In [17]:
from aioapi import aioAPI
from utils import JSON
import csv
import random
from faker import Faker

fake = Faker()

roles = {
  "admin": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjg1MjM5NjE1LCJpYXQiOjE2ODUxNTMyMTUsImp0aSI6IjBmNGU4NmU0NWU0NDRiYmY5YTJlMGYyYjJmYWYzODdlIiwidXNlcl9pZCI6MjR9.mXc-xX4ktB6ITDaFfVWBQ4SYX8PnpKSwsdx-cxqNyHo",
  "editor": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjg1MjM5NjE1LCJpYXQiOjE2ODUxNTMyMTUsImp0aSI6IjVlZDhkODY0MDgzYTRiYmM5ZDVmYzA3YmQzNmI3M2IzIiwidXNlcl9pZCI6Mjl9.noGNwfr-zlqAFTWD9Kx-5at4dHhPCw_JyUr6IyQEFdM",
  "blogger": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjg1MjM5NjE1LCJpYXQiOjE2ODUxNTMyMTUsImp0aSI6IjliZjZkOGMyNTcxNTQyNDhhZDE3OGU5MTU1OTg5NWYwIiwidXNlcl9pZCI6Mjd9.hUMHUflRIMomnrvUBZlJL_l_-hP1UbXvn0LCiGKljgk",
  "fail": "THIS IS NOT A TOKEN, OBVIOUSLY",
}

import warnings
warnings.filterwarnings("ignore")

API = 'http://localhost:8000/'

# RestFul API

A RESTful API is an architectural style for an application program interface (API) that uses HTTP requests to access and use data. Our API, built on Django REST Framework, allows clients to interact with various resources in our application, such as users, profiles, posts, tags, and comments.

## Users and Profiles

In our API, we have endpoints to handle User and Profile data. The unique aspect of these endpoints is that you can create a User and its associated Profile in a single request by nesting Profile data inside User data. This approach simplifies the client-side code and reduces the number of requests needed to set up a user.

### Create

Here is an example of how you can create a new user:

In [16]:
new_user = {
    'username': fake.unique.user_name(),
    'password': fake.password(length=10, special_chars=True, digits=True, upper_case=True, lower_case=True), 
    'email': fake.unique.email(), 
    'role': fake.random_element(elements=('admin', 'editor', 'blogger')), 
    'profile': 
        {'bio': fake.text(max_nb_chars=200),
         'image': None,
        }
}

for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.users.post(new_user)

    if response is None:
        print(f'Fail, {role.upper()} can not create users')
    else:
        print(f'Success: {role.upper()} can create users')



Success: ADMIN can create users
Fail, EDITOR can not create users
Fail, BLOGGER can not create users
Fail, FAIL can not create users


Note that only users with the 'admin' role have the permission to create new users.

### Retrieve

The retrieval process is straightforward. You can fetch the list of all users by sending a GET request to the 'users' endpoint. Note that every role, except those with an invalid token, can read the list of users.

In [18]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.users.get()

    if response is None:
        print(f'Fail, {role.upper()} can not read users')
    else:
        print(f'Success {role.upper()} can read users')

Success ADMIN can read users
Success EDITOR can read users




Success BLOGGER can read users
Fail, FAIL can not read users


### Update

Users can be updated by sending a PATCH request to the 'users' endpoint. However, only users with the 'admin' role are allowed to edit users.

In [19]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.users.patch({'id':1, 'username': 
                                      'new_username', 
                                      'profile': 
                                          {'bio': 'new_bio'}
                                     })

    if response is None:
        print(f'Fail: {role.upper()} can not edit users')
    else:
        print(f'Success: {role.upper()} can edit users')



Success: ADMIN can edit users
Fail: EDITOR can not edit users
Fail: BLOGGER can not edit users
Fail: FAIL can not edit users


### Delete

You can delete a user by sending a DELETE request to the 'users' endpoint, providing the 'id' of the user in the request. As with user creation and updating, only 'admin' users have the permission to delete users.

In [21]:
for i, role in enumerate(roles):
    api = aioAPI(API, token=roles[role])
    response = await api.users.delete({'id': 1+i})

    if response is None:
        print(f'Fail: {role.upper()} can not delete users')
    else:
        print(f'Success: {role.upper()} can delete users')



Success: ADMIN can delete users
Fail: EDITOR can not delete users
Fail: BLOGGER can not delete users
Fail: FAIL can not delete users


## Posts

Our API includes endpoints to handle Posts. Each Post contains an 'author_id', 'title', 'content', 'category', and 'tags'. Users can interact with these endpoints to create, retrieve, update, or delete posts depending on their authorization level.

### Create

Creating a new post can be done with a POST request. Here is an example of how to create a new post:

In [28]:
new_post = {
    'author_id': 40,
    'title': fake.sentence(), 
    'content': fake.text(), 
    'category': fake.word(), 
    'tags': [fake.word() for _ in range(4)]
}

for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.posts.post(new_post)

    if response is None:
        print(f'Fail: {role.upper()} can not create posts')
    else:
        print(f'Success: {role.upper()} can create posts')



Success: ADMIN can create posts
Success: EDITOR can create posts
Success: BLOGGER can create posts
Fail: FAIL can not create posts


Note that only users with 'admin', 'editor', or 'blogger' roles have the permission to create new posts.

### Retrieve

Posts can be fetched by sending a GET request to the 'posts' endpoint. Every role, except those with an invalid token, can read the list of posts.

In [29]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.posts.get()

    if response is None:
        print(f'Fail: {role.upper()} can not read posts')
    else:
        print(f'Success: {role.upper()} can read posts')



Success: ADMIN can read posts
Success: EDITOR can read posts
Success: BLOGGER can read posts
Fail: FAIL can not read posts


## Update

To update a post, you can send a PATCH request to the 'posts' endpoint. However, only 'admin' and 'editor' roles have the permission to edit posts. Bloggers cannot edit posts, as this could lead to content inconsistency.

In [31]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.posts.patch({'id': 50, 'title': 'New title', 'tags': ['A', 'B', 'C']})

    if response is None:
        print(f'Fail: {role.upper()} can not edit posts')
    else:
        print(f'Success: {role.upper()} can edit posts')



Success: ADMIN can edit posts
Success: EDITOR can edit posts
Fail: BLOGGER can not edit posts
Fail: FAIL can not edit posts


### Delete

A post can be deleted by sending a DELETE request to the 'posts' endpoint, along with the 'id' of the post in the request. Similar to the update permission, only 'admin' and 'editor' roles have the authorization to delete posts. Bloggers cannot delete posts to prevent potential loss of valuable content.

In [35]:
for i, role in enumerate(roles):
    api = aioAPI(API, token=roles[role])
    response = await api.posts.delete({'id': 70+i})

    if response is None:
        print(f'Fail: {role.upper()} can not delete posts')
    else:
        print(f'Success: {role.upper()} can delete posts')



Success: ADMIN can delete posts
Success: EDITOR can delete posts
Fail: BLOGGER can not delete posts
Fail: FAIL can not delete posts


## Comments

The comments section of the API handles user interactions with comments on posts. Each comment is associated with a 'user_id', 'post_id', and 'text'. Depending on their authorization level, users can create, retrieve, update, or delete comments.

### Create

Comments can be created by making a POST request. Here is an example of how to create a new comment:

In [38]:
new_comment = {
    'user_id': 25,
    'post_id': 25, 
    'text': fake.text(), 
}

for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.comments.post(new_comment)

    if response is None:
        print(f'Fail: {role.upper()} can not create comment')
    else:
        print(f'Success: {role.upper()} can create comment')



Success: ADMIN can create comment
Success: EDITOR can create comment
Success: BLOGGER can create comment
Fail: FAIL can not create comment


Note that 'admin', 'editor', and 'blogger' roles have the ability to create comments. An invalid token will result in a failure to create comments.

### Retrieve

Comments can be retrieved by making a GET request to the 'comments' endpoint. All roles except those with an invalid token can read comments.

In [39]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.comments.get()

    if response is None:
        print(f'Fail: {role.upper()} can not read comment')
    else:
        print(f'Success: {role.upper()} can read comment')



Success: ADMIN can read comment
Success: EDITOR can read comment
Success: BLOGGER can read comment
Fail: FAIL can not read comment


### Update

Comments can be updated by sending a PATCH request to the 'comments' endpoint. However, only 'admin' and 'editor' roles can update comments. Bloggers do not have the permission to update comments to maintain content integrity.

In [40]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.comments.patch({'id': 2, 'text': fake.text()})

    if response is None:
        print(f'Fail, {role.upper()} can not update comment')
    else:
        print(f'Success {role.upper()} can update comment')



Success ADMIN can update comment
Success EDITOR can update comment
Fail, BLOGGER can not update comment
Fail, FAIL can not update comment


### Delete

Comments can be deleted by sending a DELETE request to the 'comments' endpoint, with the 'id' of the comment to be deleted included in the request. Note that only 'admin' and 'editor' roles can delete comments. Bloggers and invalid tokens will fail to delete comments. This is to prevent accidental or unauthorized deletion of comments which can lead to loss of valuable discussion.

In [None]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.comments.get()

    if response is None:
        print(f'Fail, {role.upper()} can not read comment')
    else:
        print(f'Success {role.upper()} can read comment')

## Likes

The likes endpoint of the API manages user interactions with likes on posts and comments. Each like is associated with a 'user_id', 'post', and 'comment'. Depending on their authorization level, users can create, retrieve, or delete likes.

### Create

Likes can be created by making a POST request. Here is an example of how to create a new like:

In [45]:
new_like = {
    'user_id': 14,
    'post': 2, 
    'comment': None,
}

for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.likes.post(new_like)

    if response is None:
        print(f'Fail: {role.upper()} can not create likes')
    else:
        print(f'Success: {role.upper()} can create likes')



Success: ADMIN can create likes
Success: EDITOR can create likes
Success: BLOGGER can create likes
Fail: FAIL can not create likes


Note that 'admin', 'editor', and 'blogger' roles have the ability to create likes. An invalid token will result in a failure to create likes.

### Retrieve

Likes can be retrieved by making a GET request to the 'likes' endpoint. All roles except those with an invalid token can read likes.

In [46]:
for role in roles:
    api = aioAPI(API, token=roles[role])
    response = await api.likes.get()

    if response is None:
        print(f'Fail: {role.upper()} can not read likes')
    else:
        print(f'Success: {role.upper()} can read likes')



Success: ADMIN can read likes
Success: EDITOR can read likes
Success: BLOGGER can read likes
Fail: FAIL can not read likes


### Delete

Likes can be deleted by sending a DELETE request to the 'likes' endpoint, with the 'id' of the like to be deleted included in the request. Note that only 'admin' and 'editor' roles can delete likes. Bloggers and invalid tokens will fail to delete likes. This is to prevent accidental or unauthorized deletion of likes which can impact user engagement statistics.

In [70]:
for i, role in enumerate(roles):
    api = aioAPI(API, token=roles[role])
    response = await api.likes.delete({'id': 300+i})

    if response is None:
        print(f'Fail: {role.upper()} can not delete likes')
    else:
        print(f'Success: {role.upper()} can delete likes')



Success: ADMIN can delete like
Success: EDITOR can delete like
Fail: BLOGGER can not delete like
Fail: FAIL can not delete like
