Files
jiangmingzhao-daily-report/backend/accounts/views.py

89 lines
2.8 KiB
Python
Raw Normal View History

from rest_framework import status, generics
from rest_framework.decorators import api_view, permission_classes
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.response import Response
from rest_framework_simplejwt.tokens import RefreshToken
from django.contrib.auth import get_user_model
from .serializers import (
UserRegistrationSerializer,
UserLoginSerializer,
UserProfileSerializer,
UserListSerializer
)
User = get_user_model()
@api_view(['POST'])
@permission_classes([AllowAny])
def register(request):
"""用户注册"""
serializer = UserRegistrationSerializer(data=request.data)
if serializer.is_valid():
user = serializer.save()
refresh = RefreshToken.for_user(user)
return Response({
'message': '注册成功',
'user': UserProfileSerializer(user).data,
'tokens': {
'refresh': str(refresh),
'access': str(refresh.access_token),
}
}, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@api_view(['POST'])
@permission_classes([AllowAny])
def login(request):
"""用户登录"""
serializer = UserLoginSerializer(data=request.data)
if serializer.is_valid():
user = serializer.validated_data['user']
refresh = RefreshToken.for_user(user)
return Response({
'message': '登录成功',
'user': UserProfileSerializer(user).data,
'tokens': {
'refresh': str(refresh),
'access': str(refresh.access_token),
}
})
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
@api_view(['POST'])
@permission_classes([IsAuthenticated])
def logout(request):
"""用户登出"""
try:
refresh_token = request.data.get('refresh_token')
if refresh_token:
token = RefreshToken(refresh_token)
token.blacklist()
return Response({'message': '登出成功'})
except Exception as e:
return Response({'error': '登出失败'}, status=status.HTTP_400_BAD_REQUEST)
class UserProfileView(generics.RetrieveUpdateAPIView):
"""用户信息查看和更新"""
serializer_class = UserProfileSerializer
permission_classes = [IsAuthenticated]
def get_object(self):
return self.request.user
class UserListView(generics.ListAPIView):
"""用户列表(仅管理员可访问)"""
queryset = User.objects.filter(is_active=True)
serializer_class = UserListSerializer
permission_classes = [IsAuthenticated]
def get_queryset(self):
# 只有管理员可以查看所有用户列表
if self.request.user.is_staff:
return super().get_queryset()
return User.objects.filter(id=self.request.user.id)