MCPcopy Index your code
hub / github.com/coder/coder / UpdateUserRoles

Method UpdateUserRoles

coderd/database/dbauthz/dbauthz.go:7551–7570  ·  view source on GitHub ↗

UpdateUserRoles updates the site roles of a user. The validation for this function include more than just a basic RBAC check.

(ctx context.Context, arg database.UpdateUserRolesParams)

Source from the content-addressed store, hash-verified

7549// UpdateUserRoles updates the site roles of a user. The validation for this function include more than
7550// just a basic RBAC check.
7551func (q *querier) UpdateUserRoles(ctx context.Context, arg database.UpdateUserRolesParams) (database.User, error) {
7552 // We need to fetch the user being updated to identify the change in roles.
7553 // This requires read access on the user in question, since the user is
7554 // returned from this function.
7555 user, err := fetch(q.log, q.auth, q.db.GetUserByID)(ctx, arg.ID)
7556 if err != nil {
7557 return database.User{}, err
7558 }
7559
7560 // The member role is always implied.
7561 impliedTypes := append(q.convertToDeploymentRoles(arg.GrantedRoles), rbac.RoleMember())
7562 // If the changeset is nothing, less rbac checks need to be done.
7563 added, removed := rbac.ChangeRoleSet(q.convertToDeploymentRoles(user.RBACRoles), impliedTypes)
7564 err = q.canAssignRoles(ctx, uuid.Nil, added, removed)
7565 if err != nil {
7566 return database.User{}, err
7567 }
7568
7569 return q.db.UpdateUserRoles(ctx, arg)
7570}
7571
7572func (q *querier) UpdateUserSecretByUserIDAndName(ctx context.Context, arg database.UpdateUserSecretByUserIDAndNameParams) (database.UserSecret, error) {
7573 obj := rbac.ResourceUserSecret.WithOwner(arg.UserID.String())

Callers

nothing calls this directly

Calls 6

canAssignRolesMethod · 0.95
RoleMemberFunction · 0.92
ChangeRoleSetFunction · 0.92
fetchFunction · 0.70
UpdateUserRolesMethod · 0.65

Tested by

no test coverage detected