flip_api.user_services.set_user_roles
=====================================

.. py:module:: flip_api.user_services.set_user_roles


Attributes
----------

.. autoapisummary::

   flip_api.user_services.set_user_roles.router


Functions
---------

.. autoapisummary::

   flip_api.user_services.set_user_roles.set_user_roles


Module Contents
---------------

.. py:data:: router

.. py:function:: set_user_roles(user_id: uuid.UUID, roles_data: flip_api.domain.interfaces.user.IRoles, db: sqlmodel.Session = Depends(get_session), token_id: uuid.UUID = Depends(verify_token)) -> flip_api.domain.interfaces.user.IRoles

   Set roles for a user.

   User existence is validated against Cognito (the source of truth) rather
   than a local DB row.

   :param user_id: The ID of the user to update roles for.
   :type user_id: UUID
   :param roles_data: The roles data containing a list of role IDs to assign to the user.
   :type roles_data: IRoles
   :param db: The database session.
   :type db: Session
   :param token_id: The ID of the user making the request, used for permission checks.
   :type token_id: UUID

   :returns: The updated roles data for the user.
   :rtype: IRoles

   :raises HTTPException: 403 if the caller lacks permission, 404 if the target user is not in
       Cognito, 400 if any role is invalid, or 503 if the Cognito existence check itself
       failed (transient — caller may retry).