Only admin users obtain tocken

api/v1/auth.py

@@ -1,9 +1,12 @@
+from django.contrib.auth import get_user_model
 from django.utils.translation import ugettext_lazy as _
 
 from rest_framework import serializers
 from rest_framework.authtoken.views import ObtainAuthToken
 from rest_framework.compat import authenticate
 
+User = get_user_model()
+
 
 class AuthTokenSerializer(serializers.Serializer):
     email = serializers.CharField(label=_("Email"))
@@ -27,8 +30,11 @@ class AuthTokenSerializer(serializers.Serializer):
             if not user:
                 msg = _('Unable to log in with provided credentials.')
                 raise serializers.ValidationError(msg, code='authorization')
+            elif user.role != User.ADMIN_ROLE:
+                msg = _('Only admin have permission to login admin page.')
+                raise serializers.ValidationError(msg, code='authorization')
         else:
-            msg = _('Must include "username" and "password".')
+            msg = _('Must include "email" and "password".')
             raise serializers.ValidationError(msg, code='authorization')
 
         attrs['user'] = user