Delete group member behaviour

[sharathkumaranbu]

Right now we allow only Admins to access delete group member end point

groups-api/src/routes.js

Lines 86 to 93 in 7475dde

	delete: {
	controller: 'GroupMembershipController',
	method: 'deleteGroupMember',
	auth: 'jwt',
	access: [constants.UserRoles.Admin],
	scopes: ['write:groups', 'all:groups']
	}
	},

But in the code we have logic in place to allow a member to delete himself from self registration enabled groups.

groups-api/src/services/GroupMembershipService.js

Lines 158 to 164 in 7475dde

	if (
	currentUser !== 'M2M' &&
	!helper.hasAdminRole(currentUser) &&
	!(group.selfRegister && currentUser.userId === memberId)
	) {
	throw new errors.ForbiddenError('You are not allowed to perform this action!')
	}

What is the expected behaviour here @cwdcwd @dushyantb ?

[lakshmiathreya]

cc @lakshmiathreya