From 5abf1df2f94360e9461b6dc2c1dc1824fffdcc6d Mon Sep 17 00:00:00 2001
From: Jarid Prince <109533655+idabblewith@users.noreply.github.com>
Date: Mon, 28 Oct 2024 13:34:10 +0800
Subject: [PATCH] Update views.py

- fix: prevent users from merging/setting careteaker as themselves.
---
 adminoptions/views.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/adminoptions/views.py b/adminoptions/views.py
index 4e7d5b4..4ac12c8 100644
--- a/adminoptions/views.py
+++ b/adminoptions/views.py
@@ -722,6 +722,14 @@ def post(self, req):
                 status=HTTP_400_BAD_REQUEST,
             )
 
+        if primary_user_id in secondary_user_ids:
+            return Response(
+                {
+                    "detail": "Invalid data. Primary user cannot also be a secondary user."
+                },
+                status=HTTP_400_BAD_REQUEST,
+            )
+
         primary_user = self.get_user(primary_user_id)
         secondary_users = User.objects.filter(pk__in=secondary_user_ids)
         print({"primaryUser": primary_user, "secondaryUsers": secondary_users})
@@ -845,6 +853,14 @@ def post(self, req):
                 status=HTTP_400_BAD_REQUEST,
             )
 
+        if primary_user_id in secondary_user_ids:
+            return Response(
+                {
+                    "detail": "Invalid data. Primary user cannot also be a secondary user."
+                },
+                status=HTTP_400_BAD_REQUEST,
+            )
+
         if not reason:
             return Response(
                 {"detail": "Invalid data. Reason is required."},