Correct API Documentation for Organization Updates #1610
Description
Ticket: Correct API Documentation for Organization Updates
Description,
The Swagger documentation for the PUT /registryOrg/:shortname endpoint states that "Only users with Secretariat role can access this endpoint". However, the actual middleware configuration allows authenticated users to access it (using mw.useRegistry, mw.validateUser, but NOT mw.onlySecretariat).
This endpoint handles self-updates for organizations (which may go through a review process) and Secretariat updates. The documentation must accurately reflect that non-Secretariat users can call this endpoint to propose changes to their own organization.
Acceptance Criteria / TODOs,
Documentation Changes (src/controller/registry-org.controller/index.js)
- Update Swagger Comments for
PUT /registryOrg/:shortname:- Change
summaryto: "Updates an existing registry organization (accessible to Secretariat and Org Admins)" (or similar appropriate phrasing). - Update
description/Access Controlsection:- Remove/Edit: "
Only users with Secretariat role can access this endpoint
" - Add clarification: "
Secretariat users can update any organization.
Organization Admins can request updates for their own organization.
"
- Remove/Edit: "
- Update
Expected Behaviorsection:- Add: "
Org Admin: Proposes updates for their own organization (may require review)
"
- Add: "
- Change
Testing,
- Verification:
- Review the generated Swagger UI (if locally runnable) or simply verify the comment text changes accurately reflect the code's behavior.