added user-specific endpoints

back_latienda/urls.py

@@ -22,6 +22,7 @@ from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 
 from core import views as core_views
 from products import views as product_views
+from companies import views as company_views
 from .routers import router
 
 
@@ -35,5 +36,8 @@ urlpatterns = [
     path('api/v1/load_coops/', core_views.load_coop_managers, name='coop-loader'),
     path('api/v1/load_products/', product_views.load_coop_products, name='product-loader'),
     path('api/v1/search_products/', product_views.product_search, name='product-search'),
+    path('api/v1/my_user/', core_views.my_user, name='my-user'),
+    path('api/v1/my_company/', company_views.my_company , name='my-company'),
+    path('api/v1/my_products/', product_views.my_products, name='my-products'),
     path('api/v1/', include(router.urls)),
 ] + static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

companies/tests.py

@@ -239,3 +239,38 @@ class CompanyViewSetTest(APITestCase):
         self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
         # Assert instance doesn't exists anymore on db
         self.assertFalse(self.model.objects.filter(id=instance.pk).exists())
+
+
+class MyCompanyViewTest(APITestCase):
+    """CompanyViewset tests
+    """
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/my_company/'
+        self.factory = CompanyFactory
+        self.model = Company
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = CustomUserFactory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        self.user.save()
+
+    def test_auth_user_gets_data(self):
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        # Assert forbidden code
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_anon_user_cannot_access(self):
+        # send in request
+        response = self.client.get(self.endpoint)
+
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

companies/views.py

@@ -1,8 +1,11 @@
 from django.shortcuts import render
+from django.core import serializers
+from rest_framework.decorators import api_view, permission_classes
 
 # Create your views here.
 from rest_framework import viewsets
-from rest_framework.permissions import IsAuthenticatedOrReadOnly
+from rest_framework.response import Response
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAuthenticated
 
 from companies.models import Company
 from companies.serializers import CompanySerializer
@@ -14,3 +17,11 @@ class CompanyViewSet(viewsets.ModelViewSet):
       queryset = Company.objects.all()
       serializer_class = CompanySerializer
       permission_classes = [IsAuthenticatedOrReadOnly, IsCreator]
+
+
+@api_view(['GET',])
+@permission_classes([IsAuthenticated,])
+def my_company(request):
+      qs = Company.objects.filter(creator=request.user)
+      data = serializers.serialize('json', qs)
+      return Response(data=data)

core/tests.py

@@ -460,3 +460,38 @@ class LoadCoopManagerTestCase(APITestCase):
         self.assertEqual(company_count, self.company_model.objects.count())
         self.assertEqual(user_count, self.user_model.objects.count())
 
+
+class MyUserViewTest(APITestCase):
+    """my_user tests
+    """
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/my_user/'
+        self.factory = factories.CustomUserFactory
+        self.model = models.CustomUser
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = self.factory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        self.user.save()
+
+    def test_auth_user_gets_data(self):
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        # Assert forbidden code
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_anon_user_cannot_access(self):
+        # send in request
+        response = self.client.get(self.endpoint)
+
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+

core/views.py

@@ -6,18 +6,19 @@ import io
 from django.shortcuts import render
 from django.http import HttpResponse
 from django.contrib.auth import get_user_model
+from django.core import serializers
 
 from rest_framework import status
 from rest_framework import viewsets
 from rest_framework.response import Response
-from rest_framework.permissions import IsAdminUser
+from rest_framework.permissions import IsAdminUser, IsAuthenticated
 from rest_framework.generics import UpdateAPIView
 from rest_framework.decorators import api_view, permission_classes
 
 from companies.models import Company
 
 from . import models
-from . import serializers
+from . import serializers as core_serializers
 
 from back_latienda.permissions import CustomUserPermissions, YourOwnUserPermissions
 
@@ -37,9 +38,9 @@ logging.basicConfig(
 class CustomUserViewSet(viewsets.ModelViewSet):
 
     model = models.CustomUser
-    # serializer_class = serializers.CustomUserSerializer
-    serializer_class = serializers.CustomUserReadSerializer
-    write_serializer_class =serializers.CustomUserWriteSerializer
+    # serializer_class = core_serializers.CustomUserSerializer
+    serializer_class = core_serializers.CustomUserReadSerializer
+    write_serializer_class = core_serializers.CustomUserWriteSerializer
     model_name = 'custom_user'
     queryset = models.CustomUser.objects.all()
     permission_classes = [CustomUserPermissions,]
@@ -74,7 +75,7 @@ class ChangeUserPasswordView(UpdateAPIView):
     model = models.CustomUser
     queryset = model.objects.all()
     permission_classes = (YourOwnUserPermissions,)
-    serializer_class = serializers.ChangePasswordSerializer
+    serializer_class = core_serializers.ChangePasswordSerializer
 
 
 class UpdateUserView(UpdateAPIView):
@@ -82,9 +83,16 @@ class UpdateUserView(UpdateAPIView):
     model = models.CustomUser
     queryset = model.objects.all()
     permission_classes = (YourOwnUserPermissions,)
-    serializer_class = serializers.UpdateUserSerializer
+    serializer_class = core_serializers.UpdateUserSerializer
 
 
+@api_view(['GET',])
+@permission_classes([IsAuthenticated,])
+def my_user(request):
+      qs = User.objects.filter(email=request.user.email)
+      data = serializers.serialize('json', qs)
+      return Response(data=data)
+
 @api_view(['POST',])
 @permission_classes([IsAdminUser,])
 def load_coop_managers(request):

products/tests.py

@@ -368,3 +368,37 @@ class ProductSearchTest(TestCase):
         # check for object creation
         self.assertEquals(5, self.model.objects.count())
 
+
+class MyProductsViewTest(APITestCase):
+    """my_products tests
+    """
+
+    def setUp(self):
+        """Tests setup
+        """
+        self.endpoint = '/api/v1/my_products/'
+        self.factory = ProductFactory
+        self.model = Product
+        # create user
+        self.email = f"user@mail.com"
+        self.password = ''.join(random.choices(string.ascii_uppercase, k = 10))
+        self.user = CustomUserFactory(email=self.email, is_active=True)
+        self.user.set_password(self.password)
+        self.user.save()
+
+    def test_auth_user_gets_data(self):
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        response = self.client.get(self.endpoint)
+        # Assert forbidden code
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_anon_user_cannot_access(self):
+        # send in request
+        response = self.client.get(self.endpoint)
+
+        # check response
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)

products/views.py

@@ -3,11 +3,12 @@ import csv
 
 from django.shortcuts import render
 from django.conf import settings
+from django.core import serializers
 
 # Create your views here.
 from rest_framework import viewsets
 from rest_framework.response import Response
-from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, IsAdminUser, IsAuthenticated
 from rest_framework.decorators import api_view, permission_classes
 
 import requests
@@ -33,6 +34,14 @@ class ProductViewSet(viewsets.ModelViewSet):
       permission_classes = [IsAuthenticatedOrReadOnly, IsCreator]
 
 
+@api_view(['GET',])
+@permission_classes([IsAuthenticated,])
+def my_products(request):
+      qs = Product.objects.filter(creator=request.user)
+      data = serializers.serialize('json', qs)
+      return Response(data=data)
+
+
 @api_view(['POST',])
 @permission_classes([IsAdminUser,])
 def load_coop_products(request):