apply user role

apps/account/views/web.py

@@ -1,5 +1,6 @@
 """Web account views"""
 from django.conf import settings
+from django.db import transaction
 from django.shortcuts import get_object_or_404
 from django.utils.encoding import force_text
 from django.utils.http import urlsafe_base64_decode
@@ -61,10 +62,18 @@ class PasswordResetConfirmView(JWTGenericViewMixin, generics.GenericAPIView):
     def patch(self, request, *args, **kwargs):
         """Implement PATCH method"""
         instance = self.get_object()
-        serializer = self.get_serializer(instance=instance,
-                                         data=request.data)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
+        with transaction.atomic():
+            serializer = self.get_serializer(instance=instance,
+                                             data=request.data)
+            serializer.is_valid(raise_exception=True)
+            serializer.save()
+
+            #  apply requested user_role if 'role' in query_params
+            if 'role' in request.query_params:
+                user_role = get_object_or_404(klass=models.UserRole, pk=request.query_params['role'])
+                user_role.state = models.UserRole.VALIDATED
+                user_role.save()
+
         # Create tokens
         tokens = instance.create_jwt_tokens()
         return self._put_cookies_in_response(