Merge pull request #59 from EBI-G2P/fix/create_user

Update permissions to create users
EBI-G2P · Oct 25, 2024 · b31e482 · b31e482
2 parents 6979255 + 08ce2c5
commit b31e482
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 42 deletions.
diff --git a/gene2phenotype_project/gene2phenotype_app/serializers/user.py b/gene2phenotype_project/gene2phenotype_app/serializers/user.py
@@ -77,15 +77,14 @@ def panels_names(self, id):
 
     def check_panel_permission(self, panels):
         """
-            Check if user has permission to edit the panels.
+            Check if user has permission to edit the inputted panels.
 
             Args:
-                    self: user
-                    panels: a list of panels 
+                panels: a list of panels
 
             Returns:
-                        True if user has permission to edit all panels from the list
-                        False if user does not have permission to edit at least one panel
+                True if user has permission to edit all panels from the list
+                False if user does not have permission to edit at least one panel
         """
         user_login = self.context.get('user')
 
@@ -111,32 +110,7 @@ class Meta:
 
 class CreateUserSerializer(serializers.ModelSerializer):
     """
-        Serializer for creating a new user.
-
-        This serializer is used to validate and create a new user object. It extends 
-        `ModelSerializer` to automatically handle the fields related to the `User` model.
-
-        Methods:
-            - create(validated_data): 
-                Overrides the default `create` method to create a user using 
-                `create_user` method, which ensures that the password is hashed 
-                before storing it in the database.
-
-        Fields:
-            - username: The username of the user.
-            - email: The email of the user. It has a `UniqueValidator` to ensure that 
-            the email is unique in the system.
-            - password: The password for the user. This field is write-only and 
-            has a minimum length of 5 characters to ensure password strength.
-            - first_name: The user's first name.
-            - last_name: The user's last name.
-
-        Meta Options:
-            - model: Specifies the `User` model to serialize.
-            - fields: Lists the fields included in the serialization.
-            - extra_kwargs: 
-                - password: Write-only field with a minimum length of 5 characters.
-                - email: Includes a `UniqueValidator` to enforce unique email addresses.
+        This serializer is used to validate and create a new user object.
 
         Usage:
             This serializer can be used to create a new user by passing validated 
@@ -145,12 +119,24 @@ class CreateUserSerializer(serializers.ModelSerializer):
     """
 
     def create(self, validated_data):
+        """
+            This method creates a user using the `create_user` method, which ensures that
+            the password is hashed before storing it in the database.
+
+            validated_data has the following fields:
+                - username: The username
+                - email: The email of the user (email is unique in the system).
+                - password: The password for the user. This field is write-only and 
+                has a minimum length of 5 characters to ensure password strength.
+                - first_name: The user's first name.
+                - last_name: The user's last name.
+        """
         return User.objects.create_user(**validated_data)
 
     class Meta:
         model = User
         fields = ['username', 'email', 'password', 'first_name', 'last_name']
-        extra_kwargs = {'password': {'write_only': True, 'min_length': 5},         'email': {
+        extra_kwargs = {'password': {'write_only': True, 'min_length': 5}, 'email': {
             'validators': [
                 UniqueValidator(
                     queryset=User.objects.all()

diff --git a/gene2phenotype_project/gene2phenotype_app/views/user.py b/gene2phenotype_project/gene2phenotype_app/views/user.py
@@ -83,27 +83,19 @@ def list(self, request, *args, **kwargs):
 
 class CreateUserView(generics.CreateAPIView):
     """
-        view for creating a new user.
+        View for creating a new user.
 
         This view handles POST requests to create a new user using the `CreateUserSerializer`. 
         It is based on Django's `CreateAPIView` which provides the default implementation 
         for handling object creation.
 
-        Attributes:
-            - serializer_class: Specifies the serializer to be used, which is 
-            `CreateUserSerializer`. This serializer handles validation and user 
-            creation.
-            - permission_classes: Sets the permission policy for this view. In this case, 
-            `AllowAny` is used, meaning that any user (authenticated or not) can 
-            access this endpoint to create a new user.
-
         Usage:
             Send a POST request with the required user details (username, email, 
             password, first_name, last_name) to this API to create a new user account.
     """
 
     serializer_class = CreateUserSerializer
-    permission_classes = (permissions.AllowAny,)
+    permission_classes = [permissions.IsAuthenticated]
 
 
 class LoginView(KnoxLoginView):