(ctx context.Context, req codersdk.CustomRoleRequest, rw http.ResponseWriter)
| 290 | } |
| 291 | |
| 292 | func validOrganizationRoleRequest(ctx context.Context, req codersdk.CustomRoleRequest, rw http.ResponseWriter) bool { |
| 293 | // This check is not ideal, but we cannot enforce a unique role name in the db against |
| 294 | // the built-in role names. |
| 295 | if rbac.ReservedRoleName(req.Name) { |
| 296 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 297 | Message: "Reserved role name", |
| 298 | Detail: fmt.Sprintf("%q is a reserved role name, and not allowed to be used", req.Name), |
| 299 | }) |
| 300 | return false |
| 301 | } |
| 302 | |
| 303 | if err := codersdk.NameValid(req.Name); err != nil { |
| 304 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 305 | Message: "Invalid role name", |
| 306 | Detail: err.Error(), |
| 307 | }) |
| 308 | return false |
| 309 | } |
| 310 | |
| 311 | // Only organization permissions are allowed to be granted |
| 312 | if len(req.SitePermissions) > 0 { |
| 313 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 314 | Message: "Invalid request, not allowed to assign site wide permissions for an organization role.", |
| 315 | Detail: "organization scoped roles may not contain site wide permissions", |
| 316 | }) |
| 317 | return false |
| 318 | } |
| 319 | |
| 320 | if len(req.UserPermissions) > 0 { |
| 321 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 322 | Message: "Invalid request, not allowed to assign user permissions for an organization role.", |
| 323 | Detail: "organization scoped roles may not contain user permissions", |
| 324 | }) |
| 325 | return false |
| 326 | } |
| 327 | |
| 328 | if len(req.OrganizationMemberPermissions) > 0 { |
| 329 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 330 | Message: "Invalid request, not allowed to assign organization member permissions for an organization role.", |
| 331 | Detail: "organization scoped roles may not contain organization member permissions", |
| 332 | }) |
| 333 | return false |
| 334 | } |
| 335 | |
| 336 | return true |
| 337 | } |
no test coverage detected