add: BaseApiViewMixin created, TODO: switch external endpoints to GenericAPIView and BaseApiViewMixin

README.MD

@@ -60,8 +60,8 @@ GET /companies/<uuid:pk>/contracts                          # user  # partial
 - - folder: uuid | None
 - - status: list[str]
 
-GET /companies/<uuid:pk>/folders                            # user  #! not working 
+GET /companies/<uuid:pk>/folders                            # user  # ok 
-POST /companies/<uuid:pk>/folders                           # user  #! not working
+POST /companies/<uuid:pk>/folders                           # user  # ok
 
 GET /companies/<uuid:pk>/accounts                           # user  # ok
 POST /companies/<uuid:pk>/accounts                          # user  #! TODO
@@ -116,10 +116,9 @@ PATCH /contract-owners/<uuid:pk>                           # admin  # ok
 
 GET /contract-owners/<uuid:pk>/contract                     # user  # ok  |  full contract data return
 
-POST /contract-owners/<uuid:pk>/files                       # user  # ok
+POST /contract-owners/<uuid:pk>/files                       # user  #! not ok
+GET /contract-owners/<uuid:pk>/files                        # user  #! not ok  |  full data return
 DELETE /contract-owners/<uuid:pk>/files/<uuid:pk>           # user  # ok
-<!-- PATCH /contract-owners/<uuid:pk>/files/<uuid:pk>            # user -->
-GET /contract-owners/<uuid:pk>/files                        # user  # not ok  |  full data return
 
 POST /contract-owners/<uuid:pk>/files/<uuid:pk>/upload      # user  # ok
 

core/apps/companies/urls.py

@@ -5,14 +5,23 @@ from . import views
 
 router = DefaultRouter()
 
-router.register(r"company-accounts", views.CompanyAccountView, "company-account")  # type: ignore
+router.register(r"company-accounts", views.CompanyAccountCrudViewSet, "company-account-view-set")  # type: ignore
-router.register(r"company-folders", views.CompanyFolderView, "company-folders")  # type: ignore
+router.register(r"company-folders", views.CompanyFolderCrudViewSet, "company-folders-view-set")  # type: ignore
-router.register(r"companies", views.CompanyView, "companies")  # type: ignore
+# router.register(r"company-folders", views.ContractFolderApiView, "folders-contracts-view-set")  # type: ignore
-router.register(r"companies", views.CompanyFolderViewSet, "companies-folders")  # type: ignore
+router.register(r"companies", views.CompanyCrudViewSet, "companies-view-set")  # type: ignore
-router.register(r"companies", views.CompanyAccountViewSet, "companies-accounts")  # type: ignore
+# router.register(r"companies", views.CompanyAccountView, "companies-accounts-view")  # type: ignore
-router.register(r"companies", views.CompanyContractViewSet, "companies-contracts")  # type: ignore
 
 
-urlpatterns = [
+urlpatterns: list[object] = [
     path("", include(router.urls)),  # type: ignore
+    path(
+        r"companies/<uuid:pk>/folders", 
+        views.CompanyFolderApiView.as_view(), 
+        name="company-folders-api-view"
+    ),
+    path(
+        r"companies/<uuid:pk>/contracts",
+        views.CompanyContractApiView.as_view(),
+        name="company-contracts"
+    )
 ]

core/apps/companies/views/accounts.py

@@ -1,7 +1,7 @@
-from django_core.mixins import BaseViewSetMixin
+from django_core.mixins import BaseViewSetMixin  # type: ignore
 from drf_spectacular.utils import extend_schema
-from rest_framework.permissions import IsAdminUser, AllowAny
+from rest_framework.permissions import IsAdminUser, AllowAny  # type: ignore
-from rest_framework.viewsets import ModelViewSet
+from rest_framework.viewsets import ModelViewSet  # type: ignore
 
 from core.apps.companies.models import CompanyAccountModel
 from core.apps.companies.serializers.accounts import (
@@ -12,9 +12,11 @@ from core.apps.companies.serializers.accounts import (
     DestroyCompanyAccountSerializer,
 )
 
-
+######################################################################
+# Crud
+######################################################################
 @extend_schema(tags=["CompanyAccount"])
-class CompanyAccountView(BaseViewSetMixin, ModelViewSet):
+class CompanyAccountCrudViewSet(BaseViewSetMixin, ModelViewSet):
     queryset = CompanyAccountModel.objects.all()
     serializer_class = ListCompanyAccountSerializer
     permission_classes = [AllowAny]
@@ -26,7 +28,7 @@ class CompanyAccountView(BaseViewSetMixin, ModelViewSet):
         "update": [IsAdminUser],
         "destroy": [IsAdminUser],
     }
-    action_serializer_class = {
+    action_serializer_class = {  # type: ignore
         "list": ListCompanyAccountSerializer,
         "retrieve": RetrieveCompanyAccountSerializer,
         "create": CreateCompanyAccountSerializer,

core/apps/companies/views/companies.py

@@ -1,5 +1,4 @@
-import uuid
+from typing import Any
-
 from django_core.mixins import BaseViewSetMixin  # type: ignore
 from django.contrib.auth import get_user_model
 
@@ -8,10 +7,13 @@ from drf_spectacular.utils import extend_schema
 from rest_framework.decorators import action  # type: ignore
 from rest_framework.permissions import AllowAny, IsAdminUser  # type: ignore
 from rest_framework.viewsets import ModelViewSet, GenericViewSet  # type: ignore
+from rest_framework.generics import GenericAPIView  # type: ignore
 from rest_framework.request import HttpRequest  # type: ignore
 from rest_framework.response import Response  # type: ignore
 from rest_framework import status  # type: ignore
+from rest_framework.generics import get_object_or_404  # type: ignore
 
+from core.utils.views import BaseApiViewMixin
 from core.apps.companies.permissions import IsCompanyAccount
 from core.apps.companies.models import (
     CompanyModel,
@@ -26,7 +28,6 @@ from core.apps.companies.serializers import (
     DestroyCompanySerializer,
 
     RetrieveCompanyAccountSerializer,
-    BaseCompanyAccountSerializer,
 
     RetrieveCompanyFolderSerializer,
     CreateFolderForCompanySerializer,
@@ -44,10 +45,10 @@ UserModel = get_user_model()
 
 
 ######################################################################
-# View Only For Company CRUD That Belongs To Admin.
+# Crud
 ######################################################################
 @extend_schema(tags=["Company"])
-class CompanyView(BaseViewSetMixin, ModelViewSet):
+class CompanyCrudViewSet(BaseViewSetMixin, ModelViewSet):
     queryset = CompanyModel.objects.all()
     serializer_class = ListCompanySerializer
     permission_classes = [AllowAny]
@@ -71,16 +72,16 @@ class CompanyView(BaseViewSetMixin, ModelViewSet):
 ######################################################################
 # company/<uuid:pk>/contract Views
 ######################################################################
-class CompanyContractViewSet(BaseViewSetMixin, GenericViewSet):
+class CompanyContractApiView(BaseApiViewMixin, GenericAPIView):  # type: ignore
     queryset = CompanyModel.objects.all()
-    permission_classes = [AllowAny]
+    permission_classes = [IsCompanyAccount]
     serializer_class = BaseContractSerializer
 
-    action_permission_classes = {
+    method_permission_classes = {
-        "list_contract": [IsCompanyAccount]
+        "get": [IsCompanyAccount],
     }
-    action_serializer_class = {
+    method_serializer_class = {
-        "list_contract": RetrieveContractSerializer
+        "get": RetrieveContractSerializer,
     }
 
     #! TODO: status should be added.
@@ -88,8 +89,7 @@ class CompanyContractViewSet(BaseViewSetMixin, GenericViewSet):
         summary="Company Contracts",
         description="Get List Company Contracts"
     )
-    @action(methods=["GET"], detail=True, url_path="contracts")
+    def get(
-    def list_contract(
         self,
         request: HttpRequest,
         *args: object, 
@@ -112,18 +112,20 @@ class CompanyContractViewSet(BaseViewSetMixin, GenericViewSet):
 ######################################################################
 # company/<uuid:pk>/accounts Views
 ######################################################################
-class CompanyAccountViewSet(BaseViewSetMixin, GenericViewSet):
+class CompanyAccountView(GenericAPIView):
     queryset = CompanyModel.objects.all()
-    serializer_class = BaseCompanyAccountSerializer
+    serializer_class = None
-    permission_classes = [AllowAny]
+    permission_classes = [IsCompanyAccount]
 
-    action_permission_classes = {
-        "list_account": [IsCompanyAccount]
-    }
     action_serializer_class = {
         "list_account": RetrieveCompanyAccountSerializer
     }
 
+    def get_serializer_class(self):
+        if self.request.method == "GET":
+            return RetrieveCompanyAccountSerializer
+        return RetrieveCompanyFolderSerializer
+
     @extend_schema(
         summary="List company accounts",
         description="List Company Accounts"
@@ -144,36 +146,26 @@ class CompanyAccountViewSet(BaseViewSetMixin, GenericViewSet):
 ######################################################################
 # company/<uuid:pk>/folders Views
 ######################################################################
-class CompanyFolderViewSet(BaseViewSetMixin, GenericViewSet):
+class CompanyFolderApiView(GenericAPIView):
     queryset = CompanyModel.objects.all()
-    permission_classes = [AllowAny]
+    permission_classes = [IsCompanyAccount]
 
-    action_permission_classes = {
+    def get_serializer_class(self):  # type: ignore
-        "list_folder": [IsCompanyAccount],
+        if self.request.method == "POST":
-        "create_folder": [IsCompanyAccount],
+            return CreateFolderForCompanySerializer
-    }
+        return RetrieveCompanyFolderSerializer
-    action_serializer_class = {  # type: ignore
-        "list_folder": RetrieveCompanyFolderSerializer, 
-        "create_folder": CreateFolderForCompanySerializer,
-    }
 
-    @extend_schema(
+    @extend_schema(summary="List Company Folders")
-        summary="List Company Folders",
+    def get(self, request: HttpRequest, *args: object, **kwargs: object) -> Response:
-        description="List Company Folders"
-    )
-    @action(methods=["GET"], detail=True, url_path="folders")
-    def list_folder(self, pk: uuid.UUID, *args: object, **kwargs: object) -> Response:
-        folders = CompanyFolderModel.objects.filter(company__id=pk)
-        ser = self.get_serializer(instance=folders, many=True)  # type: ignore
-        return Response(data=ser.data, status=status.HTTP_200_OK)
-    
-    @extend_schema(
-        summary="Create Folder for company",
-        description="Create Folder for company",
-    )
-    @action(url_path="folders", detail=True, methods=["POST"])
-    def create_folder(self, request: HttpRequest, *args: object, **kwargs: object) -> Response:
         company = self.get_object()
-        ser = self.get_serializer(data=data, context={"company": company})  # type: ignore
+        folders = CompanyFolderModel.objects.filter(company=company)
-        ser.is_valid(raise_exception=True)
+        serializer = self.get_serializer(instance=folders, many=True)
-        return Response(data=ser.data, status=status.HTTP_201_CREATED)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+    @extend_schema(summary="Create Folder for Company")
+    def post(self, request: HttpRequest, *args: object, **kwargs: object):
+        company = self.get_object()
+        serializer = self.get_serializer(data=request.data, context={"company_id": company.pk})
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data, status=status.HTTP_201_CREATED)

core/apps/companies/views/folders.py

@@ -1,10 +1,12 @@
 from typing import cast
 
 from django_core.mixins import BaseViewSetMixin  # type: ignore
+from django.db import transaction
 from drf_spectacular.utils import extend_schema
 from rest_framework.decorators import action  # type: ignore
 from rest_framework.permissions import AllowAny, IsAdminUser  # type: ignore
-from rest_framework.viewsets import ModelViewSet  # type: ignore
+from rest_framework.viewsets import ModelViewSet, GenericViewSet  # type: ignore
+from rest_framework.generics import GenericAPIView  # type: ignore
 from rest_framework.request import HttpRequest  # type: ignore
 from rest_framework.response import Response  # type: ignore
 from rest_framework import status  # type: ignore
@@ -21,10 +23,12 @@ from core.apps.companies.serializers.folders import (
 )
 
 
+######################################################################
+# Crud
+######################################################################
 @extend_schema(tags=["CompanyFolder"])
-class CompanyFolderView(BaseViewSetMixin, ModelViewSet):
+class CompanyFolderCrudViewSet(BaseViewSetMixin, ModelViewSet):
     queryset = CompanyFolderModel.objects.all()
-    serializer_class = ListCompanyFolderSerializer
     permission_classes = [AllowAny]
 
     action_permission_classes = {  # type: ignore
@@ -33,7 +37,6 @@ class CompanyFolderView(BaseViewSetMixin, ModelViewSet):
         "create": [IsAdminUser],
         "update": [IsAdminUser],
         "destroy": [IsAdminUser],
-        "create_contract": [IsFolderOwner]
     }
     action_serializer_class = {  # type: ignore
         "list": ListCompanyFolderSerializer,
@@ -41,24 +44,33 @@ class CompanyFolderView(BaseViewSetMixin, ModelViewSet):
         "create": CreateCompanyFolderSerializer,
         "update": UpdateCompanyFolderSerializer,
         "destroy": DestroyCompanyFolderSerializer,
-        "create_contract": CreateContractSerializer,
     }
 
+
+######################################################################
+# /contract-folders/<uuid:pk>/contracts
+######################################################################
+class ContractFolderApiView(GenericAPIView):
+    queryset = CompanyFolderModel.objects.all()
+    permission_classes = [AllowAny]
+    serializer_class = None
+
+    def get_serializer_class(self):  # type: ignore
+        if self.request.method == "POST":
+            return CreateContractSerializer
+        return self.serializer_class
+
     @extend_schema(
         summary="Create Contract For Folder",
         description="Create Contract For Folder",
     )
     @action(methods=["POST"], detail=True, url_path="contracts")
-    def create_contract(
+    def create_contract(self, request: HttpRequest, *args: object, **kwargs: object) -> Response:
-        self,
+        with transaction.atomic():
-        request: HttpRequest,
+            folder = cast(CompanyFolderModel, self.get_object())
-        *args: object,
+            ser = cast(CreateContractSerializer, self.get_serializer(data=request.data))  # type: ignore
-        **kwargs: object
-    ) -> Response:
-        ser = cast(
-            CreateContractSerializer, 
-            self.get_serializer(data=request.data)  # type: ignore
-        )
             ser.is_valid(raise_exception=True)
-        ser.save()
+            contract = ser.save()
+            folder.contracts.add(contract)
         return Response(ser.data, status.HTTP_201_CREATED)
+    

core/apps/contracts/urls.py

@@ -10,7 +10,7 @@ router.register(r"contracts", views.ContractView, "contracts")  # type: ignore
 router.register(r"contracts", views.ContractRelationsViewSet, "contract-relations")  # type: ignore
 router.register(r"contract-file-contents", views.ContractFileContentView, "contract-file-contents")  # type: ignore
 router.register(r"contract-owners", views.ContractOwnerView, "contract-owners")  # type: ignore
-router.register(r"contract-owners", views.ContractOwnerFileViewSet, "contract-owner-files")  # type: ignore
+# router.register(r"contract-owners", views.CompanyFolderCrudViewSet, "contract-owner-files")  # type: ignore
 
 urlpatterns = [  # type: ignore
     path("", include(router.urls)),  # type: ignore

core/apps/contracts/views/owners.py

@@ -54,59 +54,55 @@ class ContractOwnerView(BaseViewSetMixin, ModelViewSet):
     }
 
 
-class ContractOwnerFileViewSet(BaseViewSetMixin, ModelViewSet):
+# class ContractOwnerFileViewSet(BaseViewSetMixin, ModelViewSet):
-    queryset = ContractOwnerModel.objects.all()
+#     queryset = ContractOwnerModel.objects.all()
-    serializer_class = RetrieveContractAttachedFileSerializer
+#     serializer_class = RetrieveContractAttachedFileSerializer
-    permission_classes = [AllowAny]
+#     permission_classes = [AllowAny]
 
-    # action_permission_classes = {
+#     action_serializer_class = {  # type: ignore
-        # "create_file": [AllowAny],
+#         "list_file": RetrieveContractAttachedFileSerializer,
-        # "list_file": [AllowAny]
+#         "create_file": CreateContractAttachedFileSerializer,
 #     }
-    action_serializer_class = {  # type: ignore
-        "list_file": RetrieveContractAttachedFileSerializer,
-        "create_file": CreateContractAttachedFileSerializer,
-    }
 
-    @extend_schema(
+#     @extend_schema(
-        summary="Contract Files Related to Owner",
+#         summary="Contract Files Related to Owner",
-        description="Contract Files Related to Owner",
+#         description="Contract Files Related to Owner",
-    )
+#     )
-    @action(url_path="files", methods=["GET"], detail=True)
+#     @action(url_path="files", methods=["GET"], detail=True)
-    def list_file(
+#     def list_file(
-        self,
+#         self,
-        request: HttpRequest,
+#         request: HttpRequest,
-        *args: object,
+#         *args: object,
-        **kwargs: object,
+#         **kwargs: object,
-    ) -> Response:
+#     ) -> Response:
-        owner = cast(ContractOwnerModel, self.get_object())
+#         owner = cast(ContractOwnerModel, self.get_object())
-        files = ContractAttachedFileModel.objects.filter(
+#         files = ContractAttachedFileModel.objects.filter(
-            contract__owners=owner, contents__owner=owner
+#             contract__owners=owner, contents__owner=owner
-        ).select_related("contents")
+#         ).select_related("contents")
-        serializer = self.get_serializer(instance=files, many=True)
+#         serializer = self.get_serializer(instance=files, many=True)
-        return Response(serializer.data, status.HTTP_200_OK)
+#         return Response(serializer.data, status.HTTP_200_OK)
 
-    @extend_schema(
+#     @extend_schema(
-        summary="Create Contract Files Related to Owner",
+#         summary="Create Contract Files Related to Owner",
-        description="Create Contract Files Related to Owner"
+#         description="Create Contract Files Related to Owner"
-    )
+#     )
-    @action(url_path="files", methods=["GET"], detail=True)
+#     @action(url_path="files", methods=["GET"], detail=True)
-    def create_file(
+#     def create_file(
-        self,
+#         self,
-        request: HttpRequest,
+#         request: HttpRequest,
-        *args: object,
+#         *args: object,
-        **kwargs: object,
+#         **kwargs: object,
-    ) -> Response:
+#     ) -> Response:
-        owner = cast(
+#         owner = cast(
-            ContractOwnerModel, 
+#             ContractOwnerModel, 
-            self.get_queryset().select_related("contract")
+#             self.get_queryset().select_related("contract")
-        )
+#         )
-        if not owner.contract.allow_add_files:
+#         if not owner.contract.allow_add_files:
-            raise PermissionDenied(_("Attaching new files was restricted for this contract."))
+#             raise PermissionDenied(_("Attaching new files was restricted for this contract."))
-        ser = self.get_serializer(data=request.data)
+#         ser = self.get_serializer(data=request.data)
-        ser.is_valid(raise_exception=True)
+#         ser.is_valid(raise_exception=True)
-        ser.save()  # type: ignore
+#         ser.save()  # type: ignore
-        return Response(ser.data, status.HTTP_201_CREATED)
+#         return Response(ser.data, status.HTTP_201_CREATED)
 
 
 class ContractAttachedFileDeleteView(APIView):

core/utils/views.py

@@ -0,0 +1,93 @@
+from typing import Sequence, cast, Type, override
+
+from rest_framework.request import HttpRequest  # type: ignore
+from rest_framework.response import Response  # type: ignore
+from rest_framework.serializers import Serializer  # type: ignore
+from rest_framework.permissions import BasePermission  # type: ignore
+
+
+class BaseApiViewMixin:
+    """
+    A reusable mixin for DRF GenericAPIView-based views, inspired by `BaseViewSetMixin`.
+
+    This mixin provides method-specific serializer and permission class resolution,
+    and overrides `finalize_response()` to return a standardized response structure.
+    """
+    serializer_class: Type[Serializer]
+    permission_classes: Sequence[Type[BasePermission]]
+
+    method_serializer_class: dict[str, Type[Serializer]] = {}
+    method_permission_classes: dict[str, Sequence[Type[BasePermission]]] = {}
+
+    @override
+    def finalize_response(  # type: ignore
+        self, 
+        request: HttpRequest, 
+        response: Response, 
+        *args: object, 
+        **kwargs: object
+    ) -> Response:
+        """
+        Finalizes the response by wrapping it in a standardized format.
+
+        - If the status code is 2xx, the response is wrapped as: {"ok": True, "data": ...}
+        - If the status code is >= 400, the response becomes: {"ok": False, "data": ...}
+        - If the status code is 204 (No Content), the response is left untouched.
+
+        This behavior is designed to mimic the uniform API structure used in `BaseViewSetMixin`.
+
+        Returns:
+            Response: A DRF Response object with standardized content structure.
+        """
+        if response.status_code >= 400:
+            response.data = {"ok": False, "data": response.data}  # type: ignore
+        elif response.status_code == 204:
+            pass
+        else:
+            response.data = {"ok": True, "data": response.data}  # type: ignore
+        return super().finalize_response(request, response, *args, **kwargs)  # type: ignore
+
+    @override
+    def get_serializer_class(self) -> Type[Serializer]:  # type: ignore
+        """
+        Returns the serializer class based on the current request method.
+
+        Falls back to the default `serializer_class` if no method-specific
+        serializer is provided in `method_serializer_class`.
+
+        Returns:
+            Type[Serializer]: The resolved serializer class.
+        """
+        return self.method_serializer_class.get(
+            self.__get_request_method(), 
+            self.serializer_class
+        )
+    
+    @override
+    def get_permissions(self) -> list[BasePermission]:  # type: ignore
+        """
+        Returns a list of permission instances based on the current request method.
+
+        Falls back to the default `permission_classes` if no method-specific
+        permissions are defined in `method_permission_classes`.
+
+        Returns:
+            list[BasePermission]: A list of permission instances.
+        """
+        return [
+            permission()
+            for permission in self.method_permission_classes.get(
+                self.__get_request_method(), self.permission_classes
+            )
+        ]
+    
+    def __get_request_method(self) -> str:
+        """
+        Returns the HTTP method of the current request in lowercase form.
+
+        Used internally to resolve method-specific serializers and permissions.
+
+        Returns:
+            str: The request method (e.g., 'get', 'post', 'put', etc.).
+        """
+        return cast(str, self.request.method).lower()  # type: ignore  # noqa