-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add UserDeleteView #934
base: cs-pkg-cat-edit
Are you sure you want to change the base?
Add UserDeleteView #934
Conversation
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## cs-pkg-cat-edit #934 +/- ##
==================================================
Coverage ? 93.15%
==================================================
Files ? 300
Lines ? 8764
Branches ? 780
==================================================
Hits ? 8164
Misses ? 494
Partials ? 106 ☔ View full report in Codecov by Sentry. |
73f4b22
to
6d7cb43
Compare
data=request.data, | ||
) | ||
if form.is_valid(): | ||
request.user.delete() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be moved under the form if we want to use the form as the proper way to perform this action (which I'd say is the easiest option). The alternative would be some dedicated function that gets called for user deletes (and does not reside in any API module, but some module where it logically makes the most sense to exist in).
So I'd suggest adding a method to the form that performs the deletion action and refactoring the previous form handler to call that as well (since it uses a FormView base class, it might even call it automatically already).
operation_id="cyberstorm.user.delete", | ||
tags=["cyberstorm"], | ||
) | ||
def post(self, request, username, format=None): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could use type annotations (at least for the username
) + you can get rid of format
entirely
raise PermissionDenied("You can only delete your own account") | ||
form = DeleteAccountForm( | ||
user=request.user, | ||
data=request.data, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use the serializer validated data
CyberstormUserDeleteResponseSerialiazer( | ||
{"username": request.user.username} | ||
).data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just returning a response with no body is sufficient, no need to use a serializer or anything.
from thunderstore.api.utils import conditional_swagger_auto_schema | ||
from thunderstore.social.views import DeleteAccountForm | ||
|
||
User = get_user_model() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left over, weird that IDE didn't complain about it.
if request.user.username != username: | ||
raise PermissionDenied("You can only delete your own account") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given this constraint exists, I feel like this view should not take the URL path parameter at all and instead just treat it as one of the "current user" APIs that are around, e.g. /current-user/delete/
. No need to add this condition at all
username = serializers.CharField() | ||
|
||
|
||
class UserDeleteAPIView(APIView): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're missing permission classes (specifically at least the IsAuthenticated should be set to this view)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Depending on if #953 was merged, I'll either add it or not add it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All of the new views should now have IsAuthenticated
7c4a8e5
to
67fb284
Compare
67fb284
to
e27c47d
Compare
e27c47d
to
24bbf7f
Compare
78a35f5
to
1fd0245
Compare
24bbf7f
to
9776b9d
Compare
1fd0245
to
08478c3
Compare
9776b9d
to
0645608
Compare
08478c3
to
7faf28d
Compare
0645608
to
01b117e
Compare
7faf28d
to
3d21030
Compare
01b117e
to
1d0e07f
Compare
3d21030
to
c2427d6
Compare
1d0e07f
to
018e671
Compare
c2427d6
to
11bcc07
Compare
018e671
to
6f34766
Compare
No description provided.