Box CRUD API:
Consider a store which has an inventory of boxes which are all cuboid(which have length breadth and height). Each Cuboid has been added by a store employee who is associated as the creator of the box even if it is updated by any user later on.
Setup Project
-
Fork and clone this repository and navigate into the project folder by running the following commands in your terminal:
git clone [email protected]:<username>/boxes_inventory.git cd boxes_inventory
NOTE: This cloning is done via SSH.
-
Create a Python virtual environment in the project folder and activate it.
pip install virtualenv virtualenv venv source venv/bin/activate
NOTE: This commands can differ can based on operating systems.
-
Create a
.env
file in the project folder, and add your secret key in theSECRET_KEY
variable in.env
file.SECRET_KEY=<your secret key>
SECRET_KEY is 128 bit long string containing alphnumeric chars and symbols.
-
Install the dependencies, by running the following command:
pip install -r requirements.txt
Make sure your virtual environment is activated.
-
Run the migrations.
python manage.py makemigrations python manage.py migrate
As our default database is sqlite3, you will notice after the migrations a db file is created in project folder.
-
Create a superuser.
python manage.py createsuperuser
-
Run the server.
python manage.py runserver
POSTMAN Collection click here
Open this postman collection in Postman, to check all the API endpoints.
Authentication Details
I have implemented default token authetication available in the Django Rest Framework.
When the user logs in through http://127.0.0.1:8000/accounts/api/v1/login/, the token is generated and stored in the database.
So, Inorder to access the API, you need to send a valid token in the Authorization
header as follows:
Authorization: Token <generated token>
Task 0: Data Modelling
I have created a boxes model with one to many relationship with the users model, where user model is the parent and boxes model is the child.
Task 1: Add a Box
API Endpoint: POST http://127.0.0.1:8000/boxes/api/v1/create-box
Only the Staff user is able to create a box and following is the required payload for the request.
{
"height": 4,
"length": 3,
"breadth": 4
}
Below is the example of the API:
If the request is invalid or provided with invalid body, the API will return error messages.
Conditions fulfilled:
- The user should be a staff and logged in to create a box.
- Average area of all added boxes should not exceed 100.
- Average volume of all boxes added by the current user shall not exceed 1000.
- Total Boxes added in a week cannot be more than 100.
- Total Boxes added in a week by a user cannot be more than 50.
Task 2: Update API for a Box
API Endpoint: PUT/PATCH http://127.0.0.1:8000/boxes/api/v1/update-box/uuid
You need to add the UUID of the box at the end of the URL to update the box.
UUID is the unique identifier of the box
- Below is the example of the Update API through PUT method:
- Below is the example of the Update API through PATCH method:
Conditions fulfilled:
- User should be logged in and should be a staff user to access the API.
- Any staff user is able to update any box.
- Editor cannot edit the
creator
,created_date
orlast_updated
date of the box.
Task 3: List all Boxes
API Endpoint: GET http://127.0.0.1:8000/boxes/api/v1/list-all-boxes
This API returns all the boxes in the database but the response is divided into 2 types:
-
If User is staff, they can see the
creator
andlast_updated
date of each box. -
But in case of the non staff user they cannot see the
creator
andlast_updated
date of each box.
In this API you can also apply below filters:
length_more_than
orlength_less_than
height_more_than
orheight_less_than
breadth_more_than
orbreadth_less_than
volume_more_than
orvolume_less_than
area_more_than
orarea_less_than
created_after
orcreated_before
username
Conditions fulfilled:
- User should be logged-in and authenticated to access this API.
Task 4: List my boxes
API Endpoint: GET http://127.0.0.1:8000/boxes/api/v1/list-my-boxes
This API returns all the boxes created by the logged-in staff user.
In this API you can also apply below filters:
length_more_than
orlength_less_than
height_more_than
orheight_less_than
breadth_more_than
orbreadth_less_than
volume_more_than
orvolume_less_than
area_more_than
orarea_less_than
Conditions fulfilled:
- User should be staff, logged-in and authenticated to access this API.
Task 5: Delete a Box
API Endpoint: DELETE http://127.0.0.1:8000/boxes/api/v1/delete-box/uuid
You need to add the UUID of the box to be deleted at the end of the URL, and only the creator of the box can delete it.
Conditions fulfilled:
- User should be staff, logged-in and authenticated to access the API.
- The box to delete should be created by the logged-in staff user.
Scope of Improvement:
- In
utils/filters.py
file, code resuability can be improved. - In place of Token Authentication, JWT Authentication can be used to authenticate the users.
Things I Learned:
- How to apply filters in the API.
- How to use and modify the serializer data according to the use case.
- Write more clean code and add comments wherever necessary.
- Read documentation more thoroughly.
Assumptions from the problem statement given:
-
At the time of updating the box, the avg_area and avg_volume condition is not checked because, the problem statement says added and not updated/edited word.
-
Adding user should be automatically associated with the box and shall not be overridden – This line was unclear in the problem statement, so I gathered that whenever a box is being created we have to connect it to the staff user who created it by default (one-to-many relationship).