diff --git a/api/urls.py b/api/urls.py index d228ae0..7517049 100644 --- a/api/urls.py +++ b/api/urls.py @@ -22,6 +22,7 @@ from .views import ( VerifyOTPView, UserVerifyAPIView, UserUpdateAPIView, + UserRejectAPIView, ) @@ -39,10 +40,12 @@ urlpatterns = [ "update-wallet//", UpdateUserWalletView.as_view(), name="update-wallet" ), path("users//", UserDetailAPIView.as_view(), name="user-detail"), - path("users//verify/", UserVerifyAPIView.as_view(), name="user-verify"), path("users//update/", UserUpdateAPIView.as_view(), name="user-update"), path("users/filter/", filter_user, name="filter-users"), path("users/temp/filter/", filter_temporary_user, name="filter-temporary-users"), + # User verification flow + path("users//verify/", UserVerifyAPIView.as_view(), name="user-verify"), + path("users//reject/", UserRejectAPIView.as_view(), name="user-reject"), path("healthcheck/", healthcheck, name="healthcheck"), path("test/", test_email, name="testemail"), path("atolls/", ListAtollView.as_view(), name="atolls"), diff --git a/api/views.py b/api/views.py index b8afac0..0f8230b 100644 --- a/api/views.py +++ b/api/views.py @@ -7,6 +7,7 @@ from rest_framework.authtoken.serializers import AuthTokenSerializer from api.filters import UserFilter from api.mixins import StaffEditorPermissionMixin from api.models import User, Atoll, Island, TemporaryUser +from api.notifications import send_sms from rest_framework.response import Response from rest_framework import status from rest_framework.exceptions import ValidationError @@ -407,28 +408,69 @@ class UserVerifyAPIView(StaffEditorPermissionMixin, generics.UpdateAPIView): ) serializer = self.get_serializer(user, data=request.data, partial=True) serializer.is_valid(raise_exception=True) - verified_person = check_person_api_verification( - user_data=user, id_card=user.id_card - ) - if not verified_person["ok"]: + result = check_person_api_verification(user_data=user, id_card=user.id_card) + if not result["ok"]: return Response( { - "message": "User verification failed. Please check sarlink user details.", - "mismatch_fields": verified_person["mismatch_fields"], + "message": "User verification failed. Please check the api user details.", + "mismatch_fields": result["mismatch_fields"], }, status=status.HTTP_400_BAD_REQUEST, ) - if verified_person["mismatch_fields"]: + if result["mismatch_fields"]: return Response( { "message": "User verification failed due to mismatched fields.", - "mismatch_fields": verified_person["mismatch_fields"], + "mismatch_fields": result["mismatch_fields"], }, status=status.HTTP_400_BAD_REQUEST, ) user.verified = True user.save() - return Response({"message": "User verification status updated."}) + return Response({"message": "User successfully verified."}) + + +class UserRejectAPIView(StaffEditorPermissionMixin, generics.DestroyAPIView): + serializer_class = CustomUserSerializer + queryset = User.objects.all() + lookup_field = "pk" + + def destroy(self, request, *args, **kwargs): + rejection_details = request.data.get("rejection_details", "") + if not rejection_details: + return Response( + {"message": "Rejection details are required."}, + status=status.HTTP_400_BAD_REQUEST, + ) + user_id = kwargs.get("pk") + user = get_object_or_404(User, pk=user_id) + mobile_number = user.mobile + if not mobile_number: + return Response( + {"message": "User does not have a mobile number."}, + status=status.HTTP_400_BAD_REQUEST, + ) + if user.is_superuser: + return Response( + {"message": "You cannot remove a superuser."}, + status=status.HTTP_403_FORBIDDEN, + ) + if request.user != user and ( + not request.user.is_authenticated + or not getattr(request.user, "is_admin", False) + ): + return Response( + {"message": "You are not authorized to reject this user."}, + status=status.HTTP_403_FORBIDDEN, + ) + user.delete() + t_user = get_object_or_404(TemporaryUser, t_mobile=user.mobile) + t_user.delete() + send_sms(message=rejection_details, mobile=mobile_number) + return Response( + {"message": "User successfully rejected."}, + status=status.HTTP_204_NO_CONTENT, + ) @api_view(["GET"])