Add authorization to CRUD views

Author: nayaba

api/models/prompt.py

@@ -0,0 +1,25 @@
+from django.db import models
+from django.contrib.auth import get_user_model
+
+class Prompt(models.Model):
+  """Prompt model"""
+  content = models.CharField(max_length=100)
+  created_at = models.DateTimeField(auto_now_add=True)
+  updated_at = models.DateTimeField(auto_now=True)
+  owner = models.ForeignKey(
+      get_user_model(),
+      on_delete=models.CASCADE
+  )
+
+  def __str__(self):
+      """Return a string representation of a prompt"""
+      return f'{self.content}'
+
+  def as_dict(self):
+      """Return a dictionary representation of a prompt"""
+      return {
+      'id': self.id,
+      'content': self.content,
+      'created_at': self.created_at,
+      'updated_at': self.updated_at
+      }

api/urls.py

@@ -9,5 +9,5 @@
     path('sign-up/', SignUp.as_view(), name='sign-up'),
     path('sign-in/', SignIn.as_view(), name='sign-in'),
     path('sign-out/', SignOut.as_view(), name='sign-out'),
-    path('change-pw/', ChangePassword.as_view(), name='change-pw')
+    path('change-pw/', ChangePassword.as_view(), name='change-pw'),
 ]

api/views/prompt_views.py

@@ -0,0 +1,66 @@
+from django.shortcuts import get_object_or_404
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import generics, status
+from ..models.prompt import Prompt
+from ..serializers import PromptSerializer
+# from .serializers import PromptReadSerializer
+
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.exceptions import PermissionDenied
+
+
+# from django.http import JsonResponse
+
+class Prompts(generics.ListCreateAPIView):
+    permission_classes=(IsAuthenticated,)
+    serializer_class=PromptSerializer
+
+    def get(self, request):
+        """Index Request"""
+        # prompts = Prompt.objects.all()
+        prompts = Prompt.objects.filter(owner=request.user.id)
+        data = PromptSerializer(prompts, many=True).data
+        return Response({"prompt": data})
+        # prompts = Prompt.objects.filter(owner=request.user.id)
+
+    def post(self, request):
+        """Create a Prompt"""
+        request.data['prompt']['owner'] = request.user.id
+        serializer = PromptSerializer(data=request.data['prompt'])
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_201_CREATED)
+        else:
+          return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
+class PromptDetail(APIView):
+    permission_classes=(IsAuthenticated,)
+    def get(self, request, pk):
+        """Show one Prompt"""
+        prompt = get_object_or_404(Prompt, pk=pk)
+
+        if not request.user.id == prompt.owner.id:
+            raise PermissionDenied('Unauthorized, you do not own this prompt')
+
+        data = PromptSerializer(prompt).data
+        return Response({ 'prompt': data })
+
+    def patch(self, request, pk):
+        """Update a Prompt"""
+        print('request: ', request.data)
+        prompt = get_object_or_404(Prompt, pk=pk)
+        print('prompt: ', prompt)
+        ms = PromptSerializer(prompt, data=request.data['prompt'], partial=True)
+        if ms.is_valid():
+            ms.save()
+            print('ms.data: ', ms.data)
+            return Response(ms.data)
+        return Response(ms.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def delete(self, request, pk):
+        """Delete Request"""
+        prompt = get_object_or_404(Prompt, pk=pk)
+        prompt.delete()
+        return Response(status=status.HTTP_204_NO_CONTENT)

curl-scripts/prompts/create.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+curl "http://localhost:8000/prompt/" \
+  --include \
+  --request POST \
+  --header "Content-Type: application/json" \
+  --header "Authorization: Token ${TOKEN}" \
+  --data '{
+    "prompt": {
+      "content": "'"${CONTENT}"'"
+    }
+  }'
+
+echo

prompt/serializers.py

@@ -1,5 +1,6 @@
 from rest_framework import serializers
 from .models import Prompt
+from django.contrib.auth import get_user_model
 
 class PromptSerializer(serializers.ModelSerializer):
     class Meta:

prompt/views.py

@@ -13,7 +13,7 @@
 # from django.http import JsonResponse
 
 class Prompts(APIView):
-    permission_classes=()
+    permission_classes=(IsAuthenticated,)
     serializer_class=PromptSerializer
 
     def get(self, request):
@@ -25,6 +25,7 @@ def get(self, request):
 
     def post(self, request):
         """Create a Prompt"""
+        request.data['prompt']['owner'] = request.user.id
         serializer = PromptSerializer(data=request.data['prompt'])
         if serializer.is_valid():
             serializer.save()
@@ -41,7 +42,8 @@ def get(self, request, pk):
 
         if not request.user.id == prompt.owner.id:
             raise PermissionDenied('Unauthorized, you do not own this prompt')
-
+        print('request.user.id: ', request.user.id)
+        print('prompt.owner.id: ', prompt.owner.id)
         data = PromptSerializer(prompt).data
         return Response({ 'prompt': data })
 
@@ -60,5 +62,9 @@ def patch(self, request, pk):
     def delete(self, request, pk):
         """Delete Request"""
         prompt = get_object_or_404(Prompt, pk=pk)
+        if not request.user.id == prompt.owner.id:
+            raise PermissionDenied('Unauthorized, you do not own this prompt')
+        print('request.user.id: ', request.user.id)
+        print('prompt.owner.id: ', prompt.owner.id)
         prompt.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)