"""Admin-only DRF write endpoints. Each viewset is guarded by IsAdminUser (see individual ModelViewSet `permission_classes`). Student JWTs hit 403 here. Mount: config/urls.py → path('api/admin/', include('config.admin_urls')) URL map (under /api/admin/): skills/ CRUD on Skill catalog (409 on referenced delete) roles/ CRUD on Role (soft delete) role-skills/ CRUD on RoleSkill junction (?role=) resources/ CRUD on Resource (cascades to SkillResource + checkpoints) checkpoints/ CRUD on ResourceCheckpoint (?resource=) checkpoints/bulk/ POST newline-separated titles to create N rows skill-resources/ CRUD on SkillResource junction (?resource=) """ from django.urls import include, path from rest_framework.routers import DefaultRouter from apps.resources.views import ( ResourceAdminViewSet, ResourceCheckpointAdminViewSet, SkillResourceAdminViewSet, ) from apps.roles.views import RoleAdminViewSet, RoleSkillAdminViewSet from apps.skills.views import SkillAdminViewSet router = DefaultRouter() router.register(r'skills', SkillAdminViewSet, basename='admin-skill') router.register(r'roles', RoleAdminViewSet, basename='admin-role') router.register(r'role-skills', RoleSkillAdminViewSet, basename='admin-role-skill') router.register(r'resources', ResourceAdminViewSet, basename='admin-resource') router.register(r'checkpoints', ResourceCheckpointAdminViewSet, basename='admin-checkpoint') router.register(r'skill-resources', SkillResourceAdminViewSet, basename='admin-skill-resource') urlpatterns = [ path('', include(router.urls)), ]