Ticket: Correct API Documentation for Organization Updates
Description,
The Swagger documentation for the PUT /registryOrg/:shortname endpoint states that "Only users with Secretariat role can access this endpoint". However, the actual middleware configuration allows authenticated users to access it (using mw.useRegistry, mw.validateUser, but NOT mw.onlySecretariat).
This endpoint handles self-updates for organizations (which may go through a review process) and Secretariat updates. The documentation must accurately reflect that non-Secretariat users can call this endpoint to propose changes to their own organization.
Acceptance Criteria / TODOs,
Documentation Changes (src/controller/registry-org.controller/index.js)
Testing,
Ticket: Correct API Documentation for Organization Updates
Description,
The Swagger documentation for the
PUT /registryOrg/:shortnameendpoint states that "Only users with Secretariat role can access this endpoint". However, the actual middleware configuration allows authenticated users to access it (usingmw.useRegistry,mw.validateUser, but NOTmw.onlySecretariat).This endpoint handles self-updates for organizations (which may go through a review process) and Secretariat updates. The documentation must accurately reflect that non-Secretariat users can call this endpoint to propose changes to their own organization.
Acceptance Criteria / TODOs,
Documentation Changes (src/controller/registry-org.controller/index.js)
PUT /registryOrg/:shortname:summaryto: "Updates an existing registry organization (accessible to Secretariat and Org Admins)" (or similar appropriate phrasing).description/Access Controlsection:Only users with Secretariat role can access this endpoint
"Secretariat users can update any organization.
Organization Admins can request updates for their own organization.
"Expected Behaviorsection:Org Admin: Proposes updates for their own organization (may require review)
"Testing,