Move user list serializer and view to accounts app and restrict all endpoints to logged in users only

This commit is contained in:
keannu125 2023-03-07 23:48:52 +08:00
parent 71583894bb
commit 65a95a90af
6 changed files with 32 additions and 24 deletions

View file

@ -0,0 +1,9 @@
from rest_framework import serializers
from django.contrib.auth.models import User
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'email', 'date_joined')

View file

@ -1,7 +1,13 @@
from django.contrib import admin
from django.urls import path, include
from rest_framework import routers
from . import views
router = routers.DefaultRouter()
router.register(r'user_list', views.UserListViewSet)
urlpatterns = [
path('', include('djoser.urls')),
path('', include('djoser.urls.authtoken'))
path('', include('djoser.urls.authtoken')),
path('', include(router.urls)),
]

View file

@ -1,3 +1,13 @@
from django.shortcuts import render
from rest_framework import viewsets
from .serializers import UserSerializer
from django.contrib.auth.models import User
from rest_framework.permissions import IsAuthenticated
# Create your views here.
class UserListViewSet(viewsets.ModelViewSet):
permission_classes = [IsAuthenticated]
http_method_names = ['get']
serializer_class = UserSerializer
queryset = User.objects.all()

View file

@ -1,6 +1,5 @@
from rest_framework import serializers, mixins
from rest_framework import serializers
from django.contrib.auth.models import User
from simple_history.models import HistoricalRecords
from .models import Product
@ -34,9 +33,3 @@ class LogSerializer(serializers.HyperlinkedModelSerializer):
'history_date', 'history_user')
read_only_fields = ('history_id', 'id', 'name', 'quantity',
'history_date', 'history_user')
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ('id', 'username', 'email', 'date_joined')

View file

@ -6,7 +6,6 @@ router = routers.DefaultRouter()
router.register(r'products', views.ProductViewSet)
router.register(r'logs', views.LogViewSet)
router.register(r'lowest_stock_product', views.LeastStockProductViewSet)
router.register(r'user_list', views.UserListViewSet)
# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.

View file

@ -1,36 +1,27 @@
from rest_framework.permissions import IsAuthenticated
from rest_framework import viewsets
from django.contrib.auth.models import User
from .serializers import ProductSerializer, LogSerializer, UserSerializer
from .serializers import ProductSerializer, LogSerializer
from .models import Product
class ProductViewSet(viewsets.ModelViewSet):
# permission_classes = [IsAuthenticated]
permission_classes = [IsAuthenticated]
serializer_class = ProductSerializer
queryset = Product.objects.all().order_by('-date_added')
class UserListViewSet(viewsets.ModelViewSet):
# permission_classes = [IsAuthenticated]
http_method_names = ['get']
serializer_class = UserSerializer
queryset = User.objects.all()
class LeastStockProductViewSet(viewsets.ModelViewSet):
# permission_classes = [IsAuthenticated]
permission_classes = [IsAuthenticated]
http_method_names = ['get']
serializer_class = ProductSerializer
queryset = Product.objects.all().order_by('quantity')
def get_queryset(self):
return super().get_queryset()[:1]
# queryset = Product.objects.all().order_by('quantity').first()
class LogViewSet(viewsets.ModelViewSet):
# permission_classes = [IsAuthenticated]
permission_classes = [IsAuthenticated]
http_method_names = ['get']
serializer_class = LogSerializer
queryset = Product.history.all().order_by('-history_date')