user modification enabled

core/models.py

@@ -46,8 +46,8 @@ class CustomUser(AbstractBaseUser, PermissionsMixin):
     email_verified = models.BooleanField('Email verificado', default=False, null=True)
     company = models.ForeignKey(Company, null=True, on_delete=models.DO_NOTHING, related_name='custom_user')
 
-    is_active = models.BooleanField('Activo', default=True)
-    is_staff = models.BooleanField('Empleado',default=False )
+    is_active = models.BooleanField('Activo', default=False)
+    is_staff = models.BooleanField('Empleado',default=False)
 
     modified = models.DateTimeField(auto_now=True, null=True, blank=True)
     created = models.DateTimeField(auto_now_add=True, null=True, blank=True)

core/serializers.py

@@ -11,14 +11,14 @@ class CustomUserReadSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = User
-        fields = ('email', 'full_name', 'role', 'is_active',)
+        fields = ('email', 'full_name', 'role', 'is_active', 'provider')
 
 
 class CustomUserWriteSerializer(serializers.ModelSerializer):
 
     class Meta:
         model = User
-        fields = ('email', 'full_name', 'role', 'is_active', 'password')
+        fields = ('email', 'full_name', 'role', 'password', 'provider')
 
 
 class CreatorSerializer(serializers.ModelSerializer):

core/tests.py

@@ -43,6 +43,7 @@ class CustomUserViewSetTest(APITestCase):
             'email': 'test@email.com',
             'full_name': 'TEST NAME',
             'password': 'VENTILADORES1234499.89',
+            'provider': 'TWITTER',
         }
 
         # Query endpoint
@@ -57,7 +58,6 @@ class CustomUserViewSetTest(APITestCase):
         self.assertNotEqual('', new_user.password)
         # assert instance is inactive
         info = json.loads(response.content)
-
         self.assertFalse(info['is_active'])
 
     def test_anon_user_cannot_modify_existing_instance(self):
@@ -110,6 +110,27 @@ class CustomUserViewSetTest(APITestCase):
         # Assert access is forbidden
         self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
 
+    def test_regular_user_can_modify_own_instance(self):
+        """Regular user can modify own instance
+        """
+        # Create instance
+        data = {
+            "email": "new_email@mail.com",
+            "full_name": "New Full Name",
+            "password": "SUPERSECRETNEWPASSWORD",
+        }
+
+        # Authenticate
+        token = get_tokens_for_user(self.user)
+        self.client.credentials(HTTP_AUTHORIZATION=f"Bearer {token['access']}")
+
+        # Query endpoint
+        url = self.endpoint + f'{self.user.pk}/'
+        response = self.client.put(url, data=data, format='json')
+
+        # Assert forbidden code
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
     def test_regular_user_cannot_modify_existing_instance(self):
         """Regular user cannot modify existing instance
         """

core/views.py

@@ -1,4 +1,4 @@
-from django.shortcuts import render
+from django.shortcuts import render, get_object_or_404
 from django.http import HttpResponse
 
 from rest_framework import status
@@ -44,3 +44,8 @@ class CustomUserViewSet(viewsets.ModelViewSet):
                     serializer.errors, status=status.HTTP_406_NOT_ACCEPTABLE)
         except Exception as e:
             return Response(str(e), status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+
+    def get_object(self):
+        obj = get_object_or_404(self.get_queryset(), pk=self.kwargs["pk"])
+        self.check_object_permissions(self.request, obj)
+        return obj