Untitled

models.py
from __future__ import unicode_literals
import uuid
from django.utils import timezone
from django.db import models
from django.conf import settings
from django.db.models.signals import post_save
from django.dispatch import receiver
from rest_framework.authtoken.models import Token
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin
from django.contrib.auth.models import BaseUserManager
from django.utils import timezone

class CustomUserManager(BaseUserManager):
    def _create_user(self, email, password, is_staff, is_superuser, **extra_fields):
        """
        Creates and saves a User with the given email and password.
        """
        now = timezone.now()
        if not email:
            raise ValueError('The given email must be set')
        email = self.normalize_email(email)
        user = self.model(email=email,
                          is_staff=is_staff, is_active=True,
                          is_superuser=is_superuser, last_login=now,
                          date_joined=now, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
        return user

    def create_user(self, email, password=None, **extra_fields):
        return self._create_user(email, password, False, False,
                                 **extra_fields)

    def create_superuser(self, email, password, **extra_fields):
        return self._create_user(email, password, True, True,
                                 **extra_fields)

class CustomUser(AbstractBaseUser):
    GENDER_TYPES = (
            ('M', 'Male'),
            ('F', 'Female'),
            ('O', 'Other')
        )
    MEMBER_TYPES = (
            ('F', 'Free'),
            ('P', 'Paid')
    )
    email = models.EmailField(max_length=254, unique=True)
    first_name = models.CharField(max_length=30, blank=True)
    last_name = models.CharField(max_length=30, blank=True)
    is_staff = models.BooleanField(default=False)
    is_superuser = models.BooleanField(default=False)
    is_active = models.BooleanField(default=True)
    date_joined = models.DateTimeField(default=timezone.now)
    profile_picture = models.CharField(max_length=36, null=True)
    primary_num = models.CharField(max_length=100, unique=True, blank=True, null=True)
    secondary_num = models.CharField(max_length=100, unique=True, null=True)
    gender = models.CharField(max_length=1, choices=GENDER_TYPES, blank=True, null=True)
    birth_date = models.DateField(null=True)
    account_type = models.CharField(max_length=1, choices=MEMBER_TYPES, null=True)
    bio = models.TextField(null=True)
    modified_at = models.DateTimeField()

    objects = CustomUserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = []

    class Meta:
        verbose_name = 'CustomUserProfile'
        verbose_name_plural = 'CustomUserProfiles'

    def save(self, *args, **kwargs):
        #On save, update timestamps
        self.modified_at = timezone.now()
        return super(CustomUser, self).save(*args, **kwargs)

    def get_absolute_url(self):
        return "/users/%s/" % urlquote(self.email)

    def has_perm(self, perm, obj=None):
        return self.is_superuser

    def has_module_perms(self, app_label):
        return self.is_superuser

    def get_short_name(self):
        "Returns the short name for the user."
        return self.first_name

#Create a token for each User created
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
def create_auth_token(sender, instance=None, created=False, **kwargs):
    if created:
        Token.objects.create(user=instance)

permissions.py
from rest_framework import permissions
from rest_framework.permissions import SAFE_METHODS

class IsSuperUserOrTargetUser(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
    # Read permissions are allowed to any request,
        # so we'll always allow GET, HEAD or OPTIONS requests.
        if request.method in permissions.SAFE_METHODS:
            return True
        # Write permissions are only allowed to the owner of the snippet.
    return request.user.is_superuser or request.user == obj

serializer.py
from rest_framework import serializers
from .models import CustomUser

# Serializers define the API representation.
class UserSerializer(serializers.ModelSerializer):
    class Meta:
    model = CustomUser
    fields = ('password', 'first_name', 'last_name', 'bio', 'email')
        write_only_fields = ('password',)
        read_only_fields = ('is_staff', 'is_superuser', 'is_active', 'date_joined',)


    def create(self, attrs, instance=None):
        # call set_password on user object. Without this
        # the password will be stored in plain text.
        user = super(UserSerializer, self).create(attrs)
        user.set_password(attrs['password'])
        user.save()
        return user

    def update(self, instance, validated_data):
        for attr, value in validated_data.items():
            if attr == 'password':
                instance.set_password(value)
            else:
                setattr(instance, attr, value)
        instance.save()
        return instance

    def __unicode__(self):
        return 'user_serializer'

urls.py
from django.conf.urls import url, include
from rest_framework import routers, serializers, viewsets
from rest_framework.authtoken import views as authviews
from . import views
from . import permissions

# Routers provide an easy way of automatically determining the URL conf.
router = routers.DefaultRouter()
router.register(r'users', views.UserView, 'list')

# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.
urlpatterns = [
    url(r'^', include(router.urls)),
    url(r'^token-auth/', authviews.obtain_auth_token),
]

views.py\from django.shortcuts import render
from django.contrib.auth.models import User
from rest_framework import status, serializers
from rest_framework.decorators import api_view
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import authentication, permissions
from users.serializers import UserSerializer
from rest_framework import viewsets
from .permissions import IsSuperUserOrTargetUser
from .models import CustomUser

class UserView(viewsets.ModelViewSet):
    serializer_class = UserSerializer
    queryset = CustomUser.objects.all()
    model = CustomUser
    permission_classes = (IsSuperUserOrTargetUser,)

    def put(self, request, *args, **kwargs):
        return self.update(request, *args, **kwargs)