@Summary Get template ACLs @ID get-template-acls @Security CoderSessionToken @Produce json @Tags Enterprise @Param template path string true "Template ID" format(uuid) @Success 200 {object} codersdk.TemplateACL @Router /api/v2/templates/{template}/acl [get]
(rw http.ResponseWriter, r *http.Request)
| 129 | // @Success 200 {object} codersdk.TemplateACL |
| 130 | // @Router /api/v2/templates/{template}/acl [get] |
| 131 | func (api *API) templateACL(rw http.ResponseWriter, r *http.Request) { |
| 132 | var ( |
| 133 | ctx = r.Context() |
| 134 | template = httpmw.TemplateParam(r) |
| 135 | ) |
| 136 | |
| 137 | users, err := api.Database.GetTemplateUserRoles(ctx, template.ID) |
| 138 | if err != nil { |
| 139 | httpapi.InternalServerError(rw, err) |
| 140 | return |
| 141 | } |
| 142 | |
| 143 | dbGroups, err := api.Database.GetTemplateGroupRoles(ctx, template.ID) |
| 144 | if err != nil { |
| 145 | httpapi.InternalServerError(rw, err) |
| 146 | return |
| 147 | } |
| 148 | |
| 149 | userIDs := make([]uuid.UUID, 0, len(users)) |
| 150 | for _, user := range users { |
| 151 | userIDs = append(userIDs, user.ID) |
| 152 | } |
| 153 | |
| 154 | orgIDsByMemberIDsRows, err := api.Database.GetOrganizationIDsByMemberIDs(r.Context(), userIDs) |
| 155 | if err != nil && !xerrors.Is(err, sql.ErrNoRows) { |
| 156 | httpapi.InternalServerError(rw, err) |
| 157 | return |
| 158 | } |
| 159 | |
| 160 | organizationIDsByUserID := map[uuid.UUID][]uuid.UUID{} |
| 161 | for _, organizationIDsByMemberIDsRow := range orgIDsByMemberIDsRows { |
| 162 | organizationIDsByUserID[organizationIDsByMemberIDsRow.UserID] = organizationIDsByMemberIDsRow.OrganizationIDs |
| 163 | } |
| 164 | |
| 165 | groups := make([]codersdk.TemplateGroup, 0, len(dbGroups)) |
| 166 | for _, group := range dbGroups { |
| 167 | var members []database.GroupMember |
| 168 | |
| 169 | // This is a bit of a hack. The caller might not have permission to do this, |
| 170 | // but they can read the acl list if the function got this far. So we let |
| 171 | // them read the group members. |
| 172 | // We should probably at least return more truncated user data here. |
| 173 | // nolint:gocritic |
| 174 | members, err = api.Database.GetGroupMembersByGroupID(dbauthz.AsSystemRestricted(ctx), database.GetGroupMembersByGroupIDParams{ |
| 175 | GroupID: group.Group.ID, |
| 176 | IncludeSystem: false, |
| 177 | }) |
| 178 | if err != nil { |
| 179 | httpapi.InternalServerError(rw, err) |
| 180 | return |
| 181 | } |
| 182 | // nolint:gocritic |
| 183 | memberCount, err := api.Database.GetGroupMembersCountByGroupID(dbauthz.AsSystemRestricted(ctx), database.GetGroupMembersCountByGroupIDParams{ |
| 184 | GroupID: group.Group.ID, |
| 185 | IncludeSystem: false, |
| 186 | }) |
| 187 | if err != nil { |
| 188 | httpapi.InternalServerError(rw, err) |
nothing calls this directly
no test coverage detected