(ctx context.Context, req *adminv1.GetIFrameRequest)
| 581 | } |
| 582 | |
| 583 | func (s *Server) GetIFrame(ctx context.Context, req *adminv1.GetIFrameRequest) (*adminv1.GetIFrameResponse, error) { |
| 584 | observability.AddRequestAttributes(ctx, |
| 585 | attribute.String("args.organization", req.Org), |
| 586 | attribute.String("args.project", req.Project), |
| 587 | attribute.String("args.branch", req.Branch), |
| 588 | attribute.String("args.type", req.Type), |
| 589 | attribute.String("args.kind", req.Kind), // nolint:staticcheck // Deprecated but still used |
| 590 | attribute.String("args.resource", req.Resource), |
| 591 | attribute.String("args.ttl_seconds", strconv.FormatUint(uint64(req.TtlSeconds), 10)), |
| 592 | attribute.String("args.state", req.State), |
| 593 | ) |
| 594 | |
| 595 | if !req.Navigation && req.Resource == "" { |
| 596 | return nil, status.Error(codes.InvalidArgument, "resource must be provided if navigation is not enabled") |
| 597 | } |
| 598 | |
| 599 | proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project) |
| 600 | if err != nil { |
| 601 | return nil, err |
| 602 | } |
| 603 | |
| 604 | if proj.PrimaryDeploymentID == nil { |
| 605 | return nil, status.Error(codes.FailedPrecondition, "project does not have a deployment") |
| 606 | } |
| 607 | |
| 608 | prodDepl, err := s.admin.DB.FindDeployment(ctx, *proj.PrimaryDeploymentID) |
| 609 | if err != nil { |
| 610 | return nil, err |
| 611 | } |
| 612 | s.admin.Used.Deployment(prodDepl.ID) |
| 613 | |
| 614 | if req.Branch != "" && req.Branch != prodDepl.Branch { |
| 615 | return nil, status.Error(codes.FailedPrecondition, "project does not have a deployment for given branch") |
| 616 | } |
| 617 | |
| 618 | claims := auth.GetClaims(ctx) |
| 619 | forceAccess := claims.Superuser(ctx) && req.SuperuserForceAccess |
| 620 | permissions := claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID) |
| 621 | |
| 622 | if !forceAccess && !permissions.ManageProd { |
| 623 | return nil, status.Error(codes.PermissionDenied, "does not have permission to manage deployment") |
| 624 | } |
| 625 | |
| 626 | // Backwards compatibility for req.Type and req.Kind |
| 627 | if req.Kind != "" { // nolint:staticcheck // For backwards compatibility |
| 628 | req.Type = req.Kind // nolint:staticcheck // For backwards compatibility |
| 629 | } |
| 630 | if req.Type == "" { |
| 631 | // Default to an explore if no type is explicitly provided |
| 632 | req.Type = runtime.ResourceKindExplore |
| 633 | } |
| 634 | req.Type = runtime.ResourceKindFromShorthand(req.Type) |
| 635 | |
| 636 | // If navigation is disabled and a specific resource is requested, limit access to only that resource. |
| 637 | var overrideResources []database.ResourceName |
| 638 | if !req.Navigation && req.Resource != "" { |
| 639 | overrideResources = []database.ResourceName{{ |
| 640 | Type: req.Type, |
nothing calls this directly
no test coverage detected