feat(user): add user update endpoint with authorization checks and serializer support ✨

api/views.py

@@ -17,6 +17,7 @@ from api.serializers import (
     CustomUserByWalletBalanceSerializer,
     OTPVerificationSerializer,
     TemporaryUserSerializer,
+    UserUpdateSerializer,
 )
 from django.shortcuts import get_object_or_404
 from django.utils import timezone
@@ -325,6 +326,37 @@ class UserprofileAPIView(generics.RetrieveUpdateAPIView):
         return self.request.user
 
 
+class UserUpdateAPIView(StaffEditorPermissionMixin, generics.UpdateAPIView):
+    serializer_class = UserUpdateSerializer
+    queryset = User.objects.all()
+    lookup_field = "pk"
+
+    def update(self, request, *args, **kwargs):
+        user_id = kwargs.get("pk")
+        user = get_object_or_404(User, pk=user_id)
+        if user.is_superuser:
+            return Response(
+                {"message": "You cannot update a superuser."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        if request.user != user and (
+            not request.user.is_authenticated
+            or not getattr(request.user, "is_admin", False)
+        ):
+            return Response(
+                {"message": "You are not authorized to update this user."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+        serializer = self.get_serializer(
+            user,
+            data=request.data,
+            partial=True,
+        )
+        serializer.is_valid(raise_exception=True)
+        user.save()
+        return super().update(request, *args, **kwargs)
+
+
 class KnoxTokenListApiView(
     StaffEditorPermissionMixin,
     generics.ListAPIView,