From 77acc668b85edbd89dbfb0a93a49cd15dc65b781 Mon Sep 17 00:00:00 2001 From: Sam Date: Thu, 4 Feb 2021 10:14:28 +0000 Subject: [PATCH] added user-specific endpoints --- back_latienda/urls.py | 4 ++++ companies/tests.py | 35 +++++++++++++++++++++++++++++++++++ companies/views.py | 13 ++++++++++++- core/tests.py | 35 +++++++++++++++++++++++++++++++++++ core/views.py | 22 +++++++++++++++------- products/tests.py | 34 ++++++++++++++++++++++++++++++++++ products/views.py | 11 ++++++++++- 7 files changed, 145 insertions(+), 9 deletions(-) diff --git a/back_latienda/urls.py b/back_latienda/urls.py index a61f814..a7acd16 100644 --- a/back_latienda/urls.py +++ b/back_latienda/urls.py @@ -22,6 +22,7 @@ from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView from core import views as core_views from products import views as product_views +from companies import views as company_views from .routers import router @@ -35,5 +36,8 @@ urlpatterns = [ path('api/v1/load_coops/', core_views.load_coop_managers, name='coop-loader'), path('api/v1/load_products/', product_views.load_coop_products, name='product-loader'), path('api/v1/search_products/', product_views.product_search, name='product-search'), + path('api/v1/my_user/', core_views.my_user, name='my-user'), + path('api/v1/my_company/', company_views.my_company , name='my-company'), + path('api/v1/my_products/', product_views.my_products, name='my-products'), path('api/v1/', include(router.urls)), ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) diff --git a/companies/tests.py b/companies/tests.py index 41750b0..fe81bfb 100644 --- a/companies/tests.py +++ b/companies/tests.py @@ -239,3 +239,38 @@ class CompanyViewSetTest(APITestCase): self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) # Assert instance doesn't exists anymore on db self.assertFalse(self.model.objects.filter(id=instance.pk).exists()) + + +class MyCompanyViewTest(APITestCase): + """CompanyViewset tests + """ + + def setUp(self): + """Tests setup + """ + self.endpoint = '/api/v1/my_company/' + self.factory = CompanyFactory + self.model = Company + # create user + self.email = f"user@mail.com" + self.password = ''.join(random.choices(string.ascii_uppercase, k = 10)) + self.user = CustomUserFactory(email=self.email, is_active=True) + self.user.set_password(self.password) + self.user.save() + + def test_auth_user_gets_data(self): + # Authenticate + token = get_tokens_for_user(self.user) + self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") + + # Query endpoint + response = self.client.get(self.endpoint) + # Assert forbidden code + self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_anon_user_cannot_access(self): + # send in request + response = self.client.get(self.endpoint) + + # check response + self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) diff --git a/companies/views.py b/companies/views.py index 194c26c..9c49dfe 100644 --- a/companies/views.py +++ b/companies/views.py @@ -1,8 +1,11 @@ from django.shortcuts import render +from django.core import serializers +from rest_framework.decorators import api_view, permission_classes # Create your views here. from rest_framework import viewsets -from rest_framework.permissions import IsAuthenticatedOrReadOnly +from rest_framework.response import Response +from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAuthenticated from companies.models import Company from companies.serializers import CompanySerializer @@ -14,3 +17,11 @@ class CompanyViewSet(viewsets.ModelViewSet): queryset = Company.objects.all() serializer_class = CompanySerializer permission_classes = [IsAuthenticatedOrReadOnly, IsCreator] + + +@api_view(['GET',]) +@permission_classes([IsAuthenticated,]) +def my_company(request): + qs = Company.objects.filter(creator=request.user) + data = serializers.serialize('json', qs) + return Response(data=data) diff --git a/core/tests.py b/core/tests.py index 9ce297c..66c7a5d 100644 --- a/core/tests.py +++ b/core/tests.py @@ -460,3 +460,38 @@ class LoadCoopManagerTestCase(APITestCase): self.assertEqual(company_count, self.company_model.objects.count()) self.assertEqual(user_count, self.user_model.objects.count()) + +class MyUserViewTest(APITestCase): + """my_user tests + """ + + def setUp(self): + """Tests setup + """ + self.endpoint = '/api/v1/my_user/' + self.factory = factories.CustomUserFactory + self.model = models.CustomUser + # create user + self.email = f"user@mail.com" + self.password = ''.join(random.choices(string.ascii_uppercase, k = 10)) + self.user = self.factory(email=self.email, is_active=True) + self.user.set_password(self.password) + self.user.save() + + def test_auth_user_gets_data(self): + # Authenticate + token = get_tokens_for_user(self.user) + self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") + + # Query endpoint + response = self.client.get(self.endpoint) + # Assert forbidden code + self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_anon_user_cannot_access(self): + # send in request + response = self.client.get(self.endpoint) + + # check response + self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) + diff --git a/core/views.py b/core/views.py index 6c99566..8ca328b 100644 --- a/core/views.py +++ b/core/views.py @@ -6,18 +6,19 @@ import io from django.shortcuts import render from django.http import HttpResponse from django.contrib.auth import get_user_model +from django.core import serializers from rest_framework import status from rest_framework import viewsets from rest_framework.response import Response -from rest_framework.permissions import IsAdminUser +from rest_framework.permissions import IsAdminUser, IsAuthenticated from rest_framework.generics import UpdateAPIView from rest_framework.decorators import api_view, permission_classes from companies.models import Company from . import models -from . import serializers +from . import serializers as core_serializers from back_latienda.permissions import CustomUserPermissions, YourOwnUserPermissions @@ -37,9 +38,9 @@ logging.basicConfig( class CustomUserViewSet(viewsets.ModelViewSet): model = models.CustomUser - # serializer_class = serializers.CustomUserSerializer - serializer_class = serializers.CustomUserReadSerializer - write_serializer_class =serializers.CustomUserWriteSerializer + # serializer_class = core_serializers.CustomUserSerializer + serializer_class = core_serializers.CustomUserReadSerializer + write_serializer_class = core_serializers.CustomUserWriteSerializer model_name = 'custom_user' queryset = models.CustomUser.objects.all() permission_classes = [CustomUserPermissions,] @@ -74,7 +75,7 @@ class ChangeUserPasswordView(UpdateAPIView): model = models.CustomUser queryset = model.objects.all() permission_classes = (YourOwnUserPermissions,) - serializer_class = serializers.ChangePasswordSerializer + serializer_class = core_serializers.ChangePasswordSerializer class UpdateUserView(UpdateAPIView): @@ -82,9 +83,16 @@ class UpdateUserView(UpdateAPIView): model = models.CustomUser queryset = model.objects.all() permission_classes = (YourOwnUserPermissions,) - serializer_class = serializers.UpdateUserSerializer + serializer_class = core_serializers.UpdateUserSerializer +@api_view(['GET',]) +@permission_classes([IsAuthenticated,]) +def my_user(request): + qs = User.objects.filter(email=request.user.email) + data = serializers.serialize('json', qs) + return Response(data=data) + @api_view(['POST',]) @permission_classes([IsAdminUser,]) def load_coop_managers(request): diff --git a/products/tests.py b/products/tests.py index 2361bfa..5632b79 100644 --- a/products/tests.py +++ b/products/tests.py @@ -368,3 +368,37 @@ class ProductSearchTest(TestCase): # check for object creation self.assertEquals(5, self.model.objects.count()) + +class MyProductsViewTest(APITestCase): + """my_products tests + """ + + def setUp(self): + """Tests setup + """ + self.endpoint = '/api/v1/my_products/' + self.factory = ProductFactory + self.model = Product + # create user + self.email = f"user@mail.com" + self.password = ''.join(random.choices(string.ascii_uppercase, k = 10)) + self.user = CustomUserFactory(email=self.email, is_active=True) + self.user.set_password(self.password) + self.user.save() + + def test_auth_user_gets_data(self): + # Authenticate + token = get_tokens_for_user(self.user) + self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}") + + # Query endpoint + response = self.client.get(self.endpoint) + # Assert forbidden code + self.assertEqual(response.status_code, status.HTTP_200_OK) + + def test_anon_user_cannot_access(self): + # send in request + response = self.client.get(self.endpoint) + + # check response + self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED) diff --git a/products/views.py b/products/views.py index 49026e2..bd14d58 100644 --- a/products/views.py +++ b/products/views.py @@ -3,11 +3,12 @@ import csv from django.shortcuts import render from django.conf import settings +from django.core import serializers # Create your views here. from rest_framework import viewsets from rest_framework.response import Response -from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser +from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated from rest_framework.decorators import api_view, permission_classes import requests @@ -33,6 +34,14 @@ class ProductViewSet(viewsets.ModelViewSet): permission_classes = [IsAuthenticatedOrReadOnly, IsCreator] +@api_view(['GET',]) +@permission_classes([IsAuthenticated,]) +def my_products(request): + qs = Product.objects.filter(creator=request.user) + data = serializers.serialize('json', qs) + return Response(data=data) + + @api_view(['POST',]) @permission_classes([IsAdminUser,]) def load_coop_products(request):