draft: add endpoints to create and modify users#38894
Conversation
|
Thanks for the pull request, @viadanna! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
There was a problem hiding this comment.
Pull request overview
This PR introduces a new admin-only “modify user” API endpoint in user_api to support creating users (POST) and updating user attributes (PATCH) via /api/user/v1/modify.
Changes:
- Added
UserModifyViewwith JWT/Bearer/Session authentication andIsAdminUserpermission, implementing POST (create) and PATCH (update). - Wired the new endpoint into
user_apiURL routing. - Added initial HTTP-level tests covering user creation success and common validation failures.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| openedx/core/djangoapps/user_api/views.py | Adds UserModifyView implementing POST/PATCH behavior for user creation and updates. |
| openedx/core/djangoapps/user_api/urls.py | Registers the new v1/modify route. |
| openedx/core/djangoapps/user_api/tests/test_views.py | Adds tests for the new create-user endpoint behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| from rest_framework.exceptions import ParseError, ValidationError | ||
| from rest_framework.permissions import IsAdminUser, IsAuthenticated | ||
| from rest_framework.views import APIView, Response |
| user = self._get_user_by_email_or_username(request) | ||
| if not user: | ||
| return Response( | ||
| data={"error_message": "User not found."}, | ||
| status=status.HTTP_404_NOT_FOUND, | ||
| ) | ||
| user = UserSerializer().update(user, request.data) |
There was a problem hiding this comment.
@viadanna I don't like the suggested code here. However, it may be a valid point that we should limit which fields may be updated here - at least blocking password changes. Not sure if the UserSerializer already does that.
| email = request.data.get("email") | ||
| username = request.data.get("username") | ||
| query = {} | ||
| if email: | ||
| query["email"] = email | ||
| if username: | ||
| query["username"] = username | ||
| return User.objects.filter(**query).first() |
There was a problem hiding this comment.
@viadanna Agreed that this logic needs updating. I don't like the suggestion here though, as this still allows the weird case where both an email and username are provided. Maybe something like:
if email:
return User.objects.filter(email=email).first()
elif username:
return User.objects.filter(username=username).first()
And document which field takes precedence if both are provided.
| **Example Requests** | ||
|
|
||
| POST /api/user/v1/modify/ | ||
|
|
||
| PATCH /api/user/v1/modify/ | ||
|
|
||
| **Example GET Response** | ||
|
|
||
| If the request is successful, an HTTP 200 "OK" response is returned | ||
| along with the user id and username, e.g.: |
| import pytest | ||
| import json | ||
|
|
||
| import ddt | ||
| from django.contrib.auth import get_user_model | ||
| from django.test.utils import override_settings |
| USER_LIST_URI = "/api/user/v1/users/" | ||
| USER_PREFERENCE_LIST_URI = "/api/user/v1/user_prefs/" | ||
| ROLE_LIST_URI = "/api/user/v1/forum_roles/Moderator/users/" | ||
| User = get_user_model() |
| def patch(self, request): | ||
| """ | ||
| Update user information by email or username. | ||
| """ |
|
@viadanna could you rebase this on latest master please, and resolve the conflicts? :) |
Description
This PR adds endpoints to create and modify users.
Supporting information
Private Refs:
Testing instructions
Deadline
None, still a draft