From 172ddf4da466522be69735c5f8b5ee1d6659c173 Mon Sep 17 00:00:00 2001 From: xoliqberdiyev Date: Tue, 28 Apr 2026 17:47:55 +0500 Subject: [PATCH] add new admin user delete api --- core/apps/accounts/urls.py | 2 ++ core/apps/accounts/views/user.py | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/core/apps/accounts/urls.py b/core/apps/accounts/urls.py index c460801..9efef89 100644 --- a/core/apps/accounts/urls.py +++ b/core/apps/accounts/urls.py @@ -9,6 +9,7 @@ from .views import RegisterView, ResetPasswordView, MeView, ChangePasswordView, from rest_framework.routers import DefaultRouter from .views.permission import PermissionToActionViewSet, PermissionToTabViewSet, PermissionViewSet, RoleViewSet +from core.apps.accounts.views.user import DeleteAdminUserApiView router = DefaultRouter() router.register("auth", RegisterView, basename="auth") @@ -31,4 +32,5 @@ urlpatterns = [ path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"), path("admin/create/", AdminCreateAPIView.as_view(), name="user-create"), path("admin/update//", AdminUpdateAPIView.as_view(), name="user-update"), + path('user/admin//delete/', DeleteAdminUserApiView.as_view(), name='user-delete') ] diff --git a/core/apps/accounts/views/user.py b/core/apps/accounts/views/user.py index c0e5a9d..be2324b 100644 --- a/core/apps/accounts/views/user.py +++ b/core/apps/accounts/views/user.py @@ -79,3 +79,19 @@ class AdminUpdateAPIView(generics.GenericAPIView): serializer.save() return Response(serializer.data, status=200) + + +class DeleteAdminUserApiView(APIView): + permission_classes = [IsAuthenticated] + + def delete(self, request, pk): + if request.user.role != RoleChoice.SUPERUSER: + return Response({'detail': 'Forbidden'}, status=403) + + + user = get_object_or_404(User, pk=pk) + if user.role != RoleChoice.ADMIN: + return Response({'detail': 'This user is not an admin'}, status=400) + user.delete() + + return Response(status=204)