update

2024-02-15 18:00:46 +01:00 · 2024-02-15 18:00:46 +01:00 · a4ced1dee1
parent 4bf1c71165
commit a4ced1dee1
2 changed files with 14 additions and 9 deletions
--- a/backend/apis/BlinkApiUsageExample.json
+++ b/backend/apis/BlinkApiUsageExample.json
--- a/backend/apis/nodejs/api_controller.js
+++ b/backend/apis/nodejs/api_controller.js
@ -526,6 +526,8 @@ async function deleteOrganizationPost(req, res){
 * 
 * Add an Administrator to an Organization. Allowed only if the
 * logged user is an Administrator themselves.
+ * 
+ * Required field(s): organization_id, person_id
 */
 async function addOrganizationAdmin(req, res){

@ -558,20 +560,23 @@ async function addOrganizationAdmin(req, res){
  }
 }

-// DELETE
+// todo check correctness
+/**
+ * DELETE Request
+ * 
+ * Deletes a Person from the list of Administrators of an Organization.
+ * The logged user can only remove themselves.
+ * 
+ * Required field(s): organization_id
+ * @returns 
+ */
 async function removeOrganizationAdmin(req, res){
  
    // Ensure that the required fields are present before proceeding
-    if (!req.body.organization_id || !req.body.person_id) {
+    if (!req.body.organization_id) {
      return res.status(400).json({ error : "Invalid request"});
    }

-    // I can remove only myself from the list of administrators
-    // TODO: What's the point for having 'body.person_id' then?
-    if(req.body.person_id != req.jwt.person_id){
-      return res.status(403).json({ error : "Forbidden"});
-    }
-
    try{
      knex.transaction(async (trx) => {
        await trx('OrganizationAdministrator')