@Summary Assign role to organization member @ID assign-role-to-organization-member @Security CoderSessionToken @Accept json @Produce json @Tags Members @Param organization path string true "Organization ID" @Param user path string true "User ID, name, or me" @Param request body codersdk.UpdateRoles
(rw http.ResponseWriter, r *http.Request)
| 405 | // @Success 200 {object} codersdk.OrganizationMember |
| 406 | // @Router /api/v2/organizations/{organization}/members/{user}/roles [put] |
| 407 | func (api *API) putMemberRoles(rw http.ResponseWriter, r *http.Request) { |
| 408 | var ( |
| 409 | ctx = r.Context() |
| 410 | organization = httpmw.OrganizationParam(r) |
| 411 | member = httpmw.OrganizationMemberParam(r) |
| 412 | apiKey = httpmw.APIKey(r) |
| 413 | auditor = api.Auditor.Load() |
| 414 | aReq, commitAudit = audit.InitRequest[database.AuditableOrganizationMember](rw, &audit.RequestParams{ |
| 415 | OrganizationID: organization.ID, |
| 416 | Audit: *auditor, |
| 417 | Log: api.Logger, |
| 418 | Request: r, |
| 419 | Action: database.AuditActionWrite, |
| 420 | }) |
| 421 | ) |
| 422 | aReq.Old = member.OrganizationMember.Auditable(member.Username) |
| 423 | defer commitAudit() |
| 424 | |
| 425 | // Check if changing roles is allowed |
| 426 | if !api.allowChangingMemberRoles(ctx, rw, member, organization) { |
| 427 | return |
| 428 | } |
| 429 | |
| 430 | if apiKey.UserID == member.OrganizationMember.UserID { |
| 431 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 432 | Message: "You cannot change your own organization roles.", |
| 433 | Detail: "Another user with the appropriate permissions must change your roles.", |
| 434 | }) |
| 435 | return |
| 436 | } |
| 437 | |
| 438 | var params codersdk.UpdateRoles |
| 439 | if !httpapi.Read(ctx, rw, r, ¶ms) { |
| 440 | return |
| 441 | } |
| 442 | |
| 443 | updatedUser, err := api.Database.UpdateMemberRoles(ctx, database.UpdateMemberRolesParams{ |
| 444 | GrantedRoles: params.Roles, |
| 445 | UserID: member.UserID, |
| 446 | OrgID: organization.ID, |
| 447 | }) |
| 448 | if httpapi.Is404Error(err) { |
| 449 | httpapi.Forbidden(rw) |
| 450 | return |
| 451 | } |
| 452 | if err != nil { |
| 453 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 454 | Message: err.Error(), |
| 455 | }) |
| 456 | return |
| 457 | } |
| 458 | aReq.New = database.AuditableOrganizationMember{ |
| 459 | OrganizationMember: updatedUser, |
| 460 | Username: member.Username, |
| 461 | } |
| 462 | |
| 463 | resp, err := convertOrganizationMembers(ctx, api.Database, []database.OrganizationMember{updatedUser}) |
| 464 | if err != nil { |
nothing calls this directly
no test coverage detected