Amin/Dashboard-XRoom
1
0
Fork 0
mirror of https://github.com/Dadechin/Dashboard-XRoom.git synced 2025-07-03 00:34:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4c2b402b7a
Dashboard-XRoom/core/views.py
mi1468 3f47437822 auth and simple info
2025-04-13 11:58:48 +03:30

59 lines
2.0 KiB
Python
Raw Blame History

from django.contrib.auth import get_user_model
from rest_framework.authtoken.models import Token
from rest_framework.decorators import api_view, authentication_classes, permission_classes
from rest_framework.authentication import SessionAuthentication, TokenAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response
from rest_framework import status
# from .models.user import User
from django.contrib.auth.models import User
from .serializers.UserSerializer import UserSerializer
# from .serializers.user import UserSerializer
# utils.py
from .models.AssignedRule import AssignedRule
def user_has_role(user, role_name):
return AssignedRule.objects.filter(user=user, role__name=role_name).exists()
@api_view(['POST'])
def signup(request):
serializer = UserSerializer(data=request.data)
if serializer.is_valid():
user = serializer.save()
user.set_password(request.data['password'])
user.save()
token = Token.objects.create(user=user)
return Response({'token': token.key, 'user': serializer.data})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@api_view(['POST'])
def login(request):
try:
user = get_user_model().objects.get(email=request.data['email'])
except get_user_model().DoesNotExist:
return Response("User not found", status=status.HTTP_404_NOT_FOUND)
if not user.check_password(request.data['password']):
return Response("Invalid password", status=status.HTTP_401_UNAUTHORIZED)
token, created = Token.objects.get_or_create(user=user)
serializer = UserSerializer(user)
return Response({'token': token.key, 'user': serializer.data})
@api_view(['GET'])
@authentication_classes([SessionAuthentication, TokenAuthentication])
@permission_classes([IsAuthenticated])
def test_token(request):
if not user_has_role(request.user, 'admin'):
return Response({'message': 'No access'}, status=status.HTTP_403_FORBIDDEN)
return Response({'message': 'User has admin role'})
Reference in New Issue View Git Blame Copy Permalink