From bedbd4840b0bfafc9f27987dcb66c0b44f0a5db9 Mon Sep 17 00:00:00 2001
From: phil1436 <philxsb@gmail.com>
Date: Fri, 22 Dec 2023 10:44:52 +0100
Subject: [PATCH] added get memebers for org

---
 ROUTES.md           | 37 +++++++++++++++++++++++++++++++++++++
 flask_app/user.py   | 19 ++++++++++++++++++-
 postgres/queries.py |  3 +++
 3 files changed, 58 insertions(+), 1 deletion(-)

diff --git a/ROUTES.md b/ROUTES.md
index f245eacc..59bcba64 100644
--- a/ROUTES.md
+++ b/ROUTES.md
@@ -130,6 +130,43 @@ http://localhost:8000/creatOrganisation
     }
     ```
 
+**GET**
+
+getOrganisationMembers
+
+```
+http://localhost:8000/getOrganisationMembers/<id>
+```
+
+### Header
+
+```json
+{
+    "authorization": "---"
+}
+```
+
+### Response
+
+-   404: Organisation **not found**:
+    ```json
+    {
+        "error": "Organisation not found."
+    }
+    ```
+-   401: User **not authorized**:
+    ```json
+    {
+        "error": "User not authorized."
+    }
+    ```
+-   200: **success**:
+    ```json
+    {
+        "members": ["username1", "username2", "username3"]
+    }
+    ```
+
 **POST**
 
 leaveOrganisation
diff --git a/flask_app/user.py b/flask_app/user.py
index 26511a1a..0e0fb9eb 100644
--- a/flask_app/user.py
+++ b/flask_app/user.py
@@ -2,7 +2,7 @@
 from flask import Blueprint, request, make_response
 
 from config import Token, tokenEncode, tokenDecode
-from postgres.queries import (checkPassword,
+from postgres.queries import (checkPassword, getMembersOfOrganisation,
 							  getOrganisationIDsFromUserId, getOrganisationName, getOrganisationFromUserId)
 from postgres.transactions import addUser, addOrganisation, addUserToOrganisation, deleteUser, leaveOrganisation
 
@@ -159,3 +159,20 @@ def add_user_to_organisation():
 	if error:
 		return make_response({"error": error}, 409)
 	return make_response({'organisation_id': organisation_id}, 200)
+
+@user_management.route('/getOrganisationMembers/<_id>', methods=['GET'])
+def get_organisation_members(_id):
+	authorization = request.headers.get("authorization")
+	token = tokenDecode(authorization)
+	if token is None:
+		return make_response({'error': 'no authorization'}, 401)
+
+	members_raw = getMembersOfOrganisation(_id)
+	if members_raw is None:
+		return make_response({'error':'organisation '+_id+' not found'}, 404)
+
+	members = []
+	for member in members_raw:
+		members.append(member[0])
+ 
+	return make_response({"members": members}, 200)
\ No newline at end of file
diff --git a/postgres/queries.py b/postgres/queries.py
index 92c41ec7..ec389325 100644
--- a/postgres/queries.py
+++ b/postgres/queries.py
@@ -24,6 +24,9 @@ def getOrganisationName(organisation_id: int):
 		return -1
 	return str(response[0])
 
+def getMembersOfOrganisation(organisation_id: int):
+	select_query = sql.SQL("SELECT username FROM users WHERE id IN (SELECT userid FROM membership WHERE organisationid = %s);")
+	return execute_query(select_query, (organisation_id,))
 
 def getMemberIDsFromOrganisationID(organisationID: int):
 	select_query = sql.SQL("SELECT userid FROM membership WHERE organisationid = %s;")