mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-20 15:31:15 -05:00
Remove user permissions if service becomes a broadcast service
The "normal" service permissions and broadcast service permissions are going to be different with no overlap. This means that if you were viewing the team members page, there might be permissions in the database that are not visible on the frontend if a service has changed type. For example, someone could have the 'manage_api_keys' permission, which would not show up on the team members page of a broadcast service. To avoid people having permissions which aren't visible in admin, we now remove all permissions from users when their service is converted to a broadcast service. Permisions for invited users are also removed. It's not possible to convert a broadcast service to a normal service, so we don't need to cover for this scenario.
This commit is contained in:
Katie Smith
@@ -1115,6 +1115,7 @@ def set_as_broadcast_service(service_id):
|
||||
- sets the services `count_as_live` to false
|
||||
- adds the service to the broadcast organisation
|
||||
- puts the service into training mode or live mode
|
||||
- removes all permissions from current users and invited users
|
||||
"""
|
||||
data = validate(request.get_json(), service_broadcast_settings_schema)
|
||||
service = dao_fetch_service_by_id(service_id)
|
||||
|
||||
Reference in New Issue
Block a user