(ctx context.Context, req *adminv1.RemoveProjectMemberUsergroupRequest)
| 543 | } |
| 544 | |
| 545 | func (s *Server) RemoveProjectMemberUsergroup(ctx context.Context, req *adminv1.RemoveProjectMemberUsergroupRequest) (*adminv1.RemoveProjectMemberUsergroupResponse, error) { |
| 546 | observability.AddRequestAttributes(ctx, |
| 547 | attribute.String("args.org", req.Org), |
| 548 | attribute.String("args.project", req.Project), |
| 549 | attribute.String("args.usergroup", req.Usergroup), |
| 550 | ) |
| 551 | |
| 552 | proj, err := s.admin.DB.FindProjectByName(ctx, req.Org, req.Project) |
| 553 | if err != nil { |
| 554 | return nil, err |
| 555 | } |
| 556 | |
| 557 | claims := auth.GetClaims(ctx) |
| 558 | if !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProjectMembers { |
| 559 | return nil, status.Error(codes.PermissionDenied, "not allowed to revoke project user group role") |
| 560 | } |
| 561 | |
| 562 | usergroup, err := s.admin.DB.FindUsergroupByName(ctx, req.Org, req.Usergroup) |
| 563 | if err != nil { |
| 564 | return nil, err |
| 565 | } |
| 566 | |
| 567 | currentRole, err := s.admin.DB.FindProjectMemberUsergroupRole(ctx, usergroup.ID, proj.ID) |
| 568 | if err != nil { |
| 569 | return nil, err |
| 570 | } |
| 571 | if currentRole.Admin && !claims.ProjectPermissions(ctx, proj.OrganizationID, proj.ID).ManageProjectAdmins { |
| 572 | return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to remove an admin role") |
| 573 | } |
| 574 | |
| 575 | err = s.admin.DB.DeleteProjectMemberUsergroup(ctx, usergroup.ID, proj.ID) |
| 576 | if err != nil { |
| 577 | return nil, err |
| 578 | } |
| 579 | |
| 580 | return &adminv1.RemoveProjectMemberUsergroupResponse{}, nil |
| 581 | } |
| 582 | |
| 583 | func (s *Server) AddUsergroupMemberUser(ctx context.Context, req *adminv1.AddUsergroupMemberUserRequest) (*adminv1.AddUsergroupMemberUserResponse, error) { |
| 584 | observability.AddRequestAttributes(ctx, |
nothing calls this directly
no test coverage detected