sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(loyalty): attribute transactions to the acting POS tablet

Browse Source 
Adds acting_terminal_device_id to loyalty_transactions so the audit
log can distinguish between operations performed via the web terminal
(human user JWT) and operations performed via a paired tablet (device
JWT). The principal-of-record stays the pairing user — existing
reports keep working — and this column adds "which tablet did it"
alongside.

Threaded through every store-API endpoint that creates a transaction
(stamp add/redeem/void, points earn/redeem/void/adjust, enrollment +
welcome bonus, card deactivate/reactivate). The route reads
current_user.terminal_device_id, which the bearer-auth dep populates
when a device JWT is presented. User-token requests leave the column
NULL, as covered by the new test.

Bulk admin operations (GDPR anonymization, bulk deactivate) and Celery
tasks (point expiration) are not threaded — they always come from a
human admin or the scheduler, never a tablet.

- Migration loyalty_011 + LoyaltyTransaction.acting_terminal_device_id
- 9 service signatures gain the optional kwarg
- 8 store-API routes pass it through
- Integration tests: device JWT populates the column, user JWT leaves
  it NULL

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2026-05-05 21:04:56 +02:00
parent c267452dc6
commit d99633345f
7 changed files with 182 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/modules/loyalty/services/card_service.py
View File

@@ -520,6 +520,7 @@ class CardService:
merchant_id: int,
*,
enrolled_at_store_id: int | None = None,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""
Enroll a customer in a merchant's loyalty program.
@@ -594,6 +595,7 @@ class CardService:
merchant_id=merchant_id,
card_id=card.id,
store_id=enrolled_at_store_id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.CARD_CREATED.value,
transaction_at=datetime.now(UTC),
)
@@ -607,6 +609,7 @@ class CardService:
merchant_id=merchant_id,
card_id=card.id,
store_id=enrolled_at_store_id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.WELCOME_BONUS.value,
points_delta=program.welcome_bonus_points,
points_balance_after=card.points_balance,
@@ -653,6 +656,8 @@ class CardService:
db: Session,
customer_id: int,
store_id: int,
*,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""
Enroll a customer through a specific store.
@@ -663,6 +668,7 @@ class CardService:
db: Database session
customer_id: Customer ID
store_id: Store ID
acting_terminal_device_id: Paired tablet that initiated the enrollment
Returns:
Created loyalty card
@@ -678,6 +684,7 @@ class CardService:
customer_id,
store.merchant_id,
enrolled_at_store_id=store_id,
acting_terminal_device_id=acting_terminal_device_id,
)
def deactivate_card(
@@ -686,6 +693,7 @@ class CardService:
card_id: int,
*,
store_id: int | None = None,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""Deactivate a loyalty card."""
card = self.require_card(db, card_id)
@@ -696,6 +704,7 @@ class CardService:
merchant_id=card.merchant_id,
card_id=card.id,
store_id=store_id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.CARD_DEACTIVATED.value,
transaction_at=datetime.now(UTC),
)
@@ -708,7 +717,13 @@ class CardService:
return card
def reactivate_card(self, db: Session, card_id: int) -> LoyaltyCard:
def reactivate_card(
self,
db: Session,
card_id: int,
*,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""Reactivate a deactivated loyalty card."""
card = self.require_card(db, card_id)
card.is_active = True
@@ -717,6 +732,7 @@ class CardService:
transaction = LoyaltyTransaction(
merchant_id=card.merchant_id,
card_id=card.id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.CARD_REACTIVATED.value,
transaction_at=datetime.now(UTC),
)