diff options
| author | Frederick Muriuki Muriithi | 2025-07-30 10:05:51 -0500 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2025-07-30 10:05:51 -0500 |
| commit | 1244b2103943e0a0ade0719036ae39baaf6c47b5 (patch) | |
| tree | 483aa11e1e7bd3761b65739f46d1d713f665eb83 | |
| parent | 12d7e7c50f0dbd56e102790d9b412efb6e013edb (diff) | |
| download | gn-auth-1244b2103943e0a0ade0719036ae39baaf6c47b5.tar.gz | |
Implement revocation of `system-administrator` role.
| -rw-r--r-- | gn_auth/auth/authorisation/users/admin/models.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/users/admin/models.py b/gn_auth/auth/authorisation/users/admin/models.py index 03a027e..3543dac 100644 --- a/gn_auth/auth/authorisation/users/admin/models.py +++ b/gn_auth/auth/authorisation/users/admin/models.py @@ -46,3 +46,10 @@ def make_sys_admin(cursor: db.DbCursor, user: User) -> User: f"The function `{__name__}.make_sys_admin` will be removed soon"), stacklevel=1) return grant_sysadmin_role(cursor, user) + + +def revoke_sysadmin_role(conn: db.DbConnection, user: User) -> User: + """Revoke `system-administrator` role from `user`.""" + with db.cursor(conn) as cursor: + cursor.execute("DELETE FROM user_roles WHERE user_id=? AND role_id=?", + (str(user.user_id), str(sysadmin_role(conn).role_id))) |