(status database.UserStatus)
| 974 | } |
| 975 | |
| 976 | func (api *API) putUserStatus(status database.UserStatus) func(rw http.ResponseWriter, r *http.Request) { |
| 977 | return func(rw http.ResponseWriter, r *http.Request) { |
| 978 | var ( |
| 979 | ctx = r.Context() |
| 980 | user = httpmw.UserParam(r) |
| 981 | apiKey = httpmw.APIKey(r) |
| 982 | auditor = *api.Auditor.Load() |
| 983 | aReq, commitAudit = audit.InitRequest[database.User](rw, &audit.RequestParams{ |
| 984 | Audit: auditor, |
| 985 | Log: api.Logger, |
| 986 | Request: r, |
| 987 | Action: database.AuditActionWrite, |
| 988 | }) |
| 989 | ) |
| 990 | defer commitAudit() |
| 991 | aReq.Old = user |
| 992 | |
| 993 | if status == database.UserStatusSuspended { |
| 994 | // There are some manual protections when suspending a user to |
| 995 | // prevent certain situations. |
| 996 | switch { |
| 997 | case user.ID == apiKey.UserID: |
| 998 | // Suspending yourself is not allowed, as you can lock yourself |
| 999 | // out of the system. |
| 1000 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 1001 | Message: "You cannot suspend yourself.", |
| 1002 | }) |
| 1003 | return |
| 1004 | case slice.Contains(user.RBACRoles, rbac.RoleOwner().String()): |
| 1005 | // You may not suspend an owner |
| 1006 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 1007 | Message: fmt.Sprintf("You cannot suspend a user with the %q role. You must remove the role first.", rbac.RoleOwner()), |
| 1008 | }) |
| 1009 | return |
| 1010 | } |
| 1011 | } |
| 1012 | |
| 1013 | actingUser, err := api.Database.GetUserByID(ctx, apiKey.UserID) |
| 1014 | if err != nil { |
| 1015 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 1016 | Message: "Unable to determine the details of the actor creating the account.", |
| 1017 | }) |
| 1018 | return |
| 1019 | } |
| 1020 | |
| 1021 | targetUser, err := api.Database.UpdateUserStatus(ctx, database.UpdateUserStatusParams{ |
| 1022 | ID: user.ID, |
| 1023 | Status: status, |
| 1024 | UpdatedAt: dbtime.Now(), |
| 1025 | UserIsSeen: false, |
| 1026 | }) |
| 1027 | if err != nil { |
| 1028 | httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ |
| 1029 | Message: fmt.Sprintf("Internal error updating user's status to %q.", status), |
| 1030 | Detail: err.Error(), |
| 1031 | }) |
| 1032 | return |
| 1033 | } |
no test coverage detected