From e441875af7810b1377229b93b5e207b92396231e Mon Sep 17 00:00:00 2001 From: "Timothy J. Baek" Date: Fri, 5 Jan 2024 21:02:49 -0800 Subject: [PATCH] fix: update role --- backend/apps/web/routers/users.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/backend/apps/web/routers/users.py b/backend/apps/web/routers/users.py index f478003c..753ad05a 100644 --- a/backend/apps/web/routers/users.py +++ b/backend/apps/web/routers/users.py @@ -31,6 +31,30 @@ async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_current_use return Users.get_users(skip, limit) +############################ +# UpdateUserRole +############################ + + +@router.post("/update/role", response_model=Optional[UserModel]) +async def update_user_role( + form_data: UserRoleUpdateForm, user=Depends(get_current_user) +): + if user.role != "admin": + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail=ERROR_MESSAGES.ACCESS_PROHIBITED, + ) + + if user.id != form_data.id: + return Users.update_user_role_by_id(form_data.id, form_data.role) + else: + raise HTTPException( + status_code=status.HTTP_403_FORBIDDEN, + detail=ERROR_MESSAGES.ACTION_PROHIBITED, + ) + + ############################ # UpdateUserById ############################