Issue 51 create api endpoint for registration form

[fifibox]

Change Summary

1. created API for registration at http://localhost:8000/api/registrations

• GET Registrationfor current user.
• POST a new Registration for current user.

2. created API for registrant details at http://localhost:8000/api/registrant-details/uuid:pl/

• Retrieve a specific RegistrantDetail by uuid
• Update the existing details.

Change Form

Fill this up (NA if not available). If a certain criteria is not met, can you please give a reason.

• The pull request title has an issue number
• The change works by "Smoke testing" or quick testing :
  I used postman to test listing all & creating new registration, retrieving and updating RegistrantDetails .
• The change has tests
• The change has documentation

Other Information

Related issue

• Resolve Create API endpoint for registration form #51

[laurenpudz]

Heya! can you please merge main into your branch and resolve merge conflicts?
I think you will also need to convert these endpoints into rest endpoints and specify the types of requests they would take, i.e. PUT and GET. Will need to get someone with more django knowledge to confirm the specifics though!

[MahitGtg]

Just a couple of changes, as we are nearly at the end, I have included the code to go with it as well. These are crucial changes and might need to be addressed.

[MahitGtg]

Current code exposes all users' data to any authenticated user - This can be a security issue
it should be replaced by something like this:

class RegistrationListCreate(generics.ListCreateAPIView):
    serializer_class = RegistrationSerializer
    permission_classes = [permissions.IsAuthenticated]
    
    def get_queryset(self):
        return Registration.objects.filter(user=self.request.user)  # Only user's own registrations
    
    def perform_create(self, serializer):
        registration = serializer.save(user=self.request.user)  # Auto-assign to current user
        # Auto-create empty registrant details for form continuation
        RegistrantDetail.objects.create(registration=registration)

class RegistrantDetailRetrieveUpdate(generics.RetrieveUpdateAPIView):
    serializer_class = RegistrantDetailSerializer
    permission_classes = [permissions.IsAuthenticated]
    
    def get_queryset(self):
        return RegistrantDetail.objects.filter(registration__user=self.request.user)  # Only details of user's registrations

Here the queryset is replaced by a function which only returns the form allowed to view by the authenticated user.

Also the perform_create method here created an empty registrant_details form to avoid multiple POST requsets.

[MahitGtg]

• Maybe remove the event_registration from the url as it is a bit unclear here(these registrations are just to register a person in the system, not in an event)
• Also models are UUID primary keys to replace the <int:pk> with <uuid:pl>

[MahitGtg]

might need to import the Registration Details here

from .models import Registration, RegistrantDetail