gallery-backend/users/views.py

from django.shortcuts import render
from django.shortcuts import get_object_or_404

from rest_framework.request import Request
from rest_framework.response import Response
from rest_framework import status
from rest_framework.views import APIView
from rest_framework.generics import RetrieveUpdateDestroyAPIView, ListAPIView, RetrieveAPIView
from rest_framework.permissions import IsAuthenticated, IsAdminUser
from rest_framework.authtoken.models import Token

from drf_spectacular.utils import extend_schema

from project.serializers import MessageResponseSerializer
from .models import User
from .serializers import UserSerializer, LoginSerializer, RegisterSerializer, TokenSerializer, UserForAdminSerializer

# Create your views here.


@extend_schema(tags=['Auth'],
               description="Get current authenticated user")
class AboutMeView(RetrieveAPIView):
    serializer_class = UserSerializer
    
    permission_classes = [IsAuthenticated]

    def get_object(self):
        return self.request.user
    

class LoginView(APIView):
    @extend_schema(tags=['Auth'],
                   description='Authenticate using login or password',
                   request=LoginSerializer,
                   responses={
                       200: TokenSerializer,
                       400: MessageResponseSerializer
                   })
    def post(self, request: Request, format=None):
        username = request.data.get('username')
        password = request.data.get('password')

        user = User.authenticate(request, username, password)

        if not user:
            return Response({"error": "Invalid credentials"}, status=status.HTTP_400_BAD_REQUEST)
        
        token, created = Token.objects.get_or_create(user=user)

        return Response({
            "token": token.key
        })
    
class RegisterView(APIView):
    @extend_schema(tags=['Auth'],
                   description='Register new user using school_id',
                   request=RegisterSerializer,
                   responses={
                       201: MessageResponseSerializer,
                       400: MessageResponseSerializer
                   })
    def post(self, request: Request, format=None):
        serializer = RegisterSerializer(data=request.data)

        if serializer.is_valid():
            serializer.save()

            return Response({
                "message": "User was registered successfully"
            }, status=status.HTTP_201_CREATED)

        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
    

@extend_schema(tags=['Users'],
                description='List of all current users')
class UserListAPIView(ListAPIView):
    queryset = User.objects.all()
    serializer_class = UserForAdminSerializer
    permission_classes = [IsAdminUser]

@extend_schema(tags=['Users'],
                description='CRUD for specific user')
class UserAPIView(RetrieveUpdateDestroyAPIView):
    queryset = User.objects.all()
    serializer_class = UserForAdminSerializer
    permission_classes = [IsAdminUser]