Auth and User CRUD

2025-12-08 11:33:18 +01:00 · 2025-12-08 11:33:18 +01:00 · eb9fdade9b
commit eb9fdade9b
parent 1c36785c8d
22 changed files with 399 additions and 19 deletions
--- a/.env.example
+++ b/.env.example
@ -0,0 +1,2 @@
 ENVIRONMENT=dev|prod
 SECRET_KEY=
--- a/manage_dev.py
+++ b/manage_dev.py
@ -6,7 +6,7 @@ import sys
 def main():
    """Run administrative tasks."""
-    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'project.settings')
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'project.settings.dev')
    try:
        from django.core.management import execute_from_command_line
    except ImportError as exc:
--- a/project/serializers.py
+++ b/project/serializers.py
@ -0,0 +1,4 @@
 from rest_framework import serializers
 class MessageResponseSerializer(serializers.Serializer):
    detail = serializers.CharField()
--- a/project/settings/init.py
+++ b/project/settings/init.py
--- a/project/settings/base.py
+++ b/project/settings/base.py
@ -1,7 +1,7 @@
 """
 Django settings for project project.
-Generated by 'django-admin startproject' using Django 5.2.9.
+Generated by 'django-admin startproject' using Django 5.2.8.
 For more information on this file, see
 https://docs.djangoproject.com/en/5.2/topics/settings/
@ -10,20 +10,23 @@ For the full list of settings and their values, see
 https://docs.djangoproject.com/en/5.2/ref/settings/
 """
 import os
 from pathlib import Path
 import dotenv
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
-BASE_DIR = Path(__file__).resolve().parent.parent
+BASE_DIR = Path(__file__).resolve().parent.parent.parent
 dotenv_file = os.path.join(BASE_DIR, ".env")
 if os.path.isfile(dotenv_file):
    dotenv.load_dotenv(dotenv_file)
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'django-insecure-l8klj*l0pb$ja!@0588%t21o237*m!dj2&1ij+_n0-&3c&5j6x'
+SECRET_KEY = os.environ['SECRET_KEY']
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 ALLOWED_HOSTS = []
@ -37,9 +40,19 @@ INSTALLED_APPS = [
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'users.apps.UsersConfig',
    'corsheaders',
    'rest_framework',
    'rest_framework.authtoken',
    'django_filters',
    'drf_spectacular',
 ]
 MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
@ -51,6 +64,25 @@ MIDDLEWARE = [
 ROOT_URLCONF = 'project.urls'
 SPECTACULAR_SETTINGS = {
    'TITLE': 'Gallery API',
    'DESCRIPTION': 'Gallery project for agilni',
    'VERSION': '1.0.0',
    'COMPONENT_SPLIT_REQUEST': True
 }
 CORS_ALLOW_ALL_ORIGINS = True
 REST_FRAMEWORK = {
    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
    'PAGE_SIZE': 20,
    'DEFAULT_AUTHENTICATION_CLASSES': [
        'rest_framework.authentication.TokenAuthentication',
    ],
    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
    'DEFAULT_FILTER_BACKENDS': ['django_filters.rest_framework.DjangoFilterBackend'],
 }
 TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
@ -69,17 +101,6 @@ TEMPLATES = [
 WSGI_APPLICATION = 'project.wsgi.application'
 # Database
 # https://docs.djangoproject.com/en/5.2/ref/settings/#databases
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
 }
 # Password validation
 # https://docs.djangoproject.com/en/5.2/ref/settings/#auth-password-validators
@ -115,8 +136,17 @@ USE_TZ = True
 # https://docs.djangoproject.com/en/5.2/howto/static-files/
 STATIC_URL = 'static/'
 STATIC_ROOT = os.path.join(BASE_DIR, 'static')
 MEDIA_URL = '/media/'
 MEDIA_ROOT = os.path.join(BASE_DIR, 'media')
 # Default primary key field type
 # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
 # Custom user model
 # https://docs.djangoproject.com/en/5.2/topics/auth/customizing/
 AUTH_USER_MODEL = 'users.User'
--- a/project/settings/dev.py
+++ b/project/settings/dev.py
@ -0,0 +1,12 @@
 from .base import *
 ALLOWED_HOSTS = ['*']
 DEBUG = True
 DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
 }
--- a/project/settings/prod.py
+++ b/project/settings/prod.py
@ -0,0 +1,3 @@
 from .base import *
 DEBUG = False
--- a/project/settings_context.py
+++ b/project/settings_context.py
@ -0,0 +1,7 @@
 import os
 ENVIRONMENT = os.getenv('ENVIRONMENT', 'prod')
 if ENVIRONMENT == 'dev':
    from project.settings.dev import *
 else:
    from project.settings.prod import *
--- a/project/urls.py
+++ b/project/urls.py
@ -14,9 +14,16 @@ Including another URLconf
    1. Import the include() function: from django.urls import include, path
    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView
 from django.contrib import admin
-from django.urls import path
+from django.urls import path, include
 urlpatterns = [
    path('admin/', admin.site.urls),
    path('api/schema/', SpectacularAPIView.as_view(), name='schema'),
    path('swagger/', SpectacularSwaggerView.as_view(url_name='schema'), name='swagger-ui'),
    path('api/', include([
        path('', include('users.urls'))
    ])),
 ]
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,7 @@
 asgiref==3.11.0
 Django==5.2.9
 django-cors-headers==4.9.0
 django-rest-framework==0.1.0
 djangorestframework==3.16.1
 python-dotenv==1.2.1
 sqlparse==0.5.4
--- a/users/init.py
+++ b/users/init.py
--- a/users/admin.py
+++ b/users/admin.py
@ -0,0 +1,8 @@
 from django.contrib import admin
 from .models import User
 # Register your models here.
 class UserAdmin(admin.ModelAdmin):
    list_display = ('username', 'school_index', 'role', 'is_superuser', 'last_login', 'date_joined')
 admin.site.register(User, UserAdmin)
--- a/users/apps.py
+++ b/users/apps.py
@ -0,0 +1,6 @@
 from django.apps import AppConfig
 class UsersConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'users'
--- a/users/migrations/0001_initial.py
+++ b/users/migrations/0001_initial.py
@ -0,0 +1,45 @@
 # Generated by Django 5.2.9 on 2025-12-03 12:25
 import django.contrib.auth.models
 import django.contrib.auth.validators
 import django.utils.timezone
 from django.db import migrations, models
 class Migration(migrations.Migration):
    initial = True
    dependencies = [
        ('auth', '0012_alter_user_first_name_max_length'),
    ]
    operations = [
        migrations.CreateModel(
            name='User',
            fields=[
                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('password', models.CharField(max_length=128, verbose_name='password')),
                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
                ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')),
                ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')),
                ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')),
                ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')),
                ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')),
                ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')),
                ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')),
                ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')),
                ('role', models.CharField(choices=[('common', 'Common'), ('prof', 'Professor')], default='common', max_length=20)),
                ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')),
                ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')),
            ],
            options={
                'verbose_name': 'user',
                'verbose_name_plural': 'users',
                'abstract': False,
            },
            managers=[
                ('objects', django.contrib.auth.models.UserManager()),
            ],
        ),
    ]
--- a/users/migrations/0002_user_school_id.py
+++ b/users/migrations/0002_user_school_id.py
@ -0,0 +1,19 @@
 # Generated by Django 5.2.9 on 2025-12-03 12:43
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('users', '0001_initial'),
    ]
    operations = [
        migrations.AddField(
            model_name='user',
            name='school_id',
            field=models.CharField(default=1, max_length=8),
            preserve_default=False,
        ),
    ]
--- a/users/migrations/0003_schoolid_remove_user_school_id_user_school_index.py
+++ b/users/migrations/0003_schoolid_remove_user_school_id_user_school_index.py
@ -0,0 +1,31 @@
 # Generated by Django 5.2.9 on 2025-12-05 11:38
 import django.db.models.deletion
 from django.db import migrations, models
 class Migration(migrations.Migration):
    dependencies = [
        ('users', '0002_user_school_id'),
    ]
    operations = [
        migrations.CreateModel(
            name='SchoolID',
            fields=[
                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
                ('school_index', models.CharField(db_index=True, max_length=8)),
            ],
        ),
        migrations.RemoveField(
            model_name='user',
            name='school_id',
        ),
        migrations.AddField(
            model_name='user',
            name='school_index',
            field=models.ForeignKey(default=1, on_delete=django.db.models.deletion.CASCADE, to='users.schoolid'),
            preserve_default=False,
        ),
    ]
--- a/users/migrations/init.py
+++ b/users/migrations/init.py
--- a/users/models.py
+++ b/users/models.py
@ -0,0 +1,28 @@
 from django.db import models
 from django.db.models import Q
 from django.contrib.auth.models import AbstractUser
 from django.contrib.auth import authenticate
 # Create your models here.
 class SchoolID(models.Model):
    school_index        = models.CharField(max_length=8, db_index=True, unique=True)
    def __str__(self):
        return self.school_index
 class User(AbstractUser):
    class Roles(models.TextChoices):
        COMMON = 'common', 'Common'
        PROFESSOR = 'prof', 'Professor'
    school_index        = models.ForeignKey(SchoolID, on_delete=models.CASCADE)
    role                = models.CharField(max_length=20, choices=Roles, default=Roles.COMMON)
    @staticmethod
    def authenticate(request, username_or_schoolid, password):
        user = User.objects.filter(Q(username=username_or_schoolid) | Q(school_index__school_index=username_or_schoolid)).first()
        if not user:
            return False
        return authenticate(request, username=user.username, password=password)
--- a/users/serializers.py
+++ b/users/serializers.py
@ -0,0 +1,63 @@
 from rest_framework import serializers
 from .models import User, SchoolID
 class SchoolIDSerializer(serializers.ModelSerializer):
    class Meta:
        model = SchoolID
        fields = ('id', 'school_index')
 class UserSerializer(serializers.ModelSerializer):
    is_superuser = serializers.BooleanField(read_only=True)
    school_index_object = SchoolIDSerializer(source='school_index', read_only=True)
    class Meta:
        model = User
        fields = ('id', 'username', 'school_index_object', 'school_index', 'email', 'role', 'is_superuser')
 class UserForAdminSerializer(UserSerializer):
    is_superuser = serializers.BooleanField()
 class LoginSerializer(serializers.Serializer):
    username = serializers.CharField()
    password = serializers.CharField()
 class TokenSerializer(serializers.Serializer):
    token = serializers.CharField()
 class RegisterSerializer(serializers.Serializer):
    username = serializers.CharField(max_length=150)
    email = serializers.EmailField()
    first_name = serializers.CharField(max_length=30, required=True, allow_blank=False)
    last_name = serializers.CharField(max_length=30, required=True, allow_blank=False)
    school_index = serializers.CharField(max_length=8, required=True)
    password = serializers.CharField(write_only=True, min_length=8)
    def validate_school_index(self, value):
        """
        Check that school with this id is exists
        """
        try:
            school = SchoolID.objects.get(school_index=value)
            user_exists = User.objects.filter(school_index=school).exists()    
            if user_exists:
                raise serializers.ValidationError("User with this school ID already exists")
        except SchoolID.DoesNotExist:
            raise serializers.ValidationError("This school id is not exists")
        return school
    def create(self, validated_data):
        school = validated_data.pop('school_index')
        user = User.objects.create_user(
            username=validated_data['username'],
            email=validated_data['email'],
            first_name=validated_data.get('first_name'),
            last_name=validated_data.get('last_name'),
            password=validated_data['password'],
            school_index=school
        )
        return user
--- a/users/tests.py
+++ b/users/tests.py
@ -0,0 +1,3 @@
 from django.test import TestCase
 # Create your tests here.
--- a/users/urls.py
+++ b/users/urls.py
@ -0,0 +1,17 @@
 from django.contrib import admin
 from django.urls import path, include
 from .views import *
 urlpatterns = [
    path('auth/', include([
        path('me/', AboutMeView.as_view()),
        path('login/', LoginView.as_view()),
        path('register/', RegisterView.as_view()),
    ])),
    path('users/', include([
        path('<int:pk>/', UserAPIView.as_view()),
        path('', UserListAPIView.as_view())
    ])),
 ]
--- a/users/views.py
+++ b/users/views.py
@ -0,0 +1,88 @@
 from django.shortcuts import render
 from django.shortcuts import get_object_or_404
 from rest_framework.request import Request
 from rest_framework.response import Response
 from rest_framework import status
 from rest_framework.views import APIView
 from rest_framework.generics import RetrieveUpdateDestroyAPIView, ListAPIView, RetrieveAPIView
 from rest_framework.permissions import IsAuthenticated, IsAdminUser
 from rest_framework.authtoken.models import Token
 from drf_spectacular.utils import extend_schema
 from project.serializers import MessageResponseSerializer
 from .models import User
 from .serializers import UserSerializer, LoginSerializer, RegisterSerializer, TokenSerializer, UserForAdminSerializer
 # Create your views here.
@extend_schema(tags=['Auth'],
               description="Get current authenticated user")
 class AboutMeView(RetrieveAPIView):
    serializer_class = UserSerializer
    permission_classes = [IsAuthenticated]
    def get_object(self):
        return self.request.user
 class LoginView(APIView):
    @extend_schema(tags=['Auth'],
                   description='Authenticate using login or password',
                   request=LoginSerializer,
                   responses={
                       200: TokenSerializer,
                       400: MessageResponseSerializer
                   })
    def post(self, request: Request, format=None):
        username = request.data.get('username')
        password = request.data.get('password')
        user = User.authenticate(request, username, password)
        if not user:
            return Response({"error": "Invalid credentials"}, status=status.HTTP_400_BAD_REQUEST)
        token, created = Token.objects.get_or_create(user=user)
        return Response({
            "token": token.key
        })
 class RegisterView(APIView):
    @extend_schema(tags=['Auth'],
                   description='Register new user using school_id',
                   request=RegisterSerializer,
                   responses={
                       201: MessageResponseSerializer,
                       400: MessageResponseSerializer
                   })
    def post(self, request: Request, format=None):
        serializer = RegisterSerializer(data=request.data)
        if serializer.is_valid():
            serializer.save()
            return Response({
                "message": "User was registered successfully"
            }, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@extend_schema(tags=['Users'],
                description='List of all current users')
 class UserListAPIView(ListAPIView):
    queryset = User.objects.all()
    serializer_class = UserForAdminSerializer
    permission_classes = [IsAdminUser]
@extend_schema(tags=['Users'],
                description='CRUD for specific user')
 class UserAPIView(RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserForAdminSerializer
    permission_classes = [IsAdminUser]
		`@ -0,0 +1,3 @@`
							`from django.test import TestCase`

							`# Create your tests here.`