coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(api): return 403 when attempting to remove last owner

Browse Source 
Handle edge case where removing a member would leave an organization
without any owners. Service layer raises ValueError for this scenario,
which the API endpoint catches and converts to a forbidden response
with actionable error message about transferring ownership.
This commit is contained in:
Cory Hawkvelt
2026-04-20 16:37:04 +09:30
parent b2c2acc84f
commit 7550940934
2 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
gatehouse_app/api/v1/organizations/members.py
+4 -1
View File
@@ -56,7 +56,10 @@ def add_organization_member(org_id):
@full_access_required
def remove_organization_member(org_id, user_id):
org = OrganizationService.get_organization_by_id(org_id)
OrganizationService.remove_member(org=org, user_id=user_id, remover_id=g.current_user.id)
try:
OrganizationService.remove_member(org=org, user_id=user_id, remover_id=g.current_user.id)
except ValueError as e:
return api_response(success=False, message=str(e), status=403, error_type="OWNER_PROTECTION")
return api_response(message="Member removed successfully")