Add user verification endpoint and logic; implement check against Person API

2025-06-27 22:03:58 +00:00 · 2025-06-10 16:42:13 +05:00
parent 26d7fb6dd1
commit 3957ca0ea4
3 changed files with 161 additions and 0 deletions
--- a/api/views.py
+++ b/api/views.py
@ -32,6 +32,7 @@ from django.core.mail import send_mail
 from django.db.models import Q
 from api.notifications import send_otp
 from .tasks import add
+from .utils import check_person_api_verification

 # local apps import
 from .serializers import (
@ -344,6 +345,54 @@ class ListUserView(StaffEditorPermissionMixin, generics.ListAPIView):
    filterset_class = UserFilter
    queryset = User.objects.all()

+    def get_queryset(self):
+        user = self.request.user
+        if user.is_authenticated and user.is_staff:
+            return User.objects.all()
+        return User.objects.filter(is_staff=False)
+
+
+class UserVerifyAPIView(StaffEditorPermissionMixin, generics.UpdateAPIView):
+    serializer_class = CustomUserSerializer
+    queryset = User.objects.all()
+    lookup_field = "pk"
+
+    def update(self, request, *args, **kwargs):
+        user_id = kwargs.get("pk")
+        user = get_object_or_404(User, pk=user_id)
+        if request.user != user and (
+            not request.user.is_authenticated
+            or not getattr(request.user, "is_admin", False)
+        ):
+            return Response(
+                {"message": "You are not authorized to update this user."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        serializer = self.get_serializer(user, data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        verified_person = check_person_api_verification(
+            user_data=user, id_card=user.id_card
+        )
+        if not verified_person["ok"]:
+            return Response(
+                {
+                    "message": "User verification failed. Please check sarlink user details.",
+                    "mismatch_fields": verified_person["mismatch_fields"],
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if verified_person["mismatch_fields"]:
+            return Response(
+                {
+                    "message": "User verification failed due to mismatched fields.",
+                    "mismatch_fields": verified_person["mismatch_fields"],
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        user.verified = True
+        user.save()
+        return Response({"message": "User verification status updated."})
+

@api_view(["GET"])
 def filter_user(request):