From 0f74e3855aee01ddf9a1405d3aee500528e1b395 Mon Sep 17 00:00:00 2001
From: Evan Tung <dragonejt@gmail.com>
Date: Mon, 24 Jun 2024 18:52:39 -0700
Subject: [PATCH] feat: Add head method to UserPsychoPassView for checking user
 access

---
 psychopass/tests.py | 17 +++++++++++++++++
 psychopass/views.py | 14 ++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/psychopass/tests.py b/psychopass/tests.py
index dbd6ce8..0926152 100644
--- a/psychopass/tests.py
+++ b/psychopass/tests.py
@@ -37,6 +37,23 @@ def test_get(self) -> None:
         )
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
+    def test_head_ok(self) -> None:
+        response = self.client.head(f"{self.url}?id={self.psycho_pass.user_id}")
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_head_forbidden(self) -> None:
+        user = get_user_model().objects.create(
+            username=get_random_string(10),
+            email=get_random_string(10),
+            password=get_random_string(10),
+        )
+        psycho_pass = UserPsychoPass.objects.create(
+            platform=user, user_id=get_random_string(20)
+        )
+        response = self.client.head(f"{self.url}?id={psycho_pass.user_id}")
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
     def test_post(self) -> None:
         user_id = get_random_string(20)
         response = self.client.post(self.url, data={"userID": user_id}, format="json")
diff --git a/psychopass/views.py b/psychopass/views.py
index cf1e69c..ce543bf 100644
--- a/psychopass/views.py
+++ b/psychopass/views.py
@@ -94,6 +94,20 @@ def get(self, request: Request) -> Response:
         return Response(
             UserPsychoPassSerializer(psycho_pass).data, status=status.HTTP_200_OK
         )
+    
+    def head(self, request: Request) -> Response:
+        set_user(
+            {
+                "id": request.query_params.get("id"),
+                "username": f"{request.user.username}/{request.query_params.get("id")}",
+            }
+        )
+        psycho_pass = get_object_or_404(
+            UserPsychoPass, user_id=request.query_params.get("id")
+        )
+        if request.user == psycho_pass.platform:
+            return Response(status=status.HTTP_200_OK)
+        return Response(status=status.HTTP_403_FORBIDDEN)
 
     def post(self, request: Request) -> Response:
         set_user(