Feature: Add user-creation for UserViewSet

core/serializers.py

@@ -6,17 +6,7 @@ from taggit.models import Tag
 from core.models import Image, Board
 from core.models import Pin
 from django_images.models import Thumbnail
-from users.models import User
+from users.serializers import UserSerializer
-
-
-class UserSerializer(serializers.HyperlinkedModelSerializer):
-    class Meta:
-        model = User
-        fields = (
-            'username',
-            'gravatar',
-            settings.DRF_URL_FIELD_NAME,
-        )
 
 
 class ThumbnailSerializer(serializers.HyperlinkedModelSerializer):

core/views.py

@@ -6,21 +6,6 @@ from rest_framework.viewsets import GenericViewSet
 from core import serializers as api
 from core.models import Image, Pin, Board
 from core.permissions import IsOwnerOrReadOnly
-from users.models import User
-
-
-class UserViewSet(
-    mixins.RetrieveModelMixin,
-    mixins.ListModelMixin,
-    GenericViewSet,
-):
-    serializer_class = api.UserSerializer
-    pagination_class = None
-
-    def get_queryset(self):
-        if self.request.user.is_anonymous:
-            return User.objects.none()
-        return User.objects.filter(id=self.request.user.id)
 
 
 class ImageViewSet(mixins.CreateModelMixin, GenericViewSet):
@@ -52,7 +37,6 @@ class BoardViewSet(viewsets.ModelViewSet):
 
 
 drf_router = routers.DefaultRouter()
-drf_router.register(r'users', UserViewSet, base_name="user")
 drf_router.register(r'pins', PinViewSet)
 drf_router.register(r'images', ImageViewSet)
 drf_router.register(r'boards', BoardViewSet)

users/serializers.py

@@ -0,0 +1,54 @@
+from django.conf import settings
+from rest_framework import serializers
+from rest_framework.exceptions import ValidationError
+
+from users.models import User
+
+
+class UserSerializer(serializers.HyperlinkedModelSerializer):
+    class Meta:
+        model = User
+        fields = (
+            'username',
+            'email',
+            'gravatar',
+            'password',
+            'password_repeat',
+            settings.DRF_URL_FIELD_NAME,
+        )
+        extra_kwargs = {
+            settings.DRF_URL_FIELD_NAME: {
+                "view_name": "users:user-detail",
+            },
+        }
+
+    password = serializers.CharField(
+        write_only=True,
+        required=True,
+        allow_blank=False,
+        min_length=6,
+        max_length=32,
+    )
+    password_repeat = serializers.CharField(
+        write_only=True,
+        required=True,
+        allow_blank=False,
+        min_length=6,
+        max_length=32,
+    )
+
+    def create(self, validated_data):
+        if validated_data['password'] != validated_data['password']:
+            raise ValidationError(
+                detail={
+                    "password_repeat": "Tow password doesn't match",
+                }
+            )
+        validated_data.pop('password_repeat')
+        password = validated_data.pop('password')
+        user = super(UserSerializer, self).create(
+            validated_data,
+        )
+        user.set_password(password)
+        user.save()
+        return user

users/urls.py

@@ -1,11 +1,10 @@
-from django.conf.urls import url
+from django.conf.urls import url, include
 
 from users.views import login_user
 from . import views
 
 urlpatterns = [
-    url(r'^private/$', views.private, name='private'),
+    url(r'', include(views.drf_router.urls)),
-    url(r'^register/$', views.CreateUser.as_view(), name='register'),
     url(r'^login/$', login_user, name='login'),
     url(r'^logout/$', views.logout_user, name='logout'),
 ]

users/views.py

@@ -10,7 +10,10 @@ from django.http import HttpResponseRedirect, HttpResponseBadRequest, HttpRespon
 from django.template.response import TemplateResponse
 from django.utils.functional import lazy
 from django.views.generic import CreateView
+from rest_framework import mixins, routers
+from rest_framework.permissions import BasePermission
 from rest_framework.renderers import JSONRenderer
+from rest_framework.viewsets import GenericViewSet
 
 from core.serializers import UserSerializer
 from .forms import UserCreationForm
@@ -21,26 +24,29 @@ def reverse_lazy(name=None, *args):
     return lazy(reverse, str)(name, args=args)
 
 
-class CreateUser(CreateView):
+class UserViewSet(
-    template_name = 'users/register.html'
+    mixins.RetrieveModelMixin,
-    model = User
+    mixins.ListModelMixin,
-    form_class = UserCreationForm
+    mixins.CreateModelMixin,
-    success_url = reverse_lazy('core:recent-pins')
+    GenericViewSet,
+):
+    class Permission(BasePermission):
+        def has_permission(self, request, view):
+            if not request.method == "POST":
+                return True
+            return settings.ALLOW_NEW_REGISTRATIONS
 
-    def get(self, request, *args, **kwargs):
+        def has_object_permission(self, request, view, obj):
-        if not settings.ALLOW_NEW_REGISTRATIONS:
+            return request.user == obj
-            messages.error(request, "The admin of this service is not allowing new registrations.")
-            return HttpResponseRedirect(reverse('core:recent-pins'))
-        return super(CreateUser, self).get(request, *args, **kwargs)
 
-    def form_valid(self, form):
+    permission_classes = [Permission, ]
-        redirect = super(CreateUser, self).form_valid(form)
+    serializer_class = UserSerializer
-        permissions = Permission.objects.filter(codename__in=['add_pin', 'add_image'])
+    pagination_class = None
-        user = authenticate(username=form.cleaned_data['username'],
+
-                            password=form.cleaned_data['password'])
+    def get_queryset(self):
-        user.user_permissions = permissions
+        if self.request.user.is_anonymous:
-        login(self.request, user)
+            return User.objects.none()
-        return redirect
+        return User.objects.filter(id=self.request.user.id)
 
 
 def login_user(request):
@@ -83,5 +89,5 @@ def logout_user(request):
     return HttpResponseRedirect(reverse('core:recent-pins'))
 
 
-def private(request):
+drf_router = routers.DefaultRouter()
-    return TemplateResponse(request, 'users/private.html', None)
+drf_router.register(r'users', UserViewSet, base_name="user")