MCPcopy Index your code
hub / github.com/coder/coder / ExtractOrganizationMember

Function ExtractOrganizationMember

coderd/httpmw/organizationparam.go:168–211  ·  view source on GitHub ↗

ExtractOrganizationMember extracts all user memberships from the "user" URL parameter. If orgID is uuid.Nil, then it will return all memberships for the user, otherwise it will only return memberships to the org. If `user` is returned, that means the caller can use the data. This is returned becaus

(ctx context.Context, auth func(r *http.Request, action policy.Action, object rbac.Objecter) bool, rw http.ResponseWriter, r *http.Request, db database.Store, orgID uuid.UUID)

Source from the content-addressed store, hash-verified

166// If `user` is returned, that means the caller can use the data. This is returned because
167// it is possible to have a user with 0 organizations. So the user != nil, with 0 memberships.
168func ExtractOrganizationMember(ctx context.Context, auth func(r *http.Request, action policy.Action, object rbac.Objecter) bool, rw http.ResponseWriter, r *http.Request, db database.Store, orgID uuid.UUID) (*database.User, []database.OrganizationMembersRow, bool) {
169 // We need to resolve the `{user}` URL parameter so that we can get the userID and
170 // username. We do this as SystemRestricted since the caller might have permission
171 // to access the OrganizationMember object, but *not* the User object. So, it is
172 // very important that we do not add the User object to the request context or otherwise
173 // leak it to the API handler.
174 // nolint:gocritic
175 user, ok := ExtractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r)
176 if !ok {
177 return nil, nil, true
178 }
179
180 organizationMembers, err := db.OrganizationMembers(ctx, database.OrganizationMembersParams{
181 OrganizationID: orgID,
182 UserID: user.ID,
183 IncludeSystem: true,
184 GithubUserID: 0,
185 })
186 if httpapi.Is404Error(err) {
187 httpapi.ResourceNotFound(rw)
188 return nil, nil, true
189 }
190 if err != nil {
191 httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
192 Message: "Internal error fetching organization member.",
193 Detail: err.Error(),
194 })
195 return nil, nil, true
196 }
197
198 // Only return the user data if the caller can read the user object.
199 if auth != nil && auth(r, policy.ActionRead, user) {
200 return &user, organizationMembers, false
201 }
202
203 // If the user cannot be read and 0 memberships exist, throw a 404 to not
204 // leak the user existence.
205 if len(organizationMembers) == 0 {
206 httpapi.ResourceNotFound(rw)
207 return nil, nil, true
208 }
209
210 return nil, organizationMembers, false
211}
212
213type OrganizationMembers struct {
214 // User is `nil` if the caller is not allowed access to the site wide

Callers 2

Calls 7

AsSystemRestrictedFunction · 0.92
Is404ErrorFunction · 0.92
ResourceNotFoundFunction · 0.92
WriteFunction · 0.92
ExtractUserContextFunction · 0.85
OrganizationMembersMethod · 0.65
ErrorMethod · 0.45

Tested by

no test coverage detected