feat: adds checks for accepting owner role invite

changed the filter_by query

updates checks while creation/updation/acceptance of owner-role-invite

Author: shreyanshdwivedi

app/api/helpers/role_invite.py

@@ -0,0 +1,23 @@
+import logging
+from app.models import db
+from app.models.role_invite import RoleInvite
+
+
+def delete_previous_uer(uer):
+    """
+    delete previous owner before adding a new one
+    :param uer: User Event Role to be deleted.
+    :return:
+    """
+    role_invite = db.session.query(RoleInvite).filter_by(
+        email=uer.user.email, event_id=uer.event_id, role_name='owner', status='accepted'
+        ).first()
+
+    if role_invite:
+        db.session.delete(role_invite)
+    db.session.delete(uer)
+    try:
+        db.session.commit()
+    except Exception as e:
+        logging.error('DB Exception! %s' % e)
+        db.session.rollback()

app/api/role_invites.py

@@ -11,6 +11,7 @@
 from app.api.helpers.notification import send_notif_event_role
 from app.api.helpers.permission_manager import has_access
 from app.api.helpers.query import event_query
+from app.api.helpers.role_invite import delete_previous_uer
 from app.api.helpers.utilities import require_relationship
 from app.api.schema.role_invites import RoleInviteSchema
 from app.models import db
@@ -41,6 +42,16 @@ def before_post(self, args, kwargs, data):
         if not has_access('is_organizer', event_id=data['event']):
             raise ForbiddenException({'source': ''}, 'Organizer access is required.')
 
+    def before_create_object(self, data, view_kwargs):
+        """
+        before create object method for RoleInviteListPost Class
+        :param data:
+        :param view_kwargs:
+        :return:
+        """
+        if data['role_name'] == 'owner' and not has_access('is_owner', event_id=data['event']):
+            raise ForbiddenException({'source': ''}, 'Owner access is required.')
+
     def after_create_object(self, role_invite, data, view_kwargs):
         """
         after create object method for role invite links
@@ -67,6 +78,7 @@ def after_create_object(self, role_invite, data, view_kwargs):
     data_layer = {'session': db.session,
                   'model': RoleInvite,
                   'methods': {
+                      'before_create_object': before_create_object,
                       'after_create_object': after_create_object
                   }}
 
@@ -116,6 +128,8 @@ def before_update_object(self, role_invite, data, view_kwargs):
                                                                                                 user_id=user.id):
                 raise UnprocessableEntity({'source': ''},
                                           "Status can be updated only by event organizer or user hiself")
+        if 'role_name' in data and data['role_name'] == 'owner' and not has_access('is_owner', event_id=data['event']):
+            raise ForbiddenException({'source': ''}, 'Owner access is required.')
         if not user and not has_access('is_organizer', event_id=role_invite.event_id):
             raise UnprocessableEntity({'source': ''}, "User not registered")
         if not has_access('is_organizer', event_id=role_invite.event_id) and (len(list(data.keys())) > 1 or
@@ -159,6 +173,7 @@ def accept_invite():
         event = Event.query.filter_by(id=role_invite.event_id).first()
         uer = UsersEventsRoles.query.filter_by(user=user).filter_by(
             event=event).filter_by(role=role).first()
+
         if not uer:
             role_invite.status = "accepted"
             save_to_db(role_invite, 'Role Invite Accepted')
@@ -167,6 +182,10 @@ def accept_invite():
             if not user.is_verified:
                 user.is_verified = True
                 save_to_db(user, 'User verified')
+            if role_invite.role_name == 'owner':
+                past_owner = UsersEventsRoles.query.filter_by(event=event, role=role).first()
+                if past_owner:
+                    delete_previous_uer(past_owner)
 
     return jsonify({
         "email": user.email,