Merge pull request #600 from lbedner/update-docs-deps

Update Docs Deps

Author: lbedner

CLAUDE.md

@@ -32,7 +32,7 @@ Each generated project includes:
 
 ## Installation
 
-**Current Version**: 0.6.8rc2
+**Current Version**: 0.6.8rc3
 
 ```bash
 pip install aegis-stack

aegis/__init__.py

@@ -2,4 +2,4 @@
 Aegis Stack CLI - Component generation and project management tools.
 """
 
-__version__ = "0.6.8rc2"
+__version__ = "0.6.8rc3"

aegis/core/manual_updater.py

@@ -42,12 +42,21 @@
 # Must be regenerated when upgrading auth level.
 REGENERATE_ON_AUTH_LEVEL_CHANGE = {
     "app/models/user.py",
+    "app/models/org.py",
     "app/core/security.py",
     "app/services/auth/auth_service.py",
+    "app/services/auth/org_service.py",
+    "app/services/auth/membership_service.py",
+    "app/services/auth/invite_service.py",
     "app/components/backend/api/auth/router.py",
+    "app/components/backend/api/orgs/router.py",
+    "app/components/backend/api/orgs/__init__.py",
     "app/components/backend/api/deps.py",
     "app/components/frontend/dashboard/modals/auth_modal.py",
     "app/components/frontend/dashboard/modals/auth_users_tab.py",
+    "app/components/frontend/dashboard/modals/auth_orgs_tab.py",
+    "tests/services/test_org_integration.py",
+    "tests/api/test_org_endpoints.py",
 }
 
 

aegis/templates/copier-aegis-project/{{ project_slug }}/app/components/backend/api/orgs/router.py.jinja

@@ -27,10 +27,12 @@ from app.models.org import (
     BulkAddMembersRequest,
     InviteCreate,
     InviteResponse,
+    MemberDetailResponse,
     MemberResponse,
     OrganizationMember,
     OrgCreate,
     OrgResponse,
+    TransferOwnershipRequest,
     UserMembershipResponse,
 )
 from app.services.auth.auth_service import get_current_user_from_token{% if include_auth_rbac %}, require_role{% endif %}
@@ -226,6 +228,28 @@ async def delete_org(
     await audit.emit("auth.org_deleted", actor_id=user.id, target_type="org", target_id=org_id)
 
 
+@router.post("/{org_id}/transfer-ownership")
+async def transfer_ownership(
+    org_id: int,
+    body: TransferOwnershipRequest,
+    user=Depends(_get_current_user),
+    membership_service: MembershipService = Depends(get_membership_service),
+    audit: AuditEmitter = Depends(get_audit),
+) -> dict[str, str]:
+    """Transfer org ownership to another member. Requires owner role."""
+    await _require_org_role(
+        membership_service, org_id, user.id, {ORG_ROLE_OWNER}
+    )
+    if body.user_id == user.id:
+        raise_bad_request("Cannot transfer ownership to yourself")
+    try:
+        await membership_service.transfer_ownership(org_id, user.id, body.user_id)
+    except ValueError as e:
+        raise_bad_request(str(e))
+    await audit.emit("auth.org_ownership_transferred", actor_id=user.id, org_id=org_id, target_type="user", target_id=body.user_id)
+    return {"detail": "Ownership transferred"}
+
+
 # =============================================================================
 # Membership Management
 # =============================================================================
@@ -244,6 +268,19 @@ async def list_members(
     return [MemberResponse.model_validate(m) for m in members]
 
 
+@router.get("/{org_id}/members/details", response_model=list[MemberDetailResponse])
+async def list_member_details(
+    org_id: int,
+    user=Depends(_get_current_user),
+    membership_service: MembershipService = Depends(get_membership_service),
+) -> list[MemberDetailResponse]:
+    """List org members with user details (email, name). Requires membership."""
+    await _require_member_access(membership_service, org_id, user.id)
+
+    rows = await membership_service.list_org_members_with_details(org_id)
+    return [MemberDetailResponse(**row) for row in rows]
+
+
 @router.post(
     "/{org_id}/members",
     response_model=MemberResponse,

aegis/templates/copier-aegis-project/{{ project_slug }}/tests/api/test_org_endpoints.py.jinja

@@ -390,6 +390,144 @@ class TestInviteEndpoints:
         )
 
         assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+
+@pytest.mark.usefixtures("_enable_auth")
+class TestMemberDetails:
+    """Test GET /orgs/{org_id}/members/details."""
+
+    @pytest.mark.asyncio
+    async def test_org_admin_can_get_member_details(
+        self, async_client_with_db: TestClient, async_db_session: AsyncSession,
+        setup_org_with_owner, create_user,
+    ) -> None:
+        """Org admin can see member emails and names."""
+        _, org, token = await setup_org_with_owner(
+            email="det-owner@test.com", slug="det-org"
+        )
+        member = await create_user("det-member@test.com")
+        membership_service = MembershipService(async_db_session)
+        await membership_service.add_member(org.id, member.id)
+
+        response = async_client_with_db.get(
+            f"/api/v1/orgs/{org.id}/members/details",
+            headers={"Authorization": f"Bearer {token}"},
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+        data = response.json()
+        assert len(data) >= 2
+        emails = {m["email"] for m in data}
+        assert "det-member@test.com" in emails
+
+    @pytest.mark.asyncio
+    async def test_non_member_cannot_get_member_details(
+        self, async_client_with_db: TestClient, async_db_session: AsyncSession,
+        setup_org_with_owner, create_user_with_token,
+    ) -> None:
+        """Non-member cannot see org member details."""
+        _, org, _ = await setup_org_with_owner(
+            email="det2-owner@test.com", slug="det2-org"
+        )
+        _, outsider_token = await create_user_with_token("det2-outsider@test.com")
+
+        response = async_client_with_db.get(
+            f"/api/v1/orgs/{org.id}/members/details",
+            headers={"Authorization": f"Bearer {outsider_token}"},
+        )
+
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.usefixtures("_enable_auth")
+class TestOwnershipTransfer:
+    """Test POST /orgs/{org_id}/transfer-ownership."""
+
+    @pytest.mark.asyncio
+    async def test_owner_can_transfer(
+        self, async_client_with_db: TestClient, async_db_session: AsyncSession,
+        setup_org_with_owner, create_user,
+    ) -> None:
+        """Owner transfers ownership to an admin member."""
+        owner, org, token = await setup_org_with_owner(
+            email="xfer-owner@test.com", slug="xfer-org"
+        )
+        admin = await create_user("xfer-admin@test.com")
+        membership_service = MembershipService(async_db_session)
+        await membership_service.add_member(org.id, admin.id, role="admin")
+
+        response = async_client_with_db.post(
+            f"/api/v1/orgs/{org.id}/transfer-ownership",
+            json={"user_id": admin.id},
+            headers={"Authorization": f"Bearer {token}"},
+        )
+
+        assert response.status_code == status.HTTP_200_OK
+
+        new_owner = await membership_service.get_member(org.id, admin.id)
+        assert new_owner.role == "owner"
+
+        old_owner = await membership_service.get_member(org.id, owner.id)
+        assert old_owner.role == "admin"
+
+    @pytest.mark.asyncio
+    async def test_non_owner_cannot_transfer(
+        self, async_client_with_db: TestClient, async_db_session: AsyncSession,
+        setup_org_with_owner, create_user_with_token,
+    ) -> None:
+        """Admin cannot transfer ownership."""
+        _, org, _ = await setup_org_with_owner(
+            email="xfer2-owner@test.com", slug="xfer2-org"
+        )
+        admin, admin_token = await create_user_with_token("xfer2-admin@test.com")
+        membership_service = MembershipService(async_db_session)
+        await membership_service.add_member(org.id, admin.id, role="admin")
+
+        response = async_client_with_db.post(
+            f"/api/v1/orgs/{org.id}/transfer-ownership",
+            json={"user_id": admin.id},
+            headers={"Authorization": f"Bearer {admin_token}"},
+        )
+
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+
+    @pytest.mark.asyncio
+    async def test_transfer_to_non_member_fails(
+        self, async_client_with_db: TestClient, async_db_session: AsyncSession,
+        setup_org_with_owner, create_user,
+    ) -> None:
+        """Cannot transfer to someone who isn't a member."""
+        _, org, token = await setup_org_with_owner(
+            email="xfer3-owner@test.com", slug="xfer3-org"
+        )
+        outsider = await create_user("xfer3-outsider@test.com")
+
+        response = async_client_with_db.post(
+            f"/api/v1/orgs/{org.id}/transfer-ownership",
+            json={"user_id": outsider.id},
+            headers={"Authorization": f"Bearer {token}"},
+        )
+
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+    @pytest.mark.asyncio
+    async def test_self_transfer_fails(
+        self, async_client_with_db: TestClient, async_db_session: AsyncSession,
+        setup_org_with_owner,
+    ) -> None:
+        """Cannot transfer ownership to yourself."""
+        owner, org, token = await setup_org_with_owner(
+            email="xfer4-owner@test.com", slug="xfer4-org"
+        )
+
+        response = async_client_with_db.post(
+            f"/api/v1/orgs/{org.id}/transfer-ownership",
+            json={"user_id": owner.id},
+            headers={"Authorization": f"Bearer {token}"},
+        )
+
+        assert response.status_code == status.HTTP_400_BAD_REQUEST
+        assert "yourself" in response.json()["detail"].lower()
 {% else %}
 # Organization endpoint tests not included (auth_level != org)
 {% endif %}

copier.yml

@@ -6,7 +6,7 @@
 # - Update support
 
 _min_copier_version: "9.0.0"
-_version: "0.6.8rc2"
+_version: "0.6.8rc3"
 
 # IMPORTANT: Template content is in subdirectory
 # This allows the template to be recognized as git-tracked (aegis-stack repo root has .git)

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "aegis-stack"
-version = "0.6.8rc2"
+version = "0.6.8rc3"
 description = "A production-ready FastAPI platform with modular components and a built-in control plane. Try: uvx aegis-stack init my-project"
 readme = "README.md"
 requires-python = ">=3.11,<3.15"
@@ -46,7 +46,6 @@ dependencies = [
     "packaging>=24.0",
     "filelock>=3.20.1",
     "urllib3>=2.6.3",
-    "pygments>=2.20.0",
 ]
 
 [project.urls]
@@ -71,7 +70,8 @@ docs = [
     "mkdocs-material>=9.5.0",
     "mkdocstrings[python]>=0.24.0",
     "mkdocs-gen-files>=0.5.0",
-    "pymdown-extensions>=10.0.0",
+    "pygments>=2.20.0",
+    "pymdown-extensions>=10.21.0",
     "mkdocs-mermaid2-plugin>=1.1.0",
     "mkdocs-glightbox>=0.3.0",
 ]