@Summary Remove organization member @ID remove-organization-member @Security CoderSessionToken @Tags Members @Param organization path string true "Organization ID" @Param user path string true "User ID, name, or me" @Success 204 @Router /api/v2/organizations/{organization}/members/{user} [delete]
(rw http.ResponseWriter, r *http.Request)
| 99 | // @Success 204 |
| 100 | // @Router /api/v2/organizations/{organization}/members/{user} [delete] |
| 101 | func (api *API) deleteOrganizationMember(rw http.ResponseWriter, r *http.Request) { |
| 102 | var ( |
| 103 | ctx = r.Context() |
| 104 | apiKey = httpmw.APIKey(r) |
| 105 | organization = httpmw.OrganizationParam(r) |
| 106 | member = httpmw.OrganizationMemberParam(r) |
| 107 | auditor = api.Auditor.Load() |
| 108 | aReq, commitAudit = audit.InitRequest[database.AuditableOrganizationMember](rw, &audit.RequestParams{ |
| 109 | OrganizationID: organization.ID, |
| 110 | Audit: *auditor, |
| 111 | Log: api.Logger, |
| 112 | Request: r, |
| 113 | Action: database.AuditActionDelete, |
| 114 | }) |
| 115 | ) |
| 116 | aReq.Old = member.OrganizationMember.Auditable(member.Username) |
| 117 | defer commitAudit() |
| 118 | |
| 119 | // Note: we disallow adding OIDC users if organization sync is enabled. |
| 120 | // For removing members, do not have this same enforcement. As long as a user |
| 121 | // does not re-login, they will not be immediately removed from the organization. |
| 122 | // There might be an urgent need to revoke access. |
| 123 | // A user can re-login if they are removed in error. |
| 124 | // If we add a feature to force logout a user, then we can prevent manual |
| 125 | // member removal when organization sync is enabled, and use force logout instead. |
| 126 | |
| 127 | if member.UserID == apiKey.UserID { |
| 128 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{Message: "cannot remove self from an organization"}) |
| 129 | return |
| 130 | } |
| 131 | |
| 132 | err := api.Database.DeleteOrganizationMember(ctx, database.DeleteOrganizationMemberParams{ |
| 133 | OrganizationID: organization.ID, |
| 134 | UserID: member.UserID, |
| 135 | }) |
| 136 | if httpapi.Is404Error(err) { |
| 137 | httpapi.ResourceNotFound(rw) |
| 138 | return |
| 139 | } |
| 140 | if err != nil { |
| 141 | httpapi.InternalServerError(rw, err) |
| 142 | return |
| 143 | } |
| 144 | |
| 145 | aReq.New = database.AuditableOrganizationMember{} |
| 146 | rw.WriteHeader(http.StatusNoContent) |
| 147 | } |
| 148 | |
| 149 | // @Summary Get organization member |
| 150 | // @ID get-organization-member |
nothing calls this directly
no test coverage detected