feat: implement user management system

- Add role field to UserProfile (superadmin/admin/trainer) - Add role-based permission classes - Create UserManagementViewSet with CRUD and password change - Add API types and components for user management - Create users management page in settings - Only superadmins can manage users
2026-03-26 16:42:08 +01:00
parent 7611533718
commit 28222d634d
19 changed files with 1960 additions and 7 deletions
@@ -1,12 +1,17 @@
-from rest_framework import status
-from rest_framework.decorators import api_view, permission_classes, throttle_classes
+from rest_framework import status, viewsets
+from rest_framework.decorators import api_view, permission_classes, throttle_classes, action
 from rest_framework.permissions import AllowAny, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.throttling import AnonRateThrottle
 from rest_framework_simplejwt.tokens import RefreshToken
 from django.contrib.auth import authenticate
+from django.contrib.auth.models import User
 from .models import UserPreferences
-from .serializers import LoginSerializer, RegisterSerializer, UserSerializer, UserPreferencesSerializer
+from .serializers import (
+    LoginSerializer, RegisterSerializer, UserSerializer, UserPreferencesSerializer,
+    UserListSerializer, UserCreateSerializer, UserUpdateSerializer, PasswordChangeSerializer
+)
+from .permissions import HasUserManagementAccess


 class AuthRateThrottle(AnonRateThrottle):
@@ -96,3 +101,28 @@ def user_preferences(request):
            serializer.save()
            return Response(serializer.data)
        return Response(serializer.errors, status=400)
+
+
+class UserManagementViewSet(viewsets.ModelViewSet):
+    queryset = User.objects.all().select_related('profile')
+    permission_classes = [HasUserManagementAccess]
+    
+    def get_serializer_class(self):
+        if self.action == 'create':
+            return UserCreateSerializer
+        elif self.action in ['update', 'partial_update']:
+            return UserUpdateSerializer
+        return UserListSerializer
+    
+    def get_queryset(self):
+        return User.objects.all().select_related('profile').order_by('-date_joined')
+    
+    @action(detail=True, methods=['post'])
+    def set_password(self, request, pk=None):
+        user = self.get_object()
+        serializer = PasswordChangeSerializer(data=request.data)
+        if serializer.is_valid():
+            user.set_password(serializer.validated_data['password'])
+            user.save()
+            return Response({'status': 'password set'})
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)