MCPcopy Index your code
hub / github.com/coder/coder / allowChangingMemberRoles

Method allowChangingMemberRoles

coderd/members.go:475–502  ·  view source on GitHub ↗
(ctx context.Context, rw http.ResponseWriter, member httpmw.OrganizationMember, organization database.Organization)

Source from the content-addressed store, hash-verified

473}
474
475func (api *API) allowChangingMemberRoles(ctx context.Context, rw http.ResponseWriter, member httpmw.OrganizationMember, organization database.Organization) bool {
476 // nolint:gocritic // The caller could be an org admin without this perm.
477 // We need to disable manual role assignment if role sync is enabled for
478 // the given organization.
479 user, err := api.Database.GetUserByID(dbauthz.AsSystemRestricted(ctx), member.UserID)
480 if err != nil {
481 httpapi.InternalServerError(rw, err)
482 return false
483 }
484
485 if user.LoginType == database.LoginTypeOIDC {
486 // nolint:gocritic // fetching settings
487 orgSync, err := api.IDPSync.OrganizationRoleSyncEnabled(dbauthz.AsSystemRestricted(ctx), api.Database, organization.ID)
488 if err != nil {
489 httpapi.InternalServerError(rw, err)
490 return false
491 }
492 if orgSync {
493 httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
494 Message: "Cannot modify roles for OIDC users when role sync is enabled. This organization member's roles are managed by the identity provider. Have the user re-login to refresh their roles.",
495 Detail: "'User Role Field' is set in the organization settings. Ask an administrator to adjust or disable these settings.",
496 })
497 return false
498 }
499 }
500
501 return true
502}
503
504// convertOrganizationMembers batches the role lookup to make only 1 sql call
505// We

Callers 1

putMemberRolesMethod · 0.95

Calls 5

AsSystemRestrictedFunction · 0.92
InternalServerErrorFunction · 0.92
WriteFunction · 0.92
GetUserByIDMethod · 0.65

Tested by

no test coverage detected