From 819405b8f14107621cd93bd9a4f482779542b92a Mon Sep 17 00:00:00 2001
From: pieterlukasse <pieterlukasse@gmail.com>
Date: Tue, 19 Nov 2024 19:38:05 +0100
Subject: [PATCH] feat: remove role from POST /admin/user endpoint

---
 fence/blueprints/admin.py            | 2 --
 fence/resources/admin/admin_users.py | 4 +---
 openapis/swagger.yaml                | 4 ----
 tests/admin/test_admin_users.py      | 5 ++---
 4 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/fence/blueprints/admin.py b/fence/blueprints/admin.py
index 41343068e..b3e898460 100644
--- a/fence/blueprints/admin.py
+++ b/fence/blueprints/admin.py
@@ -84,7 +84,6 @@ def create_user():
     Returns a json object
     """
     username = request.get_json().get("username", None)
-    role = request.get_json().get("role", None)
     email = request.get_json().get("email", None)
     display_name = request.get_json().get("display_name", None)
     phone_number = request.get_json().get("phone_number", None)
@@ -95,7 +94,6 @@ def create_user():
         admin.create_user(
             current_app.scoped_session(),
             username,
-            role,
             email,
             display_name,
             phone_number,
diff --git a/fence/resources/admin/admin_users.py b/fence/resources/admin/admin_users.py
index 37b586476..69aae8cb5 100644
--- a/fence/resources/admin/admin_users.py
+++ b/fence/resources/admin/admin_users.py
@@ -98,7 +98,6 @@ def get_user_groups(current_session, username):
 def create_user(
     current_session,
     username,
-    role,
     email,
     display_name=None,
     phone_number=None,
@@ -136,9 +135,8 @@ def create_user(
                 )
             )
         logger.debug(f"User does not yet exist for: {username}. Creating a new one...")
-        is_admin = role == "admin"
         email_add = email
-        usr = User(username=username, active=True, is_admin=is_admin, email=email_add)
+        usr = User(username=username, active=True, email=email_add)
         usr.display_name = display_name
         usr.phone_number = phone_number
 
diff --git a/openapis/swagger.yaml b/openapis/swagger.yaml
index 7416bddc6..6ab2e33eb 100644
--- a/openapis/swagger.yaml
+++ b/openapis/swagger.yaml
@@ -1771,15 +1771,11 @@ components:
       type: object
       required:
         - username
-        - role
         - email
       properties:
         username:
           type: string
           description: 'This value is deprecated in favor of name.'
-        role:
-          type: string
-          description: 'Set to "admin" if the user should be given admin rights. Any other value is not parsed or used, and results in user being a normal/regular user.'
         email:
           type: string
           description: 'The email of the end-user'
diff --git a/tests/admin/test_admin_users.py b/tests/admin/test_admin_users.py
index 2bc50d6d6..159f34294 100644
--- a/tests/admin/test_admin_users.py
+++ b/tests/admin/test_admin_users.py
@@ -25,10 +25,10 @@ def test_get_user(db_session, awg_users):
 
 
 def test_create_user(db_session, oauth_client):
-    adm.create_user(db_session, "insert_user", "admin", "insert_user@fake.com")
+    adm.create_user(db_session, "insert_user", "insert_user@fake.com")
     user = db_session.query(User).filter(User.username == "insert_user").first()
     assert user.username == "insert_user"
-    assert user.is_admin == True
+    assert user.is_admin == False  # DEPRECATED field.
     assert user.email == "insert_user@fake.com"
     assert user.display_name is None
     assert user.phone_number is None
@@ -46,7 +46,6 @@ def test_create_user_with_all_fields_set(db_session, oauth_client):
     adm.create_user(
         db_session,
         "insert_user",
-        None,
         "insert_user@fake.com",
         "Dummy Name",
         "+310000",