preAddUserGuard checks seat limits before creating a principal. Only enforces when the IAM policy contains allUsers, because without allUsers a new principal does not occupy a seat until explicitly added to IAM.
(ctx context.Context, workspaceID string)
| 942 | // Only enforces when the IAM policy contains allUsers, because without allUsers |
| 943 | // a new principal does not occupy a seat until explicitly added to IAM. |
| 944 | func (s *UserService) preAddUserGuard(ctx context.Context, workspaceID string) error { |
| 945 | p, err := s.store.GetWorkspaceIamPolicy(ctx, workspaceID) |
| 946 | if err != nil { |
| 947 | return connect.NewError(connect.CodeInternal, errors.Wrap(err, "failed to get workspace IAM policy")) |
| 948 | } |
| 949 | if !policyContainsAllUsers(p.Policy) { |
| 950 | return nil |
| 951 | } |
| 952 | return userCountGuard(ctx, s.store, s.licenseService, workspaceID, p.Policy, s.profile.SaaS) |
| 953 | } |
| 954 | |
| 955 | // preUndeleteUserGuard checks seat limits before reactivating a principal. |
| 956 | // A soft-deleted principal does not occupy a seat, so undeleting one that is |
no test coverage detected