MCPcopy Index your code
hub / github.com/rilldata/rill / AddProjectMemberUsergroup

Method AddProjectMemberUsergroup

admin/server/usergroups.go:405–465  ·  view source on GitHub ↗
(ctx context.Context, req *adminv1.AddProjectMemberUsergroupRequest)

Source from the content-addressed store, hash-verified

403}
404
405func (s *Server) AddProjectMemberUsergroup(ctx context.Context, req *adminv1.AddProjectMemberUsergroupRequest) (*adminv1.AddProjectMemberUsergroupResponse, error) {
406 observability.AddRequestAttributes(ctx,
407 attribute.String("args.org", req.Org),
408 attribute.String("args.project", req.Project),
409 attribute.String("args.usergroup", req.Usergroup),
410 attribute.String("args.role", req.Role),
411 )
412 if req.RestrictResources != nil {
413 observability.AddRequestAttributes(ctx, attribute.Bool("args.restrict_resources", req.GetRestrictResources()))
414 }
415 if len(req.Resources) > 0 {
416 observability.AddRequestAttributes(ctx, attribute.StringSlice("args.resources", resourcesString(req.Resources)))
417 }
418
419 proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project)
420 if err != nil {
421 return nil, err
422 }
423
424 claims := auth.GetClaims(ctx)
425 if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProjectMembers {
426 return nil, status.Error(codes.PermissionDenied, "not allowed to add project user group role")
427 }
428
429 role, err := s.admin.DB.FindProjectRole(ctx, req.Role)
430 if err != nil {
431 return nil, err
432 }
433 if role.Admin && !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProjectAdmins {
434 return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to assign an admin role")
435 }
436
437 usergroup, err := s.admin.DB.FindUsergroupByName(ctx, req.Org, req.Usergroup)
438 if err != nil {
439 return nil, err
440 }
441
442 keepExistingRestrictions := req.RestrictResources == nil && len(req.Resources) == 0
443 restrictResources := valOrDefault(req.RestrictResources, false) || len(req.Resources) > 0
444 resources := resourceNamesFromProto(req.Resources)
445
446 err = s.admin.DB.InsertProjectMemberUsergroup(ctx, usergroup.ID, proj.ID, role.ID, restrictResources, resources)
447 if err != nil {
448 if !errors.Is(err, database.ErrNotUnique) {
449 return nil, err
450 }
451 if keepExistingRestrictions {
452 ug, err := s.admin.DB.FindProjectMemberUsergroup(ctx, usergroup.ID, proj.ID)
453 if err != nil {
454 return nil, err
455 }
456 restrictResources = ug.RestrictResources
457 resources = ug.Resources
458 }
459 if err := s.admin.DB.UpdateProjectMemberUsergroup(ctx, usergroup.ID, proj.ID, role.ID, restrictResources, resources); err != nil {
460 return nil, err
461 }
462 }

Callers

nothing calls this directly

Calls 15

AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
resourcesStringFunction · 0.85
resourceNamesFromProtoFunction · 0.85
valOrDefaultFunction · 0.70
StringMethod · 0.65
FindProjectByNameMethod · 0.65
ProjectPermissionsMethod · 0.65
FindProjectRoleMethod · 0.65
FindUsergroupByNameMethod · 0.65

Tested by

no test coverage detected