/api/v1/admin-user/list/ edit va post

core/apps/accounts/serializers/user.py

@@ -30,3 +30,13 @@ class UserUpdateSerializer(serializers.ModelSerializer):
             "last_name",
             "avatar"
         ]
+class UserCreateSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = get_user_model()
+        fields = [
+            "phone",
+            "first_name",
+            "last_name",
+            "password",
+            "role"
+        ]

core/apps/accounts/urls.py

@@ -4,7 +4,8 @@ Accounts app urls
 
 from django.urls import path, include
 from rest_framework_simplejwt import views as jwt_views
-from .views import RegisterView, ResetPasswordView, MeView, ChangePasswordView, UserListApiView, AdminUserListApiView
+from .views import RegisterView, ResetPasswordView, MeView, ChangePasswordView, UserListApiView, AdminUserListApiView, \
+    UserCreate, UserUpdate
 from rest_framework.routers import DefaultRouter
 
 router = DefaultRouter()
@@ -25,4 +26,6 @@ urlpatterns = [
     ),
     path("user/list/", UserListApiView.as_view(), name="user-list"),
     path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"),
+    path("user/create/", UserCreate.as_view(), name="user-create"),
+    path("user/update/", UserUpdate.as_view(), name="user-update"),
 ]

core/apps/accounts/views/user.py

@@ -1,15 +1,17 @@
 from django.contrib.auth import get_user_model
-
+from django.shortcuts import get_object_or_404
+from drf_spectacular.utils import extend_schema
+from h11 import Response
 from rest_framework import generics, filters
 from rest_framework.permissions import IsAuthenticated
+from rest_framework.views import APIView
 
-from drf_spectacular.utils import extend_schema
-
-from core.apps.accounts.serializers.user import UserSerializer
 from core.apps.accounts.choices.user import RoleChoice
+from core.apps.accounts.serializers.user import UserSerializer, UserCreateSerializer
 
 User = get_user_model()
 
+
 @extend_schema(tags=['User'])
 class UserListApiView(generics.ListAPIView):
     queryset = User.objects.filter(role=RoleChoice.USER)
@@ -29,3 +31,37 @@ class AdminUserListApiView(generics.ListAPIView):
     permission_classes = [IsAuthenticated]
     filter_backends = [filters.SearchFilter]
     search_fields = ['phone', 'first_name', 'last_name']
+
+
+@extend_schema(tags=['User'],
+               responses={200: UserSerializer},
+               request=UserCreateSerializer)
+class UserCreate(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request):
+        if request.user.role not in (RoleChoice.SUPERUSER, RoleChoice.ADMIN):
+            return Response({'detail': 'Forbidden'}, status=403)
+
+        serializer = UserCreateSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+
+        return Response(serializer.data, status=201)
+
+@extend_schema(tags=['User'],
+               responses={200: UserSerializer},
+               request=UserCreateSerializer)
+class UserUpdate(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def put(self, request, pk):
+        if request.user.role not in (RoleChoice.SUPERUSER, RoleChoice.ADMIN):
+            return Response({'detail': 'Forbidden'}, status=403)
+
+        user = get_object_or_404(User, pk=pk)
+        serializer = UserCreateSerializer(user, data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+
+        return Response(serializer.data, status=200)