search

Junaidiqbal35 / Subscription-Api

Subscription Api
0 stars 0 forks source link

First comment about your work #1

Open oalamoudi opened 4 years ago

oalamoudi commented 4 years ago

First Upload your work to the private repo, I already gave you an access.

  1. All user model usage should be coming from get_user_model method import User: 
    
from django.contrib.auth import get_user_model

User = get_user_model()

2. All models should include these three fields
``` python
created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True)
created_by = models.ForeignKey(User)
  1. You should include i18n (internationalisation) to all of the text in the code and add verbose_name to all the fields (Name it appropriately for translation) Text examples 
    
# first import gettext to translate the text and use it as _
from django.utils.translation import gettext as _

MEMBERSHIPCHOICES = ( (('Enterprise'), 'ent'), (('Professional'), 'pro'), (('Free'), 'free') )

in a field always use Verbose_name like this

membership_type = models.CharField(
    verbose_name = _('Membership Type'),
    choices=MEMBERSHIP_CHOICES,
    default='Free',
    max_length=30)

Always add Verbose_name and verbose_name_plural to the model meta

class Membership(models.Model): ... class Meta: Verbosename = ('Membership') verbose_nameplural = ('Memberships')

oalamoudi commented 4 years ago

Few extra things to look for

  1. The API_Views should be renamed to view. The only views there are for APIs. Views should be restricting access to only those who are subscribers.

  2. the plans should be stored on a separate model not on the same models as memberships.

  3. Use drf guardian to give permission to only one object (rdf guardian is an extra requirement don't bother if you do not know how to use it) + admin user can modify all objects. Note: if you don't know how to use guardian please only allow users to change their own subscription and create views that can only be used by the admin or super users to add, update, suspend, or retrieve subscription information.

  4. create a record of all operations done ( What happened , when it happened, who did it).

  5. All API must be accessed by Authenticated users