mirror of
https://github.com/coder/coder.git
synced 2025-07-13 21:36:50 +00:00
feat: remove user from groups on org membership delete (#14701)
* feat: remove user from groups on org membership delete Groups inherently provide authz access to certain resources. If a user is removed from an organization, they should be removed from all their groups in said organization.
This commit is contained in:
Steven Masley
GitHub
@ -1944,7 +1944,7 @@ func (q *FakeQuerier) DeleteOrganization(_ context.Context, id uuid.UUID) error
|
||||
return sql.ErrNoRows
|
||||
}
|
||||
|
||||
func (q *FakeQuerier) DeleteOrganizationMember(_ context.Context, arg database.DeleteOrganizationMemberParams) error {
|
||||
func (q *FakeQuerier) DeleteOrganizationMember(ctx context.Context, arg database.DeleteOrganizationMemberParams) error {
|
||||
err := validateDatabaseType(arg)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -1959,6 +1959,16 @@ func (q *FakeQuerier) DeleteOrganizationMember(_ context.Context, arg database.D
|
||||
if len(deleted) == 0 {
|
||||
return sql.ErrNoRows
|
||||
}
|
||||
|
||||
// Delete group member trigger
|
||||
q.groupMembers = slices.DeleteFunc(q.groupMembers, func(member database.GroupMemberTable) bool {
|
||||
if member.UserID != arg.UserID {
|
||||
return false
|
||||
}
|
||||
g, _ := q.getGroupByIDNoLock(ctx, member.GroupID)
|
||||
return g.OrganizationID == arg.OrganizationID
|
||||
})
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user