search

hypothesis / h

Annotate with anyone, anywhere.
https://hypothes.is/
BSD 2-Clause "Simplified" License
2.96k stars 427 forks source link

Add an API for editing a group membership's role #9114

Open seanh opened 8 hours ago

seanh commented 8 hours ago

Add an API for editing a group member's role:

PATCH /api/groups/{pubid}/members/{userid}
{"roles": ["<new_role>"]}

Testing:

  1. Log in as devdata_admin (http://localhost:5000/login)
  2. Create an API token (http://localhost:5000/account/developer)
  3. Create a group (http://localhost:5000/groups/new)
  4. Log in as a devdata_user and join the group
  5. Use devdata_admin's API token to promote devdata_user to admin: httpx http://localhost:5000/api/groups/{pubid}/members/acct:devdata_user@localhost --method PATCH --headers Authorization 'Bearer {apitoken}' --json '{"roles": ["admin"]}'
  6. Use the "me" alias to demote yourself to a plain member: httpx http://localhost:5000/api/groups/{pubid}/members/me --method PATCH --headers Authorization 'Bearer {apitoken}' --json '{"roles": ["admin"]}'
  7. Now that you're just a plain member if you try to promote yourself again or try to change devdata_user's role you'll get 404s.
  8. If you try to use an invalid role you'll get a validation error, for example: httpx http://localhost:5000/api/groups/{pubid}/members/me --method PATCH --headers Authorization 'Bearer {apitoken}' --json '{"roles": ["INVALID"]}'