Add comprehensive analytics and VAT rate management

Introduced a full-featured analytics module for e-commerce business intelligence, including sales, product, customer, shipping, and review analytics, with API endpoints for dashboard and custom reports. Added VAT rate management: new VATRate model, admin interface, serializer, and API endpoints, and integrated VAT logic into Product and pricing calculations. Refactored configuration and admin code to support VAT rates, improved email notification tasks, and updated related serializers, views, and URLs for unified configuration and VAT management.

backend/configuration/serializers.py

@@ -1,8 +1,10 @@
 from rest_framework import serializers
-from .models import SiteConfiguration
+from .models import SiteConfiguration, VATRate
 
 
-class SiteConfigurationAdminSerializer(serializers.ModelSerializer):
+class SiteConfigurationSerializer(serializers.ModelSerializer):
+	"""Site configuration serializer - sensitive fields only for admins"""
+	
 	class Meta:
 		model = SiteConfiguration
 		fields = [
@@ -22,33 +24,77 @@ class SiteConfigurationAdminSerializer(serializers.ModelSerializer):
 			"zasilkovna_shipping_price",
 			"zasilkovna_api_key",
 			"zasilkovna_api_password",
+			"deutschepost_api_url",
+			"deutschepost_client_id",
+			"deutschepost_client_secret",
+			"deutschepost_customer_ekp",
+			"deutschepost_shipping_price",
 			"free_shipping_over",
 			"multiplying_coupons",
 			"addition_of_coupons_amount",
 			"currency",
 		]
+	
+	def to_representation(self, instance):
+		"""Hide sensitive fields from non-admin users"""
+		data = super().to_representation(instance)
+		request = self.context.get('request')
+		
+		# If user is not admin, remove sensitive fields
+		if not (request and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'):
+			sensitive_fields = [
+				'zasilkovna_api_key',
+				'zasilkovna_api_password',
+				'deutschepost_client_id',
+				'deutschepost_client_secret',
+				'deutschepost_customer_ekp',
+				'deutschepost_api_url',
+			]
+			for field in sensitive_fields:
+				data.pop(field, None)
+		
+		return data
 
 
-class SiteConfigurationPublicSerializer(serializers.ModelSerializer):
+class VATRateSerializer(serializers.ModelSerializer):
+	"""VAT Rate serializer - admin fields only visible to admins"""
+	
+	rate_decimal = serializers.ReadOnlyField(help_text="VAT rate as decimal (e.g., 0.19 for 19%)")
+	
 	class Meta:
-		model = SiteConfiguration
-		# Expose only non-sensitive fields
+		model = VATRate
 		fields = [
-			"id",
-			"name",
-			"logo",
-			"favicon",
-			"contact_email",
-			"contact_phone",
-			"contact_address",
-			"opening_hours",
-			"facebook_url",
-			"instagram_url",
-			"youtube_url",
-			"tiktok_url",
-			# Exclude API keys/passwords
-			"zasilkovna_shipping_price",
-			"free_shipping_over",
-			"currency",
+			'id',
+			'name', 
+			'rate',
+			'rate_decimal',
+			'description',
+			'is_active',
+			'is_default',
+			'created_at',
 		]
+		read_only_fields = ['id', 'created_at', 'rate_decimal']
+	
+	def to_representation(self, instance):
+		"""Hide admin-only fields from non-admin users"""
+		data = super().to_representation(instance)
+		request = self.context.get('request')
+		
+		# If user is not admin, remove admin-only fields
+		if not (request and request.user.is_authenticated and getattr(request.user, 'role', None) == 'admin'):
+			admin_fields = ['is_active', 'is_default']
+			for field in admin_fields:
+				data.pop(field, None)
+		
+		return data
+	
+	def validate(self, attrs):
+		"""Custom validation for VAT rates"""
+		# Ensure rate is reasonable (0-100%)
+		rate = attrs.get('rate')
+		if rate is not None and (rate < 0 or rate > 100):
+			raise serializers.ValidationError(
+				{'rate': 'VAT rate must be between 0% and 100%'}
+			)
+		return attrs