docs: some docs added and fix some bug in BookListAPI app.

Author: PooyaAbbasi

BookList/settings.py

@@ -39,13 +39,13 @@
     'django.contrib.messages',
     'django.contrib.staticfiles',
     'rest_framework',
-    'BookListAPI.apps.BooklistapiConfig',
     'debug_toolbar',
     'rest_framework.authtoken',
     'djoser',
     'rest_framework_simplejwt',
     'rest_framework_simplejwt.token_blacklist',
-    "restaurant.apps.RestaurantConfig"
+    "restaurant.apps.RestaurantConfig",
+    'BookListAPI.apps.BooklistapiConfig',
 
 ]
 
@@ -90,6 +90,9 @@
     'default': {
         'ENGINE': 'django.db.backends.sqlite3',
         'NAME': BASE_DIR / 'db.sqlite3',
+    },
+    'TEST': {
+        'NAME': BASE_DIR / 'test_db.sqlite3',
     }
 }
 
@@ -118,7 +121,7 @@
 
 LANGUAGE_CODE = 'en-us'
 
-TIME_ZONE = 'UTC'
+TIME_ZONE = 'Asia/Tehran'
 
 USE_I18N = True
 
@@ -143,7 +146,7 @@
         'rest_framework.renderers.BrowsableAPIRenderer',
         'rest_framework_xml.renderers.XMLRenderer',
     ],
-    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
+    'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination',
     'PAGE_SIZE': 6,
     'DEFAULT_AUTHENTICATION_CLASSES': (
         'rest_framework.authentication.TokenAuthentication',
@@ -154,7 +157,9 @@
         'user': '5/minute',
         'anon': '2/minute',
         'ten': '10/minute',
-    }
+    },
+
+    'TEST_REQUEST_DEFAULT_FORMAT': 'json',
 }
 
 DJOSER = {
@@ -163,9 +168,14 @@
     "SERIALIZERS": {
         'user_create': 'BookList.serializers.UserCreateSerializer',
     },
+    "PASSWORD_RESET_CONFIRM_URL": "api/v1/reset_confirm/{uid}/{token}",
 }
 
 SIMPLE_JWT = {
     'ACCESS_TOKEN_LIFETIME': timedelta(minutes=5)
 }
 
+
+# email configuration
+EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+SITE_NAME = " MY SITE "

BookList/urls.py

@@ -17,7 +17,7 @@
 from django.contrib import admin
 from django.urls import path, include, URLPattern
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView, TokenBlacklistView
-from djoser.urls.base import urlpatterns as base_djoser_urls
+
 
 urlpatterns = [
     path('admin/', admin.site.urls),

BookListAPI/models.py

@@ -22,8 +22,8 @@ def __str__(self):
 
 class Rating(models.Model):
     rating = models.SmallIntegerField(null=False, )
-    book = models.ForeignKey(to=Book, on_delete=models.CASCADE, related_name='ratings')
-    user = models.ForeignKey(to=User, on_delete=models.CASCADE, related_name='ratings')
+    book = models.ForeignKey(to=Book, on_delete=models.CASCADE, related_name='book_ratings')
+    user = models.ForeignKey(to=User, on_delete=models.CASCADE, related_name='user_ratings')
 
     def __str__(self):
         return f'user = {self.user.username} - book = {self.book.title} - rating = {self.rating}'

BookListAPI/serializers.py

@@ -8,6 +8,8 @@
 from rest_framework.renderers import JSONRenderer
 from rest_framework.parsers import JSONParser
 from rest_framework.validators import UniqueTogetherValidator
+
+
 from io import BytesIO
 
 
@@ -51,7 +53,7 @@ class BookSerializer(serializers.ModelSerializer):
     price = serializers.DecimalField(source='price', min_value=20, max_digits=10, decimal_places=2)
     '''
 
-    ratings = serializers.SerializerMethodField(read_only=True)
+    ratings = serializers.SerializerMethodField(read_only=True, allow_null=True)
 
     class Meta:
         model = Book
@@ -67,7 +69,9 @@ def get_full_author_name(self, book: Book) -> str:
         return f'mr or ms {book.author}'
 
     def get_ratings(self, book: Book):
-        return book.ratings.aggregate(Avg('rating'))['rating__avg']
+
+        # avg_rating should be annotated in queryset
+        return book.avg_rating
 
     def validate(self, attrs):
         attrs['title'] = bleach.clean(attrs['title'])
@@ -82,14 +86,14 @@ class BookCustomSerializer(serializers.Serializer):
 
 
 class RatingSerializer(serializers.ModelSerializer):
-    username = serializers.SlugRelatedField(slug_field='username', read_only=True)
+    username = serializers.SlugRelatedField(source='user', slug_field='username', read_only=True)
     user = serializers.PrimaryKeyRelatedField(write_only=True,
                                               queryset=User.objects.all(),
                                               default=serializers.CurrentUserDefault(),
                                               help_text='id of user who rated this book'
                                               )
 
-    book_title = serializers.SlugRelatedField(slug_field='title', read_only=True)
+    book_title = serializers.SlugRelatedField(source='book', slug_field='title', read_only=True)
     book = serializers.PrimaryKeyRelatedField(write_only=True,
                                               queryset=Book.objects.all(),
                                               help_text='id of book to be rated'
@@ -105,6 +109,6 @@ class Meta:
             ),
         )
         extra_kwargs = {
-            'rating': {'min_value': 0, 'max_value': 5, 'allow_null': False,},
+            'rating': {'min_value': 0, 'max_value': 5, 'allow_null': False},
         }
 

BookListAPI/tests.py

@@ -1,3 +1,64 @@
-from django.test import TestCase
+from rest_framework.test import APIClient, APITestCase
+from rest_framework import status
+from django.contrib.auth.models import User, Group
+from django.http import HttpRequest, HttpResponse
+from django.urls import reverse_lazy
 
 # Create your tests here.
+sample_users = {
+    'pooya':
+        {'username': 'pooya', 'password': 'poy api', 'email': 'poy.ieie@gmail.com', },
+    'ali':
+        {'username': 'ali', 'email': 'ali.@gmail.com', 'password': 'ali api'},
+}
+
+
+class SecretTest(APITestCase):
+    global sample_users
+    
+    def setUp(self):
+        self.base_url = 'http://127.0.0.1:8000'
+        self.login_url = reverse_lazy('login')
+        self.secret_url = reverse_lazy('book-list-api:secret')
+        self.client = APIClient()
+        self.manager_group = Group.objects.create(name='manager')
+        self.manager_user = User.objects.create_user(**sample_users['pooya'])
+        self.manager_user.save()
+        self.manager_user.groups.add(self.manager_group)
+
+        self.non_manager_user = User.objects.create_user(**sample_users['ali'])
+        self.non_manager_user.save()
+
+    def __get_token(self, user_credentials) -> str:
+        """ login user and return token """
+        response = self.client.post(
+            path=self.login_url,
+            data=user_credentials,
+        )
+        response_data = response.data
+
+        token = response_data['auth_token']
+        return token
+
+    def test_manager_request(self):
+        token = self.__get_token(sample_users['pooya'])
+        response = self.client.get(
+            self.secret_url,
+            headers={'Authorization': f'Token {token}'},
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        response_data = response.json()
+        self.assertEqual(response_data['secret_message'], 'The secret of night')
+
+    def test_non_manager_request(self):
+        token = self.__get_token(sample_users['ali'])
+        response = self.client.get(self.secret_url,
+                                   headers={'Authorization': f'Token {token}'},
+                                   format='json')
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+        response_data = response.json()
+        self.assertEqual(response_data['secret_message'], 'You are not authorized')
+
+    def test_ensure_json_is_default_content_type(self):
+        response = self.client.get(self.login_url)
+        self.assertEqual(response.headers['Content-Type'], 'application/json')

BookListAPI/urls.py

@@ -19,11 +19,17 @@
     path('secret', secret_message, name='secret'),
     path('api-token-auth', obtain_auth_token, name='obtain-auth-token'),
 
-    # Rate_limit
+    # endpoint to check the rate limit and throttling system
     path('throttle-check', throttle_check, name='throttle-check'),
+
+    # endpoint to add groups
     path('users/manage/groups', add_group, name='add-group'),
+    # Post method only required and username and group_name should be provided.
+    # user with username will be added to group with group_name.
 
     path('ratings', RatingView.as_view(), name='ratings'),
+
+    path('reset_confirm/<str:uid>/<str:token>', reset_pass_confirm, name='reset-pass-confirm'),
 ]
 
 # simple_router = SimpleRouter(trailing_slash=False)