manualOrganizationMembership checks if the user is an OIDC user and if organization sync is enabled. If organization sync is enabled, manual organization assignment is not allowed, since all organization membership is controlled by the external IDP.
(ctx context.Context, rw http.ResponseWriter, user database.User)
| 605 | // If organization sync is enabled, manual organization assignment is not allowed, |
| 606 | // since all organization membership is controlled by the external IDP. |
| 607 | func (api *API) manualOrganizationMembership(ctx context.Context, rw http.ResponseWriter, user database.User) bool { |
| 608 | if user.LoginType == database.LoginTypeOIDC && api.IDPSync.OrganizationSyncEnabled(ctx, api.Database) { |
| 609 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 610 | Message: "Organization sync is enabled for OIDC users, meaning manual organization assignment is not allowed for this user. Have the user re-login to refresh their organizations.", |
| 611 | Detail: fmt.Sprintf("User %s is an OIDC user and organization sync is enabled. Ask an administrator to resolve the membership in your external IDP.", user.Username), |
| 612 | }) |
| 613 | return false |
| 614 | } |
| 615 | return true |
| 616 | } |
no test coverage detected