unfinished logging

api/views.py

@@ -20,6 +20,9 @@ from rest_framework.authentication import SessionAuthentication, BasicAuthentica
 from django.contrib.auth import authenticate, login, logout
 import json
 from django.middleware.csrf import get_token
+from rest_framework.decorators import api_view, permission_classes, authentication_classes
+from drf_spectacular.utils import extend_schema
+from django.utils.dateparse import parse_datetime
 
 User = get_user_model()
 
@@ -50,7 +53,6 @@ class PredictionCreateView(APIView):
 
         try:
             prediction_result = TawhiriClient.get_prediction(validated_data)
-            print(prediction_result)
         except requests.RequestException as e:
             print("Tawhiri error:", str(e), e.response.text if e.response else "no response")
             return Response({"error": f"Tawhiri error: {str(e)}"}, status=status.HTTP_502_BAD_GATEWAY)
@@ -65,19 +67,35 @@ class PredictionCreateView(APIView):
 
 
 class PredictionListView(APIView):
+    permission_classes = [IsAuthenticated]
+
     def get(self, request):
-        user_id = request.query_params.get('user_id')
+        user = request.user
+        satellite_id = request.query_params.get('satellite_id')
         created_from = request.query_params.get('created_from')
         created_till = request.query_params.get('created_till')
 
-        predictions = Prediction.objects.filter(
-            id__in=UserPrediction.objects.filter(user_id=user_id).values_list('prediction_id'),
-            created_at__gte=created_from,
-            created_at__lte=created_till,
-            deleted_at__isnull=True
-        )
-        return Response(PredictionSerializer(predictions, many=True).data)
+        # Проверка доступа к спутнику
+        if satellite_id and not user.satellites.filter(id=satellite_id).exists():
+            return Response({'detail': 'Access to this satellite is forbidden.'}, status=403)
 
+        filters = {
+            'id__in': UserPrediction.objects.filter(user=user).values_list('prediction_id', flat=True),
+            'deleted_at__isnull': True
+        }
+        print(filters)
+        print(Prediction.objects.filter(**filters))
+        if created_from:
+            filters['created_at__gte'] = parse_datetime(created_from)
+        if created_till:
+            filters['created_at__lte'] = parse_datetime(created_till)
+        if satellite_id:
+            filters['satellite_id'] = satellite_id
+
+        predictions = Prediction.objects.filter(**filters)
+        return Response(PredictionSerializer(predictions, many=True).data)
+        
+    
 
 class PredictionHistoryListView(generics.ListAPIView):
     permission_classes = [permissions.IsAuthenticated]
@@ -172,12 +190,20 @@ class WhoAmIView(APIView):
         return JsonResponse({'username': request.user.username})
 
 
+@extend_schema(methods=["GET"], description="Get CSRF token")
+@api_view(["GET"])
+@permission_classes([AllowAny])
 def get_csrf(request):
     response = JsonResponse({'detail': 'CSRF cookie set'})
     response['X-CSRFToken'] = get_token(request)
     return response
 
 
+@extend_schema(methods=["POST"], description="Login user")
+@csrf_exempt
+@api_view(["POST"])
+@authentication_classes([])
+@permission_classes([AllowAny])
 def login_view(request):
     data = json.loads(request.body)
     username = data.get('username')
@@ -187,7 +213,6 @@ def login_view(request):
         return JsonResponse({'detail': 'Please provide username and password.'}, status=400)
 
     user = authenticate(username=username, password=password)
-
     if user is None:
         return JsonResponse({'detail': 'Invalid credentials.'}, status=400)
 
@@ -195,6 +220,9 @@ def login_view(request):
     return JsonResponse({'detail': 'Successfully logged in.'})
 
 
+@extend_schema(methods=["POST"], description="Logout user")
+@api_view(["POST"])
+@permission_classes([AllowAny])
 def logout_view(request):
     if not request.user.is_authenticated:
         return JsonResponse({'detail': 'You\'re not logged in.'}, status=400)