update

2026-04-29 14:21:33 +05:00
parent 51b30c2cc4
commit 1cb9551e81
1 changed files with 17 additions and 3 deletions
--- a/core/apps/accounts/views/user.py
+++ b/core/apps/accounts/views/user.py
@@ -9,6 +9,8 @@ from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet

 from core.apps.accounts.choices.user import RoleChoice
+from core.apps.accounts.models import Role
+from core.apps.accounts.serializers.permission import RoleListSerializer
 from core.apps.accounts.serializers.user import UserSerializer, AdminUserSerializer, UserCreateSerializer

 User = get_user_model()
@@ -64,7 +66,7 @@ class AdminCreateAPIView(APIView):
        return Response(serializer.data, status=201)


-@extend_schema(tags=['User'],)
+@extend_schema(tags=['User'], )
 class AdminUpdateAPIView(generics.GenericAPIView):
    permission_classes = [IsAuthenticated]
    serializer_class = UserCreateSerializer
@@ -88,7 +90,6 @@ class DeleteAdminUserApiView(APIView):
        if request.user.role != RoleChoice.SUPERUSER:
            return Response({'detail': 'Forbidden'}, status=403)

-
        user = get_object_or_404(User, pk=pk)
        if user.role != RoleChoice.ADMIN:
            return Response({'detail': 'This user is not an admin'}, status=400)
@@ -101,3 +102,16 @@ class UserDetailAPIView(generics.RetrieveAPIView):
    permission_classes = [IsAuthenticated]
    serializer_class = UserSerializer
    lookup_field = 'id'
+
+
+class AdminPermissionsAPIView(generics.GenericAPIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        if request.user.role.name != RoleChoice.ADMIN:
+            return Response({'detail': 'Forbidden'}, status=403)
+
+        admin_role = Role.objects.get(name=RoleChoice.ADMIN)
+
+        serializer = RoleListSerializer(admin_role)
+        return Response(serializer.data)