@Summary Get users available for workspace creation @ID get-users-available-for-workspace-creation @Security CoderSessionToken @Produce json @Tags Workspaces @Param organization path string true "Organization ID" format(uuid) @Param user path string true "User ID, name, or me" @Param q query string
(rw http.ResponseWriter, r *http.Request)
| 3097 | // @Success 200 {array} codersdk.MinimalUser |
| 3098 | // @Router /api/v2/organizations/{organization}/members/{user}/workspaces/available-users [get] |
| 3099 | func (api *API) workspaceAvailableUsers(rw http.ResponseWriter, r *http.Request) { |
| 3100 | ctx := r.Context() |
| 3101 | organization := httpmw.OrganizationParam(r) |
| 3102 | |
| 3103 | // This endpoint requires the user to be able to create workspaces for other |
| 3104 | // users in this organization. We check if they can create a workspace with |
| 3105 | // a wildcard owner. |
| 3106 | if !api.Authorize(r, policy.ActionCreate, rbac.ResourceWorkspace.InOrg(organization.ID).WithOwner(policy.WildcardSymbol)) { |
| 3107 | httpapi.Forbidden(rw) |
| 3108 | return |
| 3109 | } |
| 3110 | |
| 3111 | // Use system context to list all users. The authorization check above |
| 3112 | // ensures only users who can create workspaces for others can access this. |
| 3113 | //nolint:gocritic // System context needed to list users for workspace owner selection. |
| 3114 | users, _, ok := api.GetUsers(rw, r.WithContext(dbauthz.AsSystemRestricted(ctx))) |
| 3115 | if !ok { |
| 3116 | return |
| 3117 | } |
| 3118 | |
| 3119 | minimalUsers := make([]codersdk.MinimalUser, 0, len(users)) |
| 3120 | for _, user := range users { |
| 3121 | minimalUsers = append(minimalUsers, codersdk.MinimalUser{ |
| 3122 | ID: user.ID, |
| 3123 | Username: user.Username, |
| 3124 | Name: user.Name, |
| 3125 | AvatarURL: user.AvatarURL, |
| 3126 | }) |
| 3127 | } |
| 3128 | |
| 3129 | httpapi.Write(ctx, rw, http.StatusOK, minimalUsers) |
| 3130 | } |
nothing calls this directly
no test coverage detected