rename to one trip

one_trip_api/.gitignore

@@ -0,0 +1,256 @@
+# Created by https://www.toptal.com/developers/gitignore/api/django,python
+# Edit at https://www.toptal.com/developers/gitignore?templates=django,python
+
+### Django ###
+*.log
+*.pot
+*.pyc
+__pycache__/
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+media
+
+# If your build process includes running collectstatic, then you probably don't need or want to include staticfiles/
+# in your Git repository. Update and uncomment the following line accordingly.
+# <django-project-name>/staticfiles/
+
+### Django.Python Stack ###
+# Byte-compiled / optimized / DLL files
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+
+# Django stuff:
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+.pdm.toml
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#.idea/
+
+### Python ###
+# Byte-compiled / optimized / DLL files
+
+# C extensions
+
+# Distribution / packaging
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+
+# Installer logs
+
+# Unit test / coverage reports
+
+# Translations
+
+# Django stuff:
+
+# Flask stuff:
+
+# Scrapy stuff:
+
+# Sphinx documentation
+
+# PyBuilder
+
+# Jupyter Notebook
+
+# IPython
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/#use-with-ide
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+
+# Celery stuff
+
+# SageMath parsed files
+
+# Environments
+
+# Spyder project settings
+
+# Rope project settings
+
+# mkdocs documentation
+
+# mypy
+
+# Pyre type checker
+
+# pytype static type analyzer
+
+# Cython debug symbols
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+
+# End of https://www.toptal.com/developers/gitignore/api/django,python

one_trip_api/api/admin.py

@@ -0,0 +1,47 @@
+from django.contrib import admin
+from django.contrib.contenttypes.admin import GenericTabularInline
+from users.models import User
+import nested_admin
+
+from api.models import *
+# Register your models here.
+
+class IngredientInline(nested_admin.NestedGenericTabularInline):
+    model = Ingredient
+    extra = 0
+
+class UserInline(nested_admin.NestedTabularInline):
+    model = User
+    fields = ("username",)
+    readonly_fields = ("username",)
+    extra = 0
+
+    def has_add_permission(self, request, obj=None):
+        return False
+
+    def has_delete_permission(self, request, obj=None):
+        return False
+
+class HomegroupInviteInline(nested_admin.NestedTabularInline):
+    model = HomegroupInvite
+    extra = 0
+
+class RecipeInline(nested_admin.NestedTabularInline):
+    model = Recipe
+    inlines = (IngredientInline,)
+    extra = 0
+
+@admin.register(Recipe)
+class RecipeAdmin(nested_admin.NestedModelAdmin):
+    list_display = ("name",)
+    inlines = (IngredientInline,)
+
+@admin.register(Homegroup)
+class HomegroupAdmin(nested_admin.NestedModelAdmin):
+    list_display = ("id", "name")
+    inlines = (UserInline, HomegroupInviteInline, RecipeInline, IngredientInline)
+
+@admin.register(List)
+class ListAdmin(nested_admin.NestedModelAdmin):
+    list_display = ("homegroup",)
+    inlines = (RecipeInline, IngredientInline)

one_trip_api/api/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'api'

one_trip_api/api/migrations/0001_initial.py

@@ -0,0 +1,54 @@
+# Generated by Django 4.1.3 on 2022-11-25 09:10
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('contenttypes', '0002_remove_content_type_name'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Homegroup',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=50)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='List',
+            fields=[
+                ('homegroup', models.OneToOneField(on_delete=django.db.models.deletion.CASCADE, primary_key=True, serialize=False, to='api.homegroup')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Recipe',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=50)),
+                ('homegroup', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='recipes', to='api.homegroup')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Ingredient',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('object_id', models.PositiveBigIntegerField()),
+                ('name', models.CharField(max_length=50)),
+                ('in_stock', models.BooleanField(default=False)),
+                ('content_type', models.ForeignKey(limit_choices_to=models.Q(models.Q(('app_label', 'api'), ('model', 'recipe')), models.Q(('app_label', 'api'), ('model', 'list')), _connector='OR'), on_delete=django.db.models.deletion.CASCADE, to='contenttypes.contenttype')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='HomegroupInvite',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('homegroup', models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='invites', to='api.homegroup')),
+            ],
+        ),
+    ]

one_trip_api/api/migrations/0002_initial.py

@@ -0,0 +1,37 @@
+# Generated by Django 4.1.3 on 2022-11-25 09:10
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('api', '0001_initial'),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='homegroupinvite',
+            name='user',
+            field=models.ForeignKey(blank=True, on_delete=django.db.models.deletion.CASCADE, related_name='invites', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='homegroup',
+            name='invited_users',
+            field=models.ManyToManyField(related_name='homegroup_invites', through='api.HomegroupInvite', to=settings.AUTH_USER_MODEL),
+        ),
+        migrations.AddField(
+            model_name='recipe',
+            name='list',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='recipes', to='api.list'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='homegroupinvite',
+            unique_together={('homegroup', 'user')},
+        ),
+    ]

one_trip_api/api/models.py

@@ -0,0 +1,47 @@
+from django.db import models
+from django.contrib.contenttypes.models import ContentType
+from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelation
+
+# Create your models here.
+class Ingredient(models.Model):
+    limit = models.Q(app_label="api", model="recipe") | models.Q(app_label="api", model="list")
+    content_type = models.ForeignKey(ContentType, limit_choices_to=limit, on_delete=models.CASCADE)
+    object_id = models.PositiveBigIntegerField()
+    content_object = GenericForeignKey()
+
+
+    name = models.CharField(max_length=50)
+    in_stock = models.BooleanField(default=False)
+
+class HomegroupInvite(models.Model):
+    homegroup = models.ForeignKey("api.Homegroup", on_delete=models.CASCADE, related_name="invites", blank=True)
+    user = models.ForeignKey("users.User", on_delete=models.CASCADE, related_name="invites", blank=True)
+
+    class Meta:
+        unique_together = ("homegroup", "user")
+
+class Homegroup(models.Model):
+    # Foreign Key Recipe -> Homegroup [as recipes]
+    # Foreign Key User -> Homegroup [as users]
+    name = models.CharField(max_length=50)
+    invited_users = models.ManyToManyField("users.User", related_name="homegroup_invites", through=HomegroupInvite)
+
+    def __repr__(self):
+        return f"{self.id}: {self.name}"
+
+    def __str__(self):
+        return f"{self.id}: {self.name}"
+
+class List(models.Model):
+    # Foreign Key Recipe -> List [as recipes]
+    extra_ingredients = GenericRelation(Ingredient, related_query_name="extra_ingredients")
+    homegroup = models.OneToOneField(Homegroup, on_delete=models.CASCADE, primary_key=True)
+    
+
+class Recipe(models.Model):
+    name = models.CharField(max_length=50)
+    homegroup = models.ForeignKey(Homegroup, related_name="recipes", on_delete=models.CASCADE)
+    list = models.ForeignKey(List, related_name="recipes", on_delete=models.SET_NULL, blank=True, null=True)
+    ingredients = GenericRelation(Ingredient, related_query_name="ingredients")
+
+

one_trip_api/api/serializers.py

@@ -0,0 +1,40 @@
+from rest_framework import serializers
+from api.models import *
+from users.serializers import UserSerializer
+
+class IngredientSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Ingredient
+        fields = ["id", "name", "in_stock", "content_type", "object_id"]
+        read_only_fields = ["id"]
+
+class RecipeSerializer(serializers.ModelSerializer):
+    ingredients = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Recipe
+        fields = ["id", "name", "ingredients", "homegroup"]
+        read_only_fields = ["id"]
+
+    def get_ingredients(self, instance):
+        ingredients = instance.ingredients.all().order_by("name")
+        return IngredientSerializer(ingredients, many=True).data
+
+class HomegroupSerializer(serializers.ModelSerializer):
+    users = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
+    recipes = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
+
+    def create(self, validated_data):
+        homegroup = super().create(validated_data)
+        List.objects.get_or_create(homegroup=homegroup)
+        return homegroup
+
+    class Meta:
+        model = Homegroup
+        fields = ["id", "name", "recipes", "users", "invites"]
+        read_only_fields = ["recipes", "users", "invites"]
+
+class InviteSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = HomegroupInvite
+        fields = ["id", "homegroup", "user"]

one_trip_api/api/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

one_trip_api/api/urls.py

@@ -0,0 +1,13 @@
+from django.urls import include, path
+from rest_framework import routers
+from api import views
+
+router = routers.DefaultRouter()
+router.register(r'recipes', views.RecipeView)
+router.register(r'ingredients', views.IngredientView)
+router.register(r'homegroups', views.HomegroupView)
+router.register(r'groupinvites', views.HomegroupInviteView)
+
+urlpatterns = [
+    path('', include(router.urls))
+]

one_trip_api/api/views.py

@@ -0,0 +1,20 @@
+from rest_framework import viewsets
+
+from api.serializers import *
+from api.models import *
+
+class RecipeView(viewsets.ModelViewSet):
+    serializer_class = RecipeSerializer
+    queryset = Recipe.objects.all()
+
+class IngredientView(viewsets.ModelViewSet):
+    serializer_class = IngredientSerializer
+    queryset = Ingredient.objects.all()
+
+class HomegroupView(viewsets.ModelViewSet):
+    serializer_class = HomegroupSerializer
+    queryset = Homegroup.objects.all()
+
+class HomegroupInviteView(viewsets.ModelViewSet):
+    serializer_class = InviteSerializer
+    queryset = HomegroupInvite.objects.all()

one_trip_api/manage.py

@@ -0,0 +1,22 @@
+#!/usr/bin/env python
+"""Django's command-line utility for administrative tasks."""
+import os
+import sys
+
+
+def main():
+    """Run administrative tasks."""
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'one_trip_api.settings')
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == '__main__':
+    main()

one_trip_api/one_trip_api/asgi.py

@@ -0,0 +1,16 @@
+"""
+ASGI config for one_trip_api project.
+
+It exposes the ASGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.1/howto/deployment/asgi/
+"""
+
+import os
+
+from django.core.asgi import get_asgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'one_trip_api.settings')
+
+application = get_asgi_application()

one_trip_api/one_trip_api/settings.py

@@ -0,0 +1,137 @@
+"""
+Django settings for one_trip_api project.
+
+Generated by 'django-admin startproject' using Django 4.1.3.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.1/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/4.1/ref/settings/
+"""
+
+from pathlib import Path
+
+# Build paths inside the project like this: BASE_DIR / 'subdir'.
+BASE_DIR = Path(__file__).resolve().parent.parent
+MEDIA_ROOT = BASE_DIR.joinpath("media")
+STATIC_URL = "static/"
+MEDIA_URL = "/media/"
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/4.1/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = 'django-insecure-tz%&(g*jikac%ogq%vaf&%i!6m99q_lshu9g-&sz&bw8x!&zk3'
+
+AUTH_USER_MODEL = 'users.User'
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = ["192.168.0.16", "127.0.0.1", "localhost"]
+# CORS_ALLOWED_ORIGINS = ["http://192.168.0.16:8000"]
+CORS_ALLOW_ALL_ORIGINS = True
+
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+    ]
+}
+
+# Application definition
+
+INSTALLED_APPS = [
+    'api',
+    'users',
+    'django.contrib.admin',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+    'corsheaders',
+    'rest_framework',
+    'rest_framework.authtoken',
+    'nested_admin'
+]
+
+MIDDLEWARE = [
+    'django.middleware.security.SecurityMiddleware',
+    'django.contrib.sessions.middleware.SessionMiddleware',
+    'corsheaders.middleware.CorsMiddleware',
+    'django.middleware.common.CommonMiddleware',
+    'django.middleware.csrf.CsrfViewMiddleware',
+    'django.contrib.auth.middleware.AuthenticationMiddleware',
+    'django.contrib.messages.middleware.MessageMiddleware',
+    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'one_trip_api.urls'
+
+TEMPLATES = [
+    {
+        'BACKEND': 'django.template.backends.django.DjangoTemplates',
+        'DIRS': [],
+        'APP_DIRS': True,
+        'OPTIONS': {
+            'context_processors': [
+                'django.template.context_processors.debug',
+                'django.template.context_processors.request',
+                'django.contrib.auth.context_processors.auth',
+                'django.contrib.messages.context_processors.messages',
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = 'one_trip_api.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/4.1/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.sqlite3',
+        'NAME': BASE_DIR / 'db.sqlite3',
+    }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/4.1/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/4.1/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_TZ = True
+
+# Default primary key field type
+# https://docs.djangoproject.com/en/4.1/ref/settings/#default-auto-field
+
+DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

one_trip_api/one_trip_api/urls.py

@@ -0,0 +1,26 @@
+"""one_trip_api URL Configuration
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/4.1/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+from django.contrib import admin
+from django.urls import path, include
+from django.conf.urls.static import static
+from django.conf import settings
+
+urlpatterns = [
+    path('admin/', admin.site.urls),
+    path('api/', include("api.urls")),
+    path('auth/', include("users.urls")),
+    path('api-auth/', include('rest_framework.urls')),
+] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

one_trip_api/one_trip_api/wsgi.py

@@ -0,0 +1,16 @@
+"""
+WSGI config for one_trip_api project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/4.1/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'one_trip_api.settings')
+
+application = get_wsgi_application()

one_trip_api/users/admin.py

@@ -0,0 +1,31 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+from .models import User
+
+class CustomUserAdmin(UserAdmin):
+    fieldsets = (
+        (None, {"fields": ("username", "password", "image", "homegroup")}),
+        ("Personal info", {"fields": ("first_name", "last_name")}),
+        # (
+        #     "Permissions",
+        #     {
+        #         "fields": (
+        #             "is_active",
+        #             "is_staff",
+        #             "is_superuser",
+        #         ),
+        #     },
+        # ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
+    )
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("username", "password1", "password2", "homegroup"),
+            },
+        ),
+    )
+
+admin.site.register(User, CustomUserAdmin)

one_trip_api/users/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class UsersConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'users'

one_trip_api/users/migrations/0001_initial.py

@@ -0,0 +1,49 @@
+# Generated by Django 4.1.3 on 2022-11-25 09:10
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+import users.models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+        ('api', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('image', models.ImageField(blank=True, null=True, upload_to=users.models.image_path)),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('homegroup', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='api.homegroup')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

one_trip_api/users/models.py

@@ -0,0 +1,13 @@
+from django.contrib.auth.models import AbstractUser
+from django.db import models
+from api.models import Homegroup
+from pathlib import Path
+
+def image_path(instance, fname):
+    extension = Path(fname).suffix
+    return f"profile-images/{instance.id}{extension}"
+
+class User(AbstractUser):
+    homegroup = models.ForeignKey(Homegroup, related_name="users", on_delete=models.SET_NULL, blank=True, null=True)
+    image = models.ImageField(upload_to=image_path, null=True, blank=True)
+

one_trip_api/users/serializers.py

@@ -0,0 +1,28 @@
+from rest_framework import serializers
+from users.models import User
+
+class UserSerializer(serializers.ModelSerializer):  # https://stackoverflow.com/a/29867704/17834235
+    def create(self, validated_data):
+        user = User.objects.create()
+
+        user.set_password(validated_data["password"])
+        validated_data.pop("password")
+
+        for field in validated_data:
+            setattr(user, field, validated_data[field])
+
+        user.save()
+        return user
+
+    def update(self, instance, validated_data):
+        if "password" in validated_data:
+            password = validated_data.pop("password")
+            instance.set_password(password)
+
+        return super().update(instance, validated_data)
+
+    class Meta:
+        model = User
+        fields = ("id", "username", "first_name", "last_name", "password", "image", "homegroup", "homegroup_invites")
+        write_only_fields = ("password",)
+        read_only_fields = ("id", "homegroup_invites")

one_trip_api/users/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

one_trip_api/users/urls.py

@@ -0,0 +1,14 @@
+from django.urls import path, include
+from rest_framework.authtoken import views as authviews
+from rest_framework import routers
+from users import views
+
+router = routers.DefaultRouter()
+router.register(r'users', views.UsersListView)
+
+urlpatterns = [
+    path('', include(router.urls)),
+    path('token', authviews.obtain_auth_token, name="api-token-auth"),
+    # path('users', views.RegisterUserView),  # Exposes POST to everyone for registering
+    path('users/me', views.ModifyUserView.as_view()) # exposes GET / PUT / PATCH / DELETE for registered users for their user object
+]

one_trip_api/users/views.py

@@ -0,0 +1,46 @@
+from rest_framework import generics, permissions, viewsets, mixins, filters, pagination
+from rest_framework.response import Response
+from users.models import *
+from users.serializers import *
+
+class Pagination(pagination.PageNumberPagination):
+    page_size = 4
+
+class IsOwner(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if obj == request.user:
+            return True
+        else:
+            return False
+
+
+# Anyone can register
+class UsersListView(mixins.CreateModelMixin, mixins.ListModelMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet):
+    model = User
+    serializer_class = UserSerializer
+    permission_classes = [permissions.AllowAny]
+    queryset = User.objects.all().order_by("first_name", "last_name", "username")
+    filter_backends = [filters.SearchFilter]
+    search_fields = ["username", "first_name", "last_name"]
+    pagination_class = Pagination
+
+    def get_serializer(self, *args, **kwargs):
+        return super().get_serializer(*args, **kwargs)
+
+
+# Allows user to modify their own data only
+class ModifyUserView(generics.RetrieveUpdateDestroyAPIView):
+    permission_classes = [
+        permissions.IsAuthenticated,
+        IsOwner
+    ]
+    model = User
+    serializer_class = UserSerializer
+
+    def get_object(self):
+        return User.objects.get(pk=self.request.user.id)
+
+    def retrieve(self, request, *args, **kwargs):
+        user = User.objects.get(pk=request.user.id)
+        serializer = UserSerializer(user, context={"request":request})
+        return Response(serializer.data)