admin users can not be deleted

2025-10-27 15:53:47 +03:30
parent caf11802f7
commit 0af53bddb8
3 changed files with 27 additions and 1 deletions
--- a/apps/authentication/api/v1/api.py
+++ b/apps/authentication/api/v1/api.py
@@ -13,6 +13,9 @@ from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet
 from rest_framework_simplejwt.views import TokenObtainPairView

+from apps.authentication.exceptions import AdminDeleteException
+from apps.core.api import BaseViewSet
+
 from apps.authentication.api.v1.serializers.jwt import CustomizedTokenObtainPairSerializer
 from apps.authentication.api.v1.serializers.serializer import (
    CitySerializer,
@@ -22,6 +25,7 @@ from apps.authentication.api.v1.serializers.serializer import (
    UserSerializer,
    BankAccountSerializer,
 )
+from apps.authentication.mixins.region_filter import RegionFilterMixin
 from apps.authentication.models import (
    User,
    City,
@@ -33,7 +37,6 @@ from apps.authentication.models import (
 )
 from apps.authentication.tools import get_token_jti
 from apps.authorization.api.v1 import api as authorize_view
-from apps.core.api import BaseViewSet
 from apps.core.mixins.search_mixin import DynamicSearchMixin
 from apps.core.mixins.soft_delete_mixin import SoftDeleteMixin
 from common.helpers import get_organization_by_user
@@ -162,6 +165,19 @@ class UserViewSet(SoftDeleteMixin, ModelViewSet):
        )
        return Response(serializer.data, status.HTTP_200_OK)

+    def destroy(self, request, pk=None, *args, **kwargs):
+        """
+        remove user from system except admin users
+        """
+        user = self.get_object()
+        user_relations = authorize_view.UserRelations.objects.filter(user=user).first()
+        if user_relations.role.type.key != 'ADM':
+            raise AdminDeleteException()
+        else:
+            user_relations.objects.update(trash=True)
+
+        return Response(status=status.HTTP_204_NO_CONTENT)
+

 class CityViewSet(BaseViewSet, SoftDeleteMixin, ModelViewSet):
    """ Crud operations for city model """  #
--- a/apps/authentication/exceptions.py
+++ b/apps/authentication/exceptions.py
@@ -25,3 +25,10 @@ class UserExistException(APIException):
    status_code = status.HTTP_403_FORBIDDEN
    default_detail = _('کاربری با این شماره موبایل یا با این نام کاربری از قبل وجود دارد')  # noqa
    default_code = 'user_does_not_exist'
+
+class AdminDeleteException(APIException):
+    """ admin user can not be deleted """
+
+    status_code = status.HTTP_403_FORBIDDEN
+    default_detail = _('این کاربر ادمین است و قابلیت حذف ندارد')  # noqa
+    default_code = 'user_does_not_exist'
--- a/logs/django_requests.log
+++ b/logs/django_requests.log
@@ -23,3 +23,6 @@
 [2025-10-27 14:46:25,256] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authentication\api\v1\serializers\serializer.py changed, reloading.
 [2025-10-27 14:46:27,085] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader
 [2025-10-27 15:36:00,646] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\core\api.py changed, reloading.
+[2025-10-27 15:36:02,875] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader
+[2025-10-27 15:53:23,156] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authentication\exceptions.py changed, reloading.
+[2025-10-27 15:53:26,735] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader