def get(self, request, users):
"""get details about all given users
---
tags:
- User
parameters:
- in: path
name: userids
type: array
collectionFormat: csv
items:
type: integer
responses:
201:
description: User information
schema:
type: object
properties:
users:
type: array
items:
$ref: '#/definitions/user_information_response'
404:
description: one or more users do not exist
...
:type request: HttpRequest
:type users: [UserModel]
"""
return self.success(
{"users": [serializers.user(user) for user in users]})
def get(self, request, users):
"""get details about all given users
---
tags:
- User
parameters:
- in: path
name: userids
type: array
collectionFormat: csv
items:
type: integer
responses:
201:
description: User information
schema:
type: object
properties:
users:
type: array
items:
$ref: '#/definitions/user_information_response'
404:
description: one or more users do not exist
...
:type request: HttpRequest
:type users: [UserModel]
"""
return self.success({"users": [serializers.user(user) for user in users]})
def post(self, request):
"""register a new user
---
tags:
- User
parameters:
- in: body
name: body
schema:
id: create_user
required:
- email
- password
- display_name
properties:
email:
type: string
description: email address of new user
example: [email protected]
password:
type: string
description: Password for user. Will be validated to specific rules
example: PaulsStrongPasswordWhichHeNeverForgets
display_name:
type: string
example: Paul
description: The public displayed name
responses:
201:
description: User created
schema:
id: user_information_response
allOf:
- $ref: '#/definitions/user_information'
- type: object
required:
- id
properties:
id:
type: number
description: Identifier of the User
example: 3
409:
description: That emailaddress is already registered
...
:type request: HttpRequest
"""
user = get_user_model().objects.create_user(
email=request.body['email'],
password=request.body['password'],
locations=parse_locations(request),
category=CategoryModel.objects.get(name='user.default'),
display_name=request.body['display_name'],
)
return self.created(serializers.user(user))
def post(self, request):
"""register a new user
---
tags:
- User
parameters:
- in: body
name: body
schema:
id: create_user
required:
- email
- password
- display_name
properties:
email:
type: string
description: email address of new user
example: [email protected]
password:
type: string
description: Password for user. Will be validated to specific rules
example: PaulsStrongPasswordWhichHeNeverForgets
display_name:
type: string
example: Paul
description: The public displayed name
responses:
201:
description: User created
schema:
id: user_information_response
allOf:
- $ref: '#/definitions/user_information'
- type: object
required:
- id
properties:
id:
type: number
description: Identifier of the User
example: 3
409:
description: That emailaddress is already registered
...
:type request: HttpRequest
"""
user = get_user_model().objects.create_user(
email=request.body['email'],
password=request.body['password'],
locations=parse_locations(request),
category=CategoryModel.objects.get(name='user.default'),
display_name=request.body['display_name'],
)
return self.created(serializers.user(user))
def put(self, request, users):
"""Modify a user: Yourself or any user you have sufficient rights for.
Only the provided fields will be changed. To clear fields, set them explicitly as empty.
---
tags:
- User
parameters:
- in: path
name: users
type: integer
- in: body
name: body
required: true
schema:
id: user_information
properties:
last_name:
type: string
example: Webber
description: The last name
first_name:
type: string
example: Paul
description: The first name
display_name:
type: string
example: Paul
description: The public displayed name, defaults to first_name if not specified
responses:
201:
description: User information
schema:
$ref: '#/definitions/user_information_response'
403:
description: You are not allowed to modify that user
404:
description: the user does not exist
...
:type request: HttpRequest
:type users: UserModel
"""
if 'display_name' in request.body:
users.display_name = request.body['display_name']
if 'first_name' in request.body:
users.first_name = request.body['first_name']
if 'last_name' in request.body:
users.last_name = request.body['last_name']
users.save()
return self.created(serializers.user(users))
def get(self, request):
"""get current login status.
Also generates a CSRF cookie which has to be used for further requests.
---
tags:
- Authentication
responses:
200:
description: Login state with an empty user if not logged in
schema:
id: user_login_response
type: object
properties:
user:
$ref: '#/definitions/user_information_response'
...
:type request: HttpRequest
"""
generate_csrf_token_for_frontend(request)
return self.success({'user': serializers.user(request.user)})
def get(self, request):
"""get current login status.
Also generates a CSRF cookie which has to be used for further requests.
---
tags:
- Authentication
responses:
200:
description: Login state with an empty user if not logged in
schema:
id: user_login_response
type: object
properties:
user:
$ref: '#/definitions/user_information_response'
...
:type request: HttpRequest
"""
generate_csrf_token_for_frontend(request)
return self.success({'user': serializers.user(request.user)})
def put(self, request, user):
"""Modify a user: Yourself or any user you have sufficient rights for.
Only the provided fields will be changed. To clear fields, set them explicitly as empty.
---
tags:
- User
parameters:
- in: path
name: userid
type: integer
- in: body
name: body
required: true
schema:
id: user_information
properties:
display_name:
type: string
example: Paul
description: Display name of the user
responses:
201:
description: User information
schema:
$ref: '#/definitions/user_information_response'
403:
description: You are not allowed to modify that user
404:
description: the user does not exist
...
:type request: HttpRequest
:type user: UserModel
"""
user.display_name = request.body['display_name']
user.save()
return self.created(serializers.user(user))
def put(self, request, user):
"""Modify a user: Yourself or any user you have sufficient rights for.
Only the provided fields will be changed. To clear fields, set them explicitly as empty.
---
tags:
- User
parameters:
- in: path
name: userid
type: integer
- in: body
name: body
required: true
schema:
id: user_information
properties:
display_name:
type: string
example: Paul
description: Display name of the user
responses:
201:
description: User information
schema:
$ref: '#/definitions/user_information_response'
403:
description: You are not allowed to modify that user
404:
description: the user does not exist
...
:type request: HttpRequest
:type user: UserModel
"""
user.display_name = request.body['display_name']
user.save()
return self.created(serializers.user(user))
def post(self, request):
"""Logs in the user using the provided credentials
---
tags:
- Authentication
parameters:
- in: body
name: body
schema:
id: User
required:
- email
- password
properties:
email:
type: string
description: email for user
example: [email protected]
password:
type: string
description: password of user
example: PaulsStrongPasswordWhichHeNeverForgets
responses:
200:
description: Login state
schema:
$ref: '#/definitions/user_login_response'
403:
description: User credentials wrong
...
:type request: HttpRequest
"""
user = authenticate(email=request.body['email'], password=request.body['password'])
if user is None:
return self.forbidden(reason='wrong login credentials.')
login(request, user)
return self.success({'user': serializers.user(user)})
def get(self, request):
"""get details about all users
---
tags:
- User
responses:
201:
description: User information
schema:
type: object
properties:
users:
type: array
items:
$ref: '#/definitions/user_information_response'
...
:type request: HttpRequest
"""
users = get_user_model().objects.all()
return self.success({"users": [serializers.user(user) for user in users]})