feat(user): add user rejection endpoint and improve verification response messages ✨

2025-07-17 20:55:50 +00:00 · 2025-07-13 19:38:01 +05:00
parent ff065fa4a9
commit eee314af46
2 changed files with 55 additions and 10 deletions
--- a/api/views.py
+++ b/api/views.py
@ -7,6 +7,7 @@ from rest_framework.authtoken.serializers import AuthTokenSerializer
 from api.filters import UserFilter
 from api.mixins import StaffEditorPermissionMixin
 from api.models import User, Atoll, Island, TemporaryUser
+from api.notifications import send_sms
 from rest_framework.response import Response
 from rest_framework import status
 from rest_framework.exceptions import ValidationError
@ -407,28 +408,69 @@ class UserVerifyAPIView(StaffEditorPermissionMixin, generics.UpdateAPIView):
            )
        serializer = self.get_serializer(user, data=request.data, partial=True)
        serializer.is_valid(raise_exception=True)
-        verified_person = check_person_api_verification(
-            user_data=user, id_card=user.id_card
-        )
-        if not verified_person["ok"]:
+        result = check_person_api_verification(user_data=user, id_card=user.id_card)
+        if not result["ok"]:
            return Response(
                {
-                    "message": "User verification failed. Please check sarlink user details.",
-                    "mismatch_fields": verified_person["mismatch_fields"],
+                    "message": "User verification failed. Please check the api user details.",
+                    "mismatch_fields": result["mismatch_fields"],
                },
                status=status.HTTP_400_BAD_REQUEST,
            )
-        if verified_person["mismatch_fields"]:
+        if result["mismatch_fields"]:
            return Response(
                {
                    "message": "User verification failed due to mismatched fields.",
-                    "mismatch_fields": verified_person["mismatch_fields"],
+                    "mismatch_fields": result["mismatch_fields"],
                },
                status=status.HTTP_400_BAD_REQUEST,
            )
        user.verified = True
        user.save()
-        return Response({"message": "User verification status updated."})
+        return Response({"message": "User successfully verified."})
+
+
+class UserRejectAPIView(StaffEditorPermissionMixin, generics.DestroyAPIView):
+    serializer_class = CustomUserSerializer
+    queryset = User.objects.all()
+    lookup_field = "pk"
+
+    def destroy(self, request, *args, **kwargs):
+        rejection_details = request.data.get("rejection_details", "")
+        if not rejection_details:
+            return Response(
+                {"message": "Rejection details are required."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        user_id = kwargs.get("pk")
+        user = get_object_or_404(User, pk=user_id)
+        mobile_number = user.mobile
+        if not mobile_number:
+            return Response(
+                {"message": "User does not have a mobile number."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+        if user.is_superuser:
+            return Response(
+                {"message": "You cannot remove a superuser."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        if request.user != user and (
+            not request.user.is_authenticated
+            or not getattr(request.user, "is_admin", False)
+        ):
+            return Response(
+                {"message": "You are not authorized to reject this user."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        user.delete()
+        t_user = get_object_or_404(TemporaryUser, t_mobile=user.mobile)
+        t_user.delete()
+        send_sms(message=rejection_details, mobile=mobile_number)
+        return Response(
+            {"message": "User successfully rejected."},
+            status=status.HTTP_204_NO_CONTENT,
+        )


@api_view(["GET"])