refactor: user godfathers views

core/views/forms.py

@@ -303,7 +303,6 @@ class UserGodfathersForm(forms.Form):
     )
     user = forms.ModelChoiceField(
         label=_("Select user"),
-        help_text=None,
         required=True,
         widget=AutoCompleteSelectUser,
         queryset=User.objects.all(),
@@ -315,8 +314,6 @@ class UserGodfathersForm(forms.Form):
 
     def clean_user(self):
         other_user = self.cleaned_data.get("user")
-        if not other_user:
-            raise ValidationError(_("This user does not exist"))
         if other_user == self.target_user:
             raise ValidationError(_("You cannot be related to yourself"))
         return other_user

core/views/user.py

@@ -29,6 +29,7 @@ from operator import itemgetter
 from smtplib import SMTPException
 
 from django.contrib.auth import login, views
+from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import PasswordChangeForm, SetPasswordForm
 from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
 from django.core.exceptions import PermissionDenied
@@ -42,6 +43,7 @@ from django.urls import reverse, reverse_lazy
 from django.utils.decorators import method_decorator
 from django.utils.safestring import SafeString
 from django.utils.translation import gettext as _
+from django.views.decorators.http import require_POST
 from django.views.generic import (
     CreateView,
     DeleteView,
@@ -288,10 +290,12 @@ class UserView(UserTabsMixin, CanViewMixin, DetailView):
         return kwargs
 
 
+@require_POST
+@login_required
 def delete_user_godfather(request, user_id, godfather_id, is_father):
     user_is_admin = request.user.is_root or request.user.is_board_member
     if user_id != request.user.id and not user_is_admin:
-        raise PermissionDenied()
+        raise PermissionDenied
     user = get_object_or_404(User, id=user_id)
     to_remove = get_object_or_404(User, id=godfather_id)
     if is_father: