From 0af53bddb8a50142c628a4d2ebbaa0f621031101 Mon Sep 17 00:00:00 2001 From: Mojtaba-z Date: Mon, 27 Oct 2025 15:53:47 +0330 Subject: [PATCH] admin users can not be deleted --- apps/authentication/api/v1/api.py | 18 +++++++++++++++++- apps/authentication/exceptions.py | 7 +++++++ logs/django_requests.log | 3 +++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/apps/authentication/api/v1/api.py b/apps/authentication/api/v1/api.py index b9fbd3e..90c3833 100644 --- a/apps/authentication/api/v1/api.py +++ b/apps/authentication/api/v1/api.py @@ -13,6 +13,9 @@ from rest_framework.views import APIView from rest_framework.viewsets import ModelViewSet from rest_framework_simplejwt.views import TokenObtainPairView +from apps.authentication.exceptions import AdminDeleteException +from apps.core.api import BaseViewSet + from apps.authentication.api.v1.serializers.jwt import CustomizedTokenObtainPairSerializer from apps.authentication.api.v1.serializers.serializer import ( CitySerializer, @@ -22,6 +25,7 @@ from apps.authentication.api.v1.serializers.serializer import ( UserSerializer, BankAccountSerializer, ) +from apps.authentication.mixins.region_filter import RegionFilterMixin from apps.authentication.models import ( User, City, @@ -33,7 +37,6 @@ from apps.authentication.models import ( ) from apps.authentication.tools import get_token_jti from apps.authorization.api.v1 import api as authorize_view -from apps.core.api import BaseViewSet from apps.core.mixins.search_mixin import DynamicSearchMixin from apps.core.mixins.soft_delete_mixin import SoftDeleteMixin from common.helpers import get_organization_by_user @@ -162,6 +165,19 @@ class UserViewSet(SoftDeleteMixin, ModelViewSet): ) return Response(serializer.data, status.HTTP_200_OK) + def destroy(self, request, pk=None, *args, **kwargs): + """ + remove user from system except admin users + """ + user = self.get_object() + user_relations = authorize_view.UserRelations.objects.filter(user=user).first() + if user_relations.role.type.key != 'ADM': + raise AdminDeleteException() + else: + user_relations.objects.update(trash=True) + + return Response(status=status.HTTP_204_NO_CONTENT) + class CityViewSet(BaseViewSet, SoftDeleteMixin, ModelViewSet): """ Crud operations for city model """ # diff --git a/apps/authentication/exceptions.py b/apps/authentication/exceptions.py index ff3307d..73f976c 100644 --- a/apps/authentication/exceptions.py +++ b/apps/authentication/exceptions.py @@ -25,3 +25,10 @@ class UserExistException(APIException): status_code = status.HTTP_403_FORBIDDEN default_detail = _('کاربری با این شماره موبایل یا با این نام کاربری از قبل وجود دارد') # noqa default_code = 'user_does_not_exist' + +class AdminDeleteException(APIException): + """ admin user can not be deleted """ + + status_code = status.HTTP_403_FORBIDDEN + default_detail = _('این کاربر ادمین است و قابلیت حذف ندارد') # noqa + default_code = 'user_does_not_exist' diff --git a/logs/django_requests.log b/logs/django_requests.log index dc71c9b..b2b94de 100644 --- a/logs/django_requests.log +++ b/logs/django_requests.log @@ -23,3 +23,6 @@ [2025-10-27 14:46:25,256] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authentication\api\v1\serializers\serializer.py changed, reloading. [2025-10-27 14:46:27,085] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader [2025-10-27 15:36:00,646] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\core\api.py changed, reloading. +[2025-10-27 15:36:02,875] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader +[2025-10-27 15:53:23,156] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authentication\exceptions.py changed, reloading. +[2025-10-27 15:53:26,735] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader