feat: custome permission for librarian and memeber, and login history api

api/auth/permissions.py

+from rest_framework import permissions
+
+
+class IsStaffUser(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        if request.method != "POST" and not request.user.is_staff:
+            return False
+        elif request.method != "POST" and not request.user.is_authenticated:
+            return False
+
+        return True
+
+
+class IsNotStaffUser(permissions.BasePermission):
+
+    def has_permission(self, request, view):
+        if request.method != "POST" and request.user.is_staff:
+            return False
+        elif request.method != "POST" and not request.user.is_authenticated:
+            return False
+
+        return True

api/auth/serializers.py

 from rest_framework import serializers
 
-from users.models import User, Librarian, Member
+from users.models import User, Librarian, Member, LibrarianLoginHistory
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -23,12 +23,18 @@ class UserSerializer(serializers.ModelSerializer):
         )
 
 
+class LoginHistorySerializer(serializers.ModelSerializer):
+    class Meta:
+        model = LibrarianLoginHistory
+        fields = "__all__"
+
+
 class LibrarianSerializer(serializers.ModelSerializer):
-    user_detail = UserSerializer(source="user")
+    user = UserSerializer()
 
     class Meta:
         model = Librarian
-        fields = ["user_detail", "picture", "created_at", "updated_at"]
+        fields = ["user", "picture", "created_at", "updated_at"]
 
     def create(self, validated_data):
         user_data = validated_data.pop("user")
@@ -73,11 +79,11 @@ class LibrarianSerializer(serializers.ModelSerializer):
 
 
 class MemberSerializer(serializers.ModelSerializer):
-    user_detail = UserSerializer(source="user")
+    user = UserSerializer()
 
     class Meta:
         model = Member
-        fields = ["user_detail", "picture", "created_at", "updated_at"]
+        fields = ["user", "picture", "created_at", "updated_at"]
 
     def create(self, validated_data):
         user_data = validated_data.pop("user")

api/auth/views.py

 from django.contrib.auth import authenticate, login, logout
-from rest_framework import views, viewsets, permissions, status
+from rest_framework import views, viewsets, status
 from rest_framework.response import Response
+from rest_framework.filters import SearchFilter
 
 from .serializers import (
     Librarian,
     LibrarianSerializer,
+    LibrarianLoginHistory,
+    LoginHistorySerializer,
     Member,
     MemberSerializer,
 )
+from .permissions import IsStaffUser, IsNotStaffUser
 
 
 class LibrarianViewSet(viewsets.ModelViewSet):
-    permission_classes = [permissions.IsAuthenticated]
+    permission_classes = [IsStaffUser]
     queryset = Librarian.objects.all().order_by("created_at")
     serializer_class = LibrarianSerializer
 
-    def list(self, request):
-        if not self.request.user.is_staff:
-            return Response(
-                {"message": "Access Denied"}, status=status.HTTP_406_NOT_ACCEPTABLE
-            )
-
-        queryset = self.filter_queryset(self.get_queryset())
-        serializer = self.get_serializer(queryset, many=True)
-        return Response(serializer.data)
+    filter_backends = [SearchFilter]
+    search_fields = [
+        "user__username",
+        "user__email",
+        "user__first_name",
+        "user__last_name",
+    ]
 
     def update(self, request, pk):
         instance = self.get_object()
@@ -34,10 +36,18 @@ class LibrarianViewSet(viewsets.ModelViewSet):
 
 
 class MemberViewSet(viewsets.ModelViewSet):
-    permission_classes = [permissions.IsAuthenticated]
+    permission_classes = [IsNotStaffUser]
     queryset = Member.objects.all().order_by("created_at")
     serializer_class = MemberSerializer
 
+    filter_backends = [SearchFilter]
+    search_fields = [
+        "user__username",
+        "user__email",
+        "user__first_name",
+        "user__last_name",
+    ]
+
     def list(self, request):
         if self.request.user.is_staff:
             return Response(
@@ -102,9 +112,42 @@ class LibrarianLoginView(LoginBaseView):
             else:
                 login(request, self.user)
 
+                librarian = Librarian.objects.get(user=self.user)
+                LibrarianLoginHistory.objects.create(librarian=librarian)
+
         return response
 
 
+class LibrarianLoginHistoryViewSet(viewsets.ModelViewSet):
+    permission_classes = [IsStaffUser]
+    queryset = LibrarianLoginHistory.objects.all().order_by("date")
+    serializer_class = LoginHistorySerializer
+
+    filter_backends = [SearchFilter]
+    search_fields = ["librarian__name"]
+
+
+class LibrarianViewSet(viewsets.ModelViewSet):
+    permission_classes = [IsStaffUser]
+    queryset = Librarian.objects.all().order_by("created_at")
+    serializer_class = LibrarianSerializer
+
+    filter_backends = [SearchFilter]
+    search_fields = [
+        "user__username",
+        "user__email",
+        "user__first_name",
+        "user__last_name",
+    ]
+
+    def update(self, request, pk):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+
 class MemberLoginView(LoginBaseView):
     def post(self, request):
         response = super().post(request)

api/urls.py

@@ -5,6 +5,7 @@ from .auth.views import (
     LibrarianViewSet,
     LibrarianLoginView,
     LibrarianLogoutView,
+    LibrarianLoginHistoryViewSet,
     MemberViewSet,
     MemberLoginView,
     MemberLogoutView,
@@ -30,6 +31,9 @@ router.register(
 router.register(
     r"upcoming-loans", UpComingBookLoanViewSet, basename="book_loans_upcoming"
 )
+router.register(
+    r"login-history", LibrarianLoginHistoryViewSet, basename="librarian_login_history"
+)
 
 router_member_loan = routers.DefaultRouter()
 router_member_loan.register(r"loans", MemberLoanViewSet, basename="member_loans")