dev/msa-django-auth
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update
Some checks failed
Build And Test / build-and-push (push) Failing after 1m46s
Details

Browse Source
This commit is contained in:
icurfer
2026-01-13 22:41:07 +09:00
parent e4b185332b
commit 00db74a333
6 changed files with 152 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
users/views.py
View File

@ -4,9 +4,11 @@ from opentelemetry import trace # ✅ OpenTelemetry 트레이서
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import status
from rest_framework.permissions import IsAuthenticated
from rest_framework.permissions import IsAuthenticated, BasePermission
from rest_framework_simplejwt.views import TokenObtainPairView
from .serializers import RegisterSerializer, CustomTokenObtainPairSerializer
from rest_framework import generics
from .serializers import RegisterSerializer, CustomTokenObtainPairSerializer, UserListSerializer
from .models import CustomUser
logger = logging.getLogger(__name__)
tracer = trace.get_tracer(__name__) # ✅ 트레이서 생성
@ -233,3 +235,87 @@ class SSHKeyRetrieveView(APIView):
attributes={"email": email, "reason": str(e)},
) # ✅
return Response({"error": f"복호화 실패: {str(e)}"}, status=500)
# ============================================
# 관리자용 사용자 관리 API
# ============================================
class IsAdminOrManager(BasePermission):
"""admin 또는 manager 등급만 접근 가능"""
def has_permission(self, request, view):
if not request.user or not request.user.is_authenticated:
return False
return request.user.grade in ['admin', 'manager']
class UserListView(generics.ListAPIView):
"""사용자 목록 조회 (관리자 전용)"""
queryset = CustomUser.objects.all().order_by('-created_at')
serializer_class = UserListSerializer
permission_classes = [IsAuthenticated, IsAdminOrManager]
def list(self, request, *args, **kwargs):
with tracer.start_as_current_span("UserListView GET") as span:
email, ip, ua = get_request_info(request)
logger.info(f"[USER LIST] admin={email} | IP={ip} | UA={ua}")
span.add_event("User list retrieved", attributes={"admin": email})
return super().list(request, *args, **kwargs)
class UserUpdateView(generics.RetrieveUpdateDestroyAPIView):
"""사용자 상태 수정/삭제 (관리자 전용)"""
queryset = CustomUser.objects.all()
serializer_class = UserListSerializer
permission_classes = [IsAuthenticated, IsAdminOrManager]
def partial_update(self, request, *args, **kwargs):
with tracer.start_as_current_span("UserUpdateView PATCH") as span:
admin_email, ip, ua = get_request_info(request)
instance = self.get_object()
target_email = instance.email
# is_active만 수정 가능
is_active = request.data.get('is_active')
if is_active is not None:
instance.is_active = is_active
instance.save(update_fields=['is_active'])
action = "activated" if is_active else "deactivated"
logger.info(
f"[USER UPDATE] admin={admin_email} | target={target_email} | action={action} | IP={ip} | UA={ua}"
)
span.add_event(
f"User {action}",
attributes={"admin": admin_email, "target": target_email}
)
serializer = self.get_serializer(instance)
return Response(serializer.data)
def destroy(self, request, *args, **kwargs):
with tracer.start_as_current_span("UserUpdateView DELETE") as span:
admin_email, ip, ua = get_request_info(request)
instance = self.get_object()
target_email = instance.email
# 자기 자신은 삭제 불가
if request.user.id == instance.id:
return Response(
{"error": "자기 자신의 계정은 삭제할 수 없습니다."},
status=status.HTTP_400_BAD_REQUEST
)
logger.info(
f"[USER DELETE] admin={admin_email} | target={target_email} | IP={ip} | UA={ua}"
)
span.add_event(
"User deleted",
attributes={"admin": admin_email, "target": target_email}
)
instance.delete()
return Response(
{"message": f"사용자 {target_email}이(가) 삭제되었습니다."},
status=status.HTTP_200_OK
)