diff --git a/server/src/handlers/group_handler.rs b/server/src/handlers/group_handler.rs index db6ef9fd4..085d6d58a 100644 --- a/server/src/handlers/group_handler.rs +++ b/server/src/handlers/group_handler.rs @@ -390,7 +390,6 @@ pub struct GetGroupData { /// Get Group /// /// Fetch the group with the given id. - #[utoipa::path( get, path = "/chunk_group/{group_id}", @@ -409,7 +408,6 @@ pub struct GetGroupData { ("ApiKey" = ["readonly"]), ) )] -/// get_group #[tracing::instrument(skip(pool))] pub async fn get_chunk_group( group_id: web::Path, diff --git a/server/src/handlers/invitation_handler.rs b/server/src/handlers/invitation_handler.rs index 43d23bf81..363a9b901 100644 --- a/server/src/handlers/invitation_handler.rs +++ b/server/src/handlers/invitation_handler.rs @@ -163,27 +163,32 @@ pub async fn create_invitation( /// Get all invitations for the organization. Auth'ed user or api key must have an admin or owner role for the specified dataset's organization. #[utoipa::path( get, - path = "/invitation/{organization_id}", + path = "/invitations/{organization_id}", context_path = "/api", tag = "Invitation", responses( (status = 200, description = "Invitations for the dataset", body = Vec), (status = 400, description = "Service error relating to getting invitations for the dataset", body = ErrorResponseBody), ), + params( + ("TR-Organization" = String, Header, description = "The organization id to use for the request"), + ("organization_id" = uuid, Path, description = "The organization id to get invitations for"), + ), security( - ("ApiKey" = ["admin"]), + ("ApiKey" = ["readonly"]), ) )] #[tracing::instrument(skip(pool))] pub async fn get_invitations( user: AdminOnly, - org_id: web::Path, + organization_id: web::Path, pool: web::Data, ) -> Result { - if !verify_admin(&user, &org_id.clone()) { + if !verify_admin(&user, &organization_id.clone()) { return Err(ServiceError::Forbidden); } - let invitations = get_invitations_for_organization_query(org_id.into_inner(), pool).await?; + let invitations = + get_invitations_for_organization_query(organization_id.into_inner(), pool).await?; Ok(HttpResponse::Ok().json(invitations)) } @@ -199,6 +204,10 @@ pub async fn get_invitations( (status = 204, description = "Ok response. Indicates that invitation was deleted."), (status = 400, description = "Service error relating to deleting invitation", body = ErrorResponseBody), ), + params( + ("TR-Organization" = String, Header, description = "The organization id to use for the request"), + ("invitation_id" = uuid, Path, description = "The id of the invitation to delete"), + ), security( ("ApiKey" = ["admin"]), ) diff --git a/server/src/handlers/stripe_handler.rs b/server/src/handlers/stripe_handler.rs index 47b238337..f34aa91ca 100644 --- a/server/src/handlers/stripe_handler.rs +++ b/server/src/handlers/stripe_handler.rs @@ -344,7 +344,7 @@ pub struct UpdateSubscriptionData { ("plan_id" = uuid::Uuid, Path, description = "id of the plan you want to subscribe to"), ), security( - ("ApiKey" = ["readonly"]), + ("ApiKey" = ["owner"]), ) )] #[tracing::instrument(skip(pool))] @@ -412,6 +412,9 @@ pub async fn get_all_plans(pool: web::Data) -> Result std::io::Result<()> { .route(web::delete().to(handlers::invitation_handler::delete_invitation)), ), ) + .service( + web::scope("/invitations") + .service( + web::resource("/{organization_id}") + .route(web::get().to(handlers::invitation_handler::get_invitations)), + ), + ) .service( web::scope("/stripe") .service(