API routes pass it through - Integration tests: device JWT populates the column, user JWT leaves it NULL Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 21:04:56 +02:00
parent c267452dc6
commit d99633345f
7 changed files with 182 additions and 2 deletions
--- a/app/modules/loyalty/routes/api/store.py
+++ b/app/modules/loyalty/routes/api/store.py
@@ -703,7 +703,12 @@ def enroll_customer(
        merchant_id=merchant_id,
    )

-    card = card_service.enroll_customer_for_store(db, customer_id, store_id)
+    card = card_service.enroll_customer_for_store(
+        db,
+        customer_id,
+        store_id,
+        acting_terminal_device_id=current_user.terminal_device_id,
+    )

    program = card.program

@@ -794,6 +799,7 @@ def add_stamp(
        ip_address=ip,
        user_agent=user_agent,
        notes=data.notes,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return StampResponse(**result)
@@ -821,6 +827,7 @@ def redeem_stamps(
        ip_address=ip,
        user_agent=user_agent,
        notes=data.notes,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return StampRedeemResponse(**result)
@@ -850,6 +857,7 @@ def void_stamps(
        ip_address=ip,
        user_agent=user_agent,
        notes=data.notes,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return StampVoidResponse(**result)
@@ -885,6 +893,7 @@ def earn_points(
        ip_address=ip,
        user_agent=user_agent,
        notes=data.notes,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return PointsEarnResponse(**result)
@@ -913,6 +922,7 @@ def redeem_points(
        ip_address=ip,
        user_agent=user_agent,
        notes=data.notes,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return PointsRedeemResponse(**result)
@@ -943,6 +953,7 @@ def void_points(
        ip_address=ip,
        user_agent=user_agent,
        notes=data.notes,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return PointsVoidResponse(**result)
@@ -973,6 +984,7 @@ def adjust_points(
        staff_pin=data.staff_pin,
        ip_address=ip,
        user_agent=user_agent,
+        acting_terminal_device_id=current_user.terminal_device_id,
    )

    return PointsAdjustResponse(**result)