(ctx context.Context, req *adminv1.SetOrganizationMemberUsergroupRoleRequest)
| 322 | } |
| 323 | |
| 324 | func (s *Server) SetOrganizationMemberUsergroupRole(ctx context.Context, req *adminv1.SetOrganizationMemberUsergroupRoleRequest) (*adminv1.SetOrganizationMemberUsergroupRoleResponse, error) { |
| 325 | observability.AddRequestAttributes(ctx, |
| 326 | attribute.String("args.org", req.Org), |
| 327 | attribute.String("args.usergroup", req.Usergroup), |
| 328 | attribute.String("args.role", req.Role), |
| 329 | ) |
| 330 | |
| 331 | usergroup, err := s.admin.DB.FindUsergroupByName(ctx, req.Org, req.Usergroup) |
| 332 | if err != nil { |
| 333 | return nil, err |
| 334 | } |
| 335 | |
| 336 | claims := auth.GetClaims(ctx) |
| 337 | if !claims.OrganizationPermissions(ctx, usergroup.OrgID).ManageOrgMembers { |
| 338 | return nil, status.Error(codes.PermissionDenied, "not allowed to set org user group role") |
| 339 | } |
| 340 | |
| 341 | if usergroup.Managed { |
| 342 | return nil, status.Error(codes.FailedPrecondition, "cannot edit managed user group") |
| 343 | } |
| 344 | |
| 345 | role, err := s.admin.DB.FindOrganizationRole(ctx, req.Role) |
| 346 | if err != nil { |
| 347 | return nil, err |
| 348 | } |
| 349 | if role.Admin && !claims.OrganizationPermissions(ctx, usergroup.OrgID).ManageOrgAdmins { |
| 350 | return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to assign an admin role") |
| 351 | } |
| 352 | |
| 353 | currentRole, err := s.admin.DB.FindOrganizationMemberUsergroupRole(ctx, usergroup.ID, usergroup.OrgID) |
| 354 | if err != nil && !errors.Is(err, database.ErrNotFound) { |
| 355 | return nil, err |
| 356 | } |
| 357 | if currentRole != nil && currentRole.Admin && !claims.OrganizationPermissions(ctx, usergroup.OrgID).ManageOrgAdmins { |
| 358 | return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to remove an admin role") |
| 359 | } |
| 360 | |
| 361 | err = s.admin.DB.UpdateOrganizationMemberUsergroup(ctx, usergroup.ID, usergroup.OrgID, role.ID) |
| 362 | if err != nil { |
| 363 | return nil, err |
| 364 | } |
| 365 | |
| 366 | return &adminv1.SetOrganizationMemberUsergroupRoleResponse{}, nil |
| 367 | } |
| 368 | |
| 369 | func (s *Server) RemoveOrganizationMemberUsergroup(ctx context.Context, req *adminv1.RemoveOrganizationMemberUsergroupRequest) (*adminv1.RemoveOrganizationMemberUsergroupResponse, error) { |
| 370 | observability.AddRequestAttributes(ctx, |
nothing calls this directly
no test coverage detected