sarlink/sarlink-portal-api
7
0
Fork 0
mirror of https://github.com/i701/sarlink-portal-api.git synced 2025-07-17 14:45:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(user): add user rejection endpoint and improve verification response messages

Browse Source
This commit is contained in:
i701
2025-07-13 19:38:01 +05:00
parent ff065fa4a9
commit eee314af46
2 changed files with 55 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/urls.py
View File

@ -22,6 +22,7 @@ from .views import (
VerifyOTPView, VerifyOTPView,
UserVerifyAPIView, UserVerifyAPIView,
UserUpdateAPIView, UserUpdateAPIView,
UserRejectAPIView,
) )
@ -39,10 +40,12 @@ urlpatterns = [
"update-wallet/<int:pk>/", UpdateUserWalletView.as_view(), name="update-wallet" "update-wallet/<int:pk>/", UpdateUserWalletView.as_view(), name="update-wallet"
), ),
path("users/<int:pk>/", UserDetailAPIView.as_view(), name="user-detail"), path("users/<int:pk>/", UserDetailAPIView.as_view(), name="user-detail"),
path("users/<int:pk>/verify/", UserVerifyAPIView.as_view(), name="user-verify"),
path("users/<int:pk>/update/", UserUpdateAPIView.as_view(), name="user-update"), path("users/<int:pk>/update/", UserUpdateAPIView.as_view(), name="user-update"),
path("users/filter/", filter_user, name="filter-users"), path("users/filter/", filter_user, name="filter-users"),
path("users/temp/filter/", filter_temporary_user, name="filter-temporary-users"), path("users/temp/filter/", filter_temporary_user, name="filter-temporary-users"),
# User verification flow
path("users/<int:pk>/verify/", UserVerifyAPIView.as_view(), name="user-verify"),
path("users/<int:pk>/reject/", UserRejectAPIView.as_view(), name="user-reject"),
path("healthcheck/", healthcheck, name="healthcheck"), path("healthcheck/", healthcheck, name="healthcheck"),
path("test/", test_email, name="testemail"), path("test/", test_email, name="testemail"),
path("atolls/", ListAtollView.as_view(), name="atolls"), path("atolls/", ListAtollView.as_view(), name="atolls"),

60
api/views.py
View File

@ -7,6 +7,7 @@ from rest_framework.authtoken.serializers import AuthTokenSerializer
from api.filters import UserFilter from api.filters import UserFilter
from api.mixins import StaffEditorPermissionMixin from api.mixins import StaffEditorPermissionMixin
from api.models import User, Atoll, Island, TemporaryUser from api.models import User, Atoll, Island, TemporaryUser
from api.notifications import send_sms
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework import status from rest_framework import status
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
@ -407,28 +408,69 @@ class UserVerifyAPIView(StaffEditorPermissionMixin, generics.UpdateAPIView):
) )
serializer = self.get_serializer(user, data=request.data, partial=True) serializer = self.get_serializer(user, data=request.data, partial=True)
serializer.is_valid(raise_exception=True) serializer.is_valid(raise_exception=True)
verified_person = check_person_api_verification( result = check_person_api_verification(user_data=user, id_card=user.id_card)
user_data=user, id_card=user.id_card if not result["ok"]:
)
if not verified_person["ok"]:
return Response( return Response(
{ {
"message": "User verification failed. Please check sarlink user details.", "message": "User verification failed. Please check the api user details.",
"mismatch_fields": verified_person["mismatch_fields"], "mismatch_fields": result["mismatch_fields"],
}, },
status=status.HTTP_400_BAD_REQUEST, status=status.HTTP_400_BAD_REQUEST,
) )
if verified_person["mismatch_fields"]: if result["mismatch_fields"]:
return Response( return Response(
{ {
"message": "User verification failed due to mismatched fields.", "message": "User verification failed due to mismatched fields.",
"mismatch_fields": verified_person["mismatch_fields"], "mismatch_fields": result["mismatch_fields"],
}, },
status=status.HTTP_400_BAD_REQUEST, status=status.HTTP_400_BAD_REQUEST,
) )
user.verified = True user.verified = True
user.save() user.save()
return Response({"message": "User verification status updated."}) return Response({"message": "User successfully verified."})
class UserRejectAPIView(StaffEditorPermissionMixin, generics.DestroyAPIView):
serializer_class = CustomUserSerializer
queryset = User.objects.all()
lookup_field = "pk"
def destroy(self, request, *args, **kwargs):
rejection_details = request.data.get("rejection_details", "")
if not rejection_details:
return Response(
{"message": "Rejection details are required."},
status=status.HTTP_400_BAD_REQUEST,
)
user_id = kwargs.get("pk")
user = get_object_or_404(User, pk=user_id)
mobile_number = user.mobile
if not mobile_number:
return Response(
{"message": "User does not have a mobile number."},
status=status.HTTP_400_BAD_REQUEST,
)
if user.is_superuser:
return Response(
{"message": "You cannot remove a superuser."},
status=status.HTTP_403_FORBIDDEN,
)
if request.user != user and (
not request.user.is_authenticated
or not getattr(request.user, "is_admin", False)
):
return Response(
{"message": "You are not authorized to reject this user."},
status=status.HTTP_403_FORBIDDEN,
)
user.delete()
t_user = get_object_or_404(TemporaryUser, t_mobile=user.mobile)
t_user.delete()
send_sms(message=rejection_details, mobile=mobile_number)
return Response(
{"message": "User successfully rejected."},
status=status.HTTP_204_NO_CONTENT,
)
@api_view(["GET"]) @api_view(["GET"])