diff --git a/core/apps/accounts/management/commands/seed_permissions.py b/core/apps/accounts/management/commands/seed_permissions.py index df5d03e..b32ada4 100644 --- a/core/apps/accounts/management/commands/seed_permissions.py +++ b/core/apps/accounts/management/commands/seed_permissions.py @@ -12,7 +12,8 @@ class Command(BaseCommand): { "code": "project_folder", "name": "project folder all access" - } + }, + {'code': 'delete_user', "name": 'can delete user permissions'} ] for perm in permissions: diff --git a/core/apps/accounts/serializers/user.py b/core/apps/accounts/serializers/user.py new file mode 100644 index 0000000..1e38c7e --- /dev/null +++ b/core/apps/accounts/serializers/user.py @@ -0,0 +1,28 @@ +from rest_framework import serializers + +from core.apps.accounts.models import User + + +class UserProfileSerializer(serializers.ModelSerializer): + permissions = serializers.SerializerMethodField(method_name='get_permissions') + + class Meta: + model = User + fields = [ + 'id', 'first_name', 'last_name', 'username', 'role', 'profile_image', 'permissions' + ] + extra_kwargs = {'role': {'read_only': True}, "permissions": {'read_only': True}} + + def get_permissions(self, obj): + if obj.role: + return obj.role.permissions.values_list('code', flat=True) + else: + return None + + def update(self, instance, validated_data): + instance.first_name = validated_data.get('first_name', instance.first_name) + instance.last_name = validated_data.get('last_name', instance.last_name) + instance.username = validated_data.get('first_name', instance.username) + instance.profile_image = validated_data.get('profile_image', instance.profile_image) + instance.save() + return instance \ No newline at end of file diff --git a/core/apps/accounts/urls.py b/core/apps/accounts/urls.py index 1a479ca..3419062 100644 --- a/core/apps/accounts/urls.py +++ b/core/apps/accounts/urls.py @@ -1,7 +1,16 @@ from django.urls import path, include from core.apps.accounts.views.login import LoginApiView +from core.apps.accounts.views.user import UserProfileApiView, UserProfileUpdateApiView, UserDeleteApiView + urlpatterns = [ path('auth/login/', LoginApiView.as_view(), name='login'), + path('user/', include( + [ + path('profile/', UserProfileApiView.as_view()), + path('profile/update/', UserProfileUpdateApiView.as_view()), + path('delete//', UserDeleteApiView.as_view()), + ] + )) ] \ No newline at end of file diff --git a/core/apps/accounts/views/user.py b/core/apps/accounts/views/user.py new file mode 100644 index 0000000..8826c6d --- /dev/null +++ b/core/apps/accounts/views/user.py @@ -0,0 +1,47 @@ +from django.shortcuts import get_object_or_404 + +from rest_framework import generics, views +from rest_framework.response import Response + +from core.apps.accounts.models import User +from core.apps.accounts.serializers import user as serializers +from core.apps.accounts.permissions.permissions import HasRolePermission + + +class UserProfileApiView(generics.GenericAPIView): + serializer_class = serializers.UserProfileSerializer + queryset = User.objects.all() + permission_classes = [HasRolePermission] + required_permissions = [] + + def get(self, request): + user = request.user + serializer = self.serializer_class(user) + return Response({ + "success": True, 'user_data': serializer.data + }, status=200) + + +class UserProfileUpdateApiView(generics.GenericAPIView): + serializer_class = serializers.UserProfileSerializer + queryset = User.objects.all() + permission_classes = [HasRolePermission] + required_permissions = [] + + def patch(self, request): + user = request.user + serializer = self.serializer_class(data=request.data, instance=user, partial=True) + if serializer.is_valid(): + serializer.save() + return Response({'success': True, 'message': 'updated'}, status=200) + return Response({"success": False, "message": serializer.errors}, status=400) + + +class UserDeleteApiView(views.APIView): + permission_classes = [HasRolePermission] + required_permissions = ['delete_user'] + + def delete(self, request, id): + user = get_object_or_404(User, id=id) + user.delete() + return Response(status=204) \ No newline at end of file