added frontend for social + feed partiali working

backend/account/migrations/0002_customuser_avatar.py

@@ -0,0 +1,16 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('account', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='customuser',
+            name='avatar',
+            field=models.ImageField(blank=True, null=True, upload_to='avatars/'),
+        ),
+    ]

backend/account/models.py

@@ -78,6 +78,8 @@ class CustomUser(SoftDeleteModel, AbstractUser):
     street_number = models.PositiveIntegerField(null=True, blank=True)
     country = models.CharField(null=True, blank=True, max_length=100)
 
+    avatar = models.ImageField(upload_to='avatars/', null=True, blank=True)
+
     # firemní fakturační údaje
     company_name = models.CharField(max_length=255, blank=True)
     ico = models.CharField(max_length=20, blank=True)
@@ -136,8 +138,6 @@ class CustomUser(SoftDeleteModel, AbstractUser):
             group, _ = Group.objects.get_or_create(name=self.role)
             # Use add/set now that PK exists
             self.groups.set([group])
-
-        return super().save(*args, **kwargs)
     
     def generate_email_verification_token(self, length: int = 48, save: bool = True) -> str:
         token = get_random_string(length=length)

backend/account/serializers.py

@@ -17,6 +17,14 @@ from rest_framework.exceptions import PermissionDenied
 
 User = get_user_model()
 
+class PublicUserSerializer(serializers.ModelSerializer):
+    """Minimal read-only profile returned to non-owner authenticated users."""
+    class Meta:
+        model = User
+        fields = ['id', 'username', 'first_name', 'last_name', 'avatar', 'city', 'role', 'create_time']
+        read_only_fields = ['id', 'username', 'first_name', 'last_name', 'avatar', 'city', 'role', 'create_time']
+
+
 class CustomUserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
@@ -35,6 +43,7 @@ class CustomUserSerializer(serializers.ModelSerializer):
             "postal_code",
             "gdpr",
             "is_active",
+            "avatar",
         ]
         read_only_fields = ["id", "create_time", "gdpr", "username"]  # <-- removed "account_type"
 
@@ -89,17 +98,18 @@ class UserRegistrationSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
         fields = [
-            'first_name', 'last_name', 'email', 'phone_number', 'password',
+            'username', 'first_name', 'last_name', 'email', 'phone_number', 'password',
             'city', 'street', 'postal_code', 'gdpr'
         ]
         extra_kwargs = {
-            'first_name': {'required': True, 'help_text': 'Křestní jméno uživatele'},
-            'last_name': {'required': True, 'help_text': 'Příjmení uživatele'},
+            'username': {'required': False, 'allow_blank': True, 'help_text': 'Užívatelské jméno'},
+            'first_name': {'required': False, 'allow_blank': True, 'help_text': 'Křestní jméno uživatele'},
+            'last_name': {'required': False, 'allow_blank': True, 'help_text': 'Příjmení uživatele'},
             'email': {'required': True, 'help_text': 'Emailová adresa uživatele'},
-            'phone_number': {'required': True, 'help_text': 'Telefonní číslo uživatele'},
-            'city': {'required': True, 'help_text': 'Město uživatele'},
-            'street': {'required': True, 'help_text': 'Ulice uživatele'},
-            'postal_code': {'required': True, 'help_text': 'PSČ uživatele'},
+            'phone_number': {'required': False, 'allow_null': True, 'allow_blank': True, 'help_text': 'Telefonní číslo uživatele'},
+            'city': {'required': False, 'allow_blank': True, 'allow_null': True, 'help_text': 'Město uživatele'},
+            'street': {'required': False, 'allow_blank': True, 'allow_null': True, 'help_text': 'Ulice uživatele'},
+            'postal_code': {'required': False, 'allow_blank': True, 'allow_null': True, 'help_text': 'PSČ uživatele'},
             'gdpr': {'required': True, 'help_text': 'Souhlas se zpracováním osobních údajů'},
         }
 
@@ -117,9 +127,9 @@ class UserRegistrationSerializer(serializers.ModelSerializer):
     def validate(self, data):
         email = data.get("email")
         phone = data.get("phone_number")
-        dgpr = data.get("GDPR")
-        if not dgpr:
-            raise serializers.ValidationError({"GDPR": "You must agree to the GDPR to register."})
+        gdpr = data.get("gdpr")
+        if not gdpr:
+            raise serializers.ValidationError({"gdpr": "You must agree to the GDPR to register."})
 
         if User.objects.filter(email=email).exists():
             raise serializers.ValidationError({"email": "Account with this email already exists."})
@@ -131,10 +141,8 @@ class UserRegistrationSerializer(serializers.ModelSerializer):
     
     def create(self, validated_data):
         password = validated_data.pop("password")
-        username = validated_data.get("username", "")
         user = User.objects.create(
-            username=username,
-            is_active=False, #uživatel je defaultně deaktivovaný
+            is_active=True, #uživatel je defaultně aktivní
             **validated_data
         )
         user.set_password(password)

backend/account/views.py

@@ -250,21 +250,20 @@ class UserView(viewsets.ModelViewSet):
             # Fallback - deny access (prevents AttributeError for AnonymousUser)
             return [OnlyRolesAllowed("admin")()]
 
-        # Users can only view their own profile, admins can view any profile
+        # Any authenticated user can retrieve a profile (serializer limits fields for non-owner/non-admin)
         elif self.action == 'retrieve':
-            user = getattr(self, 'request', None) and getattr(self.request, 'user', None)
-            # Admins can view any user profile
-            if user and getattr(user, 'is_authenticated', False) and getattr(user, 'role', None) == 'admin':
-                return [IsAuthenticated()]
-            
-            # Users can view their own profile
-            if user and getattr(user, 'is_authenticated', False) and self.kwargs.get('pk') and str(getattr(user, 'id', '')) == self.kwargs['pk']:
-                return [IsAuthenticated()]
-            
-            # Deny access to other users' profiles
-            return [OnlyRolesAllowed("admin")()]
+            return [IsAuthenticated()]
 
         return super().get_permissions()
+
+    def get_serializer_class(self):
+        user = getattr(self.request, 'user', None)
+        pk = self.kwargs.get('pk')
+        is_self = pk and user and str(getattr(user, 'id', '')) == str(pk)
+        is_admin = user and (getattr(user, 'role', None) == 'admin' or getattr(user, 'is_superuser', False))
+        if self.action == 'retrieve' and not is_self and not is_admin:
+            return PublicUserSerializer
+        return CustomUserSerializer