getAttributesForUser returns 1. map of attributes for a given user and project and 2. userID 3. whether the user has read access to prod deployment The caller should only provide one of userID or userEmail (if both or neither are set, an error will be returned). NOTE: The value returned from this f
(ctx context.Context, orgID, projID, userID, userEmail string)
| 859 | // The caller should only provide one of userID or userEmail (if both or neither are set, an error will be returned). |
| 860 | // NOTE: The value returned from this function must be valid for structpb.NewStruct (e.g. must use []any for slices, not a more specific slice type). |
| 861 | func (s *Server) getAttributesForUser(ctx context.Context, orgID, projID, userID, userEmail string) (map[string]any, string, bool, error) { |
| 862 | if userID == "" && userEmail == "" { |
| 863 | return nil, "", false, errors.New("must provide either userID or userEmail") |
| 864 | } |
| 865 | |
| 866 | if userEmail != "" { |
| 867 | if userID != "" { |
| 868 | return nil, "", false, errors.New("must provide either userID or userEmail, not both") |
| 869 | } |
| 870 | |
| 871 | user, err := s.admin.DB.FindUserByEmail(ctx, userEmail) |
| 872 | if err != nil { |
| 873 | // For user attributes, we do not require the email to exist as a Rill user. |
| 874 | // For example, the attributes may be used for a dashboard embedded as an iframe on a third-party website. |
| 875 | // For these cases, we return attributes that present the email as a non-admin user. |
| 876 | if errors.Is(err, database.ErrNotFound) { |
| 877 | return map[string]any{ |
| 878 | "email": userEmail, |
| 879 | "domain": userEmail[strings.LastIndex(userEmail, "@")+1:], |
| 880 | "admin": false, |
| 881 | }, "", false, nil |
| 882 | } |
| 883 | return nil, "", false, err |
| 884 | } |
| 885 | |
| 886 | userID = user.ID |
| 887 | } |
| 888 | |
| 889 | forOrgPerms, err := s.admin.OrganizationPermissionsForUser(ctx, orgID, userID) |
| 890 | if err != nil { |
| 891 | return nil, "", false, err |
| 892 | } |
| 893 | |
| 894 | forProjPerms, err := s.admin.ProjectPermissionsForUser(ctx, projID, userID, forOrgPerms) |
| 895 | if err != nil { |
| 896 | return nil, "", false, err |
| 897 | } |
| 898 | |
| 899 | attr, err := s.jwtAttributesForUser(ctx, userID, orgID, forProjPerms) |
| 900 | if err != nil { |
| 901 | return nil, "", false, err |
| 902 | } |
| 903 | |
| 904 | return attr, userID, forProjPerms.ReadProd, nil |
| 905 | } |
| 906 | |
| 907 | // getResourceRestrictionsForUser returns resource restrictions for a given user and project. |
| 908 | func (s *Server) getResourceRestrictionsForUser(ctx context.Context, projID, userID string) (bool, []database.ResourceName, error) { |
no test coverage detected