sr2/cloud-api
6
0
Fork 1
Code Issues 8 Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat: remove group permission check if exists

Browse source
This commit is contained in:
Chris Milne 2026-06-12 09:30:34 +01:00
parent c94c26f2a6
commit f06b19340c
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/iam/router.py
View file

@ -25,7 +25,11 @@ from src.iam.exceptions import GroupNotFoundException
from src.organisation.exceptions import OrgNotFoundException
from src.schemas import GroupSummary, OrgSummary, ResourceName
from src.service.exceptions import ServiceNotFoundException
from src.exceptions import ConflictException, ForbiddenException
from src.exceptions import (
ConflictException,
ForbiddenException,
UnprocessableContentException,
)
from src.database import db_dependency
from src.auth.service import claims_dependency
from src.auth.dependencies import (
@ -400,6 +404,9 @@ async def remove_group_permission(
if group_model.org_id != org_model.id:
raise ForbiddenException("Group does not belong to this organization")
if perm_model not in group_model.permission_rel:
raise UnprocessableContentException("Permission not granted to group")
group_model.permission_rel.remove(perm_model)
db.flush()
response = IAMDeleteGroupPermissionResponse(