MCPcopy Index your code
hub / github.com/rilldata/rill / getAttributesForUser

Method getAttributesForUser

admin/server/deployment.go:861–905  ·  view source on GitHub ↗

getAttributesForUser returns 1. map of attributes for a given user and project and 2. userID 3. whether the user has read access to prod deployment The caller should only provide one of userID or userEmail (if both or neither are set, an error will be returned). NOTE: The value returned from this f

(ctx context.Context, orgID, projID, userID, userEmail string)

Source from the content-addressed store, hash-verified

859// The caller should only provide one of userID or userEmail (if both or neither are set, an error will be returned).
860// NOTE: The value returned from this function must be valid for structpb.NewStruct (e.g. must use []any for slices, not a more specific slice type).
861func (s *Server) getAttributesForUser(ctx context.Context, orgID, projID, userID, userEmail string) (map[string]any, string, bool, error) {
862 if userID == "" && userEmail == "" {
863 return nil, "", false, errors.New("must provide either userID or userEmail")
864 }
865
866 if userEmail != "" {
867 if userID != "" {
868 return nil, "", false, errors.New("must provide either userID or userEmail, not both")
869 }
870
871 user, err := s.admin.DB.FindUserByEmail(ctx, userEmail)
872 if err != nil {
873 // For user attributes, we do not require the email to exist as a Rill user.
874 // For example, the attributes may be used for a dashboard embedded as an iframe on a third-party website.
875 // For these cases, we return attributes that present the email as a non-admin user.
876 if errors.Is(err, database.ErrNotFound) {
877 return map[string]any{
878 "email": userEmail,
879 "domain": userEmail[strings.LastIndex(userEmail, "@")+1:],
880 "admin": false,
881 }, "", false, nil
882 }
883 return nil, "", false, err
884 }
885
886 userID = user.ID
887 }
888
889 forOrgPerms, err := s.admin.OrganizationPermissionsForUser(ctx, orgID, userID)
890 if err != nil {
891 return nil, "", false, err
892 }
893
894 forProjPerms, err := s.admin.ProjectPermissionsForUser(ctx, projID, userID, forOrgPerms)
895 if err != nil {
896 return nil, "", false, err
897 }
898
899 attr, err := s.jwtAttributesForUser(ctx, userID, orgID, forProjPerms)
900 if err != nil {
901 return nil, "", false, err
902 }
903
904 return attr, userID, forProjPerms.ReadProd, nil
905}
906
907// getResourceRestrictionsForUser returns resource restrictions for a given user and project.
908func (s *Server) getResourceRestrictionsForUser(ctx context.Context, projID, userID string) (bool, []database.ResourceName, error) {

Callers 4

GetReportMetaMethod · 0.95
GetAlertMetaMethod · 0.95

Calls 4

jwtAttributesForUserMethod · 0.95
FindUserByEmailMethod · 0.65

Tested by

no test coverage detected