feat: add group user by id restriction
All checks were successful
ci / lint_and_test (push) Successful in 14s
All checks were successful
ci / lint_and_test (push) Successful in 14s
Adding by ID can only be done for existing org members
This commit is contained in:
parent
3dbd72a109
commit
0b521414b3
2 changed files with 9 additions and 2 deletions
|
|
@ -23,7 +23,7 @@ from src.iam.exceptions import GroupNotFoundException
|
|||
from src.organisation.exceptions import OrgNotFoundException
|
||||
from src.schemas import GroupSummary, OrgSummary
|
||||
from src.service.exceptions import ServiceNotFoundException
|
||||
from src.exceptions import ConflictException
|
||||
from src.exceptions import ConflictException, ForbiddenException
|
||||
from src.database import db_dependency
|
||||
from src.auth.exceptions import UnauthorizedException
|
||||
from src.auth.service import claims_dependency
|
||||
|
|
@ -211,6 +211,11 @@ async def add_group_user(
|
|||
if user_model in group_model.user_rel:
|
||||
raise ConflictException("User already in group")
|
||||
|
||||
if user_model not in org_model.user_rel:
|
||||
raise ForbiddenException(
|
||||
"Adding users directly can only be done with org members. Use email invitation instead."
|
||||
)
|
||||
|
||||
group_model.user_rel.append(user_model)
|
||||
db.flush()
|
||||
response = IAMPutGroupUserResponse(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue