Merge branch 'main' of https://gitea.felixits.uz/sifatbaho/backend-v1 into behruz

2026-04-30 15:22:18 +05:00
parent b39c080de3 7ad385af94
commit 7d49929772
9 changed files with 69 additions and 18 deletions
--- a/core/apps/accounts/serializers/permission.py
+++ b/core/apps/accounts/serializers/permission.py
@@ -10,7 +10,7 @@ class PermissionToActionSerializer(serializers.ModelSerializer):


 class PermissionToTabSerializer(serializers.ModelSerializer):
-    permission_to_actions = PermissionToActionSerializer(many=True)
+    permission_to_actions = PermissionToActionSerializer(many=True, read_only=True)

    class Meta:
        model = PermissionToTab
@@ -18,7 +18,7 @@ class PermissionToTabSerializer(serializers.ModelSerializer):


 class PermissionSerializer(serializers.ModelSerializer):
-    permission_tabs = PermissionToTabSerializer(many=True)
+    permission_tabs = PermissionToTabSerializer(many=True, read_only=True)

    class Meta:
        model = Permission
--- a/core/apps/accounts/views/user.py
+++ b/core/apps/accounts/views/user.py
@@ -9,6 +9,8 @@ from rest_framework.views import APIView
 from rest_framework.viewsets import ModelViewSet

 from core.apps.accounts.choices.user import RoleChoice
+from core.apps.accounts.models import Role
+from core.apps.accounts.serializers.permission import RoleListSerializer
 from core.apps.accounts.serializers.user import UserSerializer, AdminUserSerializer, UserCreateSerializer

 User = get_user_model()
@@ -64,7 +66,7 @@ class AdminCreateAPIView(APIView):
        return Response(serializer.data, status=201)


-@extend_schema(tags=['User'],)
+@extend_schema(tags=['User'], )
 class AdminUpdateAPIView(generics.GenericAPIView):
    permission_classes = [IsAuthenticated]
    serializer_class = UserCreateSerializer
@@ -88,7 +90,6 @@ class DeleteAdminUserApiView(APIView):
        if request.user.role != RoleChoice.SUPERUSER:
            return Response({'detail': 'Forbidden'}, status=403)

-
        user = get_object_or_404(User, pk=pk)
        if user.role != RoleChoice.ADMIN:
            return Response({'detail': 'This user is not an admin'}, status=400)
@@ -100,4 +101,17 @@ class DeleteAdminUserApiView(APIView):
 class UserDetailAPIView(generics.RetrieveAPIView):
    permission_classes = [IsAuthenticated]
    serializer_class = UserSerializer
-    lookup_field = 'id'
+    lookup_field = 'id'
+
+
+class AdminPermissionsAPIView(generics.GenericAPIView):
+    permission_classes = [IsAuthenticated]
+
+    def get(self, request):
+        if request.user.role.name != RoleChoice.ADMIN:
+            return Response({'detail': 'Forbidden'}, status=403)
+
+        admin_role = Role.objects.get(name=RoleChoice.ADMIN)
+
+        serializer = RoleListSerializer(admin_role)
+        return Response(serializer.data)