synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(site): display user avatar (#11893)

Browse Source 
* add owner API to workspace and workspace build responses
* display user avatar in workspace top bar

Co-authored-by: Cian Johnston <cian@coder.com>
This commit is contained in:
Bruno Quaresma
2024-01-30 14:07:06 -03:00
committed by GitHub
parent 83eea2d323
commit dcab6fa5a4
18 changed files with 216 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
coderd/httpmw/organizationparam.go
View File

@ -63,12 +63,13 @@ func ExtractOrganizationParam(db database.Store) func(http.Handler) http.Handler
}
}
// OrganizationMember is the database object plus the Username. Including the Username in this
// middleware is preferable to a join at the SQL layer so that we can keep the autogenerated
// database types as they are.
// OrganizationMember is the database object plus the Username and Avatar URL. Including these
// in the middleware is preferable to a join at the SQL layer so that we can keep the
// autogenerated database types as they are.
type OrganizationMember struct {
database.OrganizationMember
Username string
Username string
AvatarURL string
}
// ExtractOrganizationMemberParam grabs a user membership from the "organization" and "user" URL parameter.
@ -107,14 +108,17 @@ func ExtractOrganizationMemberParam(db database.Store) func(http.Handler) http.H
ctx = context.WithValue(ctx, organizationMemberParamContextKey{}, OrganizationMember{
OrganizationMember: organizationMember,
// Here we're making one exception to the rule about not leaking data about the user
// to the API handler, which is to include the username. If the caller has permission
// to read the OrganizationMember, then we're explicitly saying here that they also
// have permission to see the member's username, which is itself uncontroversial.
// Here we're making two exceptions to the rule about not leaking data about the user
// to the API handler, which is to include the username and avatar URL.
// If the caller has permission to read the OrganizationMember, then we're explicitly
// saying here that they also have permission to see the member's username and avatar.
// This is OK!
//
// API handlers need this information for audit logging and returning the owner's
// username in response to creating a workspace.
Username: user.Username,
// username in response to creating a workspace. Additionally, the frontend consumes
// the Avatar URL and this allows the FE to avoid an extra request.
Username: user.Username,
AvatarURL: user.AvatarURL,
})
next.ServeHTTP(rw, r.WithContext(ctx))
})