Move user list serializer and view to accounts app and restrict all endpoints to logged in users only

ivy/accounts/serializers.py

@@ -0,0 +1,9 @@
+
+from rest_framework import serializers
+from django.contrib.auth.models import User
+
+
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ('id', 'username', 'email', 'date_joined')

ivy/accounts/urls.py

@@ -1,7 +1,13 @@
 from django.contrib import admin
 from django.urls import path, include
+from rest_framework import routers
+from . import views
+
+router = routers.DefaultRouter()
+router.register(r'user_list', views.UserListViewSet)
 
 urlpatterns = [
     path('', include('djoser.urls')),
-    path('', include('djoser.urls.authtoken'))
+    path('', include('djoser.urls.authtoken')),
+    path('', include(router.urls)),
 ]

ivy/accounts/views.py

@@ -1,3 +1,13 @@
-from django.shortcuts import render
+from rest_framework import viewsets
+from .serializers import UserSerializer
+from django.contrib.auth.models import User
+from rest_framework.permissions import IsAuthenticated
 
 # Create your views here.
+
+
+class UserListViewSet(viewsets.ModelViewSet):
+    permission_classes = [IsAuthenticated]
+    http_method_names = ['get']
+    serializer_class = UserSerializer
+    queryset = User.objects.all()

ivy/products/serializers.py

@@ -1,6 +1,5 @@
-from rest_framework import serializers, mixins
+from rest_framework import serializers
 from django.contrib.auth.models import User
-from simple_history.models import HistoricalRecords
 from .models import Product
 
 
@@ -34,9 +33,3 @@ class LogSerializer(serializers.HyperlinkedModelSerializer):
                   'history_date', 'history_user')
         read_only_fields = ('history_id', 'id', 'name', 'quantity',
                             'history_date', 'history_user')
-
-
-class UserSerializer(serializers.ModelSerializer):
-    class Meta:
-        model = User
-        fields = ('id', 'username', 'email', 'date_joined')

ivy/products/urls.py

@@ -6,7 +6,6 @@ router = routers.DefaultRouter()
 router.register(r'products', views.ProductViewSet)
 router.register(r'logs', views.LogViewSet)
 router.register(r'lowest_stock_product', views.LeastStockProductViewSet)
-router.register(r'user_list', views.UserListViewSet)
 
 # Wire up our API using automatic URL routing.
 # Additionally, we include login URLs for the browsable API.

ivy/products/views.py

@@ -1,36 +1,27 @@
 from rest_framework.permissions import IsAuthenticated
 from rest_framework import viewsets
-from django.contrib.auth.models import User
-from .serializers import ProductSerializer, LogSerializer, UserSerializer
+from .serializers import ProductSerializer, LogSerializer
 from .models import Product
 
 
 class ProductViewSet(viewsets.ModelViewSet):
-    # permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated]
     serializer_class = ProductSerializer
     queryset = Product.objects.all().order_by('-date_added')
 
 
-class UserListViewSet(viewsets.ModelViewSet):
-    # permission_classes = [IsAuthenticated]
-    http_method_names = ['get']
-    serializer_class = UserSerializer
-    queryset = User.objects.all()
-
-
 class LeastStockProductViewSet(viewsets.ModelViewSet):
-    # permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated]
     http_method_names = ['get']
     serializer_class = ProductSerializer
     queryset = Product.objects.all().order_by('quantity')
 
     def get_queryset(self):
         return super().get_queryset()[:1]
-    # queryset = Product.objects.all().order_by('quantity').first()
 
 
 class LogViewSet(viewsets.ModelViewSet):
-    # permission_classes = [IsAuthenticated]
+    permission_classes = [IsAuthenticated]
     http_method_names = ['get']
     serializer_class = LogSerializer
     queryset = Product.history.all().order_by('-history_date')