1 group

group/admin.py

@@ -0,0 +1,5 @@
+from django.contrib import admin
+from .models import Group
+admin.site.register(Group)
+
+# Register your models here.

group/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class GroupConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'group'

group/migrations/0001_initial.py

@@ -0,0 +1,26 @@
+# Generated by Django 4.2.1 on 2023-08-24 14:21
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Group',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=200)),
+                ('description', models.TextField()),
+                ('admins', models.BooleanField(default=False)),
+                ('users', models.ManyToManyField(related_name='groups_joined', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

group/migrations/0002_remove_group_admins_group_admins.py

@@ -0,0 +1,24 @@
+# Generated by Django 4.2.1 on 2023-08-24 14:27
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('group', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='group',
+            name='admins',
+        ),
+        migrations.AddField(
+            model_name='group',
+            name='admins',
+            field=models.ManyToManyField(related_name='groups_admins', to=settings.AUTH_USER_MODEL),
+        ),
+    ]

group/models.py

@@ -0,0 +1,33 @@
+from django.db import models
+from django.contrib.auth.models import User
+from django.conf import settings
+
+#from accounts.models import User
+
+
+
+
+
+class Group(models.Model):
+    name = models.CharField(max_length=200)
+    description = models.TextField()
+    users = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name='groups_joined')
+    admins = models.ManyToManyField(settings.AUTH_USER_MODEL, related_name='groups_admins', blank=False)
+
+#     class Meta:
+#         permissions = [
+#             ('can_manage_group', 'Can manage group'),
+#         ]
+
+# def your_view_function(request, group_id):
+#     # Get the authenticated user
+#     admin_user = request.user
+
+#     # Check if the user has the required permission
+#     if admin_user.has_perm('your_app_name.can_manage_group'):
+#         group = Group.objects.get(pk=group_id)  # Replace 'group_id' with the actual group ID
+#         group.admins.add(admin_user)
+#         # ... additional logic for managing the group ...
+#     else:
+#         # User doesn't have permission to manage the group
+#         pass

group/permissions.py

@@ -0,0 +1,8 @@
+from rest_framework import permissions
+
+
+class IsOwnerOrReadOnly(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        return obj.users == request.user

group/rest.rest

@@ -0,0 +1,16 @@
+DELETE  http://localhost:8000/group/7/
+Content-Type: application/json
+Authorization: Token ede5b2ce43ec95a90092f30e3c1884a9097ec0e3
+
+
+{
+    "id": 4,
+    "name": "Group 1 updated",
+    "description": "test",
+    "users": [
+        2, 1
+    ],
+    "admins": [
+        1
+    ]
+}

group/serializers.py

@@ -0,0 +1,19 @@
+from rest_framework import serializers
+from .models import Group
+
+class GroupSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Group
+        fields = '__all__'
+
+
+
+# class UsersSerializer(serializers.ModelSerializer):
+#     class Meta:
+#         model = Users
+#         fields = '__all__'
+
+# class AdminsSerializer(serializers.ModelSerializer):
+#     class Meta:
+#         model = Admins
+#         fields = '__all__'

group/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

group/urls.py

@@ -0,0 +1,17 @@
+from django.urls import path,include
+from .views import GroupViewSet
+#from .views import GroupView
+from rest_framework import routers
+
+
+router = routers.DefaultRouter()
+#router.register(r'',GroupView, 'groups' )
+router.register(r'', GroupViewSet, 'groups')
+# router.register(r'users',UsersView)
+# router.register(r'admins',AdminsView)
+
+
+
+urlpatterns = [
+    path('', include(router.urls))
+]

group/views.py

@@ -0,0 +1,71 @@
+# from django.shortcuts import render
+# from django.http import HttpResponse,JsonResponse
+# from django.views import View
+# from rest_framework import viewsets
+# from .serializer import GroupSerializer
+# from .models import Group
+# from .permissions import IsOwnerOrReadOnly
+# from rest_framework.permissions import IsAuthenticatedOrReadOnly
+# from rest_framework.authentication import TokenAuthentication
+
+
+
+
+
+#from .pagination import TasksPagination
+#from .filters import TaskFilter
+
+
+
+# class GroupView(viewsets.ModelViewSet):
+#     serializer_class = GroupSerializer
+#     queryset = Group.objects.all()
+#     authentication_classes = [TokenAuthentication]
+#     permission_classes = [IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly]
+
+
+# class UsersView(viewsets.ModelViewSet):
+#     serializer_class = UsersSerializer
+#     queryset = Users.objects.all()
+
+
+# class AdminsView(viewsets.ModelViewSet):
+#     serializer_class = AdminsSerializer
+#     queryset = Admins.objects.all()
+
+
+
+
+from rest_framework import viewsets, status
+from rest_framework.response import Response
+from .models import Group
+from .serializers import GroupSerializer
+from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_POST
+
+class GroupViewSet(viewsets.ModelViewSet):
+    queryset = Group.objects.all()
+    serializer_class = GroupSerializer
+
+    def is_group_admin(self, user, group):
+        return user in group.admins.all()
+
+
+    @csrf_exempt
+    def update(self, request, *args, **kwargs):
+        instance = self.get_object()
+
+        if not self.is_group_admin(request.user, instance):
+            return Response({"detail": "You are not authorized to edit this group."},
+                            status=status.HTTP_403_FORBIDDEN)
+
+        return super().update(request,args, kwargs)
+
+    def partial_update(self, request, *args, kwargs):
+        instance = self.get_object()
+
+        if not self.is_group_admin(request.user, instance):
+            return Response({"detail": "You are not authorized to edit this group."},
+                            status=status.HTTP_403_FORBIDDEN)
+
+        return super().partial_update(request, *args, **kwargs)

twitter/settings.py

@@ -36,7 +36,7 @@
     'rest_framework',
     'rest_framework.authtoken',
     'corsheaders',
-
+    'group',
     'accounts',
     'hashtags',
     'posts',
@@ -143,3 +143,10 @@
     ],
 
 }
+
+
+CSRF_TRUSTED_ORIGINS = ['http://localhost:8000/']
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+CSRF_COOKIE_SAMESITE = 'Lax'  # or 'Strict'
+CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'  # Default: 'HTTP_X_CSRFTOKEN'

twitter/urls.py

@@ -8,5 +8,7 @@
     path('likes/', include('likes.urls')), 
     path('', include('posts.urls')),  
     path('', include("comments.urls")),
-    path("filters/", include('filters.urls'))
+    path("filters/", include('filters.urls')),
+    path("group/", include('group.urls'))
+
 ]