MCPcopy Index your code
hub / github.com/rilldata/rill / ProjectPermissionsForUser

Method ProjectPermissionsForUser

admin/permissions.go:102–146  ·  view source on GitHub ↗

ProjectPermissionsForUser resolves project permissions for a user.

(ctx context.Context, projectID, userID string, orgPerms *adminv1.OrganizationPermissions)

Source from the content-addressed store, hash-verified

100
101// ProjectPermissionsForUser resolves project permissions for a user.
102func (s *Service) ProjectPermissionsForUser(ctx context.Context, projectID, userID string, orgPerms *adminv1.OrganizationPermissions) (*adminv1.ProjectPermissions, error) {
103 // ManageProjects permission on the org gives full access to all projects in the org (only org admins have this)
104 if orgPerms.ManageProjects {
105 return &adminv1.ProjectPermissions{
106 Admin: true,
107 ReadProject: true,
108 ManageProject: true,
109 ReadProd: true,
110 ReadProdStatus: true,
111 ManageProd: true,
112 ReadDev: true,
113 ReadDevStatus: true,
114 ManageDev: true,
115 ReadProvisionerResources: true,
116 ManageProvisionerResources: true,
117 ReadProjectMembers: true,
118 ManageProjectMembers: true,
119 ManageProjectAdmins: true,
120 CreateMagicAuthTokens: true,
121 ManageMagicAuthTokens: true,
122 CreateReports: true,
123 ManageReports: true,
124 CreateAlerts: true,
125 ManageAlerts: true,
126 CreateBookmarks: true,
127 ManageBookmarks: true,
128 }, nil
129 }
130
131 roles, err := s.DB.ResolveProjectRolesForUser(ctx, userID, projectID)
132 if err != nil {
133 return nil, err
134 }
135
136 composite := &adminv1.ProjectPermissions{}
137 if len(roles) == 0 {
138 return composite, nil
139 }
140
141 for _, role := range roles {
142 composite = UnionProjectRoles(composite, role)
143 }
144
145 return composite, nil
146}
147
148// ProjectPermissionsForService resolves project permissions for a service.
149// If the service has roles, it uses those roles to determine permissions. If no roles are found, then it falls back to just giving read permissions to project if the service is in the org.

Callers 3

createMagicTokensMethod · 0.80
getAttributesForUserMethod · 0.80
ProjectPermissionsMethod · 0.80

Calls 2

UnionProjectRolesFunction · 0.85

Tested by

no test coverage detected