Account Management mostly implemented

django_backend/users/admin.py

@@ -4,18 +4,18 @@ from .models import User
 
 class CustomUserAdmin(UserAdmin):
     fieldsets = (
-        (None, {"fields": ("username", "password", "homegroup")}),
-        ("Personal info", {"fields": ("first_name", "last_name", "email")}),
-        (
-            "Permissions",
-            {
-                "fields": (
-                    "is_active",
-                    "is_staff",
-                    "is_superuser",
-                ),
-            },
-        ),
+        (None, {"fields": ("username", "password", "image", "homegroup")}),
+        ("Personal info", {"fields": ("first_name", "last_name")}),
+        # (
+        #     "Permissions",
+        #     {
+        #         "fields": (
+        #             "is_active",
+        #             "is_staff",
+        #             "is_superuser",
+        #         ),
+        #     },
+        # ),
         ("Important dates", {"fields": ("last_login", "date_joined")}),
     )
     add_fieldsets = (

django_backend/users/migrations/0001_initial.py

@@ -1,10 +1,11 @@
-# Generated by Django 4.1.3 on 2022-11-22 20:42
+# Generated by Django 4.1.3 on 2022-11-25 09:10
 
 import django.contrib.auth.models
 import django.contrib.auth.validators
 from django.db import migrations, models
 import django.db.models.deletion
 import django.utils.timezone
+import users.models
 
 
 class Migration(migrations.Migration):
@@ -12,8 +13,8 @@ class Migration(migrations.Migration):
     initial = True
 
     dependencies = [
-        ('api', '0001_initial'),
         ('auth', '0012_alter_user_first_name_max_length'),
+        ('api', '0001_initial'),
     ]
 
     operations = [
@@ -31,6 +32,7 @@ class Migration(migrations.Migration):
                 ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
                 ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
                 ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
+                ('image', models.ImageField(blank=True, null=True, upload_to=users.models.image_path)),
                 ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
                 ('homegroup', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='users', to='api.homegroup')),
                 ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),

django_backend/users/models.py

@@ -1,6 +1,13 @@
 from django.contrib.auth.models import AbstractUser
 from django.db import models
 from api.models import Homegroup
+from pathlib import Path
+
+def image_path(instance, fname):
+    extension = Path(fname).suffix
+    return f"profile-images/{instance.id}{extension}"
 
 class User(AbstractUser):
-    homegroup = models.ForeignKey(Homegroup, related_name="users", on_delete=models.SET_NULL, blank=True, null=True)
+    homegroup = models.ForeignKey(Homegroup, related_name="users", on_delete=models.SET_NULL, blank=True, null=True)
+    image = models.ImageField(upload_to=image_path, null=True, blank=True)
+

django_backend/users/serializers.py

@@ -23,6 +23,6 @@ class UserSerializer(serializers.ModelSerializer):  # https://stackoverflow.com/
 
     class Meta:
         model = User
-        fields = ("id", "username", "email", "password")
+        fields = ("id", "username", "first_name", "last_name", "password", "image", "homegroup", "homegroup_invites")
         write_only_fields = ("password",)
-        read_only_fields = ("id",)
+        read_only_fields = ("id", "homegroup_invites")

django_backend/users/urls.py

@@ -1,11 +1,14 @@
 from django.urls import path, include
 from rest_framework.authtoken import views as authviews
 from rest_framework import routers
-
 from users import views
 
+router = routers.DefaultRouter()
+router.register(r'users', views.UsersListView)
+
 urlpatterns = [
+    path('', include(router.urls)),
     path('token', authviews.obtain_auth_token, name="api-token-auth"),
-    path('users', views.RegisterUserView.as_view()),  # Exposes POST to everyone for registering
+    # path('users', views.RegisterUserView),  # Exposes POST to everyone for registering
     path('users/me', views.ModifyUserView.as_view()) # exposes GET / PUT / PATCH / DELETE for registered users for their user object
 ]

django_backend/users/views.py

@@ -1,7 +1,10 @@
-from rest_framework import generics, permissions, views, status
+from rest_framework import generics, permissions, viewsets, mixins, filters, pagination
 from rest_framework.response import Response
-from users import serializers, models
+from users.models import *
+from users.serializers import *
 
+class Pagination(pagination.PageNumberPagination):
+    page_size = 4
 
 class IsOwner(permissions.BasePermission):
     def has_object_permission(self, request, view, obj):
@@ -12,10 +15,17 @@ class IsOwner(permissions.BasePermission):
 
 
 # Anyone can register
-class RegisterUserView(generics.CreateAPIView):
-    model = models.User
-    serializer_class = serializers.UserSerializer
+class UsersListView(mixins.CreateModelMixin, mixins.ListModelMixin, mixins.RetrieveModelMixin, viewsets.GenericViewSet):
+    model = User
+    serializer_class = UserSerializer
     permission_classes = [permissions.AllowAny]
+    queryset = User.objects.all().order_by("first_name", "last_name", "username")
+    filter_backends = [filters.SearchFilter]
+    search_fields = ["username", "first_name", "last_name"]
+    pagination_class = Pagination
+
+    def get_serializer(self, *args, **kwargs):
+        return super().get_serializer(*args, **kwargs)
 
 
 # Allows user to modify their own data only
@@ -24,13 +34,13 @@ class ModifyUserView(generics.RetrieveUpdateDestroyAPIView):
         permissions.IsAuthenticated,
         IsOwner
     ]
-    model = models.User
-    serializer_class = serializers.UserSerializer
+    model = User
+    serializer_class = UserSerializer
 
     def get_object(self):
-        return models.User.objects.get(pk=self.request.user.id)
+        return User.objects.get(pk=self.request.user.id)
 
     def retrieve(self, request, *args, **kwargs):
-        user = models.User.objects.get(pk=request.user.id)
-        serializer = serializers.UserSerializer(user)
+        user = User.objects.get(pk=request.user.id)
+        serializer = UserSerializer(user, context={"request":request})
         return Response(serializer.data)