from rest_framework import status from rest_framework.decorators import api_view, permission_classes from rest_framework.permissions import IsAuthenticated from rest_framework.response import Response from django.contrib.auth.hashers import make_password from django.contrib.auth import get_user_model from drf_yasg import openapi from drf_yasg.utils import swagger_auto_schema User = get_user_model() @swagger_auto_schema( method='post', request_body=openapi.Schema( type=openapi.TYPE_OBJECT, properties={ 'email': openapi.Schema(type=openapi.TYPE_STRING, description='Admin email'), 'password': openapi.Schema(type=openapi.TYPE_STRING, description='Admin password (min 8 chars)'), 'first_name': openapi.Schema(type=openapi.TYPE_STRING, description='First name'), 'last_name': openapi.Schema(type=openapi.TYPE_STRING, description='Last name'), }, required=['email', 'password'] ) ) @api_view(['POST']) @permission_classes([IsAuthenticated]) def admin_create(request): """ POST: Create a new admin user (only existing admins can create new admins) """ if request.user.role != 'admin': return Response({'error': 'Only admin users can create new admins'}, status=status.HTTP_403_FORBIDDEN) email = request.data.get('email', '').strip() password = request.data.get('password', '').strip() first_name = request.data.get('first_name', '').strip() last_name = request.data.get('last_name', '').strip() if not email or not password: return Response( {'error': 'Email and password are required'}, status=status.HTTP_400_BAD_REQUEST ) if len(password) < 8: return Response( {'error': 'Password must be at least 8 characters long'}, status=status.HTTP_400_BAD_REQUEST ) if User.objects.filter(email=email).exists(): return Response( {'error': 'This email is already registered'}, status=status.HTTP_400_BAD_REQUEST ) try: admin_user = User.objects.create( email=email, full_name=f"{first_name} {last_name}".strip(), role='admin', is_active=True ) admin_user.set_password(password) admin_user.save() return Response({ 'message': 'Admin user created successfully', 'admin_id': admin_user.id, 'email': admin_user.email, 'full_name': admin_user.full_name }, status=status.HTTP_201_CREATED) except Exception as e: return Response( {'error': f'Failed to create admin: {str(e)}'}, status=status.HTTP_400_BAD_REQUEST ) @api_view(['PATCH']) @permission_classes([IsAuthenticated]) def admin_update(request): """ PATCH: allow admin to update email and/or password. Provide 'email' to change email. Provide 'current_password' and 'new_password' to change password. """ if request.user.role != 'admin': return Response({'error': 'Only admin users can access this endpoint'}, status=status.HTTP_403_FORBIDDEN) email = request.data.get('email') current_password = request.data.get('current_password') new_password = request.data.get('new_password') if not any([email, new_password]): return Response( {'error': 'Provide "email" and/or ("current_password" with "new_password")'}, status=status.HTTP_400_BAD_REQUEST ) # Change email if email: # Ensure unique (ignore current user's email) if User.objects.filter(email=email).exclude(pk=request.user.pk).exists(): return Response({'error': 'This email is already registered'}, status=status.HTTP_400_BAD_REQUEST) request.user.email = email # Change password if new_password: if not current_password: return Response({'error': 'current_password is required to change password'}, status=status.HTTP_400_BAD_REQUEST) if not request.user.check_password(current_password): return Response({'error': 'Current password is incorrect'}, status=status.HTTP_400_BAD_REQUEST) if len(new_password) < 8: return Response({'error': 'New password must be at least 8 characters long'}, status=status.HTTP_400_BAD_REQUEST) request.user.set_password(new_password) request.user.save() resp = {'message': 'Profile updated successfully'} if email: resp['email'] = request.user.email return Response(resp, status=status.HTTP_200_OK) @swagger_auto_schema( method='patch', request_body=openapi.Schema( type=openapi.TYPE_OBJECT, properties={ 'password': openapi.Schema(type=openapi.TYPE_STRING, description='New password (min 8 chars)'), }, required=['password'] ) ) @api_view(['PATCH']) @permission_classes([IsAuthenticated]) def admin_change_password_direct(request): if request.user.role != 'admin': return Response({'error': 'Only admin users can access this endpoint'}, status=status.HTTP_403_FORBIDDEN) new_password = request.data.get('password', '').strip() if not new_password: return Response( {'error': 'New password is required'}, status=status.HTTP_400_BAD_REQUEST ) if len(new_password) < 8: return Response( {'error': 'New password must be at least 8 characters long'}, status=status.HTTP_400_BAD_REQUEST ) request.user.set_password(new_password) request.user.save() return Response({ 'message': 'Password changed successfully', 'email': request.user.email }, status=status.HTTP_200_OK) @swagger_auto_schema( method='patch', request_body=openapi.Schema( type=openapi.TYPE_OBJECT, properties={ 'email': openapi.Schema(type=openapi.TYPE_STRING, description='New email'), }, required=['email'] ) ) @api_view(['PATCH']) @permission_classes([IsAuthenticated]) def admin_change_email_direct(request): if request.user.role != 'admin': return Response({'error': 'Only admin users can access this endpoint'}, status=status.HTTP_403_FORBIDDEN) new_email = request.data.get('email', '').strip() if not new_email: return Response( {'error': 'New email is required'}, status=status.HTTP_400_BAD_REQUEST ) if User.objects.filter(email=new_email).exclude(pk=request.user.pk).exists(): return Response( {'error': 'This email is already registered'}, status=status.HTTP_400_BAD_REQUEST ) request.user.email = new_email request.user.save() return Response({ 'message': 'Email changed successfully', 'email': request.user.email }, status=status.HTTP_200_OK)