feat: adds checks for accepting owner role invite

changed the filter_by query

updates checks while creation/updation/acceptance of owner-role-invite

Author: shreyanshdwivedi

app/api/helpers/role_invite.py

@@ -0,0 +1,28 @@
+import logging
+from app.models import db
+from app.models.role_invite import RoleInvite
+
+
+def delete_previous_uer(uer):
+    """
+    delete previous owner and previous role of the user before adding the user as new owner
+    :param uer: User Event Role to be deleted.
+    :return:
+    """
+    if uer.role.name == 'owner':
+        role_invite = db.session.query(RoleInvite).filter_by(
+            email=uer.user.email, event_id=uer.event_id, role_name='owner', status='accepted'
+            ).first()
+    else:
+        role_invite = db.session.query(RoleInvite).filter_by(
+            email=uer.user.email, event_id=uer.event_id, status='accepted'
+            ).first()
+
+    if role_invite:
+        db.session.delete(role_invite)
+    db.session.delete(uer)
+    try:
+        db.session.commit()
+    except Exception as e:
+        logging.error('DB Exception! %s' % e)
+        db.session.rollback()

app/api/role_invites.py

@@ -11,6 +11,7 @@
 from app.api.helpers.notification import send_notif_event_role
 from app.api.helpers.permission_manager import has_access
 from app.api.helpers.query import event_query
+from app.api.helpers.role_invite import delete_previous_uer
 from app.api.helpers.utilities import require_relationship
 from app.api.schema.role_invites import RoleInviteSchema
 from app.models import db
@@ -41,6 +42,16 @@ def before_post(self, args, kwargs, data):
         if not has_access('is_organizer', event_id=data['event']):
             raise ForbiddenException({'source': ''}, 'Organizer access is required.')
 
+    def before_create_object(self, data, view_kwargs):
+        """
+        before create object method for RoleInviteListPost Class
+        :param data:
+        :param view_kwargs:
+        :return:
+        """
+        if data['role_name'] == 'owner' and not has_access('is_owner', event_id=data['event']):
+            raise ForbiddenException({'source': ''}, 'Owner access is required.')
+
     def after_create_object(self, role_invite, data, view_kwargs):
         """
         after create object method for role invite links
@@ -67,6 +78,7 @@ def after_create_object(self, role_invite, data, view_kwargs):
     data_layer = {'session': db.session,
                   'model': RoleInvite,
                   'methods': {
+                      'before_create_object': before_create_object,
                       'after_create_object': after_create_object
                   }}
 
@@ -116,6 +128,8 @@ def before_update_object(self, role_invite, data, view_kwargs):
                                                                                                 user_id=user.id):
                 raise UnprocessableEntity({'source': ''},
                                           "Status can be updated only by event organizer or user hiself")
+        if 'role_name' in data and data['role_name'] == 'owner' and not has_access('is_owner', event_id=data['event']):
+            raise ForbiddenException({'source': ''}, 'Owner access is required.')
         if not user and not has_access('is_organizer', event_id=role_invite.event_id):
             raise UnprocessableEntity({'source': ''}, "User not registered")
         if not has_access('is_organizer', event_id=role_invite.event_id) and (len(list(data.keys())) > 1 or
@@ -160,13 +174,24 @@ def accept_invite():
         uer = UsersEventsRoles.query.filter_by(user=user).filter_by(
             event=event).filter_by(role=role).first()
         if not uer:
+            if not user.is_verified:
+                user.is_verified = True
+                save_to_db(user, 'User verified')
+            if role_invite.role_name == 'owner':
+                # to delete past owner from users_events_roles table
+                past_owner = UsersEventsRoles.query.filter_by(event=event, role=role).first()
+                if past_owner:
+                    delete_previous_uer(past_owner)
+                # to delete any previous role of the current user (going to be owner)
+                previous_uer = UsersEventsRoles.query.filter_by(event=event, user_id=user.id).first()
+                if previous_uer:
+                    delete_previous_uer(previous_uer)
+
             role_invite.status = "accepted"
             save_to_db(role_invite, 'Role Invite Accepted')
             uer = UsersEventsRoles(user, event, role)
             save_to_db(uer, 'User Event Role Created')
-            if not user.is_verified:
-                user.is_verified = True
-                save_to_db(user, 'User verified')
+                
 
     return jsonify({
         "email": user.email,