(ctx context.Context, arg database.InsertCustomRoleParams)
| 5542 | } |
| 5543 | |
| 5544 | func (q *querier) InsertCustomRole(ctx context.Context, arg database.InsertCustomRoleParams) (database.CustomRole, error) { |
| 5545 | // Org and site role upsert share the same query. So switch the assertion based on the org uuid. |
| 5546 | if !arg.OrganizationID.Valid || arg.OrganizationID.UUID == uuid.Nil { |
| 5547 | return database.CustomRole{}, NotAuthorizedError{Err: xerrors.New("custom roles must belong to an organization")} |
| 5548 | } |
| 5549 | |
| 5550 | rbacObj := rbac.ResourceAssignOrgRole.InOrg(arg.OrganizationID.UUID) |
| 5551 | |
| 5552 | if err := q.authorizeContext(ctx, policy.ActionCreate, rbacObj); err != nil { |
| 5553 | return database.CustomRole{}, err |
| 5554 | } |
| 5555 | |
| 5556 | if arg.IsSystem { |
| 5557 | err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem) |
| 5558 | if err != nil { |
| 5559 | return database.CustomRole{}, err |
| 5560 | } |
| 5561 | } |
| 5562 | |
| 5563 | if err := q.customRoleCheck(ctx, database.CustomRole{ |
| 5564 | Name: arg.Name, |
| 5565 | DisplayName: arg.DisplayName, |
| 5566 | SitePermissions: arg.SitePermissions, |
| 5567 | OrgPermissions: arg.OrgPermissions, |
| 5568 | UserPermissions: arg.UserPermissions, |
| 5569 | MemberPermissions: arg.MemberPermissions, |
| 5570 | CreatedAt: time.Now(), |
| 5571 | UpdatedAt: time.Now(), |
| 5572 | OrganizationID: arg.OrganizationID, |
| 5573 | ID: uuid.New(), |
| 5574 | IsSystem: arg.IsSystem, |
| 5575 | }, policy.ActionCreate); err != nil { |
| 5576 | return database.CustomRole{}, err |
| 5577 | } |
| 5578 | return q.db.InsertCustomRole(ctx, arg) |
| 5579 | } |
| 5580 | |
| 5581 | func (q *querier) InsertDBCryptKey(ctx context.Context, arg database.InsertDBCryptKeyParams) error { |
| 5582 | if err := q.authorizeContext(ctx, policy.ActionCreate, rbac.ResourceSystem); err != nil { |
nothing calls this directly
no test coverage detected