feat: user management api

cb487297 · Ilham Maulana · bf3f39b7 · cb487297 · cb487297 · cb487297
Commit cb487297 authored Jul 13, 2024 by Ilham Maulana 💻
22 changed files
--- a/.gitignore
+++ b/.gitignore
+# Django #
+*.log
+*.pot
+*.pyc
+**/__pycache__/**
+*.sqlite3
+media
+uploads
+
+# Backup files # 
+*.bak 
+
+# If you are using PyCharm # 
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Python # 
+*.py[cod] 
+*$py.class 
+
+# Distribution / packaging 
+.Python build/ 
+develop-eggs/ 
+dist/ 
+downloads/ 
+eggs/ 
+.eggs/ 
+lib/ 
+lib64/ 
+parts/ 
+sdist/ 
+var/ 
+wheels/ 
+*.whl
+*.egg-info/ 
+.installed.cfg 
+*.egg 
+*.manifest 
+*.spec 
+
+# Installer logs 
+pip-log.txt 
+pip-delete-this-directory.txt 
+
+# Unit test / coverage reports 
+htmlcov/ 
+.tox/ 
+.coverage 
+.coverage.* 
+.cache 
+.pytest_cache/ 
+nosetests.xml 
+coverage.xml 
+*.cover 
+.hypothesis/ 
+
+# Jupyter Notebook 
+.ipynb_checkpoints 
+
+# pyenv 
+.python-version 
+
+# celery 
+celerybeat-schedule.* 
+
+# SageMath parsed files 
+*.sage.py 
+
+# Environments 
+.env 
+.venv 
+env*/ 
+venv/ 
+ENV/ 
+env.bak/ 
+venv.bak/ 
+
+# mkdocs documentation 
+/site 
+
+# mypy 
+.mypy_cache/ 
+
+# Sublime Text # 
+*.tmlanguage.cache 
+*.tmPreferences.cache 
+*.stTheme.cache 
+*.sublime-workspace 
+*.sublime-project 
+
+# sftp configuration file 
+sftp-config.json 
+
+# Package control specific files Package 
+Control.last-run 
+Control.ca-list 
+Control.ca-bundle 
+Control.system-ca-bundle 
+GitHub.sublime-settings 
+
+# Visual Studio Code # 
+.vscode/* 
+!.vscode/settings.json 
+!.vscode/tasks.json 
+!.vscode/launch.json 
+!.vscode/extensions.json 
+.history
\ No newline at end of file
--- a/api/__init__.py
+++ b/api/__init__.py
--- a/api/admin.py
+++ b/api/admin.py
+from django.contrib import admin
+
+# Register your models here.
--- a/api/apps.py
+++ b/api/apps.py
+from django.apps import AppConfig
+
+
+class ApiConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'api'
--- a/api/serializers.py
+++ b/api/serializers.py
+from rest_framework import serializers
+
+from users.models import User, Librarian, Member
+
+
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "username",
+            "email",
+            "password",
+            "first_name",
+            "last_name",
+            "is_staff",
+        ]
+        extra_kwargs = {"password": {"write_only": True}}  # Hide password from response
+
+    def update(self, instance, validated_data):
+        partial = self.context.get("is_partial", False)
+        return serializers.ModelSerializer.update(
+            self, instance, validated_data, partial=partial
+        )
+
+
+class LibrarianSerializer(serializers.ModelSerializer):
+    user_detail = UserSerializer(source="user")
+
+    class Meta:
+        model = Librarian
+        fields = ["user_detail", "picture", "created_at", "updated_at"]
+
+    def create(self, validated_data):
+        user_data = validated_data.pop("user")
+        user_data["is_staff"] = True
+        user = User.objects.create_user(**user_data)
+
+        librarian = Librarian.objects.create(user=user, **validated_data)
+        return librarian
+
+    def update(self, instance, validated_data):
+        instance.user.username = validated_data.get("user", instance.user).get(
+            "username", instance.user.username
+        )
+        instance.user.email = validated_data.get("user", instance.user).get(
+            "email", instance.user.email
+        )
+        instance.user.first_name = validated_data.get("user", instance.user).get(
+            "first_name", instance.user.first_name
+        )
+        instance.user.last_name = validated_data.get("user", instance.user).get(
+            "last_name", instance.user.last_name
+        )
+        instance.user.is_staff = validated_data.get("user", instance.user).get(
+            "is_staff", instance.user.is_staff
+        )
+
+        instance.picture = validated_data.get("picture", instance.picture)
+        instance.created_at = validated_data.get("created_at", instance.created_at)
+        instance.updated_at = validated_data.get("updated_at", instance.updated_at)
+
+        user = User.objects.filter(id=instance.user.id)
+        user.update(
+            username=instance.user.username,
+            email=instance.user.email,
+            first_name=instance.user.first_name,
+            last_name=instance.user.last_name,
+            is_staff=instance.user.is_staff,
+        )
+        Librarian.objects.filter(id=instance.id).update(user=user[0])
+        instance.save()
+        return instance
+
+
+class MemberSerializer(serializers.ModelSerializer):
+    user_detail = UserSerializer(source="user")
+
+    class Meta:
+        model = Member
+        fields = ["user_detail", "picture", "created_at", "updated_at"]
+
+    def create(self, validated_data):
+        user_data = validated_data.pop("user")
+        user_data["is_staff"] = False
+        user = User.objects.create_user(**user_data)
+
+        member = Member.objects.create(user=user, **validated_data)
+        return member
+
+    def update(self, instance, validated_data):
+        instance.user.username = validated_data.get("user", instance.user).get(
+            "username", instance.user.username
+        )
+        instance.user.email = validated_data.get("user", instance.user).get(
+            "email", instance.user.email
+        )
+        instance.user.first_name = validated_data.get("user", instance.user).get(
+            "first_name", instance.user.first_name
+        )
+        instance.user.last_name = validated_data.get("user", instance.user).get(
+            "last_name", instance.user.last_name
+        )
+        instance.user.is_staff = validated_data.get("user", instance.user).get(
+            "is_staff", instance.user.is_staff
+        )
+
+        instance.picture = validated_data.get("picture", instance.picture)
+        instance.created_at = validated_data.get("created_at", instance.created_at)
+        instance.updated_at = validated_data.get("updated_at", instance.updated_at)
+
+        user = User.objects.filter(id=instance.user.id)
+        user.update(
+            username=instance.user.username,
+            email=instance.user.email,
+            first_name=instance.user.first_name,
+            last_name=instance.user.last_name,
+            is_staff=instance.user.is_staff,
+        )
+        Member.objects.filter(id=instance.id).update(user=user[0])
+        instance.save()
+        return instance
--- a/api/tests.py
+++ b/api/tests.py
+from django.test import TestCase
+
+# Create your tests here.
--- a/api/urls.py
+++ b/api/urls.py
+from django.urls import path, include
+from rest_framework import routers
+
+from .views import LibrarianViewSet, MemberSerializer
+
+router = routers.DefaultRouter()
+router.register(r"librarians", LibrarianViewSet, basename="librarians")
+router.register(r"members", MemberSerializer, basename="members")
+
+urlpatterns = [
+    path("", include(router.urls)),
+]
--- a/api/views.py
+++ b/api/views.py
+from rest_framework import viewsets, permissions
+from rest_framework.response import Response
+
+from .serializers import Librarian, LibrarianSerializer, Member, MemberSerializer
+
+
+class LibrarianViewSet(viewsets.ModelViewSet):
+    permission_classes = [permissions.IsAuthenticated]
+    queryset = Librarian.objects.all().order_by("created_at")
+    serializer_class = LibrarianSerializer
+
+    def update(self, request, pk):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data)
+
+
+class MemberViewSet(viewsets.ModelViewSet):
+    permission_classes = [permissions.IsAuthenticated]
+    queryset = Member.objects.all().order_by("created_at")
+    serializer_class = MemberSerializer
+
+    def update(self, request, pk):
+        instance = self.get_object()
+        serializer = self.get_serializer(instance, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data)
--- a/config/__init__.py
+++ b/config/__init__.py
--- a/config/asgi.py
+++ b/config/asgi.py
+"""
+ASGI config for config project.
+
+It exposes the ASGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/5.0/howto/deployment/asgi/
+"""
+
+import os
+
+from django.core.asgi import get_asgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
+
+application = get_asgi_application()
--- a/config/settings.py
+++ b/config/settings.py
+"""
+Django settings for config project.
+
+Generated by 'django-admin startproject' using Django 5.0.7.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/5.0/topics/settings/
+
+For the full list of settings and their values, see
+https://docs.djangoproject.com/en/5.0/ref/settings/
+"""
+
+from pathlib import Path
+
+# Build paths inside the project like this: BASE_DIR / 'subdir'.
+BASE_DIR = Path(__file__).resolve().parent.parent
+
+
+# Quick-start development settings - unsuitable for production
+# See https://docs.djangoproject.com/en/5.0/howto/deployment/checklist/
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = "django-insecure-hkn&ykayorr75b$9*h^u&$@j(yl^%odsww0t&x%esl)le$t2$e"
+
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = True
+
+ALLOWED_HOSTS = []
+
+
+# Application definition
+
+INSTALLED_APPS = [
+    "django.contrib.admin",
+    "django.contrib.auth",
+    "django.contrib.contenttypes",
+    "django.contrib.sessions",
+    "django.contrib.messages",
+    "django.contrib.staticfiles",
+    # local
+    "users.apps.UsersConfig",
+    # 3rd party
+    "rest_framework",
+    "django_filters",
+]
+
+# 3rd party config
+
+# DJANGO REST FRAMEWORK CONFIG
+
+REST_FRAMEWORK = {
+    "DEFAULT_AUTHENTICATION_CLASSES": [
+        "rest_framework.authentication.SessionAuthentication",
+        "rest_framework.authentication.TokenAuthentication",
+    ],
+    "DEFAULT_FILTER_BACKENDS": ["django_filters.rest_framework.DjangoFilterBackend"],
+    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
+    "PAGE_SIZE": 10,
+}
+
+# end 3rd party config
+
+MIDDLEWARE = [
+    "django.middleware.security.SecurityMiddleware",
+    "django.contrib.sessions.middleware.SessionMiddleware",
+    "django.middleware.common.CommonMiddleware",
+    "django.middleware.csrf.CsrfViewMiddleware",
+    "django.contrib.auth.middleware.AuthenticationMiddleware",
+    "django.contrib.messages.middleware.MessageMiddleware",
+    "django.middleware.clickjacking.XFrameOptionsMiddleware",
+]
+
+ROOT_URLCONF = "config.urls"
+
+TEMPLATES = [
+    {
+        "BACKEND": "django.template.backends.django.DjangoTemplates",
+        "DIRS": [],
+        "APP_DIRS": True,
+        "OPTIONS": {
+            "context_processors": [
+                "django.template.context_processors.debug",
+                "django.template.context_processors.request",
+                "django.contrib.auth.context_processors.auth",
+                "django.contrib.messages.context_processors.messages",
+            ],
+        },
+    },
+]
+
+WSGI_APPLICATION = "config.wsgi.application"
+
+
+# Database
+# https://docs.djangoproject.com/en/5.0/ref/settings/#databases
+
+DATABASES = {
+    "default": {
+        "ENGINE": "django.db.backends.sqlite3",
+        "NAME": BASE_DIR / "db.sqlite3",
+    }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/5.0/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/5.0/topics/i18n/
+
+LANGUAGE_CODE = "en-us"
+
+TIME_ZONE = "UTC"
+
+USE_I18N = True
+
+USE_TZ = True
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/5.0/howto/static-files/
+
+STATIC_URL = "static/"
+STATIC_ROOT = BASE_DIR / "staticfiles"
+
+MEDIA_URL = "media/"
+MEDIA_ROOT = BASE_DIR
+
+# Default primary key field type
+# https://docs.djangoproject.com/en/5.0/ref/settings/#default-auto-field
+
+DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
--- a/config/urls.py
+++ b/config/urls.py
+"""
+URL configuration for config project.
+
+The `urlpatterns` list routes URLs to views. For more information please see:
+    https://docs.djangoproject.com/en/5.0/topics/http/urls/
+Examples:
+Function views
+    1. Add an import:  from my_app import views
+    2. Add a URL to urlpatterns:  path('', views.home, name='home')
+Class-based views
+    1. Add an import:  from other_app.views import Home
+    2. Add a URL to urlpatterns:  path('', Home.as_view(), name='home')
+Including another URLconf
+    1. Import the include() function: from django.urls import include, path
+    2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
+"""
+
+from django.contrib import admin
+from django.urls import path, include
+
+urlpatterns = [
+    # local
+    path("admin/", admin.site.urls),
+    # api
+    path("api/v1/", include("api.urls"), name="API_V1"),
+    # 3rd party
+    path("api-auth/", include("rest_framework.urls"), name="api_auth"),
+]
--- a/config/wsgi.py
+++ b/config/wsgi.py
+"""
+WSGI config for config project.
+
+It exposes the WSGI callable as a module-level variable named ``application``.
+
+For more information on this file, see
+https://docs.djangoproject.com/en/5.0/howto/deployment/wsgi/
+"""
+
+import os
+
+from django.core.wsgi import get_wsgi_application
+
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
+
+application = get_wsgi_application()
--- a/manage.py
+++ b/manage.py
+#!/usr/bin/env python
+"""Django's command-line utility for administrative tasks."""
+import os
+import sys
+
+
+def main():
+    """Run administrative tasks."""
+    os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings')
+    try:
+        from django.core.management import execute_from_command_line
+    except ImportError as exc:
+        raise ImportError(
+            "Couldn't import Django. Are you sure it's installed and "
+            "available on your PYTHONPATH environment variable? Did you "
+            "forget to activate a virtual environment?"
+        ) from exc
+    execute_from_command_line(sys.argv)
+
+
+if __name__ == '__main__':
+    main()
--- a/users/__init__.py
+++ b/users/__init__.py
--- a/users/admin.py
+++ b/users/admin.py
+from django.contrib import admin
+
+# Register your models here.
--- a/users/apps.py
+++ b/users/apps.py
+from django.apps import AppConfig
+
+
+class UsersConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'users'
--- a/users/migrations/0002_initial.py
+++ b/users/migrations/0002_initial.py
+# Generated by Django 5.0.7 on 2024-07-13 12:22
+
+import django.db.models.deletion
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Librarian',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('picture', models.ImageField(blank=True, null=True, upload_to='uploads')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('user', models.OneToOneField(limit_choices_to={'is_staff': True}, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='LibrarianLoginHistory',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('date', models.DateTimeField(auto_now_add=True)),
+                ('librarian', models.OneToOneField(blank=True, null=True, on_delete=django.db.models.deletion.DO_NOTHING, to='users.librarian')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Member',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('picture', models.ImageField(blank=True, null=True, upload_to='uploads')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('user', models.OneToOneField(limit_choices_to={'is_staff': False}, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]
--- a/users/migrations/__init__.py
+++ b/users/migrations/__init__.py
--- a/users/models.py
+++ b/users/models.py
+# create unit tests
+
+from django.db import models
+from django.contrib.auth.models import User
+
+
+class Librarian(models.Model):
+    user = models.OneToOneField(
+        User, on_delete=models.CASCADE, limit_choices_to={"is_staff": True}
+    )
+    picture = models.ImageField(upload_to="uploads", blank=True, null=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+
+class Member(models.Model):
+    user = models.OneToOneField(
+        User, on_delete=models.CASCADE, limit_choices_to={"is_staff": False}
+    )
+    picture = models.ImageField(upload_to="uploads", blank=True, null=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+
+class LibrarianLoginHistory(models.Model):
+    librarian = models.OneToOneField(
+        Librarian, blank=True, null=True, on_delete=models.DO_NOTHING
+    )
+    date = models.DateTimeField(auto_now_add=True)
--- a/users/tests.py
+++ b/users/tests.py
+from django.test import TestCase
+from .models import Librarian, Member, User
+
+
+class UserModelTest(TestCase):
+
+    @classmethod
+    def setUpTestData(cls):
+        """Create user data for testing"""
+        staff_user = User.objects.create_user(
+            username="staff", password="secret", is_staff=True
+        )
+        regular_user = User.objects.create_user(
+            username="member", password="secret", is_staff=False
+        )
+        cls.librarian = Librarian.objects.create(user=staff_user)
+        cls.member = Member.objects.create(user=regular_user)
+
+    def test_librarian_creation(self):
+        """Test that a Librarian object can be created with a valid staff user"""
+        self.assertEqual(self.librarian.user.username, "staff")
+
+    def test_member_creation(self):
+        """Test that a Member object can be created with a valid non-staff user"""
+        self.assertEqual(self.member.user.username, "member")
+
+    def test_librarian_update(self):
+        """Test updating a Librarian object"""
+        new_user = User.objects.create_user(
+            username="new_staff", password="secret", is_staff=True
+        )
+        self.librarian.user = new_user
+        self.librarian.save()
+        self.assertEqual(self.librarian.user.username, "new_staff")
+
+    def test_member_update(self):
+        """Test updating a Member object"""
+        new_user = User.objects.create_user(
+            username="new_member", password="secret", is_staff=False
+        )
+        self.member.user = new_user
+        self.member.save()
+        self.assertEqual(self.member.user.username, "new_member")
+
+    def test_librarian_delete(self):
+        """Test deleting a Librarian object"""
+        librarian_pk = self.librarian.pk
+        self.librarian.delete()
+        self.assertFalse(Librarian.objects.filter(pk=librarian_pk).exists())
+
+    def test_member_delete(self):
+        """Test deleting a Member object"""
+        member_pk = self.member.pk
+        self.member.delete()
+        self.assertFalse(Member.objects.filter(pk=member_pk).exists())
--- a/users/views.py
+++ b/users/views.py
+from django.shortcuts import render
+
+# Create your views here.