(ctx context.Context, req *adminv1.RemoveUsergroupMemberUserRequest)
| 731 | } |
| 732 | |
| 733 | func (s *Server) RemoveUsergroupMemberUser(ctx context.Context, req *adminv1.RemoveUsergroupMemberUserRequest) (*adminv1.RemoveUsergroupMemberUserResponse, error) { |
| 734 | observability.AddRequestAttributes(ctx, |
| 735 | attribute.String("args.org", req.Org), |
| 736 | attribute.String("args.usergroup", req.Usergroup), |
| 737 | attribute.String("args.email", req.Email), |
| 738 | ) |
| 739 | |
| 740 | group, err := s.admin.DB.FindUsergroupByName(ctx, req.Org, req.Usergroup) |
| 741 | if err != nil { |
| 742 | return nil, err |
| 743 | } |
| 744 | |
| 745 | claims := auth.GetClaims(ctx) |
| 746 | if !claims.OrganizationPermissions(ctx, group.OrgID).ManageOrgMembers { |
| 747 | return nil, status.Error(codes.PermissionDenied, "not allowed to remove user group members") |
| 748 | } |
| 749 | |
| 750 | if group.Managed { |
| 751 | return nil, status.Error(codes.FailedPrecondition, "cannot edit managed user group") |
| 752 | } |
| 753 | |
| 754 | user, err := s.admin.DB.FindUserByEmail(ctx, req.Email) |
| 755 | if err != nil { |
| 756 | return nil, err |
| 757 | } |
| 758 | |
| 759 | err = s.admin.DB.DeleteUsergroupMemberUser(ctx, group.ID, user.ID) |
| 760 | if err != nil { |
| 761 | return nil, err |
| 762 | } |
| 763 | |
| 764 | return &adminv1.RemoveUsergroupMemberUserResponse{}, nil |
| 765 | } |
| 766 | |
| 767 | func usergroupToPB(group *database.Usergroup) *adminv1.Usergroup { |
| 768 | return &adminv1.Usergroup{ |
nothing calls this directly
no test coverage detected