sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sboulahtit:cdacc8bc0da905e6150f4edde266728f27c42044
Branches Tags
sboulahtit:master
...
compare: sboulahtit:eaffc764ec2f6f4f035809ea77ad23eed5feb932
Branches Tags
sboulahtit:master

3 Commits
cdacc8bc0d ... eaffc764ec

Author SHA1 Message Date
Samir Boulahtit
eaffc764ec i18n(loyalty): translate terminal_devices block to FR/DE/LB
Some checks failed
CI / ruff (push) Successful in 15s
Details
CI / validate (push) Has been cancelled
Details
CI / dependency-scanning (push) Has been cancelled
Details
CI / docs (push) Has been cancelled
Details
CI / deploy (push) Has been cancelled
Details
CI / pytest (push) Has been cancelled
Details 
Replaces the EN placeholders that were seeded with the feature with
proper FR, DE and LB translations. Same scope: terminal_devices.* and
the menu.terminal_devices label.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-05 21:05:58 +02:00
Samir Boulahtit
d99633345f feat(loyalty): attribute transactions to the acting POS tablet 
Adds acting_terminal_device_id to loyalty_transactions so the audit
log can distinguish between operations performed via the web terminal
(human user JWT) and operations performed via a paired tablet (device
JWT). The principal-of-record stays the pairing user — existing
reports keep working — and this column adds "which tablet did it"
alongside.

Threaded through every store-API endpoint that creates a transaction
(stamp add/redeem/void, points earn/redeem/void/adjust, enrollment +
welcome bonus, card deactivate/reactivate). The route reads
current_user.terminal_device_id, which the bearer-auth dep populates
when a device JWT is presented. User-token requests leave the column
NULL, as covered by the new test.

Bulk admin operations (GDPR anonymization, bulk deactivate) and Celery
tasks (point expiration) are not threaded — they always come from a
human admin or the scheduler, never a tablet.

- Migration loyalty_011 + LoyaltyTransaction.acting_terminal_device_id
- 9 service signatures gain the optional kwarg
- 8 store-API routes pass it through
- Integration tests: device JWT populates the column, user JWT leaves
  it NULL

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-05 21:04:56 +02:00
Samir Boulahtit
c267452dc6 fix(loyalty): align /locations endpoint shape with template bindings 
The shared loyalty list partials (pins, cards, transactions, devices,
admin merchant detail) bind store filter dropdowns to
loc.store_id/loc.store_name, but the /merchants/loyalty/locations and
/admin/loyalty/merchants/{id}/locations endpoints were returning
{id, name, code}. Result: every store-filter dropdown was silently
empty across the loyalty module.

Switch both endpoints to {store_id, store_name, store_code}, matching
the shape used everywhere else (analytics, location stats). Storefront
locations come from a different code path and are unaffected.

Drop the temporary normalizer in the devices Alpine factory now that
the endpoint speaks the right shape.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-05 21:03:33 +02:00
13 changed files with 320 additions and 134 deletions
Expand all files Collapse all files

78
app/modules/loyalty/locales/de.json
View File

@@ -84,7 +84,7 @@
"wallet_debug": "Wallet Debug",
"staff_pins": "Mitarbeiter-PINs",
"transactions": "Transaktionen",
"terminal_devices": "Terminal Devices"
"terminal_devices": "POS-Terminals"
},
"permissions": {
"view_programs": "Programme anzeigen",
@@ -912,48 +912,48 @@
"pin_unlock_error": "PIN konnte nicht entsperrt werden"
},
"terminal_devices": {
"title": "Terminal Devices",
"subtitle": "Pair POS tablets to each store. The setup QR is shown only once at pairing time.",
"admin_subtitle": "Pair POS tablets on behalf of this merchant.",
"loading": "Loading devices...",
"error_loading": "Failed to load devices",
"no_devices": "No devices paired yet",
"show_revoked": "Include revoked",
"pair_device": "Pair Tablet",
"pair_hint": "A long-lived setup QR is generated. The tablet scans it once and connects from then on.",
"pairing_qr": "Tablet Pairing QR",
"qr_warning_title": "Save this now —",
"qr_warning_body": "this QR is shown only this time. If you close it before pairing, you will need to revoke and pair again.",
"qr_done": "I've paired the tablet",
"show_payload": "Show raw payload",
"label_field": "Device label",
"label_placeholder": "e.g. Counter 1",
"store_field": "Store",
"select_store": "Select store...",
"revoke": "Revoke",
"revoke_title": "Revoke device?",
"confirm_revoke": "Revoke device '{label}'? Its tablet will stop working immediately.",
"delete_title": "Delete device?",
"confirm_delete": "Permanently delete device '{label}'? This cannot be undone.",
"col_label": "Label",
"col_store": "Store",
"title": "POS-Terminals",
"subtitle": "Verbinde POS-Tablets mit jeder Filiale. Der Setup-QR wird nur einmal beim Pairing angezeigt.",
"admin_subtitle": "Verbinde POS-Tablets im Auftrag dieses Händlers.",
"loading": "Terminals werden geladen...",
"error_loading": "Terminals konnten nicht geladen werden",
"no_devices": "Noch keine Terminals verbunden",
"show_revoked": "Widerrufene anzeigen",
"pair_device": "Tablet verbinden",
"pair_hint": "Ein langlebiger Setup-QR wird erzeugt. Das Tablet scannt ihn einmal und verbindet sich danach automatisch.",
"pairing_qr": "Tablet-Pairing-QR",
"qr_warning_title": "Jetzt speichern —",
"qr_warning_body": "dieser QR wird nur einmal angezeigt. Wenn du ihn vor dem Pairing schließt, musst du widerrufen und neu verbinden.",
"qr_done": "Tablet verbunden",
"show_payload": "Rohinhalt anzeigen",
"label_field": "Geräte-Bezeichnung",
"label_placeholder": "z. B. Kasse 1",
"store_field": "Filiale",
"select_store": "Filiale auswählen...",
"revoke": "Widerrufen",
"revoke_title": "Terminal widerrufen?",
"confirm_revoke": "Terminal „{label}“ widerrufen? Das Tablet funktioniert sofort nicht mehr.",
"delete_title": "Terminal löschen?",
"confirm_delete": "Terminal „{label}“ endgültig löschen? Dies kann nicht rückgängig gemacht werden.",
"col_label": "Bezeichnung",
"col_store": "Filiale",
"col_status": "Status",
"col_last_seen": "Last seen",
"col_expires": "Expires",
"col_actions": "Actions",
"status_active": "Active",
"status_revoked": "Revoked",
"status_expired": "Expired",
"col_last_seen": "Zuletzt gesehen",
"col_expires": "Läuft ab",
"col_actions": "Aktionen",
"status_active": "Aktiv",
"status_revoked": "Widerrufen",
"status_expired": "Abgelaufen",
"toasts": {
"paired": "Tablet paired — show the QR to the device",
"revoked": "Device revoked",
"deleted": "Device deleted"
"paired": "Tablet verbunden — zeige den QR am Gerät",
"revoked": "Terminal widerrufen",
"deleted": "Terminal gelöscht"
},
"errors": {
"store_required": "Please select a store",
"pair_failed": "Failed to pair device",
"revoke_failed": "Failed to revoke device",
"delete_failed": "Failed to delete device"
"store_required": "Bitte eine Filiale auswählen",
"pair_failed": "Verbinden fehlgeschlagen",
"revoke_failed": "Widerruf fehlgeschlagen",
"delete_failed": "Löschen fehlgeschlagen"
}
},
"errors": {

78
app/modules/loyalty/locales/fr.json
View File

@@ -84,7 +84,7 @@
"wallet_debug": "Wallet Debug",
"staff_pins": "PINs du personnel",
"transactions": "Transactions",
"terminal_devices": "Terminal Devices"
"terminal_devices": "Terminaux POS"
},
"permissions": {
"view_programs": "Voir les programmes",
@@ -912,48 +912,48 @@
"pin_unlock_error": "Erreur lors du déverrouillage du PIN"
},
"terminal_devices": {
"title": "Terminal Devices",
"subtitle": "Pair POS tablets to each store. The setup QR is shown only once at pairing time.",
"admin_subtitle": "Pair POS tablets on behalf of this merchant.",
"loading": "Loading devices...",
"error_loading": "Failed to load devices",
"no_devices": "No devices paired yet",
"show_revoked": "Include revoked",
"pair_device": "Pair Tablet",
"pair_hint": "A long-lived setup QR is generated. The tablet scans it once and connects from then on.",
"pairing_qr": "Tablet Pairing QR",
"qr_warning_title": "Save this now —",
"qr_warning_body": "this QR is shown only this time. If you close it before pairing, you will need to revoke and pair again.",
"qr_done": "I've paired the tablet",
"show_payload": "Show raw payload",
"label_field": "Device label",
"label_placeholder": "e.g. Counter 1",
"store_field": "Store",
"select_store": "Select store...",
"revoke": "Revoke",
"revoke_title": "Revoke device?",
"confirm_revoke": "Revoke device '{label}'? Its tablet will stop working immediately.",
"delete_title": "Delete device?",
"confirm_delete": "Permanently delete device '{label}'? This cannot be undone.",
"col_label": "Label",
"col_store": "Store",
"col_status": "Status",
"col_last_seen": "Last seen",
"col_expires": "Expires",
"title": "Terminaux POS",
"subtitle": "Associez les tablettes POS à chaque magasin. Le QR de configuration n'est affiché qu'une seule fois lors de l'appairage.",
"admin_subtitle": "Associez des tablettes POS pour le compte de ce marchand.",
"loading": "Chargement des terminaux...",
"error_loading": "Échec du chargement des terminaux",
"no_devices": "Aucun terminal appairé",
"show_revoked": "Inclure les révoqués",
"pair_device": "Appairer une tablette",
"pair_hint": "Un QR de configuration longue durée est généré. La tablette le scanne une seule fois pour se connecter.",
"pairing_qr": "QR d'appairage de la tablette",
"qr_warning_title": "Enregistrez ceci maintenant —",
"qr_warning_body": "ce QR n'est affiché qu'une seule fois. Si vous le fermez avant l'appairage, vous devrez révoquer et appairer à nouveau.",
"qr_done": "J'ai appairé la tablette",
"show_payload": "Afficher le contenu brut",
"label_field": "Nom du terminal",
"label_placeholder": "ex. Caisse 1",
"store_field": "Magasin",
"select_store": "Choisir un magasin...",
"revoke": "Révoquer",
"revoke_title": "Révoquer le terminal ?",
"confirm_revoke": "Révoquer le terminal « {label} » ? Sa tablette cessera de fonctionner immédiatement.",
"delete_title": "Supprimer le terminal ?",
"confirm_delete": "Supprimer définitivement le terminal « {label} » ? Cette action est irréversible.",
"col_label": "Nom",
"col_store": "Magasin",
"col_status": "Statut",
"col_last_seen": "Dernière activité",
"col_expires": "Expire",
"col_actions": "Actions",
"status_active": "Active",
"status_revoked": "Revoked",
"status_expired": "Expired",
"status_active": "Actif",
"status_revoked": "Révoqué",
"status_expired": "Expiré",
"toasts": {
"paired": "Tablet pairedshow the QR to the device",
"revoked": "Device revoked",
"deleted": "Device deleted"
"paired": "Tablette appairée — montrez le QR à l'appareil",
"revoked": "Terminal révoqué",
"deleted": "Terminal supprimé"
},
"errors": {
"store_required": "Please select a store",
"pair_failed": "Failed to pair device",
"revoke_failed": "Failed to revoke device",
"delete_failed": "Failed to delete device"
"store_required": "Veuillez choisir un magasin",
"pair_failed": "Échec de l'appairage",
"revoke_failed": "Échec de la révocation",
"delete_failed": "Échec de la suppression"
}
},
"errors": {

78
app/modules/loyalty/locales/lb.json
View File

@@ -84,7 +84,7 @@
"wallet_debug": "Wallet Debug",
"staff_pins": "Mataarbechter-PINen",
"transactions": "Transaktionen",
"terminal_devices": "Terminal Devices"
"terminal_devices": "POS-Terminaler"
},
"permissions": {
"view_programs": "Programmer kucken",
@@ -912,48 +912,48 @@
"pin_unlock_error": "PIN konnt net entspäert ginn"
},
"terminal_devices": {
"title": "Terminal Devices",
"subtitle": "Pair POS tablets to each store. The setup QR is shown only once at pairing time.",
"admin_subtitle": "Pair POS tablets on behalf of this merchant.",
"loading": "Loading devices...",
"error_loading": "Failed to load devices",
"no_devices": "No devices paired yet",
"show_revoked": "Include revoked",
"pair_device": "Pair Tablet",
"pair_hint": "A long-lived setup QR is generated. The tablet scans it once and connects from then on.",
"pairing_qr": "Tablet Pairing QR",
"qr_warning_title": "Save this now —",
"qr_warning_body": "this QR is shown only this time. If you close it before pairing, you will need to revoke and pair again.",
"qr_done": "I've paired the tablet",
"show_payload": "Show raw payload",
"label_field": "Device label",
"label_placeholder": "e.g. Counter 1",
"store_field": "Store",
"select_store": "Select store...",
"revoke": "Revoke",
"revoke_title": "Revoke device?",
"confirm_revoke": "Revoke device '{label}'? Its tablet will stop working immediately.",
"delete_title": "Delete device?",
"confirm_delete": "Permanently delete device '{label}'? This cannot be undone.",
"col_label": "Label",
"col_store": "Store",
"title": "POS-Terminaler",
"subtitle": "Koppel POS-Tablets un all Geschäft. De Setup-QR gëtt nëmmen eemol beim Pairing ugewisen.",
"admin_subtitle": "Koppel POS-Tablets am Numm vun dësem Händler.",
"loading": "Terminaler gi gelueden...",
"error_loading": "Terminaler konnten net gelueden ginn",
"no_devices": "Nach keng Terminaler gekoppelt",
"show_revoked": "Widerrufe weisen",
"pair_device": "Tablet koppelen",
"pair_hint": "E laangliewege Setup-QR gëtt generéiert. D'Tablet scannt en eemol an ass duerno verbonnen.",
"pairing_qr": "Tablet-Pairing-QR",
"qr_warning_title": "Späichert dat elo —",
"qr_warning_body": "dëse QR gëtt nëmmen elo gewisen. Wann Dir en zoumaacht ier d'Tablet gekoppelt ass, musst Dir widerruffen a nei koppelen.",
"qr_done": "Tablet ass gekoppelt",
"show_payload": "Roen Inhalt weisen",
"label_field": "Numm vum Terminal",
"label_placeholder": "z. B. Keess 1",
"store_field": "Geschäft",
"select_store": "Geschäft auswielen...",
"revoke": "Widerruffen",
"revoke_title": "Terminal widerruffen?",
"confirm_revoke": "Terminal „{label}“ widerruffen? D'Tablet funktionnéiert direkt net méi.",
"delete_title": "Terminal läschen?",
"confirm_delete": "Terminal „{label}“ definitiv läschen? Dat kann net réckgängeg gemaach ginn.",
"col_label": "Numm",
"col_store": "Geschäft",
"col_status": "Status",
"col_last_seen": "Last seen",
"col_expires": "Expires",
"col_actions": "Actions",
"status_active": "Active",
"status_revoked": "Revoked",
"status_expired": "Expired",
"col_last_seen": "Lescht Aktivitéit",
"col_expires": "Leeft of",
"col_actions": "Aktiounen",
"status_active": "Aktiv",
"status_revoked": "Widerrufen",
"status_expired": "Ofgelaf",
"toasts": {
"paired": "Tablet paired — show the QR to the device",
"revoked": "Device revoked",
"deleted": "Device deleted"
"paired": "Tablet gekoppelt — weist de QR um Apparat",
"revoked": "Terminal widerrufen",
"deleted": "Terminal geläscht"
},
"errors": {
"store_required": "Please select a store",
"pair_failed": "Failed to pair device",
"revoke_failed": "Failed to revoke device",
"delete_failed": "Failed to delete device"
"store_required": "Wielt w. e. g. e Geschäft",
"pair_failed": "Koppelen huet net geklappt",
"revoke_failed": "Widerruf huet net geklappt",
"delete_failed": "Läschen huet net geklappt"
}
},
"errors": {

51
app/modules/loyalty/migrations/versions/loyalty_011_add_acting_terminal_device.py Normal file
View File

@@ -0,0 +1,51 @@
"""loyalty 011 - add acting_terminal_device_id to loyalty_transactions
Lets the audit log distinguish between actions a human user performed
directly via the web terminal and actions a paired POS tablet
performed via its device JWT. The principal-of-record stays the
pairing user (so existing reports keep working); this column adds
"which tablet did it" alongside.
Revision ID: loyalty_011
Revises: loyalty_010
Create Date: 2026-05-05
"""
import sqlalchemy as sa
from alembic import op
revision = "loyalty_011"
down_revision = "loyalty_010"
branch_labels = None
depends_on = None
def upgrade() -> None:
op.add_column(
"loyalty_transactions",
sa.Column(
"acting_terminal_device_id",
sa.Integer(),
sa.ForeignKey(
"loyalty_terminal_devices.id", ondelete="SET NULL"
),
nullable=True,
comment=(
"Paired POS terminal device that performed this transaction "
"(NULL when the action came from a human user via the web)"
),
),
)
op.create_index(
"ix_loyalty_transactions_acting_terminal_device_id",
"loyalty_transactions",
["acting_terminal_device_id"],
)
def downgrade() -> None:
op.drop_index(
"ix_loyalty_transactions_acting_terminal_device_id",
table_name="loyalty_transactions",
)
op.drop_column("loyalty_transactions", "acting_terminal_device_id")

14
app/modules/loyalty/models/loyalty_transaction.py
View File

@@ -105,6 +105,16 @@ class LoyaltyTransaction(Base, TimestampMixin):
index=True,
comment="Staff PIN used for this operation",
)
acting_terminal_device_id = Column(
Integer,
ForeignKey("loyalty_terminal_devices.id", ondelete="SET NULL"),
nullable=True,
index=True,
comment=(
"Paired POS terminal device that performed this transaction "
"(NULL when the action came from a human user via the web)"
),
)
category_ids = Column(
JSON,
nullable=True,
@@ -220,6 +230,10 @@ class LoyaltyTransaction(Base, TimestampMixin):
card = relationship("LoyaltyCard", back_populates="transactions")
store = relationship("Store", backref="loyalty_transactions")
staff_pin = relationship("StaffPin", backref="transactions")
acting_terminal_device = relationship(
"TerminalDevice",
backref="transactions",
)
related_transaction = relationship(
"LoyaltyTransaction",
remote_side=[id],

12
app/modules/loyalty/routes/api/admin.py
View File

@@ -482,13 +482,17 @@ def list_merchant_locations(
current_user: User = Depends(get_current_admin_api),
db: Session = Depends(get_db),
):
"""Get active store locations for a merchant."""
"""Get active store locations for a merchant.
Shape matches what the shared loyalty list partials bind to
(`loc.store_id` / `loc.store_name` / `loc.store_code`).
"""
locations = program_service.get_merchant_locations(db, merchant_id)
return [
{
"id": store.id,
"name": store.name,
"code": store.store_code,
"store_id": store.id,
"store_name": store.name,
"store_code": store.store_code,
}
for store in locations
]

12
app/modules/loyalty/routes/api/merchant.py
View File

@@ -530,9 +530,17 @@ def list_locations(
merchant: Merchant = Depends(get_merchant_for_current_user),
db: Session = Depends(get_db),
):
"""List merchant stores (for filter dropdowns)."""
"""List merchant stores (for filter dropdowns).
Shape matches what the shared loyalty list partials bind to
(`loc.store_id` / `loc.store_name` / `loc.store_code`).
"""
locations = program_service.get_merchant_locations(db, merchant.id)
return [
{"id": loc.id, "name": loc.name, "code": loc.store_code}
{
"store_id": loc.id,
"store_name": loc.name,
"store_code": loc.store_code,
}
for loc in locations
]

14
app/modules/loyalty/routes/api/store.py
View File

@@ -703,7 +703,12 @@ def enroll_customer(
merchant_id=merchant_id,
)
card = card_service.enroll_customer_for_store(db, customer_id, store_id)
card = card_service.enroll_customer_for_store(
db,
customer_id,
store_id,
acting_terminal_device_id=current_user.terminal_device_id,
)
program = card.program
@@ -794,6 +799,7 @@ def add_stamp(
ip_address=ip,
user_agent=user_agent,
notes=data.notes,
acting_terminal_device_id=current_user.terminal_device_id,
)
return StampResponse(**result)
@@ -821,6 +827,7 @@ def redeem_stamps(
ip_address=ip,
user_agent=user_agent,
notes=data.notes,
acting_terminal_device_id=current_user.terminal_device_id,
)
return StampRedeemResponse(**result)
@@ -850,6 +857,7 @@ def void_stamps(
ip_address=ip,
user_agent=user_agent,
notes=data.notes,
acting_terminal_device_id=current_user.terminal_device_id,
)
return StampVoidResponse(**result)
@@ -885,6 +893,7 @@ def earn_points(
ip_address=ip,
user_agent=user_agent,
notes=data.notes,
acting_terminal_device_id=current_user.terminal_device_id,
)
return PointsEarnResponse(**result)
@@ -913,6 +922,7 @@ def redeem_points(
ip_address=ip,
user_agent=user_agent,
notes=data.notes,
acting_terminal_device_id=current_user.terminal_device_id,
)
return PointsRedeemResponse(**result)
@@ -943,6 +953,7 @@ def void_points(
ip_address=ip,
user_agent=user_agent,
notes=data.notes,
acting_terminal_device_id=current_user.terminal_device_id,
)
return PointsVoidResponse(**result)
@@ -973,6 +984,7 @@ def adjust_points(
staff_pin=data.staff_pin,
ip_address=ip,
user_agent=user_agent,
acting_terminal_device_id=current_user.terminal_device_id,
)
return PointsAdjustResponse(**result)

18
app/modules/loyalty/services/card_service.py
View File

@@ -520,6 +520,7 @@ class CardService:
merchant_id: int,
*,
enrolled_at_store_id: int | None = None,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""
Enroll a customer in a merchant's loyalty program.
@@ -594,6 +595,7 @@ class CardService:
merchant_id=merchant_id,
card_id=card.id,
store_id=enrolled_at_store_id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.CARD_CREATED.value,
transaction_at=datetime.now(UTC),
)
@@ -607,6 +609,7 @@ class CardService:
merchant_id=merchant_id,
card_id=card.id,
store_id=enrolled_at_store_id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.WELCOME_BONUS.value,
points_delta=program.welcome_bonus_points,
points_balance_after=card.points_balance,
@@ -653,6 +656,8 @@ class CardService:
db: Session,
customer_id: int,
store_id: int,
*,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""
Enroll a customer through a specific store.
@@ -663,6 +668,7 @@ class CardService:
db: Database session
customer_id: Customer ID
store_id: Store ID
acting_terminal_device_id: Paired tablet that initiated the enrollment
Returns:
Created loyalty card
@@ -678,6 +684,7 @@ class CardService:
customer_id,
store.merchant_id,
enrolled_at_store_id=store_id,
acting_terminal_device_id=acting_terminal_device_id,
)
def deactivate_card(
@@ -686,6 +693,7 @@ class CardService:
card_id: int,
*,
store_id: int | None = None,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""Deactivate a loyalty card."""
card = self.require_card(db, card_id)
@@ -696,6 +704,7 @@ class CardService:
merchant_id=card.merchant_id,
card_id=card.id,
store_id=store_id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.CARD_DEACTIVATED.value,
transaction_at=datetime.now(UTC),
)
@@ -708,7 +717,13 @@ class CardService:
return card
def reactivate_card(self, db: Session, card_id: int) -> LoyaltyCard:
def reactivate_card(
self,
db: Session,
card_id: int,
*,
acting_terminal_device_id: int | None = None,
) -> LoyaltyCard:
"""Reactivate a deactivated loyalty card."""
card = self.require_card(db, card_id)
card.is_active = True
@@ -717,6 +732,7 @@ class CardService:
transaction = LoyaltyTransaction(
merchant_id=card.merchant_id,
card_id=card.id,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.CARD_REACTIVATED.value,
transaction_at=datetime.now(UTC),
)

8
app/modules/loyalty/services/points_service.py
View File

@@ -53,6 +53,7 @@ class PointsService:
ip_address: str | None = None,
user_agent: str | None = None,
notes: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Earn points from a purchase.
@@ -196,6 +197,7 @@ class PointsService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
category_ids=category_ids,
transaction_type=TransactionType.POINTS_EARNED.value,
points_delta=points_earned,
@@ -249,6 +251,7 @@ class PointsService:
ip_address: str | None = None,
user_agent: str | None = None,
notes: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Redeem points for a reward.
@@ -331,6 +334,7 @@ class PointsService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.POINTS_REDEEMED.value,
points_delta=-points_required,
stamps_balance_after=card.stamp_count,
@@ -385,6 +389,7 @@ class PointsService:
ip_address: str | None = None,
user_agent: str | None = None,
notes: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Void points for a return.
@@ -482,6 +487,7 @@ class PointsService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.POINTS_VOIDED.value,
points_delta=-actual_voided,
stamps_balance_after=card.stamp_count,
@@ -529,6 +535,7 @@ class PointsService:
staff_pin: str | None = None,
ip_address: str | None = None,
user_agent: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Manually adjust points (admin/store operation).
@@ -578,6 +585,7 @@ class PointsService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.POINTS_ADJUSTMENT.value,
points_delta=points_delta,
stamps_balance_after=card.stamp_count,

6
app/modules/loyalty/services/stamp_service.py
View File

@@ -50,6 +50,7 @@ class StampService:
ip_address: str | None = None,
user_agent: str | None = None,
notes: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Add a stamp to a loyalty card.
@@ -144,6 +145,7 @@ class StampService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
category_ids=category_ids,
transaction_type=TransactionType.STAMP_EARNED.value,
stamps_delta=1,
@@ -219,6 +221,7 @@ class StampService:
ip_address: str | None = None,
user_agent: str | None = None,
notes: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Redeem stamps for a reward.
@@ -287,6 +290,7 @@ class StampService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.STAMP_REDEEMED.value,
stamps_delta=-stamps_redeemed,
stamps_balance_after=card.stamp_count,
@@ -339,6 +343,7 @@ class StampService:
ip_address: str | None = None,
user_agent: str | None = None,
notes: str | None = None,
acting_terminal_device_id: int | None = None,
) -> dict:
"""
Void stamps for a return.
@@ -422,6 +427,7 @@ class StampService:
card_id=card.id,
store_id=store_id,
staff_pin_id=verified_pin.id if verified_pin else None,
acting_terminal_device_id=acting_terminal_device_id,
transaction_type=TransactionType.STAMP_VOIDED.value,
stamps_delta=-actual_voided,
stamps_balance_after=card.stamp_count,

12
app/modules/loyalty/static/shared/js/loyalty-devices-list.js
View File

@@ -95,15 +95,9 @@ function loyaltyDevicesList(config) {
async loadLocations() {
try {
const response = await apiClient.get(locationsPrefix + '/locations');
if (!response) return;
const raw = Array.isArray(response) ? response : (response.locations || []);
// Endpoint returns {id, name, code}; templates bind to store_id/store_name.
// Normalize so callers don't have to care about either shape.
this.locations = raw.map(loc => ({
store_id: loc.store_id ?? loc.id,
store_name: loc.store_name ?? loc.name,
store_code: loc.store_code ?? loc.code,
}));
if (response) {
this.locations = Array.isArray(response) ? response : (response.locations || []);
}
} catch (error) {
loyaltyDevicesListLog.warn('Failed to load locations:', error.message);
}

73
app/modules/loyalty/tests/integration/test_terminal_devices.py
View File

@@ -184,3 +184,76 @@ class TestStoreAPIBearerAuth:
headers={"Authorization": f"Bearer {token}"},
)
assert response.status_code in (400, 401)
@pytest.mark.integration
@pytest.mark.api
@pytest.mark.loyalty
class TestActingDeviceAudit:
"""Transactions performed via a device JWT carry acting_terminal_device_id."""
def test_points_earn_via_device_stamps_audit_column(
self, client, loyalty_merchant_headers, loyalty_store_setup, db
):
from app.modules.loyalty.models import LoyaltyTransaction
from app.modules.loyalty.models.loyalty_transaction import TransactionType
store = loyalty_store_setup["store"]
card = loyalty_store_setup["card"]
paired = client.post(
f"{MERCHANT_BASE}/devices",
json={"store_id": store.id, "label": "Counter 1"},
headers=loyalty_merchant_headers,
).json()
device_id = paired["id"]
token = paired["setup_token"]
response = client.post(
f"{STORE_BASE}/points/earn",
json={"card_id": card.id, "purchase_amount_cents": 1500},
headers={"Authorization": f"Bearer {token}"},
)
assert response.status_code == 200, response.text
tx = (
db.query(LoyaltyTransaction)
.filter(
LoyaltyTransaction.card_id == card.id,
LoyaltyTransaction.transaction_type
== TransactionType.POINTS_EARNED.value,
)
.order_by(LoyaltyTransaction.id.desc())
.first()
)
assert tx is not None
assert tx.acting_terminal_device_id == device_id
def test_user_token_leaves_audit_column_null(
self, client, loyalty_store_headers, loyalty_store_setup, db
):
"""Web-terminal user JWT must NOT stamp acting_terminal_device_id."""
from app.modules.loyalty.models import LoyaltyTransaction
from app.modules.loyalty.models.loyalty_transaction import TransactionType
card = loyalty_store_setup["card"]
response = client.post(
f"{STORE_BASE}/points/earn",
json={"card_id": card.id, "purchase_amount_cents": 1500},
headers=loyalty_store_headers,
)
assert response.status_code == 200, response.text
tx = (
db.query(LoyaltyTransaction)
.filter(
LoyaltyTransaction.card_id == card.id,
LoyaltyTransaction.transaction_type
== TransactionType.POINTS_EARNED.value,
)
.order_by(LoyaltyTransaction.id.desc())
.first()
)
assert tx is not None
assert tx.acting_terminal_device_id is None