fix: update role

This commit is contained in:
Timothy J. Baek 2024-01-05 21:02:49 -08:00
parent fb0c64379d
commit e441875af7

View file

@ -31,6 +31,30 @@ async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_current_use
return Users.get_users(skip, limit)
############################
# UpdateUserRole
############################
@router.post("/update/role", response_model=Optional[UserModel])
async def update_user_role(
form_data: UserRoleUpdateForm, user=Depends(get_current_user)
):
if user.role != "admin":
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
)
if user.id != form_data.id:
return Users.update_user_role_by_id(form_data.id, form_data.role)
else:
raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN,
detail=ERROR_MESSAGES.ACTION_PROHIBITED,
)
############################
# UpdateUserById
############################