| 386 | |
| 387 | |
| 388 | async def delete_usergroup_by_id( |
| 389 | request: Request, |
| 390 | db_session: AsyncSession, |
| 391 | current_user: PublicUser | AnonymousUser, |
| 392 | usergroup_id: int, |
| 393 | ) -> str: |
| 394 | |
| 395 | statement = select(UserGroup).where(UserGroup.id == usergroup_id) |
| 396 | usergroup = (await db_session.execute(statement)).scalars().first() |
| 397 | |
| 398 | if not usergroup: |
| 399 | raise HTTPException( |
| 400 | status_code=404, |
| 401 | detail="UserGroup not found", |
| 402 | ) |
| 403 | |
| 404 | # RBAC check — scoped to the usergroup's org to prevent cross-org IDOR |
| 405 | await rbac_check( |
| 406 | request, |
| 407 | usergroup_uuid=usergroup.usergroup_uuid, |
| 408 | current_user=current_user, |
| 409 | action="delete", |
| 410 | db_session=db_session, |
| 411 | org_id=usergroup.org_id, |
| 412 | ) |
| 413 | |
| 414 | # Feature usage |
| 415 | await increase_feature_usage("usergroups", usergroup.org_id, db_session) |
| 416 | |
| 417 | usergroup_uuid_val = usergroup.usergroup_uuid |
| 418 | usergroup_name_val = usergroup.name |
| 419 | usergroup_org_id = usergroup.org_id |
| 420 | |
| 421 | await db_session.delete(usergroup) |
| 422 | await db_session.commit() |
| 423 | |
| 424 | await dispatch_webhooks( |
| 425 | event_name="usergroup_deleted", |
| 426 | org_id=usergroup_org_id, |
| 427 | data={ |
| 428 | "usergroup_uuid": usergroup_uuid_val, |
| 429 | "name": usergroup_name_val, |
| 430 | }, |
| 431 | ) |
| 432 | |
| 433 | return "UserGroup deleted successfully" |
| 434 | |
| 435 | |
| 436 | async def add_users_to_usergroup( |