allowWorkspaceSharing enforces the workspace-sharing gate for an organization. It writes an HTTP error response and returns false if sharing is disabled or the org lookup fails; otherwise it returns true.
(ctx context.Context, rw http.ResponseWriter, organizationID uuid.UUID)
| 2635 | // sharing is disabled or the org lookup fails; otherwise it returns |
| 2636 | // true. |
| 2637 | func (api *API) allowWorkspaceSharing(ctx context.Context, rw http.ResponseWriter, organizationID uuid.UUID) bool { |
| 2638 | //nolint:gocritic // Use system context so this check doesn’t |
| 2639 | // depend on the caller having organization:read. |
| 2640 | org, err := api.Database.GetOrganizationByID(dbauthz.AsSystemRestricted(ctx), organizationID) |
| 2641 | if err != nil { |
| 2642 | httpapi.InternalServerError(rw, err) |
| 2643 | return false |
| 2644 | } |
| 2645 | if org.ShareableWorkspaceOwners == database.ShareableWorkspaceOwnersNone { |
| 2646 | httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{ |
| 2647 | Message: "Workspace sharing is disabled for this organization.", |
| 2648 | }) |
| 2649 | return false |
| 2650 | } |
| 2651 | return true |
| 2652 | } |
| 2653 | |
| 2654 | // workspacesData only returns the data the caller can access. If the caller |
| 2655 | // does not have the correct perms to read a given template, the template will |
no test coverage detected