From 8b89595531e5c6bc4d8b88dbb33cb50642a138fa Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Fri, 12 Jun 2026 10:02:35 +0100
Subject: [PATCH] feat: group invitation response model

---
 src/iam/router.py  | 30 +++++++++++++++++++++++-------
 src/iam/schemas.py | 26 +++++++++++++++++++-------
 2 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/src/iam/router.py b/src/iam/router.py
index 5d824a1..5096bde 100644
--- a/src/iam/router.py
+++ b/src/iam/router.py
@@ -60,7 +60,6 @@ from src.iam.dependencies import (
 	perm_model_query_dependency,
 )
 from src.iam.schemas import (
-	GroupSchema,
 	IAMCAoRRequest,
 	IAMGetGroupPermissionsResponse,
 	IAMGetGroupUsersResponse,
@@ -80,6 +79,8 @@ from src.iam.schemas import (
 	IAMPutGroupInvitationRequest,
 	IAMPutGroupInvitationAcceptRequest,
 	IAMCAoRResponse,
+	IAMPutGroupInvitationAcceptResponse,
+	IAMPutGroupInvitationResponse,
 )
 from src.utils import verify_email_token
 
@@ -286,7 +287,7 @@ async def create_group(
 			or "UNIQUE constraint failed" in str(e.orig)  # SQLite unique violation
 		):
 			raise ConflictException("Group with this name already exists")
-	group_response = GroupSchema(**group_model.__dict__)
+	group_response = GroupSummary(**group_model.__dict__)
 	org_response = OrgSummary(**org_model.__dict__)
 	db.commit()
 	return {"group": group_response, "organisation": org_response}
@@ -375,7 +376,7 @@ async def add_group_user(
 	group_model.user_rel.append(user_model)
 	db.flush()
 	response = IAMPutGroupUserResponse(
-		group=GroupSchema(**group_model.__dict__), users=group_model.user_rel
+		group=GroupSummary(**group_model.__dict__), users=group_model.user_rel
 	)
 	db.commit()
 	return response
@@ -410,7 +411,7 @@ async def remove_group_permission(
 	group_model.permission_rel.remove(perm_model)
 	db.flush()
 	response = IAMDeleteGroupPermissionResponse(
-		group=GroupSchema(**group_model.__dict__),
+		group=GroupSummary(**group_model.__dict__),
 		permissions=group_model.permission_rel,
 	)
 	db.commit()
@@ -444,7 +445,7 @@ async def remove_group_user(
 	user_model.group_rel.remove(group_model)
 	db.flush()
 	response = IAMDeleteGroupUserResponse(
-		group=GroupSchema(**group_model.__dict__), users=group_model.user_rel
+		group=GroupSummary(**group_model.__dict__), users=group_model.user_rel
 	)
 	db.commit()
 
@@ -571,6 +572,7 @@ async def post_permissions(
 	path="/group/user/invitation",
 	summary="Send an email invitation for non-org member to join a group",
 	status_code=status.HTTP_200_OK,
+	response_model=IAMPutGroupInvitationResponse,
 	responses={},
 )
 async def invitation(
@@ -600,13 +602,20 @@ async def invitation(
 		group_name=group_name,
 	)
 
-	return "Invitation sent"
+	response = {
+		"organisation": org_model,
+		"group": group_model,
+		"invited_email": user_email,
+	}
+
+	return response
 
 
 @router.put(
 	path="/group/user//invitation/accept",
 	summary="Accept email invitation to join an org's group",
 	status_code=status.HTTP_200_OK,
+	response_model=IAMPutGroupInvitationAcceptResponse,
 	responses={
 		status.HTTP_404_NOT_FOUND: {"description": "User|Org|Group not found"},
 		status.HTTP_403_FORBIDDEN: {
@@ -642,6 +651,13 @@ async def accept_invitation(
 		raise ConflictException("User already in group.")
 
 	group_model.user_rel.append(user_model)
+	db.flush()
+
+	response = {
+		"organisation": org_model,
+		"user": user_model,
+		"group": {"details": group_model, "permissions": group_model.permission_rel},
+	}
 	db.commit()
 
-	return "Invitation accepted"
+	return response
diff --git a/src/iam/schemas.py b/src/iam/schemas.py
index 7d79154..d8e526b 100644
--- a/src/iam/schemas.py
+++ b/src/iam/schemas.py
@@ -42,9 +42,9 @@ class PermissionSchema(CustomBaseModel):
 	action: str
 
 
-class GroupSchema(CustomBaseModel):
-	id: int
-	name: str
+class GroupDetails(CustomBaseModel):
+	details: GroupSummary
+	permissions: list[PermissionSchema]
 
 
 class IAMCAoRRequest(CustomBaseModel):
@@ -77,7 +77,7 @@ class IAMPostGroupRequest(OrgIDMixin):
 
 class IAMPostGroupResponse(CustomBaseModel):
 	organisation: OrgSummary
-	group: GroupSchema
+	group: GroupSummary
 
 
 class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin, OrgIDMixin):
@@ -95,17 +95,17 @@ class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin, OrgIDMixin):
 
 
 class IAMPutGroupUserResponse(CustomBaseModel):
-	group: GroupSchema
+	group: GroupSummary
 	users: list[UserSchema]
 
 
 class IAMDeleteGroupPermissionResponse(CustomBaseModel):
-	group: GroupSchema
+	group: GroupSummary
 	permissions: list[PermissionSchema]
 
 
 class IAMDeleteGroupUserResponse(CustomBaseModel):
-	group: GroupSchema
+	group: GroupSummary
 	users: list[UserSchema]
 
 
@@ -136,5 +136,17 @@ class IAMPutGroupInvitationRequest(OrgIDMixin, GroupIDMixin):
 	user_email: EmailStr
 
 
+class IAMPutGroupInvitationResponse(CustomBaseModel):
+	organisation: OrgSummary
+	group: GroupSummary
+	invited_email: EmailStr
+
+
 class IAMPutGroupInvitationAcceptRequest(CustomBaseModel):
 	jwt: str
+
+
+class IAMPutGroupInvitationAcceptResponse(CustomBaseModel):
+	organisation: OrgSummary
+	user: UserSummary
+	group: GroupDetails