From 0b37305080914c8be35d774ed2765d3ed8cd6b82 Mon Sep 17 00:00:00 2001
From: Pavle Portic <pavle.portic@tilda.center>
Date: Wed, 27 Mar 2019 00:42:51 +0100
Subject: [PATCH] Add signup and some custom permissions

---
 backend/entrypoint.sh                         | 11 --------
 backend/perks/permissions.py                  | 26 +++++++++++++++++
 backend/perks/views.py                        | 28 +++++++++++++++----
 .../src/components/auth/signup.component.vue  |  6 ++--
 frontend/src/controllers/user.controller.js   |  4 +--
 frontend/src/main.js                          | 11 +++++---
 6 files changed, 61 insertions(+), 25 deletions(-)
 create mode 100644 backend/perks/permissions.py

diff --git a/backend/entrypoint.sh b/backend/entrypoint.sh
index 5f07990..c0cc38a 100755
--- a/backend/entrypoint.sh
+++ b/backend/entrypoint.sh
@@ -14,17 +14,6 @@ from django.contrib.auth.models import User as AuthUser;
 from perks.models import User;
 if not AuthUser.objects.filter(username='${DJANGO_ADMIN_USER}').count() :
 	AuthUser.objects.create_superuser('${DJANGO_ADMIN_USER}', '${DJANGO_ADMIN_MAIL}', '${DJANGO_ADMIN_PASS}')
-if not User.objects.filter(base_user__username='${DJANGO_ADMIN_USER}').count() :
-	base_admin = AuthUser.objects.get(username='${DJANGO_ADMIN_USER}')
-	admin = User(base_user=base_admin)
-	admin.save()
-
-if not AuthUser.objects.filter(username='user').count() :
-	base_user = create_user('user', 'user@example.com', 'user')
-if not User.objects.filter(base_user__username='user').count() :
-	base_user = AuthUser.objects.get(username='user')
-	user = User(base_user=base_user)
-	user.save()
 " | python manage.py shell
 
 gunicorn -w 4 --bind 0.0.0.0:80 perktree.wsgi:application
diff --git a/backend/perks/permissions.py b/backend/perks/permissions.py
new file mode 100644
index 0000000..d380710
--- /dev/null
+++ b/backend/perks/permissions.py
@@ -0,0 +1,26 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -*-
+# vim:fenc=utf-8
+#
+# Copyright © 2019 pavle <pavle.portic@tilda.center>
+#
+# Distributed under terms of the BSD-3-Clause license.
+
+from rest_framework import permissions
+
+
+class IsPostOrIsAuthenticated(permissions.BasePermission):
+	def has_permission(self, request, view):
+		if request.method == 'POST':
+			return True
+
+		return request.user and request.user.is_authenticated
+
+
+class IsGetOrIsSuperuser(permissions.BasePermission):
+	def has_permission(self, request, view):
+		if request.method == 'GET':
+			return True
+
+		return request.user and request.user.is_superuser and request.user.is_authenticated
+
diff --git a/backend/perks/views.py b/backend/perks/views.py
index f67a355..1a8c578 100644
--- a/backend/perks/views.py
+++ b/backend/perks/views.py
@@ -7,12 +7,14 @@
 # Distributed under terms of the BSD-3-Clause license.
 
 from os import environ
-from rest_framework.views import APIView
+from django.contrib.auth.models import User as AuthUser
+#  from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework import permissions
+from rest_framework.views import APIView
 
-from .parser import PerkParser
 from .models import Perk, Tree, User
+from .parser import PerkParser
+from .permissions import IsPostOrIsAuthenticated, IsGetOrIsSuperuser
 from .serializers import PerkSerializer, TreeSerializer, UserSerializer
 
 
@@ -23,7 +25,7 @@ if not PERKS_DIR:
 
 
 class TreeView(APIView):
-	#  permission_classes = (permissions.IsAuthenticated,)
+	permission_classes = (IsGetOrIsSuperuser,)
 
 	def get(self, request, format=None):
 		trees = []
@@ -46,7 +48,7 @@ class TreeView(APIView):
 
 
 class PerkView(APIView):
-	#  permission_classes = (permissions.IsAuthenticated,)
+	permission_classes = (IsGetOrIsSuperuser,)
 
 	def get(self, request, tree_id, format=None):
 		output_data = {
@@ -83,9 +85,12 @@ class PerkView(APIView):
 
 
 class UserView(APIView):
-	permission_classes = (permissions.IsAuthenticated,)
+	permission_classes = (IsPostOrIsAuthenticated,)
 
 	def get(self, request):
+		if not request.user.id:
+			return Response(status=404)
+
 		user = User.objects.get(base_user__id=request.user.id)
 		serialized_user = UserSerializer(user).data
 
@@ -109,3 +114,14 @@ class UserView(APIView):
 		serialized_user = UserSerializer(user).data
 		return Response(serialized_user)
 
+	def post(self, request):
+		username = request.data['username']
+		email = request.data['email']
+		password = request.data['password']
+		base_user = AuthUser.objects.create_user(username=username, email=email, password=password)
+		user = User(base_user=base_user)
+		user.save()
+
+		serialized_user = UserSerializer(user).data
+		return Response(serialized_user)
+
diff --git a/frontend/src/components/auth/signup.component.vue b/frontend/src/components/auth/signup.component.vue
index 7a1efbe..704d52b 100644
--- a/frontend/src/components/auth/signup.component.vue
+++ b/frontend/src/components/auth/signup.component.vue
@@ -42,7 +42,7 @@
 </template>
 
 <script>
-	import AuthController from '../../controllers/auth.controller';
+	import UserController from '../../controllers/user.controller';
 
 	export default {
 		name: 'signup',
@@ -58,6 +58,8 @@
 		methods: {
 			submit(event) {
 				event.preventDefault();
+				this.signupErrors = [];
+
 				if (this.password !== this.passwordConfirm) {
 					this.signupErrors.push('Passwords do not match');
 					return;
@@ -68,7 +70,7 @@
 					email: this.email,
 					password: this.password,
 				};
-				AuthController.signup(data).then(() => {
+				UserController.createUser(data).then(() => {
 					this.$router.push({ name: 'index' });
 				}).catch((error) => {
 					if (error.response) {
diff --git a/frontend/src/controllers/user.controller.js b/frontend/src/controllers/user.controller.js
index 8da3743..e78bf61 100644
--- a/frontend/src/controllers/user.controller.js
+++ b/frontend/src/controllers/user.controller.js
@@ -12,8 +12,8 @@ export default class AuthController {
 		return UserApi.getUser();
 	}
 
-	static signup(data) {
-		return UserApi.signup(data);
+	static createUser(data) {
+		return UserApi.createUser(data);
 	}
 
 	static updatePerks(perks) {
diff --git a/frontend/src/main.js b/frontend/src/main.js
index fae6e4f..08fe319 100644
--- a/frontend/src/main.js
+++ b/frontend/src/main.js
@@ -40,10 +40,13 @@ const configureHttp = () => {
 };
 
 const configureRaven = () => {
-	Raven
-		.config('https://2b1b0eea285244289175e53d65421fac@sentry.theedgeofrage.com/3')
-		.addPlugin(RavenVue, Vue)
-		.install();
+	if (config.getEnv() !== 'dev') {
+		console.log('Setting up Raven.js');
+		Raven
+			.config('https://2b1b0eea285244289175e53d65421fac@sentry.theedgeofrage.com/3')
+			.addPlugin(RavenVue, Vue)
+			.install();
+	}
 };
 
 configureHttp();