From 5d1606aa9d62461957982f7282f5f4403f0381df Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Tue, 2 Jun 2026 15:13:00 +0100
Subject: [PATCH] fix: permission search changed to post

Get requests cannot have bodies.
---
 src/iam/router.py  | 16 ++++++++--------
 src/iam/schemas.py |  6 +++---
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/iam/router.py b/src/iam/router.py
index a0f123b..caeb459 100644
--- a/src/iam/router.py
+++ b/src/iam/router.py
@@ -190,18 +190,18 @@ async def delete_permission(db: db_dependency, su: super_admin_dependency, perm_
 	db.commit()
 
 
-@router.get("/permissions/search", response_model=IAMGetPermissionsSearchResponse)
-async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency, search: IAMGetPermissionsSearchRequest):
+@router.post("/permissions/search", response_model=IAMGetPermissionsSearchResponse)
+async def get_permissions(db: db_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMGetPermissionsSearchRequest):
 	permission_query = db.query(Perm)
 
-	if search.service_id is not None:
-		permission_query = permission_query.filter(Perm.service_id == search.service_id)
+	if request_model.service_id is not None:
+		permission_query = permission_query.filter(Perm.service_id == request_model.service_id)
 
-	if search.resource is not None:
-		permission_query = permission_query.filter(Perm.resource == search.resource)
+	if request_model.resource is not None:
+		permission_query = permission_query.filter(Perm.resource == request_model.resource)
 
-	if search.action is not None:
-		permission_query = permission_query.filter(Perm.action == search. action)
+	if request_model.action is not None:
+		permission_query = permission_query.filter(Perm.action == request_model. action)
 
 	permission_models = permission_query.all()
 
diff --git a/src/iam/schemas.py b/src/iam/schemas.py
index ff6cbfc..58e636d 100644
--- a/src/iam/schemas.py
+++ b/src/iam/schemas.py
@@ -17,7 +17,7 @@ from user.schemas import UserIDMixin
 
 class UserSchema(CustomBaseModel):
 	model_config = ConfigDict(from_attributes=True, extra="ignore")
-	
+
 	id: int
 	first_name: str
 	last_name: str
@@ -94,8 +94,8 @@ class IAMPostPermissionResponse(CustomBaseModel):
 class IAMDeletePermissionRequest(PermIDMixin):
 	pass
 
-class IAMGetPermissionsSearchRequest(CustomBaseModel):
-	service_id: Optional[int] = None
+class IAMGetPermissionsSearchRequest(OrgIDMixin):
+	service_id: Optional[int] = Field(gt=0)
 	resource: Optional[str] = None
 	action: Optional[str] = None