From 7ffaff2c11f4f7b774b62843803547d7bd648531 Mon Sep 17 00:00:00 2001 From: Mojtaba-z Date: Tue, 28 Oct 2025 13:51:05 +0330 Subject: [PATCH] fix - cant delete admin role --- apps/authentication/api/v1/api.py | 4 ++-- apps/authorization/api/v1/api.py | 10 ++++++++++ apps/authorization/exception.py | 8 ++++++++ logs/django_requests.log | 4 ++++ 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 apps/authorization/exception.py diff --git a/apps/authentication/api/v1/api.py b/apps/authentication/api/v1/api.py index 1884ba0..5c03cc7 100644 --- a/apps/authentication/api/v1/api.py +++ b/apps/authentication/api/v1/api.py @@ -349,7 +349,7 @@ class OrganizationViewSet(BaseViewSet, SoftDeleteMixin, ModelViewSet, DynamicSea page = self.paginate_queryset(queryset) # paginate queryset - if page is not None: + if page is not None: # noqa serializer = self.serializer_class(page, many=True) return self.get_paginated_response(serializer.data) @@ -396,7 +396,7 @@ class GeneralOTPViewSet(SoftDeleteMixin, ModelViewSet): role__role_name='Management').first().user.mobile return user_mobile - if data['get_mobile_type'] == 'general': + if data['get_mobile_type'] == 'general': # noqa return data['mobile'] @action( diff --git a/apps/authorization/api/v1/api.py b/apps/authorization/api/v1/api.py index 103c6f0..a40b334 100644 --- a/apps/authorization/api/v1/api.py +++ b/apps/authorization/api/v1/api.py @@ -13,6 +13,7 @@ from apps.authorization.api.v1.serializers import ( UserRelationSerializer, PageSerializer ) +from apps.authorization.exception import AdminRoleDeleteException from apps.authorization.models import ( Role, Permissions, @@ -41,6 +42,15 @@ class RoleViewSet(BaseViewSet, SoftDeleteMixin, viewsets.ModelViewSet): serializer = self.get_serializer(role, many=True) return self.get_paginated_response(serializer.data) + def destroy(self, request, pk=None, *args, **kwargs): + """ soft delete of role except Admin """ + + role = self.get_object() + if role.type.key == 'ADM': + raise AdminRoleDeleteException() + role.soft_delete() + return Response(status=status.HTTP_200_OK) + class PageViewSet(SoftDeleteMixin, viewsets.ModelViewSet): """ add website pages to system to set permission on it """ diff --git a/apps/authorization/exception.py b/apps/authorization/exception.py new file mode 100644 index 0000000..921463b --- /dev/null +++ b/apps/authorization/exception.py @@ -0,0 +1,8 @@ +from rest_framework import status +from rest_framework.exceptions import APIException + + +class AdminRoleDeleteException(APIException): + status_code = status.HTTP_403_FORBIDDEN + default_detail = 'نقش ادمین قابلیت حذف شدن ندارد' # noqa + default_code = 'admin_role_delete_exception' diff --git a/logs/django_requests.log b/logs/django_requests.log index 8d3f84a..e5611c5 100644 --- a/logs/django_requests.log +++ b/logs/django_requests.log @@ -305,3 +305,7 @@ django.core.exceptions.FieldError: Unsupported lookup 'name' for ForeignKey or j [2025-10-28 09:51:26,296] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authorization\services\role_child.py changed, reloading. [2025-10-28 09:51:28,557] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader [2025-10-28 09:58:41,881] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authentication\api\v1\api.py changed, reloading. +[2025-10-28 09:58:44,377] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader +[2025-10-28 10:24:56,044] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authentication\api\v1\api.py changed, reloading. +[2025-10-28 10:25:01,182] INFO django.utils.autoreload | IP: - | Path: - | Watching for file changes with StatReloader +[2025-10-28 13:50:35,064] INFO django.utils.autoreload | IP: - | Path: - | D:\Project\Rasaddam_Backend\apps\authorization\api\v1\api.py changed, reloading.