init

app/user/api/registry.py

@@ -0,0 +1,6 @@
+from api.utils import register_in_app
+from .viewsets import UserViewSet
+
+
+def register_viewsets(router):
+    register_in_app(router, 'users', UserViewSet)

app/user/api/serializers.py

@@ -0,0 +1,11 @@
+from rest_framework import serializers
+
+from user.models import User
+
+
+class UserSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ['id', 'username', 'email', 'first_name', 'last_name', 'max_upload_size']
+        read_only_fields = ['id', 'max_upload_size']
+        extra_kwargs = {'password': {'write_only': True}}

app/user/api/viewsets.py

@@ -0,0 +1,17 @@
+from rest_framework import viewsets, permissions
+
+from user.models import User
+from user.api.serializers import UserSerializer
+
+
+class UserViewSet(viewsets.ModelViewSet):
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
+    permission_classes = [permissions.IsAuthenticated]
+
+    def get_queryset(self):
+        # Les utilisateurs normaux ne peuvent voir que leur propre profil
+        if not self.request.user.is_staff:
+            return User.objects.filter(id=self.request.user.id)
+        # Les administrateurs peuvent voir tous les utilisateurs
+        return User.objects.all()