From 4f885b796bbe13f38c1e853fffbb0cc216686f8d Mon Sep 17 00:00:00 2001 From: Parsa Nazer Date: Sat, 12 Apr 2025 21:30:33 +0330 Subject: [PATCH] update callback payment reponse --- backend/order/permissons.py | 9 ++++++- backend/order/views.py | 54 ++++++++++++++++++++++++++++++++++--- 2 files changed, 58 insertions(+), 5 deletions(-) diff --git a/backend/order/permissons.py b/backend/order/permissons.py index bef19d4..56215bc 100644 --- a/backend/order/permissons.py +++ b/backend/order/permissons.py @@ -37,4 +37,11 @@ class SetAddressPermissions(BasePermission): self.message = "این ادرس متعلق به شما نیست." return False return True - \ No newline at end of file + +class PaymentCallBackPermissions(BasePermission): + + def has_object_permission(self, request, view, obj): + if obj.order.user != request.user: + self.message = "این پرداخت متعلق به شما نیست." + return False + return True \ No newline at end of file diff --git a/backend/order/views.py b/backend/order/views.py index 24f9eca..86c5466 100644 --- a/backend/order/views.py +++ b/backend/order/views.py @@ -268,22 +268,68 @@ def callback_view(request): ) +from rest_framework import serializers +from azbankgateways.models import Bank +from azbankgateways.models.enum import PaymentStatus +from .permissons import PaymentCallBackPermissions + +class BankCallbackSerializer(serializers.ModelSerializer): + status_detail = serializers.SerializerMethodField() + bank_type = serializers.SerializerMethodField() + amount = serializers.SerializerMethodField() + status = serializers.SerializerMethodField() + class Meta: + model = Bank + fields = ['status', 'bank_type', 'tracking_code', 'amount', 'created_at', 'response_result', 'reference_number', 'status_detail'] + def get_status_detail(self, obj): + return obj.get_status_display() + def get_bank_type(self, obj): + return obj.get_bank_type_display() + def get_amount(self, obj): + return f'{int(obj.amount):,.0f} تومان' + def get_status(self, obj): + if obj.status in { + PaymentStatus.WAITING, + PaymentStatus.REDIRECT_TO_BANK, + PaymentStatus.RETURN_FROM_BANK, + }: + return "waiting" + elif obj.status in { + PaymentStatus.CANCEL_BY_USER, + PaymentStatus.EXPIRE_GATEWAY_TOKEN, + PaymentStatus.EXPIRE_VERIFY_PAYMENT, + PaymentStatus.ERROR, + }: + return "canceled" + elif obj.status == PaymentStatus.COMPLETE: + return "succeeded" + return "unknown" + class CallbackView(APIView): + serializer_class = BankCallbackSerializer + permission_classes = [IsAuthenticated] def get(self, request, tracking_code): if not tracking_code: - return Response({'detail': 'کد تریسکد درست نمیباشد.'}) + return Response({'detail': 'تریسکد خالی است.'}, status=status.HTTP_400_BAD_REQUEST) try: bank_record = bank_models.Bank.objects.get(tracking_code=tracking_code) + + permission = PaymentCallBackPermissions() + if not permission.has_object_permission(request, self, bank_record): + return Response({"detail": permission.message}, status=status.HTTP_403_FORBIDDEN) + + bank_record_ser = self.serializer_class(instance=bank_record, context={'request': request}) + except bank_models.Bank.DoesNotExist: - return Response({'detail': 'کد تریسکد معتبر نمیباشد.'}, status=status.HTTP_400_BAD_REQUEST) + return Response({'detail': 'کد تریسکد معتبر نمیباشد.'}, status=status.HTTP_404_NOT_FOUND) if bank_record.is_success: - return Response({"detail" : "پرداخت با موفقیت انجام شد."}, status=status.HTTP_200_OK) + return Response({"detail" : "پرداخت با موفقیت انجام شد.", "bank_result": bank_record_ser.data}, status=status.HTTP_200_OK) return Response( - {"detail": "پرداخت با شکست مواجه شده است. اگر پول کم شده است ظرف مدت ۴۸ ساعت پول به حساب شما بازخواهد گشت."}, status=status.HTTP_404_NOT_FOUND + {"detail": "پرداخت با شکست مواجه شده است. اگر پول کم شده است ظرف مدت ۴۸ ساعت پول به حساب شما بازخواهد گشت.", "bank_result": bank_record_ser.data}, status=status.HTTP_200_OK )