From 669ebf96e3c272e2df452337465dc0bb979432b0 Mon Sep 17 00:00:00 2001
From: androidlover5842 <androidlover5842@gmail.com>
Date: Fri, 30 Jan 2026 11:32:14 +0530
Subject: [PATCH] Add admin cash payment delete endpoint

---
 .../trisolarisserver/controller/Payments.kt   | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/main/kotlin/com/android/trisolarisserver/controller/Payments.kt b/src/main/kotlin/com/android/trisolarisserver/controller/Payments.kt
index bd12e13..c7928d5 100644
--- a/src/main/kotlin/com/android/trisolarisserver/controller/Payments.kt
+++ b/src/main/kotlin/com/android/trisolarisserver/controller/Payments.kt
@@ -14,6 +14,7 @@ import com.android.trisolarisserver.security.MyPrincipal
 import org.springframework.http.HttpStatus
 import org.springframework.security.core.annotation.AuthenticationPrincipal
 import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.PathVariable
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -89,6 +90,33 @@ class Payments(
         return paymentRepo.findByBookingIdOrderByReceivedAtDesc(bookingId).map { it.toResponse() }
     }
 
+    @DeleteMapping("/{paymentId}")
+    @ResponseStatus(HttpStatus.NO_CONTENT)
+    fun delete(
+        @PathVariable propertyId: UUID,
+        @PathVariable bookingId: UUID,
+        @PathVariable paymentId: UUID,
+        @AuthenticationPrincipal principal: MyPrincipal?
+    ) {
+        requireRole(propertyAccess, propertyId, principal, Role.ADMIN)
+        val booking = bookingRepo.findById(bookingId).orElseThrow {
+            ResponseStatusException(HttpStatus.NOT_FOUND, "Booking not found")
+        }
+        if (booking.property.id != propertyId) {
+            throw ResponseStatusException(HttpStatus.NOT_FOUND, "Booking not found for property")
+        }
+        val payment = paymentRepo.findById(paymentId).orElseThrow {
+            ResponseStatusException(HttpStatus.NOT_FOUND, "Payment not found")
+        }
+        if (payment.booking.id != bookingId || payment.property.id != propertyId) {
+            throw ResponseStatusException(HttpStatus.NOT_FOUND, "Payment not found for booking")
+        }
+        if (payment.method != PaymentMethod.CASH) {
+            throw ResponseStatusException(HttpStatus.BAD_REQUEST, "Only CASH payments can be deleted")
+        }
+        paymentRepo.delete(payment)
+    }
+
     private fun parseMethod(value: String): PaymentMethod {
         return try {
             PaymentMethod.valueOf(value.trim())