From 142128d6a880b8614065a950746910b4a6770726 Mon Sep 17 00:00:00 2001
From: Mojtaba-z <mojtaba.zolfaghari30@gmail.com>
Date: Mon, 20 Oct 2025 16:37:52 +0330
Subject: [PATCH] connectionless permissions

---
 apps/authorization/api/v1/api.py | 42 +++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 11 deletions(-)

diff --git a/apps/authorization/api/v1/api.py b/apps/authorization/api/v1/api.py
index 723931a..7b0b563 100644
--- a/apps/authorization/api/v1/api.py
+++ b/apps/authorization/api/v1/api.py
@@ -1,27 +1,26 @@
-from rest_framework_simplejwt.authentication import JWTAuthentication
-from apps.core.mixins.soft_delete_mixin import SoftDeleteMixin
-from rest_framework.permissions import AllowAny, IsAuthenticated
-from apps.core.pagination import CustomPageNumberPagination
-from apps.core.exceptions import ConflictException
+from django.db import transaction
+from django.db.models import Count
+from rest_framework import filters
+from rest_framework import status
+from rest_framework import viewsets
+from rest_framework.decorators import action
 from rest_framework.exceptions import APIException
+from rest_framework.response import Response
+
 from apps.authorization.api.v1.serializers import (
     RoleSerializer,
     PermissionSerializer,
     UserRelationSerializer,
     PageSerializer
 )
-from rest_framework.decorators import action
-from rest_framework.response import Response
 from apps.authorization.models import (
     Role,
     Permissions,
     UserRelations,
     Page
 )
-from rest_framework import viewsets
-from django.db import transaction
-from rest_framework import filters
-from rest_framework import status
+from apps.core.exceptions import ConflictException
+from apps.core.mixins.soft_delete_mixin import SoftDeleteMixin
 
 
 class RoleViewSet(SoftDeleteMixin, viewsets.ModelViewSet):
@@ -96,6 +95,27 @@ class PermissionViewSet(SoftDeleteMixin, viewsets.ModelViewSet):
         else:
             return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @action(
+        methods=['get'],
+        detail=False,
+        url_name='connectionless_permissions',
+        url_path='connectionless_permissions',
+        name='connectionless_permissions'
+    )
+    @transaction.atomic
+    def connectionless_permissions(self, request, *args, **kwargs):
+        """ get all permissions that are not assigned to any user relation """
+
+        permissions = Permissions.objects.annotate(num=Count('userrelations')).filter(num=0)
+
+        page = self.paginate_queryset(permissions)
+        if page is not None:
+            serializer = self.get_serializer(page, many=True)
+            return self.get_paginated_response(serializer.data)
+
+        serializer = self.get_serializer(permissions, many=True)
+        return Response(serializer.data)
+
 
 class UserRelationViewSet(SoftDeleteMixin, viewsets.ModelViewSet):
     """ Crud Operations for User Relations """