(orgID uuid.UUID, rw http.ResponseWriter, r *http.Request)
| 809 | } |
| 810 | |
| 811 | func (api *API) idpSyncClaimFieldValues(orgID uuid.UUID, rw http.ResponseWriter, r *http.Request) { |
| 812 | ctx := r.Context() |
| 813 | |
| 814 | claimField := r.URL.Query().Get("claimField") |
| 815 | if claimField == "" { |
| 816 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 817 | Message: "claimField query parameter is required", |
| 818 | }) |
| 819 | return |
| 820 | } |
| 821 | fieldValues, err := api.Database.OIDCClaimFieldValues(ctx, database.OIDCClaimFieldValuesParams{ |
| 822 | OrganizationID: orgID, |
| 823 | ClaimField: claimField, |
| 824 | }) |
| 825 | |
| 826 | if httpapi.IsUnauthorizedError(err) { |
| 827 | // Give a helpful error. The user could read the org, so this does not |
| 828 | // leak anything. |
| 829 | httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{ |
| 830 | Message: "You do not have permission to view the IDP claim field values", |
| 831 | Detail: fmt.Sprintf("%s.read permission is required", rbac.ResourceIdpsyncSettings.Type), |
| 832 | }) |
| 833 | return |
| 834 | } |
| 835 | if err != nil { |
| 836 | httpapi.InternalServerError(rw, err) |
| 837 | return |
| 838 | } |
| 839 | if fieldValues == nil { |
| 840 | fieldValues = []string{} |
| 841 | } |
| 842 | |
| 843 | httpapi.Write(ctx, rw, http.StatusOK, fieldValues) |
| 844 | } |
| 845 | |
| 846 | func applyIDPSyncMappingDiff[IDType uuid.UUID | string]( |
| 847 | previous map[string][]IDType, |
no test coverage detected