OrganizationPermissionsForUser resolves organization permissions for a user.
(ctx context.Context, orgID, userID string)
| 10 | |
| 11 | // OrganizationPermissionsForUser resolves organization permissions for a user. |
| 12 | func (s *Service) OrganizationPermissionsForUser(ctx context.Context, orgID, userID string) (*adminv1.OrganizationPermissions, error) { |
| 13 | roles, err := s.DB.ResolveOrganizationRolesForUser(ctx, userID, orgID) |
| 14 | if err != nil { |
| 15 | return nil, err |
| 16 | } |
| 17 | |
| 18 | composite := &adminv1.OrganizationPermissions{} |
| 19 | for _, role := range roles { |
| 20 | composite = UnionOrgRoles(composite, role) |
| 21 | } |
| 22 | |
| 23 | // If the org has a public project, all users get read access to it. |
| 24 | if !composite.ReadOrg { |
| 25 | ok, err := s.DB.CheckOrganizationHasPublicProjects(ctx, orgID) |
| 26 | if err != nil { |
| 27 | return nil, err |
| 28 | } |
| 29 | if ok { |
| 30 | composite.Guest = true |
| 31 | composite.ReadOrg = true |
| 32 | composite.ReadProjects = true |
| 33 | } |
| 34 | } |
| 35 | |
| 36 | return composite, nil |
| 37 | } |
| 38 | |
| 39 | // OrganizationPermissionsForService resolves organization permissions for a service. |
| 40 | // If the service has roles, it uses those roles to determine permissions. If no role is found, it falls back to the legacy behavior of giving full permissions to services in their org. |
no test coverage detected