putOrgRoles will allow updating a custom organization role @Summary Update a custom organization role @ID update-a-custom-organization-role @Security CoderSessionToken @Accept json @Produce json @Param organization path string true "Organization ID" format(uuid) @Param request body codersdk.CustomR
(rw http.ResponseWriter, r *http.Request)
| 99 | // @Success 200 {array} codersdk.Role |
| 100 | // @Router /api/v2/organizations/{organization}/members/roles [put] |
| 101 | func (api *API) putOrgRoles(rw http.ResponseWriter, r *http.Request) { |
| 102 | var ( |
| 103 | ctx = r.Context() |
| 104 | db = api.Database |
| 105 | auditor = api.AGPL.Auditor.Load() |
| 106 | organization = httpmw.OrganizationParam(r) |
| 107 | aReq, commitAudit = audit.InitRequest[database.CustomRole](rw, &audit.RequestParams{ |
| 108 | Audit: *auditor, |
| 109 | Log: api.Logger, |
| 110 | Request: r, |
| 111 | Action: database.AuditActionWrite, |
| 112 | OrganizationID: organization.ID, |
| 113 | }) |
| 114 | ) |
| 115 | defer commitAudit() |
| 116 | |
| 117 | var req codersdk.CustomRoleRequest |
| 118 | if !httpapi.Read(ctx, rw, r, &req) { |
| 119 | return |
| 120 | } |
| 121 | |
| 122 | if !validOrganizationRoleRequest(ctx, req, rw) { |
| 123 | return |
| 124 | } |
| 125 | |
| 126 | originalRoles, err := db.CustomRoles(ctx, database.CustomRolesParams{ |
| 127 | LookupRoles: []database.NameOrganizationPair{ |
| 128 | { |
| 129 | Name: req.Name, |
| 130 | OrganizationID: organization.ID, |
| 131 | }, |
| 132 | }, |
| 133 | ExcludeOrgRoles: false, |
| 134 | OrganizationID: organization.ID, |
| 135 | IncludeSystemRoles: false, |
| 136 | }) |
| 137 | // If it is a 404 (not found) error, ignore it. |
| 138 | if err != nil && !httpapi.Is404Error(err) { |
| 139 | httpapi.InternalServerError(rw, err) |
| 140 | return |
| 141 | } |
| 142 | if len(originalRoles) == 1 { |
| 143 | // For auditing changes to a role. |
| 144 | aReq.Old = originalRoles[0] |
| 145 | } |
| 146 | |
| 147 | updated, err := db.UpdateCustomRole(ctx, database.UpdateCustomRoleParams{ |
| 148 | Name: req.Name, |
| 149 | DisplayName: req.DisplayName, |
| 150 | OrganizationID: uuid.NullUUID{ |
| 151 | UUID: organization.ID, |
| 152 | Valid: true, |
| 153 | }, |
| 154 | // Invalid permissions are filtered out. If this is changed |
| 155 | // to throw an error, then the story of a previously valid role |
| 156 | // now being invalid has to be addressed. Coder can change permissions, |
| 157 | // objects, and actions at any time. |
| 158 | SitePermissions: slice.List(filterInvalidPermissions(req.SitePermissions), sdkPermissionToDB), |
nothing calls this directly
no test coverage detected