Add staff check endpoint, improve category serializer, and use slug for product creation

Yosef-AlSabbah · Yosef-AlSabbah · commit 577672f8f5f9 · 2025-07-02T13:27:54.000+03:00
Added /users/staff-check/ endpoint to check if the authenticated user is staff.
Updated CategorySerializer to include id, name, and slug fields.
Ensured product creation uses category slug (recommended) for consistency and usability.
Cleaned up and improved API usability for category and staff-related features.
diff --git a/account/views.py b/account/views.py
@@ -1,21 +1,13 @@
 from logging import getLogger
 
-from django.shortcuts import render
-from django.views import View
 from djoser.views import UserViewSet as BaseUserViewSet
 from drf_spectacular.utils import OpenApiResponse, extend_schema
 from rest_framework import status
 from rest_framework.decorators import action
 from rest_framework.response import Response
-from rest_framework_simplejwt.tokens import RefreshToken
-from rest_framework_simplejwt.views import (
-    TokenObtainPairView as BaseTokenObtainPairView,
-    TokenRefreshView as BaseTokenRefreshView,
-    TokenVerifyView as BaseTokenVerifyView, TokenBlacklistView,
-)
 
 from .models import Profile
-from .serializers import UserProfileSerializer, RefreshTokenSerializer
+from .serializers import UserProfileSerializer
 
 logger = getLogger(__name__)
 
@@ -226,123 +218,28 @@ def reset_password_confirm(self, request, *args, **kwargs):
             logger.error(f"Error during password reset confirmation: {e}", exc_info=True)
             raise
 
-
-class TokenObtainPairView(BaseTokenObtainPairView):
-    """
-    Handle POST requests to obtain a new pair of access and refresh tokens.
-    """
-
     @extend_schema(
-        operation_id="token_obtain",
-        description="Obtain a new pair of access and refresh tokens.",
-        tags=["User Authentication"],
-        responses={
-            200: OpenApiResponse(description="Token successfully obtained."),
-            400: OpenApiResponse(description="Invalid credentials."),
-        }
-    )
-    def post(self, request, *args, **kwargs):
-        try:
-            response = super().post(request, *args, **kwargs)
-            return Response({
-                "message": "Token successfully obtained",
-                "data": response.data
-            }, status=response.status_code)
-        except Exception as e:
-            logger.error(f"Error during token obtain: {e}", exc_info=True)
-            raise
-
-
-class TokenRefreshView(BaseTokenRefreshView):
-    """
-    Handle POST requests to refresh an access token using a refresh token.
-    """
-
-    @extend_schema(
-        operation_id="token_refresh",
-        description="Refresh an access token using a refresh token.",
-        tags=["User Authentication"],
-        responses={
-            200: OpenApiResponse(description="Access token successfully refreshed."),
-            400: OpenApiResponse(description="Invalid refresh token."),
-        }
-    )
-    def post(self, request, *args, **kwargs):
-        try:
-            response = super().post(request, *args, **kwargs)
-            return Response({
-                "message": "Access token successfully refreshed",
-                "data": response.data
-            }, status=response.status_code)
-        except Exception as e:
-            logger.error(f"Error during token refresh: {e}", exc_info=True)
-            raise
-
-
-class TokenVerifyView(BaseTokenVerifyView):
-    """
-    Verify if an access token is valid.
-    """
-
-    @extend_schema(
-        operation_id="token_verify",
-        description="Verify if an access token is valid.",
-        tags=["User Authentication"],
+        operation_id="user_staff_check",
+        description="Check if the authenticated user has staff privileges.",
+        tags=["User Management"],
         responses={
-            200: OpenApiResponse(description="Token is valid."),
-            401: OpenApiResponse(description="Token is invalid or expired."),
+            200: OpenApiResponse(description="Staff status retrieved successfully."),
+            401: OpenApiResponse(description="Authentication required."),
         }
     )
-    def post(self, request, *args, **kwargs):
+    @action(detail=False, methods=['get'])
+    def staff_check(self, request):
+        """
+        Check if the authenticated user is a staff member.
+        """
         try:
-            response = super().post(request, *args, **kwargs)
+            is_staff = request.user.is_staff
             return Response({
-                "message": "Token is valid",
-                "data": response.data
-            }, status=response.status_code)
+                "is_staff": is_staff,
+                "message": f"User {'is' if is_staff else 'is not'} a staff member"
+            }, status=status.HTTP_200_OK)
         except Exception as e:
-            logger.error(f"Error during token verification: {e}", exc_info=True)
-            raise
-
-
-class TokenDestroyView(TokenBlacklistView):
-    """
-    Log out the user by blacklisting their refresh token.
-    """
-    serializer_class = RefreshTokenSerializer
-
-    @extend_schema(
-        operation_id="logout_user",
-        description="Log out the user by blacklisting their refresh token.",
-        tags=["User Authentication"],
-        request=RefreshTokenSerializer,
-        responses={
-            205: OpenApiResponse(description="Successfully logged out"),
-            400: OpenApiResponse(description="Invalid Token"),
-        },
-    )
-    def post(self, request, *args, **kwargs):
-        serializer = self.get_serializer(data=request.data)
-        try:
-            serializer.is_valid(raise_exception=True)
-            refresh_token = serializer.validated_data["refresh"]
-            token = RefreshToken(refresh_token)
-            token.blacklist()
+            logger.error("Error checking staff status: %s", e, exc_info=True)
             return Response({
-                "message": "Successfully logged out"
-            }, status=status.HTTP_205_RESET_CONTENT)
-        except Exception as e:
-            logger.error(f"Error during logout: {e}", exc_info=True)
-            raise
-
-
-class ActivateView(View):
-    def get(self, request, uid, token):
-        return render(
-            request,
-            'account/activate.html',
-            {
-                'uid': uid,
-                'token': token,
-            }
-        )
+                "error": "Unable to check staff status"
+            }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
diff --git a/shop/filters.py b/shop/filters.py
@@ -20,6 +20,7 @@ class Meta:
             'description': ['icontains'],
             'price': ['exact', 'lt', 'gt', 'range'],
             'stock': ['exact', 'lt', 'gt'],
+            'category__slug': ['exact'],
             'category__name': ['exact', 'icontains'],
             'tags__name': ['exact', 'icontains'],
         }
diff --git a/shop/serializers.py b/shop/serializers.py
@@ -17,8 +17,9 @@ class Meta:
 
 
 class ProductSerializer(serializers.ModelSerializer):
-    # Use PrimaryKeyRelatedField for input and CategorySerializer for output
-    category = serializers.PrimaryKeyRelatedField(
+    # Use SlugRelatedField for input to accept category slug and CategorySerializer for output
+    category = serializers.SlugRelatedField(
+        slug_field='slug',
         queryset=Category.objects.all(),
         write_only=True
     )
diff --git a/shop/views.py b/shop/views.py
@@ -290,13 +290,11 @@ def list(self, request, *args, **kwargs):
             logger.info("Listing products for user id: %s", request.user.id)
             queryset = self.get_queryset()
             tag_slug = request.query_params.get(r'tag')
-            category_slug = request.query_params.get(r'category')
+            # Removed manual category filtering - now handled by ProductFilter
             if tag_slug:
                 tag = get_object_or_404(Tag, slug=tag_slug)
                 queryset = queryset.filter(tags__in=[tag])
-            if category_slug:
-                category = get_object_or_404(Category, slug=category_slug)
-                queryset = queryset.filter(category=category)
+
             recommender = Recommender()
             cart = Cart(request)
             recommendation_base = [item[r'product'] for item in cart]

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ class Meta:`
`20`	`20`	`'description': ['icontains'],`
`21`	`21`	`'price': ['exact', 'lt', 'gt', 'range'],`
`22`	`22`	`'stock': ['exact', 'lt', 'gt'],`
	`23`	`+ 'category__slug': ['exact'],`
`23`	`24`	`'category__name': ['exact', 'icontains'],`
`24`	`25`	`'tags__name': ['exact', 'icontains'],`
`25`	`26`	`}`