scimPatchUser supports suspending and activating users only. @Summary SCIM 2.0: Update user account @ID scim-update-user-status @Security Authorization @Produce application/scim+json @Tags Enterprise @Param id path string true "User ID" format(uuid) @Param request body coderd.SCIMUser true "Update
(rw http.ResponseWriter, r *http.Request)
| 346 | // @Success 200 {object} codersdk.User |
| 347 | // @Router /scim/v2/Users/{id} [patch] |
| 348 | func (api *API) scimPatchUser(rw http.ResponseWriter, r *http.Request) { |
| 349 | ctx := r.Context() |
| 350 | if !api.scimVerifyAuthHeader(r) { |
| 351 | scimUnauthorized(rw) |
| 352 | return |
| 353 | } |
| 354 | |
| 355 | auditor := *api.AGPL.Auditor.Load() |
| 356 | aReq, commitAudit := audit.InitRequestWithCancel[database.User](rw, &audit.RequestParams{ |
| 357 | Audit: auditor, |
| 358 | Log: api.Logger, |
| 359 | Request: r, |
| 360 | Action: database.AuditActionWrite, |
| 361 | }) |
| 362 | |
| 363 | defer commitAudit(true) |
| 364 | |
| 365 | id := chi.URLParam(r, "id") |
| 366 | |
| 367 | var sUser SCIMUser |
| 368 | err := json.NewDecoder(r.Body).Decode(&sUser) |
| 369 | if err != nil { |
| 370 | _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidRequest", err)) |
| 371 | return |
| 372 | } |
| 373 | sUser.ID = id |
| 374 | |
| 375 | uid, err := uuid.Parse(id) |
| 376 | if err != nil { |
| 377 | _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidId", xerrors.Errorf("id must be a uuid: %w", err))) |
| 378 | return |
| 379 | } |
| 380 | |
| 381 | //nolint:gocritic // needed for SCIM |
| 382 | dbUser, err := api.Database.GetUserByID(dbauthz.AsSystemRestricted(ctx), uid) |
| 383 | if err != nil { |
| 384 | _ = handlerutil.WriteError(rw, err) // internal error |
| 385 | return |
| 386 | } |
| 387 | aReq.Old = dbUser |
| 388 | aReq.UserID = dbUser.ID |
| 389 | |
| 390 | if sUser.Active == nil { |
| 391 | _ = handlerutil.WriteError(rw, scim.NewHTTPError(http.StatusBadRequest, "invalidRequest", xerrors.New("active field is required"))) |
| 392 | return |
| 393 | } |
| 394 | |
| 395 | newStatus := scimUserStatus(dbUser, *sUser.Active) |
| 396 | if dbUser.Status != newStatus { |
| 397 | //nolint:gocritic // needed for SCIM |
| 398 | userNew, err := api.Database.UpdateUserStatus(dbauthz.AsSystemRestricted(r.Context()), database.UpdateUserStatusParams{ |
| 399 | ID: dbUser.ID, |
| 400 | Status: newStatus, |
| 401 | UpdatedAt: dbtime.Now(), |
| 402 | UserIsSeen: false, |
| 403 | }) |
| 404 | if err != nil { |
| 405 | _ = handlerutil.WriteError(rw, err) // internal error |
nothing calls this directly
no test coverage detected