Allows only State Admin users to delete other users (#1341)

only state admin can delete users

care/users/api/viewsets/users.py

@@ -157,18 +157,12 @@ def destroy(self, request, *args, **kwargs):
         username = kwargs["username"]
         if request.user.is_superuser:
             pass
-        elif request.user.user_type >= User.TYPE_VALUE_MAP["StateLabAdmin"]:
+        elif request.user.user_type >= User.TYPE_VALUE_MAP["StateAdmin"]:
             queryset = queryset.filter(
                 state=request.user.state,
                 user_type__lt=User.TYPE_VALUE_MAP["StateAdmin"],
                 is_superuser=False,
             )
-        elif request.user.user_type >= User.TYPE_VALUE_MAP["DistrictLabAdmin"]:
-            queryset = queryset.filter(
-                district=request.user.district,
-                user_type__lt=User.TYPE_VALUE_MAP["DistrictAdmin"],
-                is_superuser=False,
-            )
         else:
             return Response(
                 status=status.HTTP_403_FORBIDDEN, data={"permission": "Denied"}