Complete primitive backend

django_backend/users/admin.py

@@ -0,0 +1,31 @@
+from django.contrib import admin
+from django.contrib.auth.admin import UserAdmin
+from .models import User
+
+class CustomUserAdmin(UserAdmin):
+    fieldsets = (
+        (None, {"fields": ("username", "password", "homegroup")}),
+        ("Personal info", {"fields": ("first_name", "last_name", "email")}),
+        (
+            "Permissions",
+            {
+                "fields": (
+                    "is_active",
+                    "is_staff",
+                    "is_superuser",
+                ),
+            },
+        ),
+        ("Important dates", {"fields": ("last_login", "date_joined")}),
+    )
+    add_fieldsets = (
+        (
+            None,
+            {
+                "classes": ("wide",),
+                "fields": ("username", "password1", "password2", "homegroup"),
+            },
+        ),
+    )
+
+admin.site.register(User, CustomUserAdmin)

django_backend/users/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class UsersConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'users'

django_backend/users/migrations/0001_initial.py

@@ -0,0 +1,47 @@
+# Generated by Django 4.1.3 on 2022-11-22 20:42
+
+import django.contrib.auth.models
+import django.contrib.auth.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('api', '0001_initial'),
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
+                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
+                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
+                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
+                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
+                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
+                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
+                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
+                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
+                ('homegroup', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='api.homegroup')),
+                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
+            ],
+            options={
+                'verbose_name': 'user',
+                'verbose_name_plural': 'users',
+                'abstract': False,
+            },
+            managers=[
+                ('objects', django.contrib.auth.models.UserManager()),
+            ],
+        ),
+    ]

django_backend/users/models.py

@@ -0,0 +1,6 @@
+from django.contrib.auth.models import AbstractUser
+from django.db import models
+from api.models import Homegroup
+
+class User(AbstractUser):
+    homegroup = models.ForeignKey(Homegroup, related_name="users", on_delete=models.SET_NULL, blank=True, null=True)

django_backend/users/serializers.py

@@ -0,0 +1,28 @@
+from rest_framework import serializers
+from users.models import User
+
+class UserSerializer(serializers.ModelSerializer):  # https://stackoverflow.com/a/29867704/17834235
+    def create(self, validated_data):
+        user = User.objects.create()
+
+        user.set_password(validated_data["password"])
+        validated_data.pop("password")
+
+        for field in validated_data:
+            setattr(user, field, validated_data[field])
+
+        user.save()
+        return user
+
+    def update(self, instance, validated_data):
+        if "password" in validated_data:
+            password = validated_data.pop("password")
+            instance.set_password(password)
+
+        return super().update(instance, validated_data)
+
+    class Meta:
+        model = User
+        fields = ("id", "username", "email", "password")
+        write_only_fields = ("password",)
+        read_only_fields = ("id",)

django_backend/users/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

django_backend/users/urls.py

@@ -0,0 +1,11 @@
+from django.urls import path, include
+from rest_framework.authtoken import views as authviews
+from rest_framework import routers
+
+from users import views
+
+urlpatterns = [
+    path('token', authviews.obtain_auth_token, name="api-token-auth"),
+    path('users', views.RegisterUserView.as_view()),  # Exposes POST to everyone for registering
+    path('users/me', views.ModifyUserView.as_view()) # exposes GET / PUT / PATCH / DELETE for registered users for their user object
+]

django_backend/users/views.py

@@ -0,0 +1,36 @@
+from rest_framework import generics, permissions, views, status
+from rest_framework.response import Response
+from users import serializers, models
+
+
+class IsOwner(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if obj == request.user:
+            return True
+        else:
+            return False
+
+
+# Anyone can register
+class RegisterUserView(generics.CreateAPIView):
+    model = models.User
+    serializer_class = serializers.UserSerializer
+    permission_classes = [permissions.AllowAny]
+
+
+# Allows user to modify their own data only
+class ModifyUserView(generics.RetrieveUpdateDestroyAPIView):
+    permission_classes = [
+        permissions.IsAuthenticated,
+        IsOwner
+    ]
+    model = models.User
+    serializer_class = serializers.UserSerializer
+
+    def get_object(self):
+        return models.User.objects.get(pk=self.request.user.id)
+
+    def retrieve(self, request, *args, **kwargs):
+        user = models.User.objects.get(pk=request.user.id)
+        serializer = serializers.UserSerializer(user)
+        return Response(serializer.data)