Closed knivets closed 5 years ago
The existing_role
deals with the case where the user is already a manager for the organization, but now accept a contributor role. It used to be that a user could have multiple roles on an organization but as it turns out, it is best for managing complexity to constraint a user to have one and only one role at a time.
I added a url to extras.py but the problem is that the view that deals with accessibles doesn't inherit from OrganizationMixin
so I added the actual url to djaoapp and the one here mostly to keep testsite functioning. We need another solution for global urls.
I basically copy pasted the code from the view that implement the logic, the one you told me about. As for the verification key not being included in the url - the request is not idempotent that’s why it made sense to use POST here.
Also not sure what do you mean by 3rd point in the overall comments list.
I copied the code from the
RoleGrantAcceptView
but I'm not sure why we needexisting_role
check. Considering that when the role grant is created theuser
is passed already https://github.com/djaodjin/djaodjin-saas/blob/master/saas/api/roles.py#L824.