feat: batch add perm to org

2026-06-16 16:48:32 +01:00 · 2026-06-16 16:48:32 +01:00 · d6c14655c0
commit d6c14655c0
parent 4b384db98a
2 changed files with 45 additions and 0 deletions
--- a/src/iam/router.py
+++ b/src/iam/router.py
@ -23,6 +23,7 @@ from sqlalchemy.exc import IntegrityError
 from psycopg.errors import UniqueViolation

 from src.iam.exceptions import GroupNotFoundException
+from src.organisation.dependencies import org_model_body_dependency
 from src.organisation.exceptions import OrgNotFoundException
 from src.schemas import GroupSummary, OrgSummary, ResourceName
 from src.service.dependencies import service_model_body_dependency
@ -82,6 +83,8 @@ from src.iam.schemas import (
 	IAMCAoRResponse,
 	IAMPutGroupInvitationAcceptResponse,
 	IAMPutGroupInvitationResponse,
+	IAMPutOrgPermissionsRequest,
+	IAMPutOrgPermissionsResponse,
 )
 from src.utils import verify_email_token

@ -672,3 +675,36 @@ async def accept_invitation(
 	db.commit()

 	return response
+
+
+@router.put(
+	path="/org/permissions",
+	summary="Grants an org access to permissions",
+	status_code=status.HTTP_200_OK,
+	response_model=IAMPutOrgPermissionsResponse,
+	responses={
+		status.HTTP_401_UNAUTHORIZED: {"description": "Must be super user."},
+	},
+)
+async def add_org_permissions(
+	db: db_dependency,
+	su: super_admin_dependency,
+	org_model: org_model_body_dependency,
+	request_model: IAMPutOrgPermissionsRequest,
+):
+	"""
+	Grants a permission to a group. Returns a list of the permissions in the group as well as a summary for the org and group.
+	"""
+	for permission in request_model.permissions:
+		perm_model = db.get(Perm, permission)
+
+		if perm_model not in org_model.permission_rel:
+			org_model.permission_rel.append(perm_model)
+
+		db.flush()
+	response = IAMPutOrgPermissionsResponse(
+		organisation=OrgSummary(**org_model.__dict__),
+		permissions=org_model.permission_rel,
+	)
+	db.commit()
+	return response
--- a/src/iam/schemas.py
+++ b/src/iam/schemas.py
@ -150,3 +150,12 @@ class IAMPutGroupInvitationAcceptResponse(CustomBaseModel):
 	organisation: OrgSummary
 	user: UserSummary
 	group: GroupDetails
+
+
+class IAMPutOrgPermissionsRequest(OrgIDMixin):
+	permissions: list[int]
+
+
+class IAMPutOrgPermissionsResponse(CustomBaseModel):
+	organisation: OrgSummary
+	permissions: list[PermissionSchema]