(ctx context.Context, req *adminv1.ListProjectsForOrganizationRequest)
| 46 | const runtimeAccessTokenEmbedTTL = 24 * time.Hour |
| 47 | |
| 48 | func (s *Server) ListProjectsForOrganization(ctx context.Context, req *adminv1.ListProjectsForOrganizationRequest) (*adminv1.ListProjectsForOrganizationResponse, error) { |
| 49 | observability.AddRequestAttributes(ctx, |
| 50 | attribute.String("args.org", req.Org), |
| 51 | ) |
| 52 | |
| 53 | org, err := s.admin.DB.FindOrganizationByName(ctx, req.Org) |
| 54 | if err != nil { |
| 55 | return nil, err |
| 56 | } |
| 57 | |
| 58 | token, err := unmarshalPageToken(req.PageToken) |
| 59 | if err != nil { |
| 60 | return nil, err |
| 61 | } |
| 62 | pageSize := validPageSize(req.PageSize) |
| 63 | |
| 64 | // If user has ManageProjects, return all projects |
| 65 | claims := auth.GetClaims(ctx) |
| 66 | var projs []*database.Project |
| 67 | if claims.OrganizationPermissions(ctx, org.ID).ManageProjects { |
| 68 | projs, err = s.admin.DB.FindProjectsForOrganization(ctx, org.ID, token.Val, pageSize) |
| 69 | } else if claims.OwnerType() == auth.OwnerTypeUser { |
| 70 | // Get projects the user is a (direct or group) member of, plus all public projects. |
| 71 | projs, err = s.admin.DB.FindProjectsForOrgAndUser(ctx, org.ID, claims.OwnerID(), true, true, token.Val, pageSize) |
| 72 | } else { |
| 73 | projs, err = s.admin.DB.FindPublicProjectsInOrganization(ctx, org.ID, token.Val, pageSize) |
| 74 | } |
| 75 | if err != nil { |
| 76 | return nil, err |
| 77 | } |
| 78 | |
| 79 | // If no projects are public, and user is not an outside member of any projects, the projsMap is empty. |
| 80 | // If additionally, the user is not an org member, return permission denied (instead of an empty slice). |
| 81 | if len(projs) == 0 && !claims.OrganizationPermissions(ctx, org.ID).ReadProjects { |
| 82 | return nil, status.Error(codes.PermissionDenied, "does not have permission to read projects") |
| 83 | } |
| 84 | |
| 85 | nextToken := "" |
| 86 | if len(projs) >= pageSize { |
| 87 | nextToken = marshalPageToken(projs[len(projs)-1].Name) |
| 88 | } |
| 89 | |
| 90 | dtos := make([]*adminv1.Project, len(projs)) |
| 91 | for i, p := range projs { |
| 92 | dtos[i] = s.projToDTO(p, org.Name) |
| 93 | } |
| 94 | |
| 95 | return &adminv1.ListProjectsForOrganizationResponse{ |
| 96 | Projects: dtos, |
| 97 | NextPageToken: nextToken, |
| 98 | }, nil |
| 99 | } |
| 100 | |
| 101 | func (s *Server) ListProjectsForOrganizationAndUser(ctx context.Context, req *adminv1.ListProjectsForOrganizationAndUserRequest) (*adminv1.ListProjectsForOrganizationAndUserResponse, error) { |
| 102 | observability.AddRequestAttributes(ctx, |
nothing calls this directly
no test coverage detected