from django.contrib.auth import authenticate, login, logout from django.views.decorators.csrf import csrf_exempt from django.utils.decorators import method_decorator from rest_framework.decorators import action from rest_framework.permissions import AllowAny, IsAdminUser, IsAuthenticated from rest_framework.response import Response from rest_framework.viewsets import ModelViewSet from core.mixins import ActionBasedMixin from market.serializers import PostSerializer from .models import User from .serializers import ( UserSerializer, UserCreateSerializer, PasswordSerializer, ) class UserViewset(ActionBasedMixin, ModelViewSet): queryset = User.objects.all() serializer_class = UserSerializer serializer_class_map = { "create": UserCreateSerializer, "posts": PostSerializer, "password": PasswordSerializer, } permission_classes = [IsAdminUser] permission_classes_map = { "create": [AllowAny], "login": [AllowAny], "logout": [IsAuthenticated], "me": [IsAuthenticated], "posts": [IsAuthenticated], "password": [IsAuthenticated], } @action(detail=False, methods=["GET"]) def posts(self, request): user = request.user queryset = user.posts.all() page = self.paginate_queryset(queryset) if page is not None: serializer = self.get_serializer(page, many=True) return self.get_paginated_response(serializer.data) serializer = self.get_serializer(queryset, many=True) return Response(serializer.data) @action(detail=False, methods=["PATCH"]) def password(self, request): user = request.user if user.is_anonymous: return Response(status=401) oldPassword = request.data["oldPassword"] newPassword = request.data["newPassword"] if not user.check_password(oldPassword): return Response(status=400, data={"msg": "현재 비밀번호가 일치하지 않습니다"}) serializer = self.get_serializer(data=request.data) if not serializer.is_valid(): msg = " ".join(serializer.errors["newPassword"]) return Response(status=400, data={"msg": msg}) user.set_password(newPassword) user.save() return Response(status=204) def create(self, request, *args, **kwargs): serializer = UserCreateSerializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.save() login(request, user) return Response(serializer.data, status=201) @action(detail=False, methods=["GET"]) def me(self, request): serializer = self.get_serializer(request.user) return Response(serializer.data) @action(detail=False, methods=["POST"]) @method_decorator(csrf_exempt) def login(self, request): username = request.data["username"] password = request.data["password"] user = authenticate(request, username=username, password=password) if user is not None: login(request, user) return Response({"msg": "success"}) return Response(status=401) @action(detail=False, methods=["POST"]) def logout(self, request): logout(request) return Response(status=204)