From 9f5fa0d6dfa2a2b61f09a8e0c3b87a8e60af16c8 Mon Sep 17 00:00:00 2001
From: nickviola <nick.viola@associates.cisa.dhs.gov>
Date: Mon, 27 Jan 2025 10:19:08 -0600
Subject: [PATCH] Remove access in backend to manage orgs per reqeust of
 CRASM-1061

---
 backend/src/xfd_django/xfd_api/api_methods/organization.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/backend/src/xfd_django/xfd_api/api_methods/organization.py b/backend/src/xfd_django/xfd_api/api_methods/organization.py
index 96a486759..51f55cac3 100644
--- a/backend/src/xfd_django/xfd_api/api_methods/organization.py
+++ b/backend/src/xfd_django/xfd_api/api_methods/organization.py
@@ -37,6 +37,9 @@ def is_valid_uuid(val: str) -> bool:
 def list_organizations(current_user):
     """List organizations that the user is a member of or has access to."""
     try:
+        if is_regional_admin(current_user):
+            raise HTTPException(status_code=401, detail="Unauthorized")
+
         # Check if user is GlobalViewAdmin or has memberships
         if not is_global_view_admin(current_user) and not get_org_memberships(
             current_user
@@ -985,6 +988,9 @@ def update_org_scan(organization_id: str, scan_id, scan_data, current_user):
 def list_organizations_v2(state, regionId, current_user):
     """List organizations that the user is a member of or has access to."""
     try:
+        if is_regional_admin(current_user):
+            raise HTTPException(status_code=401, detail="Unauthorized")
+
         # Check if user is GlobalViewAdmin or has memberships
         if not is_global_view_admin(current_user) and not get_org_memberships(
             current_user