ExtractOrganizationMember extracts all user memberships from the "user" URL parameter. If orgID is uuid.Nil, then it will return all memberships for the user, otherwise it will only return memberships to the org. If `user` is returned, that means the caller can use the data. This is returned becaus
(ctx context.Context, auth func(r *http.Request, action policy.Action, object rbac.Objecter) bool, rw http.ResponseWriter, r *http.Request, db database.Store, orgID uuid.UUID)
| 166 | // If `user` is returned, that means the caller can use the data. This is returned because |
| 167 | // it is possible to have a user with 0 organizations. So the user != nil, with 0 memberships. |
| 168 | func ExtractOrganizationMember(ctx context.Context, auth func(r *http.Request, action policy.Action, object rbac.Objecter) bool, rw http.ResponseWriter, r *http.Request, db database.Store, orgID uuid.UUID) (*database.User, []database.OrganizationMembersRow, bool) { |
| 169 | // We need to resolve the `{user}` URL parameter so that we can get the userID and |
| 170 | // username. We do this as SystemRestricted since the caller might have permission |
| 171 | // to access the OrganizationMember object, but *not* the User object. So, it is |
| 172 | // very important that we do not add the User object to the request context or otherwise |
| 173 | // leak it to the API handler. |
| 174 | // nolint:gocritic |
| 175 | user, ok := ExtractUserContext(dbauthz.AsSystemRestricted(ctx), db, rw, r) |
| 176 | if !ok { |
| 177 | return nil, nil, true |
| 178 | } |
| 179 | |
| 180 | organizationMembers, err := db.OrganizationMembers(ctx, database.OrganizationMembersParams{ |
| 181 | OrganizationID: orgID, |
| 182 | UserID: user.ID, |
| 183 | IncludeSystem: true, |
| 184 | GithubUserID: 0, |
| 185 | }) |
| 186 | if httpapi.Is404Error(err) { |
| 187 | httpapi.ResourceNotFound(rw) |
| 188 | return nil, nil, true |
| 189 | } |
| 190 | if err != nil { |
| 191 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 192 | Message: "Internal error fetching organization member.", |
| 193 | Detail: err.Error(), |
| 194 | }) |
| 195 | return nil, nil, true |
| 196 | } |
| 197 | |
| 198 | // Only return the user data if the caller can read the user object. |
| 199 | if auth != nil && auth(r, policy.ActionRead, user) { |
| 200 | return &user, organizationMembers, false |
| 201 | } |
| 202 | |
| 203 | // If the user cannot be read and 0 memberships exist, throw a 404 to not |
| 204 | // leak the user existence. |
| 205 | if len(organizationMembers) == 0 { |
| 206 | httpapi.ResourceNotFound(rw) |
| 207 | return nil, nil, true |
| 208 | } |
| 209 | |
| 210 | return nil, organizationMembers, false |
| 211 | } |
| 212 | |
| 213 | type OrganizationMembers struct { |
| 214 | // User is `nil` if the caller is not allowed access to the site wide |
no test coverage detected