diff --git a/care/facility/api/viewsets/facility_users.py b/care/facility/api/viewsets/facility_users.py index ce4cf71c91..06cbab4732 100644 --- a/care/facility/api/viewsets/facility_users.py +++ b/care/facility/api/viewsets/facility_users.py @@ -40,6 +40,7 @@ def get_queryset(self): external_id=self.kwargs.get("facility_external_id"), ) queryset = facility.users.filter( + is_active=True, deleted=False, ).order_by("-last_login") return queryset.prefetch_related( diff --git a/care/facility/tests/test_facilityuser_api.py b/care/facility/tests/test_facilityuser_api.py index 5958ee9f39..4c0903f61b 100644 --- a/care/facility/tests/test_facilityuser_api.py +++ b/care/facility/tests/test_facilityuser_api.py @@ -77,3 +77,26 @@ def test_user_access_to_facility_on_user_type(self): self.client.force_authenticate(user=district_lab_admin) response = self.client.get(f"/api/v1/facility/{self.facility.external_id}/") self.assertIs(response.status_code, status.HTTP_200_OK) + + def test_user_is_not_listed_if_deleted(self): + # Testing FE's delete functionality (soft delete/is_active is set to false when user is deleted) + response = self.client.get( + f"/api/v1/facility/{self.facility.external_id}/get_users/" + ) + response_json = response.json() + results = response_json["results"] + self.assertIs(response.status_code, status.HTTP_200_OK) + self.assertEqual(len(results), 2) + self.assertIn(self.super_user.username, [user["username"] for user in results]) + self.assertIn(self.user.username, [user["username"] for user in results]) + self.user.is_active = False + self.user.save() + response = self.client.get( + f"/api/v1/facility/{self.facility.external_id}/get_users/" + ) + response_json = response.json() + results = response_json["results"] + self.assertIs(response.status_code, status.HTTP_200_OK) + self.assertEqual(len(results), 1) + self.assertIn(self.super_user.username, [user["username"] for user in results]) + self.assertNotIn(self.user.username, [user["username"] for user in results])