removed unwanted comments and updated unautorized response

sonal-aot · sonal-aot · commit 428d4c499dcd · 2026-03-18T16:25:20.000+05:30
diff --git a/extensions/m8flow-backend/src/m8flow_backend/api.yml b/extensions/m8flow-backend/src/m8flow_backend/api.yml
@@ -276,7 +276,7 @@ paths:
 
     put:
       summary: Update tenant display name
-      description: Updates the tenant's human-readable name in both the local database and the Keycloak realm (displayName). Restricted to 'super-admin' role. The slug and ID are immutable and cannot be changed.
+      description: Updates the tenant's human-readable name in both the local database and the Keycloak realm (displayName). The slug and ID are immutable and cannot be changed.
       operationId: m8flow_backend.routes.keycloak_controller.update_tenant_name
       tags:
         - Tenant
diff --git a/extensions/m8flow-backend/src/m8flow_backend/routes/keycloak_controller.py b/extensions/m8flow-backend/src/m8flow_backend/routes/keycloak_controller.py
@@ -197,14 +197,11 @@ def delete_tenant_realm(realm_id: str) -> tuple[dict, int]:
 
 @handle_api_errors
 def update_tenant_name(tenant_id: str, body: dict) -> tuple[dict, int]:
-    """Update a tenant's name in both Keycloak (displayName) and Postgres. 
-    Restricted to super-admin role. Uses internal master admin token.
-    """
+    """Update a tenant's display name. Requires appropriate permissions."""
     user = getattr(g, 'user', None)
     if not user:
         raise ApiError(error_code="not_authenticated", message="User not authenticated", status_code=401)
     
-    # Check for super-admin permission via m8flow.yml configuration
     is_authorized = AuthorizationService.user_has_permission(user, "update", request.path)
         
     if not is_authorized:
@@ -214,7 +211,7 @@ def update_tenant_name(tenant_id: str, body: dict) -> tuple[dict, int]:
             [getattr(g, 'identifier', g.name) for g in getattr(user, 'groups', [])],
             tenant_id
         )
-        raise ApiError(error_code="forbidden", message="Only super-admin can update tenant name", status_code=403)
+        raise ApiError(error_code="forbidden", message="Not authorized to update the tenant name.", status_code=403)
 
     new_name = body.get("name")
     if not new_name or not str(new_name).strip():
@@ -230,13 +227,9 @@ def update_tenant_name(tenant_id: str, body: dict) -> tuple[dict, int]:
         if not tenant:
             return {"detail": "Tenant not found"}, 404
 
-        # Fetch Keycloak admin token internally
         admin_token = get_master_admin_token()
 
-        # Update Keycloak realm displayName
         update_realm(tenant.slug, display_name=new_name, admin_token=admin_token)
-
-        # Update Postgres tenant name
         tenant.name = new_name
         db.session.commit()
         logger.info("Updated tenant name: id=%s slug=%s to name=%s (updated by %s)", 
