feat(agreement): add agreement field to user model and implement agreement upload functionality ✨

2025-10-06 20:11:35 +00:00 · 2025-07-25 00:01:56 +05:00
parent 087782e351
commit 9e4449d0d6
6 changed files with 83 additions and 0 deletions
--- a/api/views.py
+++ b/api/views.py
@@ -358,6 +358,51 @@ class UserUpdateAPIView(StaffEditorPermissionMixin, generics.UpdateAPIView):
        return super().update(request, *args, **kwargs)


+class UpdateAgreementView(StaffEditorPermissionMixin, generics.UpdateAPIView):
+    serializer_class = UserUpdateSerializer
+    queryset = User.objects.all()
+    lookup_field = "pk"
+
+    def update(self, request, *args, **kwargs):
+        user_id = kwargs.get("pk")
+        user = get_object_or_404(User, pk=user_id)
+        agreement_file = request.data.get("agreement_file")
+        if not agreement_file:
+            return Response(
+                {"message": "Agreement file is required."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if agreement_file.size > 10 * 1024 * 1024:  # 5 MB limit
+            return Response(
+                {"message": "File size exceeds 10 MB limit."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if agreement_file.content_type not in [
+            "application/pdf",
+        ]:
+            return Response(
+                {"message": "Invalid file type. Only PDF files are allowed."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if request.user != user and (
+            not request.user.is_authenticated
+            or not getattr(request.user, "is_admin", False)
+        ):
+            return Response(
+                {"message": "You are not authorized to update this user."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        serializer = self.get_serializer(
+            user,
+            data=request.data,
+            partial=True,
+        )
+        serializer.is_valid(raise_exception=True)
+        user.agreement = agreement_file
+        user.save()
+        return super().update(request, *args, **kwargs)
+
+
 class KnoxTokenListApiView(
    StaffEditorPermissionMixin,
    generics.ListAPIView,