core/apps/accounts/urls.py

@@ -9,6 +9,7 @@ from .views import RegisterView, ResetPasswordView, MeView, ChangePasswordView,
 from rest_framework.routers import DefaultRouter
 
 from .views.permission import PermissionToActionViewSet, PermissionToTabViewSet, PermissionViewSet, RoleViewSet
+from core.apps.accounts.views.user import DeleteAdminUserApiView
 
 router = DefaultRouter()
 router.register("auth", RegisterView, basename="auth")
@@ -31,4 +32,5 @@ urlpatterns = [
     path("admin-user/list/", AdminUserListApiView.as_view(), name="admin-user-list"),
     path("admin/create/", AdminCreateAPIView.as_view(), name="user-create"),
     path("admin/update/<int:pk>/", AdminUpdateAPIView.as_view(), name="user-update"),
+    path('user/admin/<int:pk>/delete/', DeleteAdminUserApiView.as_view(), name='user-delete')
 ]

core/apps/accounts/views/user.py

@@ -79,3 +79,19 @@ class AdminUpdateAPIView(generics.GenericAPIView):
         serializer.save()
 
         return Response(serializer.data, status=200)
+
+
+class DeleteAdminUserApiView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def delete(self, request, pk):
+        if request.user.role != RoleChoice.SUPERUSER:
+            return Response({'detail': 'Forbidden'}, status=403)
+
+
+        user = get_object_or_404(User, pk=pk)
+        if user.role != RoleChoice.ADMIN:
+            return Response({'detail': 'This user is not an admin'}, status=400)
+        user.delete()
+
+        return Response(status=204)