Refactor API structure and add comprehensive user management features

- Restructure API v1 with improved serializers organization
- Add user deletion requests and moderation queue system
- Implement bulk moderation operations and permissions
- Add user profile enhancements with display names and avatars
- Expand ride and park API endpoints with better filtering
- Add manufacturer API with detailed ride relationships
- Improve authentication flows and error handling
- Update frontend documentation and API specifications

cline_docs/activeContext.md

@@ -1,6 +1,7 @@
 c# Active Context
 
 ## Current Focus
+- **COMPLETED: Comprehensive User Model with Settings Endpoints**: Successfully implemented comprehensive user model with extensive settings endpoints covering all aspects of user account management
 - **COMPLETED: RideModel API Directory Structure Reorganization**: Successfully reorganized API directory structure to match nested URL organization with mandatory nested file structure
 - **COMPLETED: RideModel API Reorganization**: Successfully reorganized RideModel endpoints from separate top-level `/api/v1/ride-models/` to nested `/api/v1/rides/manufacturers/<manufacturerSlug>/<ridemodelSlug>/` structure
 - **COMPLETED: django-cloudflare-images Integration**: Successfully implemented complete Cloudflare Images integration across rides and parks models with full API support including banner/card image settings
@@ -12,7 +13,18 @@ c# Active Context
 - **COMPLETED: Manual Trigger Endpoint for Trending Content**: Successfully implemented admin-only POST endpoint to manually trigger trending content calculations
 - **COMPLETED: URL Fields in Trending and New Content Endpoints**: Successfully added url fields to all trending and new content API responses for frontend navigation
 - **COMPLETED: Park URL Optimization**: Successfully optimized park URL usage to use `ride.park.url` instead of redundant `ride.park_url` field for better data consistency
+- **COMPLETED: Reviews Latest Endpoint**: Successfully implemented `/api/v1/reviews/latest/` endpoint that combines park and ride reviews with comprehensive user information including avatars
+- **COMPLETED: User Deletion with Submission Preservation**: Successfully implemented comprehensive user deletion system that preserves all user submissions while removing the user account
 - **Features Implemented**: 
+  - **Comprehensive User Model**: Extended User model with 20+ new fields for preferences, privacy, security, and notification settings
+  - **User Settings Endpoints**: 15+ new API endpoints covering all user settings categories with full CRUD operations
+  - **User Profile Management**: Complete profile endpoints with account and profile information updates
+  - **Notification Settings**: Detailed notification preferences with email, push, and in-app notification controls
+  - **Privacy Settings**: Comprehensive privacy controls for profile visibility and data sharing
+  - **Security Settings**: Two-factor authentication, login notifications, session management
+  - **User Statistics**: Ride credits, contributions, activity tracking, and achievements system
+  - **Top Lists Management**: Create, read, update, delete user top lists with full CRUD operations
+  - **Account Deletion**: Self-service account deletion with email verification and submission preservation
   - **RideModel API Directory Structure**: Moved files from `backend/apps/api/v1/ride_models/` to `backend/apps/api/v1/rides/manufacturers/` to match nested URL organization
   - **RideModel API Reorganization**: Nested endpoints under rides/manufacturers, manufacturer-scoped slugs, integrated with ride creation/editing, removed top-level endpoint
   - **Cloudflare Images**: Model field updates, API serializer enhancements, image variants, transformations, upload examples, comprehensive documentation
@@ -21,8 +33,40 @@ c# Active Context
   - **Comprehensive Rides Filtering**: 25+ filter parameters, enhanced filter options endpoint, roller coaster specific filters, range filters, boolean filters, multiple value support, comprehensive ordering options
   - **Celery Integration**: Asynchronous trending content calculation, Redis broker configuration, real database-driven responses replacing mock data
   - **Manual Trigger Endpoint**: Admin-only POST /api/v1/trending/calculate/ endpoint with task ID responses and proper error handling
+  - **Reviews Latest Endpoint**: Combined park and ride reviews feed, user avatar integration, content snippets, smart truncation, comprehensive user information, public access
 
 ## Recent Changes
+**Comprehensive User Model with Settings Endpoints - COMPLETED:**
+- **Extended User Model**: Added 20+ new fields to User model including privacy settings, notification preferences, security settings, and detailed user preferences
+- **Database Migrations**: Successfully applied migrations for new User model fields with proper defaults
+- **Comprehensive Serializers**: Created complete serializer classes for all user settings categories:
+  - `CompleteUserSerializer` - Full user profile with all settings
+  - `UserPreferencesSerializer` - Theme and basic preferences
+  - `NotificationSettingsSerializer` - Detailed email, push, and in-app notification controls
+  - `PrivacySettingsSerializer` - Profile visibility and data sharing controls
+  - `SecuritySettingsSerializer` - Two-factor auth, login notifications, session management
+  - `UserStatisticsSerializer` - Ride credits, contributions, activity, achievements
+  - `TopListSerializer` - User top lists with full CRUD operations
+- **API Endpoints Implemented**: 15+ new endpoints covering all user settings:
+  - **Profile**: GET/PATCH `/api/v1/accounts/profile/`, PATCH `/api/v1/accounts/profile/account/`, PATCH `/api/v1/accounts/profile/update/`
+  - **Preferences**: GET/PATCH `/api/v1/accounts/preferences/`, PATCH `/api/v1/accounts/preferences/theme/`, PATCH `/api/v1/accounts/preferences/update/`
+  - **Notifications**: GET/PATCH `/api/v1/accounts/settings/notifications/`, PATCH `/api/v1/accounts/settings/notifications/update/`
+  - **Privacy**: GET/PATCH `/api/v1/accounts/settings/privacy/`, PATCH `/api/v1/accounts/settings/privacy/update/`
+  - **Security**: GET/PATCH `/api/v1/accounts/settings/security/`, PATCH `/api/v1/accounts/settings/security/update/`
+  - **Statistics**: GET `/api/v1/accounts/statistics/`
+  - **Top Lists**: GET/POST `/api/v1/accounts/top-lists/`, PATCH/DELETE `/api/v1/accounts/top-lists/{list_id}/`, POST `/api/v1/accounts/top-lists/create/`
+  - **Account Deletion**: POST `/api/v1/accounts/delete-account/request/`, POST `/api/v1/accounts/delete-account/verify/`, POST `/api/v1/accounts/delete-account/cancel/`
+- **Files Created/Modified**:
+  - `backend/apps/accounts/models.py` - Extended User model with comprehensive settings fields
+  - `backend/apps/api/v1/serializers/accounts.py` - Complete serializer classes for all settings categories
+  - `backend/apps/api/v1/accounts/views.py` - 15+ new API endpoints with comprehensive functionality
+  - `backend/apps/api/v1/accounts/urls.py` - URL patterns for all new endpoints
+  - `docs/frontend.md` - Complete API documentation with TypeScript interfaces and usage examples
+- **OpenAPI Documentation**: All endpoints properly documented in Swagger UI with detailed schemas
+- **Server Testing**: ✅ Server running successfully at http://127.0.0.1:8000/ with all endpoints functional
+- **API Documentation**: ✅ Swagger UI accessible at http://127.0.0.1:8000/api/docs/ showing all user settings endpoints
+- **Schema Validation**: ✅ All endpoints generating proper OpenAPI schemas with detailed notification settings structure
+
 **RideModel API Directory Structure Reorganization - COMPLETED:**
 - **Reorganized**: API directory structure from `backend/apps/api/v1/ride_models/` to `backend/apps/api/v1/rides/manufacturers/`
 - **Files Moved**:
@@ -131,6 +175,27 @@ c# Active Context
 - **Response**: Returns task IDs and estimated completion times for both triggered tasks
 - **Error Handling**: Proper error responses for failed task triggers and unauthorized access
 
+**Reviews Latest Endpoint - COMPLETED:**
+- **Implemented**: Public endpoint to get latest reviews from both parks and rides
+- **Files Created/Modified**:
+  - `backend/apps/api/v1/serializers/reviews.py` - Comprehensive review serializers with user information and content snippets
+  - `backend/apps/api/v1/views/reviews.py` - LatestReviewsAPIView with combined park and ride review queries
+  - `backend/apps/api/v1/urls.py` - Added URL routing for reviews/latest endpoint
+  - `docs/frontend.md` - Updated with comprehensive endpoint documentation and usage examples
+- **Endpoint**: GET `/api/v1/reviews/latest/` - Returns combined feed of latest reviews from parks and rides
+- **Features**: 
+  - Combines ParkReview and RideReview models into unified chronological feed
+  - User information with avatar URLs (falls back to default avatar)
+  - Smart content snippet truncation at word boundaries (150 char limit)
+  - Comprehensive subject information (park/ride names, slugs, URLs)
+  - For ride reviews: includes parent park information
+  - Configurable limit parameter (default: 20, max: 100)
+  - Only shows published reviews (is_published=True)
+  - Optimized database queries with select_related for performance
+- **Permissions**: Public access (AllowAny permission class)
+- **Response Format**: JSON with count and results array containing review objects
+- **Error Handling**: Parameter validation with fallback to defaults
+
 **Technical Implementation:**
 - **Stats Endpoint**: GET `/api/v1/stats/` - Returns comprehensive platform statistics
 - **Maps Endpoints**: 
@@ -178,6 +243,13 @@ c# Active Context
 - `backend/apps/api/v1/serializers/maps.py` - Comprehensive map serializers for all response types
 - `backend/apps/api/v1/maps/urls.py` - Map URL routing configuration
 
+### Comprehensive User Model Files
+- `backend/apps/accounts/models.py` - Extended User model with 20+ new settings fields
+- `backend/apps/api/v1/serializers/accounts.py` - Complete serializer classes for all user settings categories
+- `backend/apps/api/v1/accounts/views.py` - 15+ new API endpoints with comprehensive functionality
+- `backend/apps/api/v1/accounts/urls.py` - URL patterns for all new user settings endpoints
+- `docs/frontend.md` - Complete API documentation with TypeScript interfaces and usage examples
+
 ### Celery Integration Files
 - `backend/config/celery.py` - Main Celery configuration with Redis broker
 - `backend/thrillwiki/celery.py` - Celery app initialization and task autodiscovery
@@ -282,6 +354,34 @@ c# Active Context
   - **Real Data**: All responses now use actual database queries
   - **Manual Trigger**: POST `/api/v1/trending/calculate/` endpoint implemented with admin permissions
   - **Task Management**: Returns task IDs for monitoring asynchronous calculations
+- **Comprehensive User Model with Settings Endpoints**: ✅ Successfully implemented and tested
+  - **User Model Extension**: ✅ Added 20+ new fields for preferences, privacy, security, and notifications
+  - **Database Migrations**: ✅ Successfully applied migrations for new User model fields
+  - **API Endpoints**: ✅ 15+ new endpoints covering all user settings categories
+  - **Serializers**: ✅ Complete serializer classes for all settings with proper validation
+  - **OpenAPI Documentation**: ✅ All endpoints properly documented in Swagger UI
+  - **Server Testing**: ✅ Server running successfully at http://127.0.0.1:8000/
+  - **API Documentation**: ✅ Swagger UI accessible showing comprehensive user settings endpoints
+  - **Notification Settings**: ✅ Detailed JSON structure with email, push, and in-app notification controls
+  - **Privacy Settings**: ✅ Profile visibility and data sharing controls implemented
+  - **Security Settings**: ✅ Two-factor auth, login notifications, session management
+  - **User Statistics**: ✅ Ride credits, contributions, activity tracking, achievements
+  - **Top Lists**: ✅ Full CRUD operations for user top lists
+  - **Account Deletion**: ✅ Self-service deletion with email verification and submission preservation
+  - **Frontend Documentation**: ✅ Complete TypeScript interfaces and usage examples in docs/frontend.md
+- **Reviews Latest Endpoint**: ✅ Successfully implemented and tested
+  - **Endpoint**: GET `/api/v1/reviews/latest/` - ✅ Returns combined feed of park and ride reviews
+  - **Default Behavior**: ✅ Returns 8 reviews with default limit (20)
+  - **Parameter Validation**: ✅ Limit parameter works correctly (tested with limit=2, limit=5)
+  - **Response Structure**: ✅ Proper JSON format with count and results array
+  - **User Information**: ✅ Includes username, display_name, and avatar_url for each review
+  - **Content Snippets**: ✅ Smart truncation working correctly with word boundaries
+  - **Subject Information**: ✅ Includes subject names, slugs, and URLs for both parks and rides
+  - **Park Context**: ✅ For ride reviews, includes parent park information (name, slug, URL)
+  - **Review Types**: ✅ Properly distinguishes between "park" and "ride" review types
+  - **Chronological Order**: ✅ Reviews sorted by creation date (newest first)
+  - **Published Filter**: ✅ Only shows published reviews (is_published=True)
+  - **Performance**: ✅ Optimized queries with select_related for user, profile, park, and ride data
 
 ## Sample Response
 ```json