diff options
| -rw-r--r-- | gn_auth/auth/authorisation/users/admin/models.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/users/admin/models.py b/gn_auth/auth/authorisation/users/admin/models.py index 03a027e..3543dac 100644 --- a/gn_auth/auth/authorisation/users/admin/models.py +++ b/gn_auth/auth/authorisation/users/admin/models.py @@ -46,3 +46,10 @@ def make_sys_admin(cursor: db.DbCursor, user: User) -> User: f"The function `{__name__}.make_sys_admin` will be removed soon"), stacklevel=1) return grant_sysadmin_role(cursor, user) + + +def revoke_sysadmin_role(conn: db.DbConnection, user: User) -> User: + """Revoke `system-administrator` role from `user`.""" + with db.cursor(conn) as cursor: + cursor.execute("DELETE FROM user_roles WHERE user_id=? AND role_id=?", + (str(user.user_id), str(sysadmin_role(conn).role_id))) |