From e441875af7810b1377229b93b5e207b92396231e Mon Sep 17 00:00:00 2001
From: "Timothy J. Baek" <timothyjrbeck@gmail.com>
Date: Fri, 5 Jan 2024 21:02:49 -0800
Subject: [PATCH] fix: update role

---
 backend/apps/web/routers/users.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/backend/apps/web/routers/users.py b/backend/apps/web/routers/users.py
index f478003c4..753ad05a3 100644
--- a/backend/apps/web/routers/users.py
+++ b/backend/apps/web/routers/users.py
@@ -31,6 +31,30 @@ async def get_users(skip: int = 0, limit: int = 50, user=Depends(get_current_use
     return Users.get_users(skip, limit)
 
 
+############################
+# UpdateUserRole
+############################
+
+
+@router.post("/update/role", response_model=Optional[UserModel])
+async def update_user_role(
+    form_data: UserRoleUpdateForm, user=Depends(get_current_user)
+):
+    if user.role != "admin":
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+        )
+
+    if user.id != form_data.id:
+        return Users.update_user_role_by_id(form_data.id, form_data.role)
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail=ERROR_MESSAGES.ACTION_PROHIBITED,
+        )
+
+
 ############################
 # UpdateUserById
 ############################