MCPcopy Index your code
hub / github.com/coder/coder / UpdateMemberRoles

Method UpdateMemberRoles

coderd/database/dbauthz/dbauthz.go:6944–6979  ·  view source on GitHub ↗
(ctx context.Context, arg database.UpdateMemberRolesParams)

Source from the content-addressed store, hash-verified

6942}
6943
6944func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemberRolesParams) (database.OrganizationMember, error) {
6945 // Authorized fetch will check that the actor has read access to the org member since the org member is returned.
6946 member, err := database.ExpectOne(q.OrganizationMembers(ctx, database.OrganizationMembersParams{
6947 OrganizationID: arg.OrgID,
6948 UserID: arg.UserID,
6949 IncludeSystem: false,
6950 GithubUserID: 0,
6951 }))
6952 if err != nil {
6953 return database.OrganizationMember{}, err
6954 }
6955
6956 originalRoles, err := q.convertToOrganizationRoles(member.OrganizationMember.OrganizationID, member.OrganizationMember.Roles)
6957 if err != nil {
6958 return database.OrganizationMember{}, xerrors.Errorf("convert original roles: %w", err)
6959 }
6960
6961 // The 'rbac' package expects role names to be scoped.
6962 // Convert the argument roles for validation.
6963 scopedGranted, err := q.convertToOrganizationRoles(arg.OrgID, arg.GrantedRoles)
6964 if err != nil {
6965 return database.OrganizationMember{}, err
6966 }
6967
6968 // The org member role is always implied.
6969 //nolint:gocritic
6970 impliedTypes := append(scopedGranted, rbac.ScopedRoleOrgMember(arg.OrgID))
6971
6972 added, removed := rbac.ChangeRoleSet(originalRoles, impliedTypes)
6973 err = q.canAssignRoles(ctx, arg.OrgID, added, removed)
6974 if err != nil {
6975 return database.OrganizationMember{}, err
6976 }
6977
6978 return q.db.UpdateMemberRoles(ctx, arg)
6979}
6980
6981func (q *querier) UpdateMemoryResourceMonitor(ctx context.Context, arg database.UpdateMemoryResourceMonitorParams) error {
6982 if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceWorkspaceAgentResourceMonitor); err != nil {

Callers

nothing calls this directly

Calls 8

OrganizationMembersMethod · 0.95
canAssignRolesMethod · 0.95
ExpectOneFunction · 0.92
ScopedRoleOrgMemberFunction · 0.92
ChangeRoleSetFunction · 0.92
UpdateMemberRolesMethod · 0.65
ErrorfMethod · 0.45

Tested by

no test coverage detected