From 1e8e24fabf03a516d7b93ad092fac860d3ca9f01 Mon Sep 17 00:00:00 2001
From: Frederick Muriuki Muriithi
Date: Wed, 30 Jul 2025 10:51:02 -0500
Subject: Don't allow user to create a group when they are a member of another

When user is made a member of a group, we revoke their ability to
create a new group.
---
 gn_auth/auth/authorisation/resources/groups/models.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/gn_auth/auth/authorisation/resources/groups/models.py b/gn_auth/auth/authorisation/resources/groups/models.py
index a4aacc7..a681e25 100644
--- a/gn_auth/auth/authorisation/resources/groups/models.py
+++ b/gn_auth/auth/authorisation/resources/groups/models.py
@@ -313,6 +313,7 @@ def add_user_to_group(cursor: db.DbCursor, the_group: Group, user: User):
         ("INSERT INTO group_users VALUES (:group_id, :user_id) "
          "ON CONFLICT (group_id, user_id) DO NOTHING"),
         {"group_id": str(the_group.group_id), "user_id": str(user.user_id)})
+    revoke_user_role_by_name(cursor, user, "group-creator")
 
 
 @authorised_p(
-- 
cgit 1.4.1