ProjectPermissionsForDeployment resolves project permissions for a deployment. A deployment currently gets full read and no write permissions on the project it belongs to.
(ctx context.Context, projectID, deploymentID string, orgPerms *adminv1.OrganizationPermissions)
| 199 | // ProjectPermissionsForDeployment resolves project permissions for a deployment. |
| 200 | // A deployment currently gets full read and no write permissions on the project it belongs to. |
| 201 | func (s *Service) ProjectPermissionsForDeployment(ctx context.Context, projectID, deploymentID string, orgPerms *adminv1.OrganizationPermissions) (*adminv1.ProjectPermissions, error) { |
| 202 | depl, err := s.DB.FindDeployment(ctx, deploymentID) |
| 203 | if err != nil { |
| 204 | return nil, err |
| 205 | } |
| 206 | |
| 207 | // Deployments get full read and no write permissions on the project they belong to |
| 208 | if projectID == depl.ProjectID { |
| 209 | return &adminv1.ProjectPermissions{ |
| 210 | Admin: false, |
| 211 | ReadProject: true, |
| 212 | ManageProject: false, |
| 213 | ReadProd: true, |
| 214 | ReadProdStatus: true, |
| 215 | ManageProd: depl.Editable && depl.Environment == "prod", // Since editable deployments can push variables |
| 216 | ReadDev: true, |
| 217 | ReadDevStatus: true, |
| 218 | ManageDev: depl.Editable, // Since editable deployments can push variables |
| 219 | ReadProvisionerResources: true, |
| 220 | ManageProvisionerResources: true, |
| 221 | ReadProjectMembers: true, |
| 222 | ManageProjectMembers: false, |
| 223 | ManageProjectAdmins: false, |
| 224 | CreateMagicAuthTokens: false, |
| 225 | ManageMagicAuthTokens: false, |
| 226 | CreateReports: false, |
| 227 | ManageReports: false, |
| 228 | CreateAlerts: false, |
| 229 | ManageAlerts: false, |
| 230 | CreateBookmarks: false, |
| 231 | ManageBookmarks: false, |
| 232 | }, nil |
| 233 | } |
| 234 | |
| 235 | return &adminv1.ProjectPermissions{}, nil |
| 236 | } |
| 237 | |
| 238 | // ProjectPermissionsForMagicAuthToken resolves project permissions for a magic auth token. |
| 239 | func (s *Service) ProjectPermissionsForMagicAuthToken(ctx context.Context, projectID string, tkn *database.MagicAuthToken) (*adminv1.ProjectPermissions, error) { |
no test coverage detected