89 lines
3.0 KiB
Python
Executable File
89 lines
3.0 KiB
Python
Executable File
from rest_framework import viewsets, mixins
|
|
from rest_framework.response import Response
|
|
from rest_framework import permissions
|
|
from rest_framework.authtoken.views import ObtainAuthToken
|
|
|
|
from drf_yasg.utils import swagger_auto_schema
|
|
|
|
from django.shortcuts import get_object_or_404
|
|
|
|
from .models import Account, Guest
|
|
from .serializers import *
|
|
|
|
|
|
class AnonAndUserPermissions(permissions.BasePermission):
|
|
"""
|
|
Anonymous user always can create && User can modify self records only
|
|
|
|
this is override of permissions in settings
|
|
"""
|
|
def has_object_permission(self, request, view, obj):
|
|
if request.method == 'POST':
|
|
return True
|
|
return str(obj.username) == str(request.user)
|
|
|
|
|
|
class AccountViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
A User CRUD (abstract from `viewsets.ModelViewSet`):
|
|
`GET`: `list()`
|
|
`GET`: `retrieve()` /parameter {id}
|
|
`POST`: `create()`
|
|
`PUT`&`PATCH`: `update()` /parameter {id}
|
|
`DELETE`: `destroy()` /parameter {id}
|
|
"""
|
|
queryset = Account.objects.all()
|
|
serializer_class = AccountSerializer
|
|
permission_classes = (AnonAndUserPermissions, )
|
|
|
|
@swagger_auto_schema(responses={ 200: AccountGetSerializer })
|
|
def retrieve(self, request, pk=None):
|
|
print(pk)
|
|
account = get_object_or_404(self.queryset, pk=pk)
|
|
serializer = AccountGetSerializer(account)
|
|
return Response(serializer.data)
|
|
|
|
@swagger_auto_schema(responses={ 200: AccountGetSerializer })
|
|
def list(self, request, *args, **kwargs):
|
|
serializer = AccountGetSerializer(self.queryset, many=True)
|
|
return Response(serializer.data)
|
|
|
|
|
|
class AccountAuth(ObtainAuthToken):
|
|
"""
|
|
A User Authorization (abstract from ObtainAuthToken):
|
|
`POST`: `login()` /create auth token
|
|
`DELETE`: `logout()` /get auth token from header
|
|
"""
|
|
queryset = Account.objects.all()
|
|
serializer_class = AccountAuthSerializer
|
|
|
|
@swagger_auto_schema(
|
|
responses={ 200: '{ Token: Authorize }' },
|
|
request_body=AccountAuthSerializer
|
|
)
|
|
def post(self, request, *args, **kwargs):
|
|
serializer = self.serializer_class(data=request.data, context={'request': request})
|
|
serializer.is_valid(raise_exception=True)
|
|
username = serializer.validated_data['username']
|
|
password = serializer.validated_data['password']
|
|
return Response(AccountAuthSerializer.login(username, password))
|
|
|
|
@swagger_auto_schema(responses={ 200: '{ info: logout }' })
|
|
def delete(self, request, *args, **kwargs):
|
|
return Response(self.serializer_class.logout(request))
|
|
|
|
|
|
class GuestViewSet(viewsets.ModelViewSet):
|
|
"""
|
|
A Guest CRUD (abstract from `viewsets.ModelViewSet`):
|
|
`GET`: `list()`
|
|
`GET`: `retrieve()` /parameter {id}
|
|
`POST`: `create()`
|
|
`PUT`&`PATCH`: `update()` /parameter {id}
|
|
`DELETE`: `destroy()` /parameter {id}
|
|
"""
|
|
queryset = Guest.objects.all()
|
|
serializer_class = GuestSerializer
|
|
permission_classes = (AnonAndUserPermissions, )
|