synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ad8c314130fd2d227118991a488bb9356d66c54c
coder/enterprise/coderd/roles.go
Steven Masley ad8c314130 chore: implement api for creating custom roles (#13298) 
api endpoint (gated by experiment) to create custom_roles
2024-05-16 13:47:47 -05:00

81 lines
2.3 KiB
Go
Raw Blame History

package coderd
import (
"net/http"
"github.com/coder/coder/v2/coderd/database"
"github.com/coder/coder/v2/coderd/database/db2sdk"
"github.com/coder/coder/v2/coderd/httpapi"
"github.com/coder/coder/v2/coderd/rbac/rolestore"
"github.com/coder/coder/v2/codersdk"
)
// patchRole will allow creating a custom role
//
// @Summary Upsert a custom site-wide role
// @ID upsert-a-custom-site-wide-role
// @Security CoderSessionToken
// @Produce json
// @Tags Members
// @Success 200 {array} codersdk.Role
// @Router /users/roles [patch]
func (api *API) patchRole(rw http.ResponseWriter, r *http.Request) {
ctx := r.Context()
var req codersdk.Role
if !httpapi.Read(ctx, rw, r, &req) {
return
}
if len(req.OrganizationPermissions) > 0 {
// Org perms should be assigned only in org specific roles. Otherwise,
// it gets complicated to keep track of who can do what.
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Invalid request, not allowed to assign organization permissions for a site wide role.",
Detail: "site wide roles may not contain organization specific permissions",
})
return
}
// Make sure all permissions inputted are valid according to our policy.
rbacRole := db2sdk.RoleToRBAC(req)
args, err := rolestore.ConvertRoleToDB(rbacRole)
if err != nil {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Invalid request",
Detail: err.Error(),
})
return
}
inserted, err := api.Database.UpsertCustomRole(ctx, database.UpsertCustomRoleParams{
Name: args.Name,
DisplayName: args.DisplayName,
SitePermissions: args.SitePermissions,
OrgPermissions: args.OrgPermissions,
UserPermissions: args.UserPermissions,
})
if httpapi.Is404Error(err) {
httpapi.ResourceNotFound(rw)
return
}
if err != nil {
httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
Message: "Failed to update role permissions",
Detail: err.Error(),
})
return
}
convertedInsert, err := rolestore.ConvertDBRole(inserted)
if err != nil {
httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
Message: "Permissions were updated, unable to read them back out of the database.",
Detail: err.Error(),
})
return
}
httpapi.Write(ctx, rw, http.StatusOK, db2sdk.Role(convertedInsert))
}
Reference in New Issue View Git Blame Copy Permalink