rename to one trip

one_trip_api/users/admin.py

@@ -0,0 +1,31 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+from .models import User
+
+class CustomUserAdmin(UserAdmin):
+    fieldsets = (
+        (None, {"fields": ("username", "password", "image", "homegroup")}),
+        ("Personal info", {"fields": ("first_name", "last_name")}),
+        # (
+        #     "Permissions",
+        #     {
+        #         "fields": (
+        #             "is_active",
+        #             "is_staff",
+        #             "is_superuser",
+        #         ),
+        #     },
+        # ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
+    )
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("username", "password1", "password2", "homegroup"),
+            },
+        ),
+    )
+
+admin.site.register(User, CustomUserAdmin)

one_trip_api/users/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class UsersConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'users'

one_trip_api/users/migrations/0001_initial.py

@@ -0,0 +1,49 @@
+# Generated by Django 4.1.3 on 2022-11-25 09:10
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+import users.models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+        ('api', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('image', models.ImageField(blank=True, null=True, upload_to=users.models.image_path)),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('homegroup', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='api.homegroup')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

one_trip_api/users/models.py

@@ -0,0 +1,13 @@
+from django.contrib.auth.models import AbstractUser
+from django.db import models
+from api.models import Homegroup
+from pathlib import Path
+
+def image_path(instance, fname):
+    extension = Path(fname).suffix
+    return f"profile-images/{instance.id}{extension}"
+
+class User(AbstractUser):
+    homegroup = models.ForeignKey(Homegroup, related_name="users", on_delete=models.SET_NULL, blank=True, null=True)
+    image = models.ImageField(upload_to=image_path, null=True, blank=True)
+

one_trip_api/users/serializers.py

@@ -0,0 +1,28 @@
+from rest_framework import serializers
+from users.models import User
+
+class UserSerializer(serializers.ModelSerializer):  # https://stackoverflow.com/a/29867704/17834235
+    def create(self, validated_data):
+        user = User.objects.create()
+
+        user.set_password(validated_data["password"])
+        validated_data.pop("password")
+
+        for field in validated_data:
+            setattr(user, field, validated_data[field])
+
+        user.save()
+        return user
+
+    def update(self, instance, validated_data):
+        if "password" in validated_data:
+            password = validated_data.pop("password")
+            instance.set_password(password)
+
+        return super().update(instance, validated_data)
+
+    class Meta:
+        model = User
+        fields = ("id", "username", "first_name", "last_name", "password", "image", "homegroup", "homegroup_invites")
+        write_only_fields = ("password",)
+        read_only_fields = ("id", "homegroup_invites")

one_trip_api/users/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

one_trip_api/users/urls.py

@@ -0,0 +1,14 @@
+from django.urls import path, include
+from rest_framework.authtoken import views as authviews
+from rest_framework import routers
+from users import views
+
+router = routers.DefaultRouter()
+router.register(r'users', views.UsersListView)
+
+urlpatterns = [
+    path('', include(router.urls)),
+    path('token', authviews.obtain_auth_token, name="api-token-auth"),
+    # path('users', views.RegisterUserView),  # Exposes POST to everyone for registering
+    path('users/me', views.ModifyUserView.as_view()) # exposes GET / PUT / PATCH / DELETE for registered users for their user object
+]

one_trip_api/users/views.py

@@ -0,0 +1,46 @@
+from rest_framework import generics, permissions, viewsets, mixins, filters, pagination
+from rest_framework.response import Response
+from users.models import *
+from users.serializers import *
+
+class Pagination(pagination.PageNumberPagination):
+    page_size = 4
+
+class IsOwner(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if obj == request.user:
+            return True
+        else:
+            return False
+
+
+# Anyone can register
+class UsersListView(mixins.CreateModelMixin, mixins.ListModelMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet):
+    model = User
+    serializer_class = UserSerializer
+    permission_classes = [permissions.AllowAny]
+    queryset = User.objects.all().order_by("first_name", "last_name", "username")
+    filter_backends = [filters.SearchFilter]
+    search_fields = ["username", "first_name", "last_name"]
+    pagination_class = Pagination
+
+    def get_serializer(self, *args, **kwargs):
+        return super().get_serializer(*args, **kwargs)
+
+
+# Allows user to modify their own data only
+class ModifyUserView(generics.RetrieveUpdateDestroyAPIView):
+    permission_classes = [
+        permissions.IsAuthenticated,
+        IsOwner
+    ]
+    model = User
+    serializer_class = UserSerializer
+
+    def get_object(self):
+        return User.objects.get(pk=self.request.user.id)
+
+    def retrieve(self, request, *args, **kwargs):
+        user = User.objects.get(pk=request.user.id)
+        serializer = UserSerializer(user, context={"request":request})
+        return Response(serializer.data)