MCPcopy Index your code
hub / github.com/rilldata/rill / SetOrganizationMemberUsergroupRole

Method SetOrganizationMemberUsergroupRole

admin/server/usergroups.go:324–367  ·  view source on GitHub ↗
(ctx context.Context, req *adminv1.SetOrganizationMemberUsergroupRoleRequest)

Source from the content-addressed store, hash-verified

322}
323
324func (s *Server) SetOrganizationMemberUsergroupRole(ctx context.Context, req *adminv1.SetOrganizationMemberUsergroupRoleRequest) (*adminv1.SetOrganizationMemberUsergroupRoleResponse, error) {
325 observability.AddRequestAttributes(ctx,
326 attribute.String("args.org", req.Org),
327 attribute.String("args.usergroup", req.Usergroup),
328 attribute.String("args.role", req.Role),
329 )
330
331 usergroup, err := s.admin.DB.FindUsergroupByName(ctx, req.Org, req.Usergroup)
332 if err != nil {
333 return nil, err
334 }
335
336 claims := auth.GetClaims(ctx)
337 if !claims.OrganizationPermissions(ctx, usergroup.OrgID).ManageOrgMembers {
338 return nil, status.Error(codes.PermissionDenied, "not allowed to set org user group role")
339 }
340
341 if usergroup.Managed {
342 return nil, status.Error(codes.FailedPrecondition, "cannot edit managed user group")
343 }
344
345 role, err := s.admin.DB.FindOrganizationRole(ctx, req.Role)
346 if err != nil {
347 return nil, err
348 }
349 if role.Admin && !claims.OrganizationPermissions(ctx, usergroup.OrgID).ManageOrgAdmins {
350 return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to assign an admin role")
351 }
352
353 currentRole, err := s.admin.DB.FindOrganizationMemberUsergroupRole(ctx, usergroup.ID, usergroup.OrgID)
354 if err != nil && !errors.Is(err, database.ErrNotFound) {
355 return nil, err
356 }
357 if currentRole != nil && currentRole.Admin && !claims.OrganizationPermissions(ctx, usergroup.OrgID).ManageOrgAdmins {
358 return nil, status.Error(codes.PermissionDenied, "as a non-admin you are not allowed to remove an admin role")
359 }
360
361 err = s.admin.DB.UpdateOrganizationMemberUsergroup(ctx, usergroup.ID, usergroup.OrgID, role.ID)
362 if err != nil {
363 return nil, err
364 }
365
366 return &adminv1.SetOrganizationMemberUsergroupRoleResponse{}, nil
367}
368
369func (s *Server) RemoveOrganizationMemberUsergroup(ctx context.Context, req *adminv1.RemoveOrganizationMemberUsergroupRequest) (*adminv1.RemoveOrganizationMemberUsergroupResponse, error) {
370 observability.AddRequestAttributes(ctx,

Callers

nothing calls this directly

Calls 9

AddRequestAttributesFunction · 0.92
GetClaimsFunction · 0.92
StringMethod · 0.65
FindUsergroupByNameMethod · 0.65
FindOrganizationRoleMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected