Box CRUD API:

Consider a store which has an inventory of boxes which are all cuboid(which have length breadth and height). Each Cuboid has been added by a store employee who is associated as the creator of the box even if it is updated by any user later on.

Setup Project

1. Fork and clone this repository and navigate into the project folder by running the following commands in your terminal:

   git clone [email protected]:
        
         /boxes_inventory.git
   cd boxes_inventory
   
        

   NOTE: This cloning is done via SSH.

2. Create a Python virtual environment in the project folder and activate it.

   pip install virtualenv
   virtualenv venv
   source venv/bin/activate
   

   NOTE: This commands can differ can based on operating systems.

3. Create a .env file in the project folder, and add your secret key in the SECRET_KEY variable in .env file.

   SECRET_KEY=
        
   
        

   SECRET_KEY is 128 bit long string containing alphnumeric chars and symbols.

4. Install the dependencies, by running the following command:

   pip install -r requirements.txt
   

   Make sure your virtual environment is activated.

5. Run the migrations.

   python manage.py makemigrations
   python manage.py migrate
   

   As our default database is sqlite3, you will notice after the migrations a db file is created in project folder.

6. Create a superuser.

   python manage.py createsuperuser
   

7. Run the server.

   python manage.py runserver
   

POSTMAN Collection click here

Open this postman collection in Postman, to check all the API endpoints.

Authentication Details

I have implemented default token authetication available in the Django Rest Framework.

When the user logs in through http://127.0.0.1:8000/accounts/api/v1/login/, the token is generated and stored in the database.

So, Inorder to access the API, you need to send a valid token in the Authorization header as follows:

Authorization: Token 
   

   

Task 0: Data Modelling

I have created a boxes model with one to many relationship with the users model, where user model is the parent and boxes model is the child.

Task 1: Add a Box

API Endpoint: POST http://127.0.0.1:8000/boxes/api/v1/create-box

Only the Staff user is able to create a box and following is the required payload for the request.

{
    "height": 4,
    "length": 3,
    "breadth": 4
}

Below is the example of the API:

If the request is invalid or provided with invalid body, the API will return error messages.

Conditions fulfilled:

1. The user should be a staff and logged in to create a box.
2. Average area of all added boxes should not exceed 100.
3. Average volume of all boxes added by the current user shall not exceed 1000.
4. Total Boxes added in a week cannot be more than 100.
5. Total Boxes added in a week by a user cannot be more than 50.

Task 2: Update API for a Box

API Endpoint: PUT/PATCH http://127.0.0.1:8000/boxes/api/v1/update-box/uuid

You need to add the UUID of the box at the end of the URL to update the box.

UUID is the unique identifier of the box

1. Below is the example of the Update API through PUT method:

2. Below is the example of the Update API through PATCH method:

Conditions fulfilled:

1. User should be logged in and should be a staff user to access the API.
2. Any staff user is able to update any box.
3. Editor cannot edit the creator, created_date or last_updated date of the box.

Task 3: List all Boxes

API Endpoint: GET http://127.0.0.1:8000/boxes/api/v1/list-all-boxes

This API returns all the boxes in the database but the response is divided into 2 types:

1. If User is staff, they can see the creator and last_updated date of each box.

2. But in case of the non staff user they cannot see the creator and last_updated date of each box.

In this API you can also apply below filters:

1. length_more_than or length_less_than
2. height_more_than or height_less_than
3. breadth_more_than or breadth_less_than
4. volume_more_than or volume_less_than
5. area_more_than or area_less_than
6. created_after or created_before
7. username

Conditions fulfilled:

1. User should be logged-in and authenticated to access this API.

Task 4: List my boxes

API Endpoint: GET http://127.0.0.1:8000/boxes/api/v1/list-my-boxes

This API returns all the boxes created by the logged-in staff user.

In this API you can also apply below filters:

1. length_more_than or length_less_than
2. height_more_than or height_less_than
3. breadth_more_than or breadth_less_than
4. volume_more_than or volume_less_than
5. area_more_than or area_less_than

Conditions fulfilled:

1. User should be staff, logged-in and authenticated to access this API.

Task 5: Delete a Box

API Endpoint: DELETE http://127.0.0.1:8000/boxes/api/v1/delete-box/uuid

You need to add the UUID of the box to be deleted at the end of the URL, and only the creator of the box can delete it.

Conditions fulfilled:

1. User should be staff, logged-in and authenticated to access the API.
2. The box to delete should be created by the logged-in staff user.

Scope of Improvement:

1. In utils/filters.py file, code resuability can be improved.
2. In place of Token Authentication, JWT Authentication can be used to authenticate the users.

Things I Learned:

1. How to apply filters in the API.
2. How to use and modify the serializer data according to the use case.
3. Write more clean code and add comments wherever necessary.
4. Read documentation more thoroughly.

Assumptions from the problem statement given:

1. At the time of updating the box, the avg_area and avg_volume condition is not checked because, the problem statement says added and not updated/edited word.

2. Adding user should be automatically associated with the box and shall not be overridden - This line was unclear in the problem statement, so I gathered that whenever a box is being created we have to connect it to the staff user who created it by default (one-to-many relationship).