@Summary Update workspace sharing settings for organization @ID update-workspace-sharing-settings-for-organization @Security CoderSessionToken @Produce json @Accept json @Tags Enterprise @Param organization path string true "Organization ID" format(uuid) @Param request body codersdk.UpdateWorkspaceS
(rw http.ResponseWriter, r *http.Request)
| 61 | // @Success 200 {object} codersdk.WorkspaceSharingSettings |
| 62 | // @Router /api/v2/organizations/{organization}/settings/workspace-sharing [patch] |
| 63 | func (api *API) patchWorkspaceSharingSettings(rw http.ResponseWriter, r *http.Request) { |
| 64 | ctx := r.Context() |
| 65 | org := httpmw.OrganizationParam(r) |
| 66 | auditor := *api.AGPL.Auditor.Load() |
| 67 | aReq, commitAudit := audit.InitRequest[database.Organization](rw, &audit.RequestParams{ |
| 68 | Audit: auditor, |
| 69 | Log: api.Logger, |
| 70 | Request: r, |
| 71 | Action: database.AuditActionWrite, |
| 72 | OrganizationID: org.ID, |
| 73 | }) |
| 74 | aReq.Old = org |
| 75 | defer commitAudit() |
| 76 | |
| 77 | if !api.Authorize(r, policy.ActionUpdate, org) { |
| 78 | httpapi.Forbidden(rw) |
| 79 | return |
| 80 | } |
| 81 | |
| 82 | var req codersdk.UpdateWorkspaceSharingSettingsRequest |
| 83 | if !httpapi.Read(ctx, rw, r, &req) { |
| 84 | return |
| 85 | } |
| 86 | |
| 87 | // Resolve the effective enum value. Prefer the new field; fall |
| 88 | // back to the deprecated boolean for older clients (e.g |
| 89 | // tf-provider-coderd v0.0.16) |
| 90 | allowedOwners := req.ShareableWorkspaceOwners |
| 91 | if allowedOwners == "" { |
| 92 | if req.SharingDisabled { |
| 93 | allowedOwners = codersdk.ShareableWorkspaceOwnersNone |
| 94 | } else { |
| 95 | allowedOwners = codersdk.ShareableWorkspaceOwnersEveryone |
| 96 | } |
| 97 | } |
| 98 | |
| 99 | if !database.ShareableWorkspaceOwners(allowedOwners).Valid() { |
| 100 | httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ |
| 101 | Message: "Invalid shareable workspace owners value.", |
| 102 | Validations: []codersdk.ValidationError{{ |
| 103 | Field: "shareable_workspace_owners", |
| 104 | Detail: fmt.Sprintf("invalid value %q, must be one of [%s]", |
| 105 | allowedOwners, |
| 106 | strings.Join(slice.ToStrings(database.AllShareableWorkspaceOwnersValues()), ", ")), |
| 107 | }}, |
| 108 | }) |
| 109 | return |
| 110 | } |
| 111 | |
| 112 | err := api.Database.InTx(func(tx database.Store) error { |
| 113 | //nolint:gocritic // System context required to look up and reconcile the |
| 114 | // system roles; callers only need `organization:update` |
| 115 | sysCtx := dbauthz.AsSystemRestricted(ctx) |
| 116 | |
| 117 | // Serialize organization workspace-sharing updates with system role |
| 118 | // reconciliation across coderd instances (e.g. during rolling restarts). |
| 119 | // This prevents conflicting writes to the system roles. |
| 120 | // TODO(geokat): Consider finer-grained locks as we add more system roles. |
no test coverage detected