From 0696eba624cde8a965ec2b9f9785ed4a4d01bb67 Mon Sep 17 00:00:00 2001
From: Mojtaba-z <mojtaba.zolfaghari30@gmail.com>
Date: Wed, 6 Aug 2025 14:27:44 +0330
Subject: [PATCH] if role of user changed, permissions change

---
 apps/authorization/api/v1/serializers.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/apps/authorization/api/v1/serializers.py b/apps/authorization/api/v1/serializers.py
index b970ed4..deb721f 100644
--- a/apps/authorization/api/v1/serializers.py
+++ b/apps/authorization/api/v1/serializers.py
@@ -8,7 +8,6 @@ from apps.authorization.models import (
     Page
 )
 from apps.authentication.api.v1.serializers import serializer as auth_serializer
-from apps.authentication.models import Organization
 import itertools
 
 
@@ -146,9 +145,16 @@ class UserRelationSerializer(serializers.ModelSerializer):
     def update(self, instance, validated_data):
         """ update user relation object """
 
-        instance.role = validated_data.get('role', instance.role)
+        # if role of user changed, clear all permissions and set new role permissions for user
+        if not instance.role == validated_data.get('role', instance.role):
+            instance.role = validated_data.get('role', instance.role)
+            instance.permissions.clear()
+            instance.permissions.add(*instance.role.permissions.all())
+
         instance.organization = validated_data.get('organization', instance.organization)
         instance.save()
-        instance.permissions.clear()
-        instance.permissions.add(*(validated_data.get('permissions', instance.permissions)))
+
+        if validated_data.get('permissions'):
+            instance.permissions.clear()
+            instance.permissions.add(*(validated_data.get('permissions', instance.permissions)))
         return instance