"""Views DRF — PostViewSet, CommentViewSet, auth endpoints.""" from __future__ import annotations from django.contrib.auth import authenticate from django.contrib.auth.models import User from django.db.models import Count from django.utils import timezone from rest_framework import status, viewsets from rest_framework.authtoken.models import Token from rest_framework.decorators import action, api_view, permission_classes from rest_framework.permissions import AllowAny, IsAuthenticated, IsAuthenticatedOrReadOnly from rest_framework.request import Request from rest_framework.response import Response from .models import Comment, Post from .serializers import CommentSerializer, PostSerializer # ── Auth ───────────────────────────────────────────────────── @api_view(["POST"]) @permission_classes([AllowAny]) def register(request: Request) -> Response: username = request.data.get("username", "").strip() password = request.data.get("password", "") email = request.data.get("email", "") if not username or not password: return Response({"error": "username et password requis"}, status=400) if len(password) < 6: return Response({"error": "Mot de passe trop court (min 6 chars)"}, status=400) if User.objects.filter(username=username).exists(): return Response({"error": "Username déjà utilisé"}, status=409) user = User.objects.create_user(username=username, password=password, email=email) token, _ = Token.objects.get_or_create(user=user) return Response({"token": token.key, "user_id": user.id, "username": user.username}, status=201) @api_view(["POST"]) @permission_classes([AllowAny]) def login_view(request: Request) -> Response: user = authenticate( username=request.data.get("username", ""), password=request.data.get("password", ""), ) if user is None: return Response({"error": "Identifiants incorrects"}, status=401) token, _ = Token.objects.get_or_create(user=user) return Response({"token": token.key, "user_id": user.id}) # ── Posts ───────────────────────────────────────────────────── class PostViewSet(viewsets.ModelViewSet): serializer_class = PostSerializer permission_classes = [IsAuthenticatedOrReadOnly] def get_queryset(self): qs = ( Post.objects .select_related("author") .prefetch_related("comments__author") .annotate(comment_count=Count("comments")) ) # Filtre par statut (défaut : published pour les non-auth) status_param = self.request.query_params.get("status") if status_param: qs = qs.filter(status=status_param) elif not self.request.user.is_authenticated: qs = qs.filter(status="published") return qs @action(detail=True, methods=["post"], permission_classes=[IsAuthenticated]) def publish(self, request: Request, pk: int = None) -> Response: post = self.get_object() if post.author != request.user and not request.user.is_staff: return Response({"error": "Non autorisé"}, status=403) if post.status == "published": return Response({"detail": "Déjà publié"}, status=400) post.status = "published" post.published_at = timezone.now() post.save() return Response(self.get_serializer(post).data) @action(detail=False, methods=["get"], permission_classes=[IsAuthenticated]) def my_drafts(self, request: Request) -> Response: drafts = Post.objects.filter(author=request.user, status="draft") serializer = self.get_serializer(drafts, many=True) return Response(serializer.data) # ── Comments ───────────────────────────────────────────────── class CommentViewSet(viewsets.ModelViewSet): serializer_class = CommentSerializer permission_classes = [IsAuthenticatedOrReadOnly] http_method_names = ["get", "post", "delete"] def get_queryset(self): return ( Comment.objects .filter(post_id=self.kwargs["post_pk"]) .select_related("author") ) def perform_create(self, serializer: CommentSerializer) -> None: serializer.save( author=self.request.user, post_id=self.kwargs["post_pk"], )