ExtractOrganizationMemberParam grabs a user membership from the "organization" and "user" URL parameter. This middleware requires the ExtractUser and ExtractOrganization middleware higher in the stack
(db database.Store)
| 119 | // ExtractOrganizationMemberParam grabs a user membership from the "organization" and "user" URL parameter. |
| 120 | // This middleware requires the ExtractUser and ExtractOrganization middleware higher in the stack |
| 121 | func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.Handler { |
| 122 | return func(next http.Handler) http.Handler { |
| 123 | return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { |
| 124 | ctx := r.Context() |
| 125 | organization := OrganizationParam(r) |
| 126 | _, members, done := ExtractOrganizationMember(ctx, nil, rw, r, db, organization.ID) |
| 127 | if done { |
| 128 | return |
| 129 | } |
| 130 | |
| 131 | if len(members) != 1 { |
| 132 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 133 | Message: "Internal error fetching organization member.", |
| 134 | // This is a developer error and should never happen. |
| 135 | Detail: fmt.Sprintf("Expected exactly one organization member, but got %d.", len(members)), |
| 136 | }) |
| 137 | return |
| 138 | } |
| 139 | |
| 140 | organizationMember := members[0] |
| 141 | |
| 142 | ctx = context.WithValue(ctx, organizationMemberParamContextKey{}, OrganizationMember{ |
| 143 | OrganizationMember: organizationMember.OrganizationMember, |
| 144 | // Here we're making two exceptions to the rule about not leaking data about the user |
| 145 | // to the API handler, which is to include the username and avatar URL. |
| 146 | // If the caller has permission to read the OrganizationMember, then we're explicitly |
| 147 | // saying here that they also have permission to see the member's username and avatar. |
| 148 | // This is OK! |
| 149 | // |
| 150 | // API handlers need this information for audit logging and returning the owner's |
| 151 | // username in response to creating a workspace. Additionally, the frontend consumes |
| 152 | // the Avatar URL and this allows the FE to avoid an extra request. |
| 153 | Username: organizationMember.Username, |
| 154 | AvatarURL: organizationMember.AvatarURL, |
| 155 | }) |
| 156 | |
| 157 | next.ServeHTTP(rw, r.WithContext(ctx)) |
| 158 | }) |
| 159 | } |
| 160 | } |
| 161 | |
| 162 | // ExtractOrganizationMember extracts all user memberships from the "user" URL |
| 163 | // parameter. If orgID is uuid.Nil, then it will return all memberships for the |