Merge pull request #19 from RandomProgramm3r/develop

feat(business): Add GET endpoint /api/business/promo/{id}/.

- Add GET endpoint /api/business/promo/{id}/ to get promo by id.
- Ensure that requested promo belongs to the authenticated company.
- Return 403 if promo does not belong to the current company, and 404 if it does not exist.

Author: RandomProgramm3r

promo_code/business/urls.py

@@ -31,4 +31,9 @@
         business.views.CompanyPromoListView.as_view(),
         name='company-promo-list',
     ),
+    django.urls.path(
+        'promo/<uuid:id>',
+        business.views.CompanyPromoDetailView.as_view(),
+        name='promo-detail',
+    ),
 ]

promo_code/business/views.py

@@ -1,13 +1,15 @@
 import re
 
 import django.db.models
+import django.shortcuts
 import pycountry
 import rest_framework.exceptions
 import rest_framework.generics
 import rest_framework.permissions
 import rest_framework.response
 import rest_framework.serializers
 import rest_framework.status
+import rest_framework.views
 import rest_framework_simplejwt.exceptions
 import rest_framework_simplejwt.tokens
 import rest_framework_simplejwt.views
@@ -275,3 +277,42 @@ def _validate_limit(self):
                 raise rest_framework.exceptions.ValidationError(
                     'Limit cannot be negative.',
                 )
+
+
+class CompanyPromoDetailView(rest_framework.views.APIView):
+    permission_classes = [
+        rest_framework.permissions.IsAuthenticated,
+        business.permissions.IsCompanyUser,
+    ]
+
+    lookup_field = 'id'
+
+    def get(self, request, id):
+        try:
+            promo = business.models.Promo.objects.get(
+                id=id,
+            )
+        except business.models.Promo.DoesNotExist:
+            raise rest_framework.exceptions.NotFound(
+                'Promo not found,',
+            )
+
+        if promo.company != request.user:
+            return rest_framework.response.Response(
+                {
+                    'status': 'error',
+                    'message': (
+                        'The promo code does not belong to this company.'
+                    ),
+                },
+                status=rest_framework.status.HTTP_403_FORBIDDEN,
+            )
+
+        serializer = business.serializers.PromoCreateSerializer(
+            promo,
+        )
+
+        return rest_framework.response.Response(
+            serializer.data,
+            status=rest_framework.status.HTTP_200_OK,
+        )