sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

minor: renames and error messages

Browse source
This commit is contained in:
Chris Milne 2026-06-04 14:53:35 +01:00
parent 94cf6c5258
commit c8024daa97
3 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/iam/router.py
View file

@ -75,20 +75,20 @@ async def can_act_on_resource(valid_key: service_key_dependency, db: db_dependen
else:
return False
except Exception:
raise UnauthorizedException()
return False
@router.get("/group/permissions", response_model=IAMGetGroupPermissionsResponse)
async def get_group_permissions(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
if group_model.org_id != org_model.id:
raise UnauthorizedException()
raise UnauthorizedException("Group does not belong to this organization")
return {"permissions": group_model.permission_rel}
@router.get("/group/users", response_model=IAMGetGroupUsersResponse)
async def get_group_users(group_model: group_model_query_dependency, org_model: org_model_root_claim_query_dependency):
if group_model.org_id != org_model.id:
raise UnauthorizedException()
raise UnauthorizedException("User does not belong to this organization")
return {"users": group_model.user_rel}
@ -110,7 +110,7 @@ async def create_group(db: db_dependency, org_model: org_model_root_claim_body_d
@router.put("/group/permission", response_model=IAMPutGroupPermissionResponse)
async def add_group_permission(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupPermissionRequest):
if group_model.org_id != org_model.id:
raise UnauthorizedException()
raise UnauthorizedException("Group does not belong to this organization")
if perm_model in group_model.permission_rel:
raise ConflictException("Group already has this permission")
@ -126,7 +126,7 @@ async def add_group_permission(db: db_dependency, group_model: group_model_body_
@router.put("/group/user", response_model=IAMPutGroupUserResponse)
async def add_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMPutGroupUserRequest):
if group_model.org_id != org_model.id:
raise UnauthorizedException()
raise UnauthorizedException("Group does not belong to this organization")
if user_model in group_model.user_rel:
raise ConflictException("User already in group")
@ -141,7 +141,7 @@ async def add_group_user(db: db_dependency, group_model: group_model_body_depend
@router.delete("/group/permissions")
async def remove_group_permissions(db: db_dependency, group_model: group_model_body_dependency, perm_model: perm_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupPermissionRequest):
if group_model.org_id != org_model.id:
raise UnauthorizedException()
raise UnauthorizedException("Group does not belong to this organization")
group_model.permission_rel.remove(perm_model)
db.flush()
@ -154,7 +154,7 @@ async def remove_group_permissions(db: db_dependency, group_model: group_model_b
@router.delete("/group/user")
async def remove_group_user(db: db_dependency, group_model: group_model_body_dependency, user_model: user_model_body_dependency, org_model: org_model_root_claim_body_dependency, request_model: IAMDeleteGroupUserRequest):
if group_model.org_id != org_model.id:
raise UnauthorizedException()
raise UnauthorizedException("Group does not belong to this organization")
user_model.group_rel.remove(group_model)
db.flush()