fix: password required on update profile

api/auth/serializers.py

@@ -11,25 +11,22 @@ class UserSerializer(serializers.ModelSerializer):
             "id",
             "username",
             "email",
-            "password",
             "first_name",
             "last_name",
             "is_staff",
+            "password",
         ]
 
+        extra_kwargs = {"password": {"write_only": True}}
+
     def create(self, validated_data):
         password = validated_data.get("password")
-        print(validated_data)
         user = User.objects.create(**validated_data)
         user.set_password(password)
         user.save()
 
         return user
 
-    def update(self, instance, validated_data):
-        partial = validated_data.get("is_partial", False)
-        return serializers.ModelSerializer.update(self, instance, validated_data)
-
 
 class LoginHistorySerializer(serializers.ModelSerializer):
     class Meta:
@@ -157,9 +154,14 @@ class MemberSerializer(serializers.ModelSerializer):
         return instance
 
 
-class TokenSerializer(TokenObtainPairSerializer):
-    @classmethod
-    def get_token(cls, user):
-        token = super().get_token(user)
-        token["user_id"] = user.id
-        return token
+class UpdateProfileSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "id",
+            "username",
+            "email",
+            "first_name",
+            "last_name",
+            "is_staff",
+        ]

api/auth/views.py

@@ -19,6 +19,7 @@ from .serializers import (
     MemberSerializer,
     User,
     UserSerializer,
+    UpdateProfileSerializer,
 )
 from .permissions import IsStaffUser, IsNotStaffUser
 
@@ -307,8 +308,8 @@ class ResetPasswordConfirmView(views.APIView):
         )
 
 
-class UserViewSet(viewsets.ModelViewSet):
-    serializer_class = UserSerializer
+class UpdateProfileView(viewsets.ModelViewSet):
+    serializer_class = UpdateProfileSerializer
     queryset = User.objects.all().order_by("id")
 
     def update(self, request, pk):
@@ -316,4 +317,16 @@ class UserViewSet(viewsets.ModelViewSet):
         serializer = self.get_serializer(instance, data=request.data)
         serializer.is_valid(raise_exception=True)
         serializer.save()
-        return Response(serializer.data, status=status.HTTP_200_OK)
+
+        user_id = serializer.data.get("id")
+        user = User.objects.get(pk=user_id)
+
+        account_id = None
+        if user.is_staff:
+            account_id = user.librarian.id
+        else:
+            account_id = user.member.id
+
+        response = serializer.data
+        response["account_id"] = account_id
+        return Response(response, status=status.HTTP_200_OK)

api/urls.py

@@ -14,7 +14,7 @@ from .auth.views import (
     TokenResetPasswordView,
     ResetPasswordConfirmView,
     UserDetailView,
-    UserViewSet,
+    UpdateProfileView,
 )
 from .book.views import BookViewSet, CategoryViewSet
 from .loans.views import (
@@ -26,7 +26,7 @@ from .loans.views import (
 
 
 router = routers.DefaultRouter()
-router.register(r"user", UserViewSet, basename="user")
+router.register(r"user", UpdateProfileView, basename="user")
 router.register(r"librarians", LibrarianViewSet, basename="librarians")
 router.register(r"members", MemberViewSet, basename="members")
 router.register(r"books", BookViewSet, basename="books")
@@ -53,6 +53,11 @@ urlpatterns = [
         UserDetailView.as_view(),
         name="user_detail",
     ),
+    path(
+        "user",
+        UserDetailView.as_view(),
+        name="user_detail",
+    ),
     path(
         "reset-password/request-token",
         TokenResetPasswordView.as_view(),