From ed725c1513cc3b0889198eb584e40399d6dbc02e Mon Sep 17 00:00:00 2001 From: Katie Smith Date: Wed, 5 Jan 2022 13:30:52 +0000 Subject: [PATCH] Add endpoint to allow org team members to be removed This is similar to the corresponding endpoint for services. However, it is a little simpler since we don't need to worry about always having at least one team member for an organisation. The new dao function added, `dao_remove_user_from_organisation`, is also simpler than `dao_remove_user_from_service` since we don't have any organisation permissions to deal with. --- app/dao/organisation_dao.py | 5 +++++ app/organisation/rest.py | 16 ++++++++++++++++ tests/app/organisation/test_rest.py | 26 ++++++++++++++++++++++++++ 3 files changed, 47 insertions(+) diff --git a/app/dao/organisation_dao.py b/app/dao/organisation_dao.py index 33cc8d1d8..198f1e30a 100644 --- a/app/dao/organisation_dao.py +++ b/app/dao/organisation_dao.py @@ -137,3 +137,8 @@ def dao_add_user_to_organisation(organisation_id, user_id): user.organisations.append(organisation) db.session.add(organisation) return user + + +@autocommit +def dao_remove_user_from_organisation(organisation, user): + organisation.users.remove(user) diff --git a/app/organisation/rest.py b/app/organisation/rest.py index 697ec9825..8ab4b70aa 100644 --- a/app/organisation/rest.py +++ b/app/organisation/rest.py @@ -15,10 +15,12 @@ from app.dao.organisation_dao import ( dao_get_organisation_services, dao_get_organisations, dao_get_users_for_organisation, + dao_remove_user_from_organisation, dao_update_organisation, ) from app.dao.services_dao import dao_fetch_service_by_id from app.dao.templates_dao import dao_get_template_by_id +from app.dao.users_dao import get_user_by_id from app.errors import InvalidRequest, register_errors from app.models import KEY_TYPE_NORMAL, Organisation from app.notifications.process_notifications import ( @@ -152,6 +154,20 @@ def add_user_to_organisation(organisation_id, user_id): return jsonify(data=new_org_user.serialize()) +@organisation_blueprint.route('//users/', methods=['DELETE']) +def remove_user_from_organisation(organisation_id, user_id): + organisation = dao_get_organisation_by_id(organisation_id) + user = get_user_by_id(user_id=user_id) + + if user not in organisation.users: + error = 'User not found' + raise InvalidRequest(error, status_code=404) + + dao_remove_user_from_organisation(organisation, user) + + return {}, 204 + + @organisation_blueprint.route('//users', methods=['GET']) def get_organisation_users(organisation_id): org_users = dao_get_users_for_organisation(organisation_id) diff --git a/tests/app/organisation/test_rest.py b/tests/app/organisation/test_rest.py index 6a11bcacd..4bf78216b 100644 --- a/tests/app/organisation/test_rest.py +++ b/tests/app/organisation/test_rest.py @@ -694,6 +694,32 @@ def test_add_user_to_organisation_returns_404_if_user_does_not_exist(admin_reque ) +def test_remove_user_from_organisation(admin_request, sample_organisation, sample_user): + dao_add_user_to_organisation(organisation_id=sample_organisation.id, user_id=sample_user.id) + + admin_request.delete( + 'organisation.remove_user_from_organisation', + organisation_id=sample_organisation.id, + user_id=sample_user.id + ) + + assert sample_organisation.users == [] + + +def test_remove_user_from_organisation_when_user_is_not_an_org_member(admin_request, sample_organisation, sample_user): + resp = admin_request.delete( + 'organisation.remove_user_from_organisation', + organisation_id=sample_organisation.id, + user_id=sample_user.id, + _expected_status=404 + ) + + assert resp == { + 'result': 'error', + 'message': 'User not found' + } + + def test_get_organisation_users_returns_users_for_organisation(admin_request, sample_organisation): first = create_user(email='first@invited.com') second = create_user(email='another@invited.com')