MCPcopy Index your code
hub / github.com/rilldata/rill / ApproveProjectAccess

Method ApproveProjectAccess

admin/server/projects.go:1650–1730  ·  view source on GitHub ↗
(ctx context.Context, req *adminv1.ApproveProjectAccessRequest)

Source from the content-addressed store, hash-verified

1648}
1649
1650func (s *Server) ApproveProjectAccess(ctx context.Context, req *adminv1.ApproveProjectAccessRequest) (*adminv1.ApproveProjectAccessResponse, error) {
1651 observability.AddRequestAttributes(ctx,
1652 attribute.String("args.id", req.Id),
1653 )
1654
1655 accessReq, err := s.admin.DB.FindProjectAccessRequestByID(ctx, req.Id)
1656 if err != nil {
1657 return nil, err
1658 }
1659
1660 proj, err := s.admin.DB.FindProject(ctx, accessReq.ProjectID)
1661 if err != nil {
1662 return nil, err
1663 }
1664
1665 claims := auth.GetClaims(ctx)
1666 if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProjectMembers {
1667 return nil, status.Error(codes.PermissionDenied, "not allowed to set project member roles")
1668 }
1669
1670 user, err := s.admin.DB.FindUser(ctx, accessReq.UserID)
1671 if err != nil {
1672 return nil, err
1673 }
1674
1675 org, err := s.admin.DB.FindOrganization(ctx, proj.OrganizationID)
1676 if err != nil {
1677 return nil, err
1678 }
1679
1680 role, err := s.admin.DB.FindProjectRole(ctx, req.Role)
1681 if err != nil {
1682 return nil, err
1683 }
1684 if role.Admin && !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProjectAdmins {
1685 return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to assign an admin role")
1686 }
1687
1688 ok, err := s.admin.DB.CheckUserIsAProjectMember(ctx, user.ID, proj.ID)
1689 if err != nil {
1690 return nil, err
1691 }
1692
1693 if ok {
1694 // User is already a project member, update the role, keep existing resource restrictions.
1695 member, err := s.admin.DB.FindProjectMemberUser(ctx, proj.ID, user.ID)
1696 if err != nil {
1697 return nil, err
1698 }
1699
1700 err = s.admin.DB.UpdateProjectMemberUserRole(ctx, proj.ID, user.ID, role.ID, member.RestrictResources, member.Resources)
1701 if err != nil {
1702 return nil, err
1703 }
1704 } else {
1705 // Add the user as a project member.
1706 err = s.admin.InsertProjectMemberUser(ctx, proj.OrganizationID, proj.ID, user.ID, role.ID, nil, false, nil)
1707 if err != nil {

Callers

nothing calls this directly

Calls 15

AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
ProjectMethod · 0.80
WithCustomDomainMethod · 0.80
StringMethod · 0.65
FindProjectMethod · 0.65
ProjectPermissionsMethod · 0.65
FindUserMethod · 0.65
FindOrganizationMethod · 0.65
FindProjectRoleMethod · 0.65

Tested by

no test coverage detected