(ctx context.Context, arg database.UpdateCustomRoleParams)
| 6810 | } |
| 6811 | |
| 6812 | func (q *querier) UpdateCustomRole(ctx context.Context, arg database.UpdateCustomRoleParams) (database.CustomRole, error) { |
| 6813 | if !arg.OrganizationID.Valid || arg.OrganizationID.UUID == uuid.Nil { |
| 6814 | return database.CustomRole{}, NotAuthorizedError{Err: xerrors.New("custom roles must belong to an organization")} |
| 6815 | } |
| 6816 | |
| 6817 | rbacObj := rbac.ResourceAssignOrgRole.InOrg(arg.OrganizationID.UUID) |
| 6818 | |
| 6819 | if err := q.authorizeContext(ctx, policy.ActionUpdate, rbacObj); err != nil { |
| 6820 | return database.CustomRole{}, err |
| 6821 | } |
| 6822 | |
| 6823 | existing, err := database.ExpectOne(q.db.CustomRoles(ctx, database.CustomRolesParams{ |
| 6824 | LookupRoles: []database.NameOrganizationPair{ |
| 6825 | { |
| 6826 | Name: arg.Name, |
| 6827 | OrganizationID: arg.OrganizationID.UUID, |
| 6828 | }, |
| 6829 | }, |
| 6830 | ExcludeOrgRoles: false, |
| 6831 | OrganizationID: uuid.Nil, |
| 6832 | IncludeSystemRoles: true, |
| 6833 | })) |
| 6834 | if err != nil { |
| 6835 | return database.CustomRole{}, err |
| 6836 | } |
| 6837 | |
| 6838 | if existing.IsSystem { |
| 6839 | err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem) |
| 6840 | if err != nil { |
| 6841 | return database.CustomRole{}, err |
| 6842 | } |
| 6843 | } |
| 6844 | |
| 6845 | if err := q.customRoleCheck(ctx, database.CustomRole{ |
| 6846 | Name: arg.Name, |
| 6847 | DisplayName: arg.DisplayName, |
| 6848 | SitePermissions: arg.SitePermissions, |
| 6849 | OrgPermissions: arg.OrgPermissions, |
| 6850 | UserPermissions: arg.UserPermissions, |
| 6851 | MemberPermissions: arg.MemberPermissions, |
| 6852 | CreatedAt: time.Now(), |
| 6853 | UpdatedAt: time.Now(), |
| 6854 | OrganizationID: arg.OrganizationID, |
| 6855 | ID: uuid.New(), |
| 6856 | IsSystem: existing.IsSystem, |
| 6857 | }, policy.ActionUpdate); err != nil { |
| 6858 | return database.CustomRole{}, err |
| 6859 | } |
| 6860 | return q.db.UpdateCustomRole(ctx, arg) |
| 6861 | } |
| 6862 | |
| 6863 | func (q *querier) UpdateEncryptedAIProviderKey(ctx context.Context, arg database.UpdateEncryptedAIProviderKeyParams) (database.AIProviderKey, error) { |
| 6864 | // Encrypted columns can be rewritten on any row, including those |
nothing calls this directly
no test coverage detected