EnableAccess re-enables a previously revoked user by clearing the revoked timestamp and fires the access-enabled webhook. Requires super-admin auth. Logic migrated from internal/graphql/enable_access.go.
(ctx context.Context, meta RequestMetadata, params *model.UpdateAccessRequest)
| 67 | // timestamp and fires the access-enabled webhook. Requires super-admin auth. |
| 68 | // Logic migrated from internal/graphql/enable_access.go. |
| 69 | func (p *provider) EnableAccess(ctx context.Context, meta RequestMetadata, params *model.UpdateAccessRequest) (*model.Response, *ResponseSideEffects, error) { |
| 70 | log := p.Log.With().Str("func", "EnableAccess").Logger() |
| 71 | if err := p.requireSuperAdmin(ctx, meta); err != nil { |
| 72 | return nil, nil, err |
| 73 | } |
| 74 | |
| 75 | if params.UserID == "" { |
| 76 | return nil, nil, fmt.Errorf("user ID is missing") |
| 77 | } |
| 78 | |
| 79 | log = log.With().Str("user_id", params.UserID).Logger() |
| 80 | |
| 81 | user, err := p.StorageProvider.GetUserByID(ctx, params.UserID) |
| 82 | if err != nil { |
| 83 | log.Debug().Err(err).Msg("Failed to get user by ID") |
| 84 | return nil, nil, err |
| 85 | } |
| 86 | |
| 87 | user.RevokedTimestamp = nil |
| 88 | |
| 89 | user, err = p.StorageProvider.UpdateUser(ctx, user) |
| 90 | if err != nil { |
| 91 | log.Debug().Err(err).Msg("Failed to update user") |
| 92 | return nil, nil, err |
| 93 | } |
| 94 | go func() { _ = p.EventsProvider.RegisterEvent(ctx, constants.UserAccessEnabledWebhookEvent, "", user) }() |
| 95 | p.AuditProvider.LogEvent(audit.Event{ |
| 96 | Action: constants.AuditAdminAccessEnabledEvent, |
| 97 | Protocol: meta.Protocol, ActorType: constants.AuditActorTypeAdmin, |
| 98 | ResourceType: constants.AuditResourceTypeUser, |
| 99 | ResourceID: user.ID, |
| 100 | IPAddress: meta.IPAddress, |
| 101 | UserAgent: meta.UserAgent, |
| 102 | }) |
| 103 | |
| 104 | return &model.Response{ |
| 105 | Message: `user access enabled successfully`, |
| 106 | }, nil, nil |
| 107 | } |
| 108 | |
| 109 | // InviteMembers creates accounts for the supplied emails that do not yet exist |
| 110 | // and sends each an invite (magic-link or setup-password) email. Requires |
nothing calls this directly
no test coverage detected