from django.contrib.auth import get_user_model from django.shortcuts import get_object_or_404 from django_core.mixins import BaseViewSetMixin from drf_spectacular.utils import extend_schema from rest_framework import generics, filters from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from rest_framework.views import APIView from rest_framework.viewsets import ModelViewSet from core.apps.accounts.choices.user import RoleChoice from core.apps.accounts.models import Role from core.apps.accounts.serializers.permission import RoleListSerializer from core.apps.accounts.serializers.user import UserSerializer, AdminUserSerializer, UserCreateSerializer User = get_user_model() @extend_schema(tags=['User']) class UserListApiView(generics.ListAPIView): queryset = User.objects.filter(role=RoleChoice.USER) serializer_class = UserSerializer permission_classes = [IsAuthenticated] filter_backends = [filters.SearchFilter] search_fields = ['phone', 'first_name', 'last_name'] def serializer_context(self): return self.serializer_class(context={"request": self.request}) @extend_schema(tags=['User']) class AdminUserListApiView(generics.ListAPIView): queryset = User.objects.exclude(role=RoleChoice.USER) serializer_class = UserSerializer permission_classes = [IsAuthenticated] filter_backends = [filters.SearchFilter] search_fields = ['phone', 'first_name', 'last_name'] @extend_schema(tags=["User"], request=AdminUserSerializer) class AdminUserView(BaseViewSetMixin, ModelViewSet): queryset = User.objects.filter(role=RoleChoice.USER) serializer_class = AdminUserSerializer permission_classes = [IsAuthenticated] filter_backends = [filters.SearchFilter] search_fields = ['phone', 'first_name', 'last_name'] def serializer_context(self): return self.serializer_class(context={"request": self.request}) @extend_schema(tags=['User'], responses={200: UserSerializer}, request=UserCreateSerializer) class AdminCreateAPIView(APIView): permission_classes = [IsAuthenticated] def post(self, request): if request.user.role not in (RoleChoice.SUPERUSER, RoleChoice.ADMIN): return Response({'detail': 'Forbidden'}, status=403) serializer = UserCreateSerializer(data=request.data) serializer.is_valid(raise_exception=True) serializer.save() return Response(serializer.data, status=201) @extend_schema(tags=['User'], ) class AdminUpdateAPIView(generics.GenericAPIView): permission_classes = [IsAuthenticated] serializer_class = UserCreateSerializer def put(self, request, pk): if request.user.role not in (RoleChoice.SUPERUSER, RoleChoice.ADMIN): return Response({'detail': 'Forbidden'}, status=403) user = get_object_or_404(User, pk=pk) serializer = UserCreateSerializer(user, data=request.data) serializer.is_valid(raise_exception=True) serializer.save() return Response(serializer.data, status=200) class DeleteAdminUserApiView(APIView): permission_classes = [IsAuthenticated] def delete(self, request, pk): if request.user.role != RoleChoice.SUPERUSER: return Response({'detail': 'Forbidden'}, status=403) user = get_object_or_404(User, pk=pk) if user.role != RoleChoice.ADMIN: return Response({'detail': 'This user is not an admin'}, status=400) user.delete() return Response(status=204) class UserDetailAPIView(generics.RetrieveAPIView): permission_classes = [IsAuthenticated] serializer_class = UserSerializer lookup_field = 'id' class AdminPermissionsAPIView(generics.GenericAPIView): permission_classes = [IsAuthenticated] queryset = User.objects.all() def get(self, request): if request.user.role.name != RoleChoice.ADMIN: return Response({'detail': 'Forbidden'}, status=403) admin_role = Role.objects.get(name=RoleChoice.ADMIN) serializer = RoleListSerializer(admin_role) return Response(serializer.data)