Update views.py

- fix: prevent users from merging/setting careteaker as themselves.
dbca-wa · Oct 28, 2024 · 5abf1df · 5abf1df
1 parent 9271631
commit 5abf1df
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/adminoptions/views.py b/adminoptions/views.py
@@ -722,6 +722,14 @@ def post(self, req):
                 status=HTTP_400_BAD_REQUEST,
             )
 
+        if primary_user_id in secondary_user_ids:
+            return Response(
+                {
+                    "detail": "Invalid data. Primary user cannot also be a secondary user."
+                },
+                status=HTTP_400_BAD_REQUEST,
+            )
+
         primary_user = self.get_user(primary_user_id)
         secondary_users = User.objects.filter(pk__in=secondary_user_ids)
         print({"primaryUser": primary_user, "secondaryUsers": secondary_users})
@@ -845,6 +853,14 @@ def post(self, req):
                 status=HTTP_400_BAD_REQUEST,
             )
 
+        if primary_user_id in secondary_user_ids:
+            return Response(
+                {
+                    "detail": "Invalid data. Primary user cannot also be a secondary user."
+                },
+                status=HTTP_400_BAD_REQUEST,
+            )
+
         if not reason:
             return Response(
                 {"detail": "Invalid data. Reason is required."},