feat: delete endpoint queries

Delete endpoints do not fully support bodies. Queries used instead. Tests added. Resolves #20
2026-06-09 09:09:41 +01:00 · 2026-06-09 09:09:41 +01:00 · c452c6c0d5
commit c452c6c0d5
parent e9b272811f
13 changed files with 114 additions and 57 deletions
--- a/src/iam/router.py
+++ b/src/iam/router.py
@ -31,7 +31,10 @@ from src.auth.dependencies import (
 	super_admin_dependency,
 )
 from src.user.models import User
-from src.user.dependencies import user_model_body_dependency
+from src.user.dependencies import (
+	user_model_body_dependency,
+	user_model_query_dependency,
+)
 from src.organisation.models import Organisation as Org
 from src.service.models import Service

@ -46,6 +49,7 @@ from src.iam.dependencies import (
 	group_model_query_dependency,
 	group_model_body_dependency,
 	perm_model_body_dependency,
+	perm_model_query_dependency,
 )
 from src.iam.schemas import (
 	IAMGetGroupPermissionsResponse,
@ -57,14 +61,11 @@ from src.iam.schemas import (
 	IAMPutGroupPermissionResponse,
 	IAMPutGroupUserRequest,
 	IAMPutGroupUserResponse,
-	IAMDeleteGroupPermissionRequest,
 	IAMDeleteGroupPermissionResponse,
-	IAMDeleteGroupUserRequest,
 	IAMDeleteGroupUserResponse,
 	IAMGetPermissionsResponse,
 	IAMPostPermissionRequest,
 	IAMPostPermissionResponse,
-	IAMDeletePermissionRequest,
 	IAMGetPermissionsSearchRequest,
 	IAMGetPermissionsSearchResponse,
 )
@ -205,10 +206,9 @@ async def add_group_user(
@router.delete("/group/permissions")
 async def remove_group_permissions(
 	db: db_dependency,
-	group_model: group_model_body_dependency,
-	perm_model: perm_model_body_dependency,
-	org_model: org_model_root_claim_body_dependency,
-	request_model: IAMDeleteGroupPermissionRequest,
+	group_model: group_model_query_dependency,
+	perm_model: perm_model_query_dependency,
+	org_model: org_model_root_claim_query_dependency,
 ):
 	if group_model.org_id != org_model.id:
 		raise UnauthorizedException("Group does not belong to this organization")
@ -226,10 +226,9 @@ async def remove_group_permissions(
@router.delete("/group/user")
 async def remove_group_user(
 	db: db_dependency,
-	group_model: group_model_body_dependency,
-	user_model: user_model_body_dependency,
-	org_model: org_model_root_claim_body_dependency,
-	request_model: IAMDeleteGroupUserRequest,
+	group_model: group_model_query_dependency,
+	user_model: user_model_query_dependency,
+	org_model: org_model_root_claim_query_dependency,
 ):
 	if group_model.org_id != org_model.id:
 		raise UnauthorizedException("Group does not belong to this organization")
@ -285,8 +284,7 @@ async def create_new_permission(
 async def delete_permission(
 	db: db_dependency,
 	su: super_admin_dependency,
-	perm_model: perm_model_body_dependency,
-	request_model: IAMDeletePermissionRequest,
+	perm_model: perm_model_query_dependency,
 ):
 	db.delete(perm_model)
 	db.commit()