(ctx context.Context, req *adminv1.RequestProjectAccessRequest)
| 1547 | } |
| 1548 | |
| 1549 | func (s *Server) RequestProjectAccess(ctx context.Context, req *adminv1.RequestProjectAccessRequest) (*adminv1.RequestProjectAccessResponse, error) { |
| 1550 | observability.AddRequestAttributes(ctx, |
| 1551 | attribute.String("args.org", req.Org), |
| 1552 | attribute.String("args.project", req.Project), |
| 1553 | ) |
| 1554 | |
| 1555 | proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project) |
| 1556 | if err != nil { |
| 1557 | return nil, err |
| 1558 | } |
| 1559 | |
| 1560 | claims := auth.GetClaims(ctx) |
| 1561 | projectPermissions := claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID) |
| 1562 | if (req.Role != database.ProjectRoleNameAdmin && projectPermissions.ReadProject) || |
| 1563 | (req.Role == database.ProjectRoleNameAdmin && projectPermissions.ManageProject) { |
| 1564 | return nil, status.Error(codes.FailedPrecondition, "already have access to project") |
| 1565 | } |
| 1566 | |
| 1567 | if claims.OwnerType() != auth.OwnerTypeUser { |
| 1568 | return nil, status.Error(codes.PermissionDenied, "only users can request access") |
| 1569 | } |
| 1570 | |
| 1571 | user, err := s.admin.DB.FindUser(ctx, claims.OwnerID()) |
| 1572 | if err != nil { |
| 1573 | return nil, err |
| 1574 | } |
| 1575 | |
| 1576 | org, err := s.admin.DB.FindOrganization(ctx, proj.OrganizationID) |
| 1577 | if err != nil { |
| 1578 | return nil, err |
| 1579 | } |
| 1580 | |
| 1581 | existing, err := s.admin.DB.FindProjectAccessRequest(ctx, proj.ID, user.ID) |
| 1582 | if err != nil && !errors.Is(err, database.ErrNotFound) { |
| 1583 | return nil, err |
| 1584 | } |
| 1585 | if existing != nil { |
| 1586 | return nil, status.Error(codes.AlreadyExists, "have already requested access to project") |
| 1587 | } |
| 1588 | |
| 1589 | accessReq, err := s.admin.DB.InsertProjectAccessRequest(ctx, &database.InsertProjectAccessRequestOptions{ |
| 1590 | UserID: user.ID, |
| 1591 | ProjectID: proj.ID, |
| 1592 | }) |
| 1593 | if err != nil { |
| 1594 | return nil, err |
| 1595 | } |
| 1596 | |
| 1597 | admins, err := s.admin.DB.FindOrganizationMembersWithManageUsersRole(ctx, proj.OrganizationID) |
| 1598 | if err != nil { |
| 1599 | return nil, err |
| 1600 | } |
| 1601 | |
| 1602 | for _, u := range admins { |
| 1603 | err = s.admin.Email.SendProjectAccessRequest(&email.ProjectAccessRequest{ |
| 1604 | ToEmail: u.Email, |
| 1605 | ToName: u.DisplayName, |
| 1606 | Email: user.Email, |
nothing calls this directly
no test coverage detected