EXPERIMENTAL: this endpoint is experimental and is subject to change. @Summary Update chat ACL @ID update-chat-acl @Security CoderSessionToken @Tags Chats @Accept json @Param chat path string true "Chat ID" format(uuid) @Param request body codersdk.UpdateChatACL true "Update chat ACL request" @Succ
(rw http.ResponseWriter, r *http.Request)
| 91 | // @x-apidocgen {"skip": true} |
| 92 | // @Description Experimental: this endpoint is subject to change. |
| 93 | func (api *API) patchChatACL(rw http.ResponseWriter, r *http.Request) { |
| 94 | ctx := r.Context() |
| 95 | chat := httpmw.ChatParam(r) |
| 96 | auditor := api.Auditor.Load() |
| 97 | aReq, commitAudit := audit.InitRequest[database.Chat](rw, &audit.RequestParams{ |
| 98 | Audit: *auditor, |
| 99 | Log: api.Logger, |
| 100 | Request: r, |
| 101 | Action: database.AuditActionWrite, |
| 102 | OrganizationID: chat.OrganizationID, |
| 103 | }) |
| 104 | defer commitAudit() |
| 105 | aReq.Old = chat |
| 106 | |
| 107 | if !api.allowChatSharing(ctx, rw) { |
| 108 | return |
| 109 | } |
| 110 | if chat.IsSubChat() { |
| 111 | resp := codersdk.Response{Message: "Chat ACLs can only be set on root chats."} |
| 112 | if chat.RootChatID.Valid { |
| 113 | resp.Detail = "Target the root chat (id: " + chat.RootChatID.UUID.String() + ") instead." |
| 114 | } |
| 115 | httpapi.Write(ctx, rw, http.StatusBadRequest, resp) |
| 116 | return |
| 117 | } |
| 118 | if !api.Authorize(r, policy.ActionShare, chat.RBACObject()) { |
| 119 | httpapi.Forbidden(rw) |
| 120 | return |
| 121 | } |
| 122 | |
| 123 | var req codersdk.UpdateChatACL |
| 124 | if !httpapi.Read(ctx, rw, r, &req) { |
| 125 | return |
| 126 | } |
| 127 | |
| 128 | apiKey := httpmw.APIKey(r) |
| 129 | for userID := range req.UserRoles { |
| 130 | parsed, err := uuid.Parse(userID) |
| 131 | if err == nil && parsed == apiKey.UserID { |
| 132 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 133 | Message: "Cannot change your own chat sharing role.", |
| 134 | }) |
| 135 | return |
| 136 | } |
| 137 | } |
| 138 | |
| 139 | validErrs := acl.Validate(ctx, api.Database, ChatACLUpdateValidator(req)) |
| 140 | if len(validErrs) > 0 { |
| 141 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 142 | Message: "Invalid request to update chat ACL.", |
| 143 | Validations: validErrs, |
| 144 | }) |
| 145 | return |
| 146 | } |
| 147 | |
| 148 | err := api.Database.InTx(func(tx database.Store) error { |
| 149 | current, err := tx.GetChatByIDForUpdate(ctx, chat.ID) |
| 150 | if err != nil { |
nothing calls this directly
no test coverage detected