From 9e3d71c909378b11d1d2f0786fb46448b5537fd1 Mon Sep 17 00:00:00 2001 From: Ekaterina Date: Thu, 12 Dec 2024 05:55:33 +0200 Subject: [PATCH] Solution --- cinema_service/settings.py | 8 +++++++- user/permissions.py | 12 ++++++++++++ user/serializers.py | 24 +++++++++++++++++++++++- user/urls.py | 12 +++++++++++- user/views.py | 34 +++++++++++++++++++++++++++++++++- 5 files changed, 86 insertions(+), 4 deletions(-) create mode 100644 user/permissions.py diff --git a/cinema_service/settings.py b/cinema_service/settings.py index 29ea7dea..bff14dc9 100644 --- a/cinema_service/settings.py +++ b/cinema_service/settings.py @@ -125,7 +125,7 @@ USE_I18N = True -USE_TZ = False +USE_TZ = True # Static files (CSS, JavaScript, Images) @@ -137,3 +137,9 @@ # https://docs.djangoproject.com/en/4.0/ref/settings/#default-auto-field DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" + +REST_FRAMEWORK = { + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.IsAuthenticated", + ] +} diff --git a/user/permissions.py b/user/permissions.py new file mode 100644 index 00000000..fab9435b --- /dev/null +++ b/user/permissions.py @@ -0,0 +1,12 @@ +from rest_framework.permissions import BasePermission, SAFE_METHODS + + +class IsAdminOrIfAuthenticatedReadOnly(BasePermission): + def has_permission(self, request, view): + return bool( + (request.method in SAFE_METHODS + and request.user + and request.user.is_authenticated + ) + or (request.user and request.user.is_staff) + ) \ No newline at end of file diff --git a/user/serializers.py b/user/serializers.py index fa56336e..3dc3b388 100644 --- a/user/serializers.py +++ b/user/serializers.py @@ -1 +1,23 @@ -# write your code here +from django.contrib.auth import get_user_model +from rest_framework import serializers + + +class UserSerializer(serializers.ModelSerializer): + class Meta: + model = get_user_model() + fields = ("id", "username", "email", "is_staff") + read_only_fields = ("id", "is_staff") + extra_kwargs = {"password": {"write_only": True, "min_length": 5}} + + def create(self, validated_data): + return get_user_model().objects.create_user(**validated_data) + + def update(self, instance, validated_data): + password = validated_data.pop("password", None) + user = super().update(instance, validated_data) + + if password: + user.set_password(password) + user.save() + + return user diff --git a/user/urls.py b/user/urls.py index fa56336e..82345000 100644 --- a/user/urls.py +++ b/user/urls.py @@ -1 +1,11 @@ -# write your code here +from django.urls import path + +from user.views import CreateUserView, CreateTokenView, ManageUserView, OrderViewSet + +urlpatterns = [ + path("register/", CreateUserView.as_view(), name="create"), + path("login/", CreateTokenView.as_view(), name="token"), + path("me/", ManageUserView.as_view(), name="manage"), + path("order/", OrderViewSet.as_view(), name="order"), +] + diff --git a/user/views.py b/user/views.py index fa56336e..7fa17197 100644 --- a/user/views.py +++ b/user/views.py @@ -1 +1,33 @@ -# write your code here +from rest_framework import generics, viewsets +from rest_framework.authentication import TokenAuthentication +from rest_framework.authtoken.views import ObtainAuthToken +from rest_framework.permissions import IsAuthenticated +from rest_framework.settings import api_settings + +from user.permissions import IsAdminOrIfAuthenticatedReadOnly +from user.serializers import UserSerializer + + + +class CreateUserView(generics.CreateAPIView): + serializer_class = UserSerializer + +class CreateTokenView(ObtainAuthToken): + renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES + +class ManageUserView(generics.RetrieveUpdateAPIView): + serializer_class = UserSerializer + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) + + def get_object(self): + return self.request.user + +class MyView(viewsets.ModelViewSet): + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAdminOrIfAuthenticatedReadOnly,) + +class OrderViewSet(viewsets.ModelViewSet): + authentication_classes = (TokenAuthentication,) + permission_classes = (IsAuthenticated,) +