Modify equipment-requests endpoint to show the requests of only the current user

[Frama-99]

Currently, the /api/v1/equipment-requests API endpoint returns a list of all current and past requests, regardless of the authenticated user. This works well for an administrator (who might want to see all the request), but isn't ideal for members. We don't want a member to have potential access to another member's equipment request. Therefore, we need to modify this endpoint so that

• When a member is authenticated, return only the requests that they have made (indicated by the field "user" in each equipment request.
• When an admin is authenticated, return the list of all requests (current behavior).

The filtering feature that Django REST Framework has is probably the easiest way to do this: https://www.django-rest-framework.org/api-guide/filtering/#filtering-against-the-current-user

[Frama-99]

This seems to have broken the API endpoint for users- Django raises the exception of "django.urls.exceptions.NoReverseMatch: Reverse for 'equipmentrequest-detail' not found. 'equipmentrequest-detail' is not a valid view function or pattern name." when trying to access the /api/v1/users/ endpoint.

My guess is that this is related to adding the "basename" argument to router.register in urls.py. Could you guys look into this?

[Frama-99]

This seems to have broken the API endpoint for users- Django raises the exception of "django.urls.exceptions.NoReverseMatch: Reverse for 'equipmentrequest-detail' not found. 'equipmentrequest-detail' is not a valid view function or pattern name." when trying to access the /api/v1/users/ endpoint.

My guess is that this is related to adding the "basename" argument to router.register in urls.py. Could you guys look into this?

This is resolved by changing the user viewset from a HyperlinkedModelViewset to a ModelViewset.

We also decided to add a new viewset and API endpoint exclusively for admin members to retrieve all equipment requests. Made this design decision because we want admin members to be able to make requests at the regular endpoint as well, not just see all requests.