Refactor group deletion and privacy update endpoints to streamline permission checks and error handling

upayanmazumder · upayanmazumder · commit 8f34e6ce9b34 · 2024-11-29T22:17:19.000+05:30
diff --git a/api/auth/group/delete.py b/api/auth/group/delete.py
@@ -6,38 +6,25 @@
 
 @delete_group_bp.route('/auth/group/delete', methods=['DELETE'])
 def delete_group():
-    """
-    Route to delete a group. Only the group creator can delete the group.
-    """
     id_token = request.headers.get('Authorization')
-
     if not id_token:
         return jsonify({"error": "Missing Firebase ID token"}), 401
 
     try:
         decoded_token = auth.verify_id_token(id_token)
         user_id = decoded_token['uid']
 
-        group_data = request.json
-        if not group_data or 'group_id' not in group_data:
+        group_id = request.json.get("group_id")
+        if not group_id:
             return jsonify({"error": "Missing 'group_id' in request body"}), 400
 
-        group_id = group_data['group_id']
         group_ref = db.collection('groups').document(group_id)
-        group = group_ref.get()
-
-        if not group.exists:
-            return jsonify({"error": "Group not found"}), 404
-
-        group_data = group.to_dict()
-
-        if group_data['created_by'] != user_id:
-            return jsonify({"error": "Only the group creator can delete the group"}), 403
-
-        group_ref.delete()
-        return jsonify({"success": True, "message": "Group deleted successfully"}), 200
+        group_data = group_ref.get()
 
-    except auth.InvalidIdTokenError:
-        return jsonify({"error": "Invalid Firebase ID token"}), 401
+        if group_data.exists and group_data.to_dict().get("created_by") == user_id:
+            group_ref.delete()
+            return jsonify({"success": True, "message": "Group deleted successfully"}), 200
+        else:
+            return jsonify({"error": "Group not found or insufficient permissions"}), 403
     except Exception as e:
         return jsonify({"error": str(e)}), 500
diff --git a/api/auth/group/privacy.py b/api/auth/group/privacy.py
@@ -5,44 +5,32 @@
 db = firestore.client()
 
 @privacy_group_bp.route('/auth/group/privacy', methods=['PATCH'])
-def set_privacy():
-    """
-    Route to set a group's privacy (private or public). Only the group creator can update the privacy.
-    """
+def update_group_privacy():
     id_token = request.headers.get('Authorization')
-
     if not id_token:
         return jsonify({"error": "Missing Firebase ID token"}), 401
 
     try:
         decoded_token = auth.verify_id_token(id_token)
         user_id = decoded_token['uid']
 
-        group_data = request.json
-        if not group_data or 'group_id' not in group_data or 'privacy' not in group_data:
-            return jsonify({"error": "Missing 'group_id' or 'privacy' in request body"}), 400
+        data = request.json
+        group_id = data.get("group_id")
+        privacy = data.get("privacy")
 
-        group_id = group_data['group_id']
-        privacy = group_data['privacy'].lower()
+        if not group_id or not privacy:
+            return jsonify({"error": "Missing 'group_id' or 'privacy' in request body"}), 400
 
-        if privacy not in ['private', 'public']:
-            return jsonify({"error": "Invalid privacy value. Must be 'private' or 'public'"}), 400
+        if privacy not in ["private", "public"]:
+            return jsonify({"error": "Invalid privacy setting"}), 400
 
         group_ref = db.collection('groups').document(group_id)
-        group = group_ref.get()
-
-        if not group.exists:
-            return jsonify({"error": "Group not found"}), 404
-
-        group_data = group.to_dict()
-
-        if group_data['created_by'] != user_id:
-            return jsonify({"error": "Only the group creator can update the privacy"}), 403
-
-        group_ref.update({"privacy": privacy})
-        return jsonify({"success": True, "message": f"Group privacy set to {privacy}"}), 200
+        group_data = group_ref.get()
 
-    except auth.InvalidIdTokenError:
-        return jsonify({"error": "Invalid Firebase ID token"}), 401
+        if group_data.exists and group_data.to_dict().get("created_by") == user_id:
+            group_ref.update({"privacy": privacy})
+            return jsonify({"success": True, "message": "Group privacy updated"}), 200
+        else:
+            return jsonify({"error": "Group not found or insufficient permissions"}), 403
     except Exception as e:
         return jsonify({"error": str(e)}), 500
