filter all apis of organization city & province - cant remove own user or organoization

apps/authentication/api/v1/api.py

@@ -1,7 +1,19 @@
+import random
+import typing
+
+from django.contrib.auth.hashers import make_password
+from django.core.cache import cache
+from django.db import transaction
+from rest_framework import filters
+from rest_framework import status
+from rest_framework.decorators import action
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
+from rest_framework.viewsets import ModelViewSet
+from rest_framework_simplejwt.views import TokenObtainPairView
+
 from apps.authentication.api.v1.serializers.jwt import CustomizedTokenObtainPairSerializer
-from apps.core.mixins.soft_delete_mixin import SoftDeleteMixin
-from rest_framework.decorators import action, permission_classes
-from apps.authentication import permissions as auth_permissions
 from apps.authentication.api.v1.serializers.serializer import (
     CitySerializer,
     ProvinceSerializer,
@@ -10,16 +22,6 @@ from apps.authentication.api.v1.serializers.serializer import (
     UserSerializer,
     BankAccountSerializer,
 )
-from rest_framework_simplejwt.views import TokenObtainPairView
-from apps.core.mixins.search_mixin import DynamicSearchMixin
-from apps.core.pagination import CustomPageNumberPagination
-from apps.authorization.api.v1 import api as authorize_view
-from rest_framework.permissions import IsAuthenticated
-from django.contrib.auth.hashers import make_password
-from apps.authentication.tools import get_token_jti
-from common.helpers import get_organization_by_user
-from rest_framework.viewsets import ModelViewSet
-from rest_framework.permissions import AllowAny
 from apps.authentication.models import (
     User,
     City,
@@ -29,16 +31,14 @@ from apps.authentication.models import (
     BankAccountInformation,
     BlacklistedAccessToken
 )
-from rest_framework.response import Response
-from common.tools import CustomOperations
-from rest_framework.views import APIView
-from django.core.cache import cache
-from rest_framework import filters
-from rest_framework import status
-from django.db import transaction
+from apps.authentication.tools import get_token_jti
+from apps.authorization.api.v1 import api as authorize_view
+from apps.core.api import BaseViewSet
+from apps.core.mixins.search_mixin import DynamicSearchMixin
+from apps.core.mixins.soft_delete_mixin import SoftDeleteMixin
+from common.helpers import get_organization_by_user
 from common.sms import send_sms
-import random
-import typing
+from common.tools import CustomOperations
 
 
 class CustomizedTokenObtainPairView(TokenObtainPairView):
@@ -148,11 +148,6 @@ class UserViewSet(SoftDeleteMixin, ModelViewSet):
         else:
             return Response(serializer.errors, status=status.HTTP_403_FORBIDDEN)
 
-    def destroy(self, request, *args, **kwargs):
-        instance = self.get_object()
-        self.perform_destroy(instance)
-        return Response(status=status.HTTP_204_NO_CONTENT)
-
     @action(
         methods=['get'],
         detail=False,
@@ -168,18 +163,24 @@ class UserViewSet(SoftDeleteMixin, ModelViewSet):
         return Response(serializer.data, status.HTTP_200_OK)
 
 
-class CityViewSet(SoftDeleteMixin, ModelViewSet):
+class CityViewSet(BaseViewSet, SoftDeleteMixin, ModelViewSet):
     """ Crud operations for city model """  #
     queryset = City.objects.all()
     serializer_class = CitySerializer
 
     def list(self, request, *args, **kwargs):
         """ return list of cities by province """
+        param = request.query_params
+
+        if param.get('province'):
+            queryset = self.queryset.filter(
+                province_id=int(request.GET['province'])
+            )
+        else:
+            queryset = self.get_queryset()
 
         serializer = self.serializer_class(
-            self.queryset.filter(
-                province_id=int(request.GET['province'])
-            ), many=True
+            queryset, many=True
         )
         return Response(serializer.data, status=status.HTTP_200_OK)
 
@@ -196,7 +197,7 @@ class OrganizationTypeViewSet(SoftDeleteMixin, ModelViewSet):
     serializer_class = OrganizationTypeSerializer
 
 
-class OrganizationViewSet(SoftDeleteMixin, ModelViewSet, DynamicSearchMixin):
+class OrganizationViewSet(BaseViewSet, SoftDeleteMixin, ModelViewSet, DynamicSearchMixin):
     """ Crud operations for organization model """  #
     queryset = Organization.objects.all()
     serializer_class = OrganizationSerializer
@@ -221,12 +222,13 @@ class OrganizationViewSet(SoftDeleteMixin, ModelViewSet, DynamicSearchMixin):
 
     def list(self, request, *args, **kwargs):
         """ all organization """
+        queryset = self.get_queryset()
 
-        query = self.filter_query(self.queryset)
+        query = self.filter_query(queryset)
 
         page = self.paginate_queryset(query.order_by('-create_date'))  # paginate queryset
 
-        if page is not None:
+        if page is not None:  # noqa
             serializer = self.serializer_class(page, many=True)
             return self.get_paginated_response(serializer.data)
 
@@ -328,7 +330,8 @@ class OrganizationViewSet(SoftDeleteMixin, ModelViewSet, DynamicSearchMixin):
         child_organizations = self.get_all_org_child(organization)
 
         # search & filter
-        queryset = self.filter_query(self.queryset.filter(id__in={instance.id for instance in child_organizations}))
+        queryset = self.filter_query(
+            self.get_queryset().filter(id__in={instance.id for instance in child_organizations}))
 
         page = self.paginate_queryset(queryset)  # paginate queryset
 

apps/authentication/api/v1/serializers/serializer.py

@@ -1,8 +1,10 @@
 import typing
 
 from django.contrib.auth.hashers import make_password
+from django.db.models import Q
 from rest_framework import serializers
 
+from apps.authentication.exceptions import UserExistException
 from apps.authentication.models import (
     User,
     City,
@@ -99,6 +101,13 @@ class UserSerializer(serializers.ModelSerializer):
             }
         }
 
+    def validate(self, attrs):
+        mobile = attrs['mobile']
+        national_code = attrs['national_code']
+
+        if self.Meta.model.objects.filter(Q(mobile=mobile) | Q(national_code=national_code)).exists():
+            raise UserExistException()
+
     def to_representation(self, instance):
         """ Custom output """
 
@@ -133,6 +142,8 @@ class UserSerializer(serializers.ModelSerializer):
         instance.nationality = validated_data.get('nationality')
         instance.ownership = validated_data.get('ownership')
         instance.address = validated_data.get('address')
+        instance.address = validated_data.get('unit_name')
+        instance.address = validated_data.get('unit_national_id')
         instance.photo = validated_data.get('photo')
         instance.province = validated_data.get('province', instance.province)
         instance.city = validated_data.get('city', instance.city)

apps/authentication/exceptions.py

@@ -1,6 +1,6 @@
-from rest_framework.exceptions import APIException
 from django.utils.translation import gettext_lazy as _
 from rest_framework import status
+from rest_framework.exceptions import APIException
 
 
 class TokenBlackListedException(APIException):
@@ -17,3 +17,11 @@ class OrganizationBankAccountException(APIException):
     status_code = status.HTTP_403_FORBIDDEN
     default_detail = "برای این سازمان حساب بانکی تعریف نشده است, ابتدا حساب بانکی تعریف کنید"  # noqa
     default_code = "برای این سازمان حساب بانکی تعریف نشده است"  # noqa
+
+
+class UserExistException(APIException):
+    """ if user exist """
+
+    status_code = status.HTTP_403_FORBIDDEN
+    default_detail = _('کاربری با این شماره موبایل یا با این نام کاربری از قبل وجود دارد')  # noqa
+    default_code = 'user_does_not_exist'

apps/authentication/migrations/0038_organizationtype_region_scope.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0 on 2025-10-27 05:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('authentication', '0037_user_unit_name_user_unit_national_id'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='organizationtype',
+            name='region_scope',
+            field=models.CharField(choices=[('national', 'کشوری'), ('province', 'استان'), ('city', 'شهرستان')], default='city', max_length=50),
+        ),
+    ]

apps/authentication/mixins/region_filter.py

@@ -0,0 +1,41 @@
+import typing
+
+from common.helpers import get_organization_by_user
+
+
+class RegionFilterMixin:
+    """
+    Filters queryset automatically based on:
+    - Query params (city / province)
+    - Or the organization type of the current user
+    """
+
+    def filter_by_region(self, queryset, org: bool = None) -> typing.Any:
+        request = self.request  # noqa
+        city_id = int(request.query_params.get('city_id'))
+        province_id = int(request.query_params.get('province_id'))
+        organization = get_organization_by_user(self.request.user)  # noqa
+
+        if city_id:
+            queryset = queryset.filter(city_id=city_id)
+
+        elif province_id:
+            if hasattr(queryset.model, 'province_id'):
+                queryset = queryset.filter(province_id=province_id)
+
+        # filter by organization type region
+        if org:
+            scope = organization.activity_fields
+
+            if scope == 'CI':
+                queryset = queryset.filter(city=organization.city)
+
+            elif scope == 'PR':
+                if hasattr(queryset.model, 'province_id'):
+                    queryset = queryset.filter(province=organization.province)
+
+            # if organization is admin of system
+            elif scope == 'CO':
+                return queryset
+
+        return queryset