From 774ac584b42cf29c637687460506cbb6dd33d105 Mon Sep 17 00:00:00 2001 From: saani Date: Thu, 27 Nov 2025 19:51:55 +0000 Subject: [PATCH] refactor: convert user appointment endpoints from POST to GET Changes: - Refactored UserAppointmentsView and UserAppointmentStatsView to use GET instead of POST - Removed email parameter --- booking_system/views.py | 7 ++-- meetings/views.py | 74 +++++++++++++++++++---------------------- 2 files changed, 37 insertions(+), 44 deletions(-) diff --git a/booking_system/views.py b/booking_system/views.py index 30ed2f4..18b6d90 100644 --- a/booking_system/views.py +++ b/booking_system/views.py @@ -291,10 +291,8 @@ def api_root(request, format=None): "user_appointments": { "description": "Get appointments for the authenticated user", "url": request.build_absolute_uri("/api/meetings/user/appointments/"), - "methods": ["GET", "POST"], + "methods": ["GET"], "authentication": "Required", - "request_fields": ["email"], - "example_request": {"email": "saanii929@gmail.com"}, "response": "List of user's appointment requests with enhanced availability data" }, "schedule_appointment": { @@ -364,9 +362,8 @@ def api_root(request, format=None): "user_appointment_stats": { "description": "Get appointment statistics for a specific user", "url": request.build_absolute_uri("/api/meetings/user/appointments/stats/"), - "methods": ["POST"], + "methods": ["GET"], "authentication": "Required", - "required_fields": ["email"], "response_fields": { "total_requests": "Total number of appointment requests", "pending_review": "Number of pending review requests", diff --git a/meetings/views.py b/meetings/views.py index 437bfbd..6b685ac 100644 --- a/meetings/views.py +++ b/meetings/views.py @@ -20,6 +20,7 @@ from .serializers import ( from .email_service import EmailService from users.models import CustomUser from django.db.models import Count, Q +import hashlib class AdminAvailabilityView(generics.RetrieveUpdateAPIView): @@ -237,31 +238,19 @@ class UserAppointmentsView(generics.ListAPIView): serializer_class = AppointmentRequestSerializer def get_queryset(self): + user_email = self.request.user.email.lower() + all_appointments = list(AppointmentRequest.objects.all()) + + matching_appointments = [ + apt for apt in all_appointments + if apt.email and apt.email.lower() == user_email + ] + appointment_ids = [apt.id for apt in matching_appointments] + return AppointmentRequest.objects.filter( - email=self.request.user.email + id__in=appointment_ids ).order_by('-created_at') - def post(self, request, *args, **kwargs): - email = request.data.get('email') - - if not email: - return Response( - {"error": "Email is required"}, - status=status.HTTP_400_BAD_REQUEST - ) - - if email != request.user.email: - return Response( - {"error": "You can only view your own appointments"}, - status=status.HTTP_403_FORBID_REQUEST - ) - - appointments = AppointmentRequest.objects.filter(email__iexact=email).order_by('-created_at') - - serializer = self.get_serializer(appointments, many=True) - return Response(serializer.data) - - class AppointmentStatsView(generics.GenericAPIView): permission_classes = [IsAuthenticated, IsAdminUser] @@ -291,26 +280,33 @@ class AppointmentStatsView(generics.GenericAPIView): 'available_days_count': days_with_availability if availability else 0 }) - class UserAppointmentStatsView(generics.GenericAPIView): - permission_classes = [IsAuthenticated] + permission_classes = [IsAuthenticated] + serializer_class = AppointmentRequestSerializer - def post(self, request): - email = request.data.get('email', self.request.user.email) + def get_queryset(self): + user_email = self.request.user.email.lower() + all_appointments = list(AppointmentRequest.objects.all()) - if not self.request.user.is_staff and email != self.request.user.email: - return Response( - {'error': 'You can only view your own statistics'}, - status=status.HTTP_403_FORBIDDEN - ) + matching_appointments = [ + apt for apt in all_appointments + if apt.email and apt.email.lower() == user_email + ] + appointment_ids = [apt.id for apt in matching_appointments] + + return AppointmentRequest.objects.filter( + id__in=appointment_ids + ) + + def get(self, request, *args, **kwargs): + queryset = self.get_queryset() - appointments = AppointmentRequest.objects.filter(email__iexact=email) stats = { - 'total': appointments.count(), - 'pending': appointments.filter(status='pending_review').count(), - 'scheduled': appointments.filter(status='scheduled').count(), - 'rejected': appointments.filter(status='rejected').count(), - 'completed': appointments.filter(status='completed').count(), + 'total': queryset.count(), + 'pending': queryset.filter(status='pending_review').count(), + 'scheduled': queryset.filter(status='scheduled').count(), + 'rejected': queryset.filter(status='rejected').count(), + 'completed': queryset.filter(status='completed').count(), } total = stats['total'] @@ -324,9 +320,9 @@ class UserAppointmentStatsView(generics.GenericAPIView): 'rejected': stats['rejected'], 'completed': stats['completed'], 'completion_rate': completion_rate, - 'email': email + 'email': request.user.email }) - + class MatchingAvailabilityView(generics.GenericAPIView): permission_classes = [IsAuthenticated]