From 4a6a2b6cb18be12c419dd817f1ad60e812d5e7a7 Mon Sep 17 00:00:00 2001
From: Parsa Nazer <parsa.nazerrr@gmail.com>
Date: Mon, 16 Feb 2026 10:56:37 +0330
Subject: [PATCH] superuser only can accsess users

---
 backend/account/permissions.py       | 2 +-
 backend/core/settings/unfold_conf.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/account/permissions.py b/backend/account/permissions.py
index d32a37f..b4258b5 100644
--- a/backend/account/permissions.py
+++ b/backend/account/permissions.py
@@ -3,7 +3,7 @@ class UserAdminPermission:
         return request.user.is_superuser
     
     def has_view_permission(self, request, obj=None):
-        return True 
+        return request.user.is_superuser
     
     def has_change_permission(self, request, obj=None):
         return request.user.is_superuser
diff --git a/backend/core/settings/unfold_conf.py b/backend/core/settings/unfold_conf.py
index 844b197..4d8d34b 100644
--- a/backend/core/settings/unfold_conf.py
+++ b/backend/core/settings/unfold_conf.py
@@ -248,6 +248,7 @@ UNFOLD = {
                         "title": _("کاربران"),
                         "icon": "person",  
                         "link": reverse_lazy("admin:account_user_changelist"),
+                        "permission": lambda request: request.user.is_superuser,
                     },
                     {
                         "title": "گروه‌های دسترسی",