New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revoke a user's admin role #54
Conversation
04f5441
to
ffcfb5b
Compare
ffcfb5b
to
9c25ed4
Compare
c621b0b
to
c71a2b0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Update the responses that you have written before this PR. Do it in the same PR
app/api/dao/admin.py
Outdated
new_admin_user = UserModel.find_by_id(new_admin_user_id) | ||
|
||
if new_admin_user: | ||
|
||
if new_admin_user.is_admin: | ||
return {"message": "User is already an Admin"}, 201 | ||
return {"message": "User is already an Admin."}, 200 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The response should be a bad request
and code 400
|
||
else: | ||
return { | ||
"message": "You don't have admin status. You can't assign other user as admin." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
403 Forbidden
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fixed @m-murad (it does not show here because you commented on the line above)
|
||
else: | ||
return { | ||
"message": "You don't have admin status. You can't assign another admin" | ||
}, 401 | ||
"message": "You don't have admin status. You can't revoke other admin user." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
403 Forbidden
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also fixed @m-murad
app/api/dao/admin.py
Outdated
|
||
return {"message": "User does not exist"}, 401 | ||
return {"message": "User does not exist."}, 400 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
404 - not found
app/api/dao/admin.py
Outdated
return {"message": "User is now an Admin"}, 201 | ||
return {"message": "User is now an Admin."}, 200 | ||
|
||
return {"message": "User does not exist."}, 400 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
404
app/api/dao/admin.py
Outdated
|
||
new_admin_user_id = data['user_id'] | ||
|
||
if assigner_user_id is new_admin_user_id: | ||
return {"message": "You cannot assign yourself as an Admin."}, 400 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
403 Forbidden
app/api/dao/admin.py
Outdated
admin_user_id = data['user_id'] | ||
|
||
if revoker_user_id is admin_user_id: | ||
return {"message": "You cannot revoke your admin status."}, 400 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
403 Forbidden
app/api/dao/user.py
Outdated
if user: | ||
user.delete_from_db() | ||
return {"message": "User was deleted successfully"}, 201 | ||
|
||
return {"message": "User does not exist"}, 201 | ||
return {"message": "User does not exist"}, 400 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
404
wow thank you @m-murad , those error code reviews are very helpful |
c71a2b0
to
5c1f067
Compare
Description
Fixes #17
Type of Change:
Code/Quality Assurance Only
How Has This Been Tested?
Added 3 tests for the AdminDAO function that revokes admin roles for the following cases:
Tested on Swagger UI, the same tests above to test the API response.
Checklist:
Code/Quality Assurance Only