mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-20 08:31:08 -05:00
205 lines
7.3 KiB
Python
205 lines
7.3 KiB
Python
"""
|
|
Accounts API ViewSets for user profiles and top lists.
|
|
"""
|
|
|
|
from rest_framework.viewsets import ModelViewSet
|
|
from rest_framework.permissions import IsAuthenticated
|
|
from rest_framework.decorators import action
|
|
from rest_framework.response import Response
|
|
from rest_framework import status
|
|
from django.contrib.auth import get_user_model
|
|
from django.db.models import Q
|
|
|
|
from apps.accounts.models import UserProfile, TopList, TopListItem
|
|
from ..serializers import (
|
|
UserProfileCreateInputSerializer,
|
|
UserProfileUpdateInputSerializer,
|
|
UserProfileOutputSerializer,
|
|
TopListCreateInputSerializer,
|
|
TopListUpdateInputSerializer,
|
|
TopListOutputSerializer,
|
|
TopListItemCreateInputSerializer,
|
|
TopListItemUpdateInputSerializer,
|
|
TopListItemOutputSerializer,
|
|
)
|
|
|
|
User = get_user_model()
|
|
|
|
|
|
class UserProfileViewSet(ModelViewSet):
|
|
"""ViewSet for managing user profiles."""
|
|
|
|
queryset = UserProfile.objects.select_related("user").all()
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get_serializer_class(self):
|
|
"""Return appropriate serializer based on action."""
|
|
if self.action == "create":
|
|
return UserProfileCreateInputSerializer
|
|
elif self.action in ["update", "partial_update"]:
|
|
return UserProfileUpdateInputSerializer
|
|
return UserProfileOutputSerializer
|
|
|
|
def get_queryset(self):
|
|
"""Filter profiles based on user permissions."""
|
|
if self.request.user.is_staff:
|
|
return self.queryset
|
|
return self.queryset.filter(user=self.request.user)
|
|
|
|
@action(detail=False, methods=["get"])
|
|
def me(self, request):
|
|
"""Get current user's profile."""
|
|
try:
|
|
profile = UserProfile.objects.get(user=request.user)
|
|
serializer = self.get_serializer(profile)
|
|
return Response(serializer.data)
|
|
except UserProfile.DoesNotExist:
|
|
return Response(
|
|
{"error": "Profile not found"}, status=status.HTTP_404_NOT_FOUND
|
|
)
|
|
|
|
|
|
class TopListViewSet(ModelViewSet):
|
|
"""ViewSet for managing user top lists."""
|
|
|
|
queryset = (
|
|
TopList.objects.select_related("user").prefetch_related("items__ride").all()
|
|
)
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get_serializer_class(self):
|
|
"""Return appropriate serializer based on action."""
|
|
if self.action == "create":
|
|
return TopListCreateInputSerializer
|
|
elif self.action in ["update", "partial_update"]:
|
|
return TopListUpdateInputSerializer
|
|
return TopListOutputSerializer
|
|
|
|
def get_queryset(self):
|
|
"""Filter lists based on user permissions and visibility."""
|
|
queryset = self.queryset
|
|
|
|
if not self.request.user.is_staff:
|
|
# Non-staff users can only see their own lists and public lists
|
|
queryset = queryset.filter(Q(user=self.request.user) | Q(is_public=True))
|
|
|
|
return queryset.order_by("-created_at")
|
|
|
|
def perform_create(self, serializer):
|
|
"""Set the user when creating a top list."""
|
|
serializer.save(user=self.request.user)
|
|
|
|
@action(detail=False, methods=["get"])
|
|
def my_lists(self, request):
|
|
"""Get current user's top lists."""
|
|
lists = self.get_queryset().filter(user=request.user)
|
|
serializer = self.get_serializer(lists, many=True)
|
|
return Response(serializer.data)
|
|
|
|
@action(detail=True, methods=["post"])
|
|
def duplicate(self, request, pk=None):
|
|
"""Duplicate a top list for the current user."""
|
|
original_list = self.get_object()
|
|
|
|
# Create new list
|
|
new_list = TopList.objects.create(
|
|
user=request.user,
|
|
name=f"Copy of {original_list.name}",
|
|
description=original_list.description,
|
|
is_public=False, # Duplicated lists are private by default
|
|
)
|
|
|
|
# Copy all items
|
|
for item in original_list.items.all():
|
|
TopListItem.objects.create(
|
|
top_list=new_list,
|
|
ride=item.ride,
|
|
position=item.position,
|
|
notes=item.notes,
|
|
)
|
|
|
|
serializer = self.get_serializer(new_list)
|
|
return Response(serializer.data, status=status.HTTP_201_CREATED)
|
|
|
|
|
|
class TopListItemViewSet(ModelViewSet):
|
|
"""ViewSet for managing top list items."""
|
|
|
|
queryset = TopListItem.objects.select_related("top_list__user", "ride").all()
|
|
permission_classes = [IsAuthenticated]
|
|
|
|
def get_serializer_class(self):
|
|
"""Return appropriate serializer based on action."""
|
|
if self.action == "create":
|
|
return TopListItemCreateInputSerializer
|
|
elif self.action in ["update", "partial_update"]:
|
|
return TopListItemUpdateInputSerializer
|
|
return TopListItemOutputSerializer
|
|
|
|
def get_queryset(self):
|
|
"""Filter items based on user permissions."""
|
|
queryset = self.queryset
|
|
|
|
if not self.request.user.is_staff:
|
|
# Non-staff users can only see items from their own lists or public lists
|
|
queryset = queryset.filter(
|
|
Q(top_list__user=self.request.user) | Q(top_list__is_public=True)
|
|
)
|
|
|
|
return queryset.order_by("top_list_id", "position")
|
|
|
|
def perform_create(self, serializer):
|
|
"""Validate user can add items to the list."""
|
|
top_list = serializer.validated_data["top_list"]
|
|
if top_list.user != self.request.user and not self.request.user.is_staff:
|
|
raise PermissionError("You can only add items to your own lists")
|
|
serializer.save()
|
|
|
|
def perform_update(self, serializer):
|
|
"""Validate user can update items in the list."""
|
|
top_list = serializer.instance.top_list
|
|
if top_list.user != self.request.user and not self.request.user.is_staff:
|
|
raise PermissionError("You can only update items in your own lists")
|
|
serializer.save()
|
|
|
|
def perform_destroy(self, instance):
|
|
"""Validate user can delete items from the list."""
|
|
if (
|
|
instance.top_list.user != self.request.user
|
|
and not self.request.user.is_staff
|
|
):
|
|
raise PermissionError("You can only delete items from your own lists")
|
|
instance.delete()
|
|
|
|
@action(detail=False, methods=["post"])
|
|
def reorder(self, request):
|
|
"""Reorder items in a top list."""
|
|
top_list_id = request.data.get("top_list_id")
|
|
item_ids = request.data.get("item_ids", [])
|
|
|
|
if not top_list_id or not item_ids:
|
|
return Response(
|
|
{"error": "top_list_id and item_ids are required"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
try:
|
|
top_list = TopList.objects.get(id=top_list_id)
|
|
if top_list.user != request.user and not request.user.is_staff:
|
|
return Response(
|
|
{"error": "Permission denied"}, status=status.HTTP_403_FORBIDDEN
|
|
)
|
|
|
|
# Update positions
|
|
for position, item_id in enumerate(item_ids, 1):
|
|
TopListItem.objects.filter(id=item_id, top_list=top_list).update(
|
|
position=position
|
|
)
|
|
|
|
return Response({"success": True})
|
|
|
|
except TopList.DoesNotExist:
|
|
return Response(
|
|
{"error": "Top list not found"}, status=status.HTTP_404_NOT_FOUND
|
|
)
|