From 65a95a90af3231c605b80eeab2d3388f6b0c3e52 Mon Sep 17 00:00:00 2001 From: keannu125 Date: Tue, 7 Mar 2023 23:48:52 +0800 Subject: [PATCH] Move user list serializer and view to accounts app and restrict all endpoints to logged in users only --- ivy/accounts/serializers.py | 9 +++++++++ ivy/accounts/urls.py | 8 +++++++- ivy/accounts/views.py | 12 +++++++++++- ivy/products/serializers.py | 9 +-------- ivy/products/urls.py | 1 - ivy/products/views.py | 17 ++++------------- 6 files changed, 32 insertions(+), 24 deletions(-) create mode 100644 ivy/accounts/serializers.py diff --git a/ivy/accounts/serializers.py b/ivy/accounts/serializers.py new file mode 100644 index 0000000..67e9a5c --- /dev/null +++ b/ivy/accounts/serializers.py @@ -0,0 +1,9 @@ + +from rest_framework import serializers +from django.contrib.auth.models import User + + +class UserSerializer(serializers.ModelSerializer): + class Meta: + model = User + fields = ('id', 'username', 'email', 'date_joined') diff --git a/ivy/accounts/urls.py b/ivy/accounts/urls.py index 1f37290..2caa5a6 100644 --- a/ivy/accounts/urls.py +++ b/ivy/accounts/urls.py @@ -1,7 +1,13 @@ from django.contrib import admin from django.urls import path, include +from rest_framework import routers +from . import views + +router = routers.DefaultRouter() +router.register(r'user_list', views.UserListViewSet) urlpatterns = [ path('', include('djoser.urls')), - path('', include('djoser.urls.authtoken')) + path('', include('djoser.urls.authtoken')), + path('', include(router.urls)), ] diff --git a/ivy/accounts/views.py b/ivy/accounts/views.py index c60c790..3aec4ae 100644 --- a/ivy/accounts/views.py +++ b/ivy/accounts/views.py @@ -1,3 +1,13 @@ -from django.shortcuts import render +from rest_framework import viewsets +from .serializers import UserSerializer +from django.contrib.auth.models import User +from rest_framework.permissions import IsAuthenticated # Create your views here. + + +class UserListViewSet(viewsets.ModelViewSet): + permission_classes = [IsAuthenticated] + http_method_names = ['get'] + serializer_class = UserSerializer + queryset = User.objects.all() diff --git a/ivy/products/serializers.py b/ivy/products/serializers.py index b50092e..5b739f3 100644 --- a/ivy/products/serializers.py +++ b/ivy/products/serializers.py @@ -1,6 +1,5 @@ -from rest_framework import serializers, mixins +from rest_framework import serializers from django.contrib.auth.models import User -from simple_history.models import HistoricalRecords from .models import Product @@ -34,9 +33,3 @@ class LogSerializer(serializers.HyperlinkedModelSerializer): 'history_date', 'history_user') read_only_fields = ('history_id', 'id', 'name', 'quantity', 'history_date', 'history_user') - - -class UserSerializer(serializers.ModelSerializer): - class Meta: - model = User - fields = ('id', 'username', 'email', 'date_joined') diff --git a/ivy/products/urls.py b/ivy/products/urls.py index f4c4349..c6f1356 100644 --- a/ivy/products/urls.py +++ b/ivy/products/urls.py @@ -6,7 +6,6 @@ router = routers.DefaultRouter() router.register(r'products', views.ProductViewSet) router.register(r'logs', views.LogViewSet) router.register(r'lowest_stock_product', views.LeastStockProductViewSet) -router.register(r'user_list', views.UserListViewSet) # Wire up our API using automatic URL routing. # Additionally, we include login URLs for the browsable API. diff --git a/ivy/products/views.py b/ivy/products/views.py index d10bf64..d4af15c 100644 --- a/ivy/products/views.py +++ b/ivy/products/views.py @@ -1,36 +1,27 @@ from rest_framework.permissions import IsAuthenticated from rest_framework import viewsets -from django.contrib.auth.models import User -from .serializers import ProductSerializer, LogSerializer, UserSerializer +from .serializers import ProductSerializer, LogSerializer from .models import Product class ProductViewSet(viewsets.ModelViewSet): - # permission_classes = [IsAuthenticated] + permission_classes = [IsAuthenticated] serializer_class = ProductSerializer queryset = Product.objects.all().order_by('-date_added') -class UserListViewSet(viewsets.ModelViewSet): - # permission_classes = [IsAuthenticated] - http_method_names = ['get'] - serializer_class = UserSerializer - queryset = User.objects.all() - - class LeastStockProductViewSet(viewsets.ModelViewSet): - # permission_classes = [IsAuthenticated] + permission_classes = [IsAuthenticated] http_method_names = ['get'] serializer_class = ProductSerializer queryset = Product.objects.all().order_by('quantity') def get_queryset(self): return super().get_queryset()[:1] - # queryset = Product.objects.all().order_by('quantity').first() class LogViewSet(viewsets.ModelViewSet): - # permission_classes = [IsAuthenticated] + permission_classes = [IsAuthenticated] http_method_names = ['get'] serializer_class = LogSerializer queryset = Product.history.all().order_by('-history_date')