🎨 The user can remove themselves from the project/workspace. (ITISFoundation#6415)

matusdrobuliak66 · mrnicegyu11 · commit 84119ba57be4 · 2024-10-02T08:30:27.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/projects/_groups_api.py b/services/web/server/src/simcore_service_webserver/projects/_groups_api.py
@@ -139,19 +139,20 @@ async def delete_project_group(
     group_id: GroupID,
     product_name: ProductName,
 ) -> None:
-    await check_user_project_permission(
-        app,
-        project_id=project_id,
-        user_id=user_id,
-        product_name=product_name,
-        permission="delete",
-    )
+    user: dict = await users_api.get_user(app, user_id=user_id)
+    if user["primary_gid"] != group_id:
+        await check_user_project_permission(
+            app,
+            project_id=project_id,
+            user_id=user_id,
+            product_name=product_name,
+            permission="delete",
+        )
 
     project_db: ProjectDBAPI = app[APP_PROJECT_DBAPI]
     project = await project_db.get_project_db(project_id)
     project_owner_user: dict = await users_api.get_user(app, project.prj_owner)
     if project_owner_user["primary_gid"] == group_id:
-        user: dict = await users_api.get_user(app, user_id)
         if user["primary_gid"] != project_owner_user["primary_gid"]:
             # Only the owner of the project can delete the owner group
             raise ProjectInvalidRightsError(
diff --git a/services/web/server/src/simcore_service_webserver/workspaces/_groups_api.py b/services/web/server/src/simcore_service_webserver/workspaces/_groups_api.py
@@ -159,15 +159,15 @@ async def delete_workspace_group(
     group_id: GroupID,
     product_name: ProductName,
 ) -> None:
+    user: dict = await users_api.get_user(app, user_id=user_id)
     workspace: UserWorkspaceAccessRightsDB = await workspaces_db.get_workspace_for_user(
         app=app, user_id=user_id, workspace_id=workspace_id, product_name=product_name
     )
-    if workspace.my_access_rights.delete is False:
+    if user["primary_gid"] != group_id and workspace.my_access_rights.delete is False:
         raise WorkspaceAccessForbiddenError(
             reason=f"User does not have delete access to workspace {workspace_id}"
         )
     if workspace.owner_primary_gid == group_id:
-        user: dict = await users_api.get_user(app, user_id)
         if user["primary_gid"] != workspace.owner_primary_gid:
             # Only the owner of the workspace can delete the owner group
             raise WorkspaceAccessForbiddenError(
