HiPhone_BE/user/viewsets.py

97 lines
3.3 KiB
Python

from django.contrib.auth import authenticate, login, logout
from django.views.decorators.csrf import csrf_exempt
from django.utils.decorators import method_decorator
from rest_framework.decorators import action
from rest_framework.permissions import AllowAny, IsAdminUser, IsAuthenticated
from rest_framework.response import Response
from rest_framework.viewsets import ModelViewSet
from core.mixins import ActionBasedMixin
from market.serializers import PostSerializer
from .models import User
from .serializers import (
UserSerializer,
UserCreateSerializer,
PasswordSerializer,
)
class UserViewset(ActionBasedMixin, ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
serializer_class_map = {
"create": UserCreateSerializer,
"posts": PostSerializer,
"password": PasswordSerializer,
}
permission_classes = [IsAdminUser]
permission_classes_map = {
"create": [AllowAny],
"login": [AllowAny],
"logout": [IsAuthenticated],
"me": [IsAuthenticated],
"posts": [IsAuthenticated],
"password": [IsAuthenticated],
}
@action(detail=False, methods=["GET"])
def posts(self, request):
user = request.user
queryset = user.posts.all()
page = self.paginate_queryset(queryset)
if page is not None:
serializer = self.get_serializer(page, many=True)
return self.get_paginated_response(serializer.data)
serializer = self.get_serializer(queryset, many=True)
return Response(serializer.data)
@action(detail=False, methods=["PATCH"])
def password(self, request):
user = request.user
if user.is_anonymous:
return Response(status=401)
oldPassword = request.data["oldPassword"]
newPassword = request.data["newPassword"]
if not user.check_password(oldPassword):
return Response(status=400, data={"msg": "현재 비밀번호가 일치하지 않습니다"})
serializer = self.get_serializer(data=request.data)
if not serializer.is_valid():
msg = " ".join(serializer.errors["newPassword"])
return Response(status=400, data={"msg": msg})
user.set_password(newPassword)
user.save()
return Response(status=204)
def create(self, request, *args, **kwargs):
serializer = UserCreateSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save()
login(request, user)
return Response(serializer.data, status=201)
@action(detail=False, methods=["GET"])
def me(self, request):
serializer = self.get_serializer(request.user)
return Response(serializer.data)
@action(detail=False, methods=["POST"])
@method_decorator(csrf_exempt)
def login(self, request):
username = request.data["username"]
password = request.data["password"]
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return Response({"msg": "success"})
return Response(status=401)
@action(detail=False, methods=["POST"])
def logout(self, request):
logout(request)
return Response(status=204)