From f06b19340c615b0b42dcbdf18d1c8984c5010941 Mon Sep 17 00:00:00 2001 From: luxferre Date: Fri, 12 Jun 2026 09:30:34 +0100 Subject: [PATCH] feat: remove group permission check if exists --- src/iam/router.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/iam/router.py b/src/iam/router.py index fa35345..eae329f 100644 --- a/src/iam/router.py +++ b/src/iam/router.py @@ -25,7 +25,11 @@ from src.iam.exceptions import GroupNotFoundException from src.organisation.exceptions import OrgNotFoundException from src.schemas import GroupSummary, OrgSummary, ResourceName from src.service.exceptions import ServiceNotFoundException -from src.exceptions import ConflictException, ForbiddenException +from src.exceptions import ( + ConflictException, + ForbiddenException, + UnprocessableContentException, +) from src.database import db_dependency from src.auth.service import claims_dependency from src.auth.dependencies import ( @@ -400,6 +404,9 @@ async def remove_group_permission( if group_model.org_id != org_model.id: raise ForbiddenException("Group does not belong to this organization") + if perm_model not in group_model.permission_rel: + raise UnprocessableContentException("Permission not granted to group") + group_model.permission_rel.remove(perm_model) db.flush() response = IAMDeleteGroupPermissionResponse(