feat: Add comprehensive sandbox mode, public API system, and platform support

This commit adds major features for sandbox isolation, public API access, and platform support ticketing. ## Sandbox Mode - Add sandbox mode toggle for businesses to test features without affecting live data - Implement schema-based isolation for tenant data (appointments, resources, services) - Add is_sandbox field filtering for shared models (customers, staff, tickets) - Create sandbox middleware to detect and set sandbox mode from cookies - Add sandbox context and hooks for React frontend - Display sandbox banner when in test mode - Auto-reload page when switching between live/test modes - Prevent platform support tickets from being created in sandbox mode ## Public API System - Full REST API for external integrations with businesses - API token management with sandbox/live token separation - Test tokens (ss_test_*) show full plaintext for easy testing - Live tokens (ss_live_*) are hashed and secure - Security validation prevents live token plaintext storage - Comprehensive test suite for token security - Rate limiting and throttling per token - Webhook support for real-time event notifications - Scoped permissions system (read/write per resource type) - API documentation page with interactive examples - Token revocation with confirmation modal ## Platform Support - Dedicated support page for businesses to contact SmoothSchedule - View all platform support tickets in one place - Create new support tickets with simplified interface - Reply to existing tickets with conversation history - Platform tickets have no admin controls (no priority/category/assignee/status) - Internal notes hidden for platform tickets (business can't see them) - Quick help section with links to guides and API docs - Sandbox warning prevents ticket creation in test mode - Business ticketing retains full admin controls (priority, assignment, internal notes) ## UI/UX Improvements - Add notification dropdown with real-time updates - Staff permissions UI for ticket access control - Help dropdown in sidebar with Platform Guide, Ticketing Help, API Docs, and Support - Update sidebar "Contact Support" to "Support" with message icon - Fix navigation links to use React Router instead of anchor tags - Remove unused language translations (Japanese, Portuguese, Chinese) ## Technical Details - Sandbox middleware sets request.sandbox_mode from cookies - ViewSets filter data by is_sandbox field - API authentication via custom token auth class - WebSocket support for real-time ticket updates - Migration for sandbox fields on User, Tenant, and Ticket models - Comprehensive documentation in SANDBOX_MODE_IMPLEMENTATION.md 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-28 16:44:06 -05:00
parent 4acea4f876
commit a9719a5fd2
77 changed files with 11407 additions and 2694 deletions
--- a/smoothschedule/schedule/views.py
+++ b/smoothschedule/schedule/views.py
@@ -198,18 +198,21 @@ class CustomerViewSet(viewsets.ModelViewSet):

    def get_queryset(self):
        """
-        Return customers for the current tenant.
+        Return customers for the current tenant, filtered by sandbox mode.

        Customers are Users with role=CUSTOMER.
-        For now, return all customers. When authentication is enabled,
-        filter by the user's tenant.
+        In sandbox mode, only returns customers with is_sandbox=True.
+        In live mode, only returns customers with is_sandbox=False.
        """
        queryset = User.objects.filter(role=User.Role.CUSTOMER)

        # Filter by tenant if user is authenticated and has a tenant
-        # TODO: Re-enable this when authentication is enabled
-        # if self.request.user.is_authenticated and self.request.user.tenant:
-        #     queryset = queryset.filter(tenant=self.request.user.tenant)
+        if self.request.user.is_authenticated and self.request.user.tenant:
+            queryset = queryset.filter(tenant=self.request.user.tenant)
+
+        # Filter by sandbox mode - check request.sandbox_mode set by middleware
+        is_sandbox = getattr(self.request, 'sandbox_mode', False)
+        queryset = queryset.filter(is_sandbox=is_sandbox)

        # Apply status filter if provided
        status_filter = self.request.query_params.get('status')
@@ -231,6 +234,20 @@ class CustomerViewSet(viewsets.ModelViewSet):

        return queryset

+    def perform_create(self, serializer):
+        """
+        Set sandbox mode and tenant when creating a new customer.
+        """
+        is_sandbox = getattr(self.request, 'sandbox_mode', False)
+        tenant = None
+        if self.request.user.is_authenticated and self.request.user.tenant:
+            tenant = self.request.user.tenant
+        serializer.save(
+            role=User.Role.CUSTOMER,
+            is_sandbox=is_sandbox,
+            tenant=tenant,
+        )
+

 class ServiceViewSet(viewsets.ModelViewSet):
    """
@@ -308,9 +325,11 @@ class StaffViewSet(viewsets.ModelViewSet):

    def get_queryset(self):
        """
-        Return staff members for the current tenant.
+        Return staff members for the current tenant, filtered by sandbox mode.

        Staff are Users with roles: TENANT_OWNER, TENANT_MANAGER, TENANT_STAFF.
+        In sandbox mode, only returns staff with is_sandbox=True.
+        In live mode, only returns staff with is_sandbox=False.
        """
        from django.db.models import Q

@@ -331,6 +350,10 @@ class StaffViewSet(viewsets.ModelViewSet):
        # if self.request.user.is_authenticated and self.request.user.tenant:
        #     queryset = queryset.filter(tenant=self.request.user.tenant)

+        # Filter by sandbox mode - check request.sandbox_mode set by middleware
+        is_sandbox = getattr(self.request, 'sandbox_mode', False)
+        queryset = queryset.filter(is_sandbox=is_sandbox)
+
        # Apply search filter if provided
        search = self.request.query_params.get('search')
        if search: