2022-05-03 21:10:19 +00:00
|
|
|
package coderd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
|
2023-08-18 18:55:43 +00:00
|
|
|
"github.com/coder/coder/v2/coderd/httpmw"
|
|
|
|
"github.com/coder/coder/v2/codersdk"
|
2022-05-03 21:10:19 +00:00
|
|
|
|
2023-08-18 18:55:43 +00:00
|
|
|
"github.com/coder/coder/v2/coderd/httpapi"
|
|
|
|
"github.com/coder/coder/v2/coderd/rbac"
|
2022-05-03 21:10:19 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// assignableSiteRoles returns all site wide roles that can be assigned.
|
2023-01-11 13:08:04 +00:00
|
|
|
//
|
|
|
|
// @Summary Get site member roles
|
|
|
|
// @ID get-site-member-roles
|
|
|
|
// @Security CoderSessionToken
|
|
|
|
// @Produce json
|
|
|
|
// @Tags Members
|
|
|
|
// @Success 200 {array} codersdk.AssignableRoles
|
|
|
|
// @Router /users/roles [get]
|
2022-05-26 03:14:08 +00:00
|
|
|
func (api *API) assignableSiteRoles(rw http.ResponseWriter, r *http.Request) {
|
2022-09-21 22:07:00 +00:00
|
|
|
ctx := r.Context()
|
2022-09-19 17:39:02 +00:00
|
|
|
actorRoles := httpmw.UserAuthorization(r)
|
2022-06-14 15:14:05 +00:00
|
|
|
if !api.Authorize(r, rbac.ActionRead, rbac.ResourceRoleAssignment) {
|
|
|
|
httpapi.Forbidden(rw)
|
2022-05-17 18:43:19 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-05-03 21:10:19 +00:00
|
|
|
roles := rbac.SiteRoles()
|
2024-03-29 15:14:27 +00:00
|
|
|
httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles))
|
2022-05-03 21:10:19 +00:00
|
|
|
}
|
|
|
|
|
2023-01-11 13:08:04 +00:00
|
|
|
// assignableSiteRoles returns all org wide roles that can be assigned.
|
|
|
|
//
|
2023-01-11 11:16:09 +00:00
|
|
|
// @Summary Get member roles by organization
|
|
|
|
// @ID get-member-roles-by-organization
|
|
|
|
// @Security CoderSessionToken
|
|
|
|
// @Produce json
|
|
|
|
// @Tags Members
|
|
|
|
// @Param organization path string true "Organization ID" format(uuid)
|
|
|
|
// @Success 200 {array} codersdk.AssignableRoles
|
|
|
|
// @Router /organizations/{organization}/members/roles [get]
|
2022-05-26 03:14:08 +00:00
|
|
|
func (api *API) assignableOrgRoles(rw http.ResponseWriter, r *http.Request) {
|
2022-09-21 22:07:00 +00:00
|
|
|
ctx := r.Context()
|
2022-05-03 21:10:19 +00:00
|
|
|
organization := httpmw.OrganizationParam(r)
|
2022-09-19 17:39:02 +00:00
|
|
|
actorRoles := httpmw.UserAuthorization(r)
|
2022-05-17 18:43:19 +00:00
|
|
|
|
2022-06-14 15:14:05 +00:00
|
|
|
if !api.Authorize(r, rbac.ActionRead, rbac.ResourceOrgRoleAssignment.InOrg(organization.ID)) {
|
2023-02-14 14:27:06 +00:00
|
|
|
httpapi.ResourceNotFound(rw)
|
2022-05-17 18:43:19 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-05-03 21:10:19 +00:00
|
|
|
roles := rbac.OrganizationRoles(organization.ID)
|
2024-03-29 15:14:27 +00:00
|
|
|
httpapi.Write(ctx, rw, http.StatusOK, assignableRoles(actorRoles.Roles, roles))
|
2022-05-09 16:38:14 +00:00
|
|
|
}
|
|
|
|
|
2023-01-26 20:42:54 +00:00
|
|
|
func assignableRoles(actorRoles rbac.ExpandableRoles, roles []rbac.Role) []codersdk.AssignableRoles {
|
2022-08-16 15:39:42 +00:00
|
|
|
assignable := make([]codersdk.AssignableRoles, 0)
|
2022-05-09 16:38:14 +00:00
|
|
|
for _, role := range roles {
|
2023-10-12 15:52:32 +00:00
|
|
|
// The member role is implied, and not assignable.
|
|
|
|
// If there is no display name, then the role is also unassigned.
|
|
|
|
// This is not the ideal logic, but works for now.
|
|
|
|
if role.Name == rbac.RoleMember() || (role.DisplayName == "") {
|
2022-06-01 14:07:50 +00:00
|
|
|
continue
|
|
|
|
}
|
2022-08-16 15:39:42 +00:00
|
|
|
assignable = append(assignable, codersdk.AssignableRoles{
|
|
|
|
Role: codersdk.Role{
|
|
|
|
Name: role.Name,
|
|
|
|
DisplayName: role.DisplayName,
|
|
|
|
},
|
|
|
|
Assignable: rbac.CanAssignRole(actorRoles, role.Name),
|
|
|
|
})
|
2022-05-09 16:38:14 +00:00
|
|
|
}
|
2022-08-16 15:39:42 +00:00
|
|
|
return assignable
|
2022-05-03 21:10:19 +00:00
|
|
|
}
|