From d89c926a380530d4ec2c68d6c6b71fdfd1b70069 Mon Sep 17 00:00:00 2001
From: luxferre <chris@sr2.uk>
Date: Tue, 19 May 2026 11:49:54 +0100
Subject: [PATCH] feat: org exists checks on orguser routes

Routes modifying the org-user table did not check if the org existed first.
---
 src/organisation/router.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/organisation/router.py b/src/organisation/router.py
index 53343d9..1b0acf9 100644
--- a/src/organisation/router.py
+++ b/src/organisation/router.py
@@ -141,6 +141,10 @@ async def get_admin_users(db: db_dependency, org_id: Annotated[int, Path(gt=0)])
 
 @router.post("/{org_id}/users")
 async def add_user_to_org(db: db_dependency, user_request: OrgUserPostRequest, org_id: Annotated[int, Path(gt=0)]):
+	org_model = (db.query(Org).filter(Org.id == org_id).first())
+	if org_model is None:
+		raise HTTPException(status_code=404, detail="Organisation not found")
+
 	org_user_model = OrgUsers(**user_request.model_dump(), org_id=org_id)
 
 	db.add(org_user_model)
@@ -152,7 +156,10 @@ async def update_user_details(db: db_dependency, user_request: OrgUserPostReques
 	"""
 	Currently used only to update user admin status for organisation.
 	"""
-	# TODO: Check if org exists
+	org_model = (db.query(Org).filter(Org.id == org_id).first())
+	if org_model is None:
+		raise HTTPException(status_code=404, detail="Organisation not found")
+
 	org_user_model = db.query(OrgUsers).filter(OrgUsers.org_id == org_id).filter(OrgUsers.user_id == user_request.user_id).first()
 
 	if org_user_model is None:
@@ -179,6 +186,7 @@ async def get_contact(db: db_dependency, contact_type: ContactType, org_id: Anno
 	org_model = db.query(Org).filter(Org.id == org_id).first()
 	if org_model is None:
 		raise HTTPException(status_code=404, detail="Organisation not found")
+
 	match contact_type:
 		case "billing":
 			contact_id = org_model.billing_contact_id