User filed and query

Author: MySecondLanguage

nxtbn/users/admin_mutation.py

@@ -132,6 +132,9 @@ def mutate(self, info, user_id, permission_codename):
 
         if user.is_superuser or user.is_store_admin:
             raise GraphQLError("Superusers and store administrators have all permissions by default and their permissions cannot be modified.")
+        
+        if not user.is_active or not user.is_staff:
+            raise GraphQLError("User is not an active staff member.")
 
         try:
             permission = Permission.objects.get(codename=permission_codename)

nxtbn/users/api/dashboard/serializers.py

@@ -119,12 +119,7 @@ class Meta:
             'password',
             'role'
         ]
-        extra_kwargs = {
-            'is_staff': {'read_only': True},
-            'is_superuser': {'read_only': True},
-            'username': {'read_only': True}
-
-        }
+        read_only_fields = ['id', 'is_superuser', 'is_staff', 'is_active', 'role', 'username']
 
     def create(self, validated_data):
         password = validated_data.pop('password', None)

nxtbn/users/api/dashboard/views.py

@@ -258,7 +258,9 @@ def get_serializer_class(self):
         return UserMututionalSerializer
 
     def get_queryset(self):
-        return User.objects.exclude(role=UserRole.CUSTOMER)
+        return User.objects.filter(
+            is_staff=True,
+        )
 
     @action(detail=True, methods=['put'])
     def deactivate(self, request, pk=None):