您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
 
 
 
 
 
 

107 行
3.1 KiB

  1. import json
  2. from django.conf import settings
  3. from django.contrib import messages
  4. from django.contrib.auth import authenticate, login, logout
  5. from django.contrib.auth.decorators import login_required
  6. from django.http import HttpResponseRedirect, HttpResponseBadRequest, HttpResponse
  7. from django.urls import reverse
  8. from django.utils.functional import lazy
  9. from django_filters.rest_framework import DjangoFilterBackend
  10. from rest_framework import mixins, routers
  11. from rest_framework.permissions import BasePermission
  12. from rest_framework.renderers import JSONRenderer
  13. from rest_framework.viewsets import GenericViewSet
  14. from core.serializers import UserSerializer
  15. from users.models import User
  16. def reverse_lazy(name=None, *args):
  17. return lazy(reverse, str)(name, args=args)
  18. class PublicUserViewSet(
  19. mixins.RetrieveModelMixin,
  20. mixins.ListModelMixin,
  21. GenericViewSet,
  22. ):
  23. serializer_class = UserSerializer
  24. filter_backends = (DjangoFilterBackend, )
  25. filter_fields = ("username", )
  26. pagination_class = None
  27. def get_queryset(self):
  28. username = self.request.GET.get("username", "")
  29. return User.objects.filter(username=username)
  30. class UserViewSet(
  31. mixins.RetrieveModelMixin,
  32. mixins.ListModelMixin,
  33. mixins.CreateModelMixin,
  34. GenericViewSet,
  35. ):
  36. class Permission(BasePermission):
  37. def has_permission(self, request, view):
  38. if not request.method == "POST":
  39. return True
  40. return settings.ALLOW_NEW_REGISTRATIONS
  41. def has_object_permission(self, request, view, obj):
  42. return request.user == obj
  43. permission_classes = [Permission, ]
  44. serializer_class = UserSerializer
  45. pagination_class = None
  46. def get_queryset(self):
  47. if self.request.user.is_anonymous:
  48. return User.objects.none()
  49. return User.objects.filter(id=self.request.user.id)
  50. def login_user(request):
  51. try:
  52. data = json.loads(request.body)
  53. except json.JSONDecodeError:
  54. return HttpResponseBadRequest()
  55. if 'username' not in data:
  56. return HttpResponseBadRequest(
  57. json.dumps({"username": "this field is required"})
  58. )
  59. if 'password' not in data:
  60. return HttpResponseBadRequest(
  61. json.dumps({"password": "this field is required"})
  62. )
  63. user = authenticate(
  64. request,
  65. username=data['username'],
  66. password=data['password']
  67. )
  68. if not user:
  69. return HttpResponseBadRequest(
  70. json.dumps({"password": "username and password doesn't match"})
  71. )
  72. login(request, user)
  73. data = UserSerializer(
  74. user,
  75. context={'request': request},
  76. ).data
  77. return HttpResponse(
  78. JSONRenderer().render(data),
  79. content_type="application/json"
  80. )
  81. @login_required
  82. def logout_user(request):
  83. logout(request)
  84. messages.success(request, 'You have successfully logged out.')
  85. return HttpResponseRedirect('/')
  86. drf_router = routers.DefaultRouter()
  87. drf_router.register(r'users', UserViewSet, basename="user")
  88. drf_router.register(r'public-users', PublicUserViewSet, basename="public-user")