This repository has been archived by the owner on Dec 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 43
/
permissions_db.go
70 lines (62 loc) · 2.12 KB
/
permissions_db.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package workspace
import (
"context"
"github.com/jackc/pgx/v4"
"github.com/leg100/otf/internal"
"github.com/leg100/otf/internal/rbac"
"github.com/leg100/otf/internal/sql"
"github.com/leg100/otf/internal/sql/pggen"
)
func (db *pgdb) SetWorkspacePermission(ctx context.Context, workspaceID, teamID string, role rbac.Role) error {
_, err := db.Conn(ctx).UpsertWorkspacePermission(ctx, pggen.UpsertWorkspacePermissionParams{
WorkspaceID: sql.String(workspaceID),
TeamID: sql.String(teamID),
Role: sql.String(role.String()),
})
if err != nil {
return sql.Error(err)
}
return nil
}
func (db *pgdb) GetWorkspacePolicy(ctx context.Context, workspaceID string) (internal.WorkspacePolicy, error) {
q := db.Conn(ctx)
batch := &pgx.Batch{}
// Retrieve not only permissions but the workspace too, so that:
// (1) we ensure that workspace exists and return not found if not
// (2) we retrieve the name of the organization, which is part of a policy
q.FindWorkspaceByIDBatch(batch, sql.String(workspaceID))
q.FindWorkspacePermissionsByWorkspaceIDBatch(batch, sql.String(workspaceID))
results := db.SendBatch(ctx, batch)
defer results.Close()
ws, err := q.FindWorkspaceByIDScan(results)
if err != nil {
return internal.WorkspacePolicy{}, sql.Error(err)
}
perms, err := q.FindWorkspacePermissionsByWorkspaceIDScan(results)
if err != nil {
return internal.WorkspacePolicy{}, sql.Error(err)
}
policy := internal.WorkspacePolicy{
Organization: ws.OrganizationName.String,
WorkspaceID: workspaceID,
GlobalRemoteState: ws.GlobalRemoteState.Bool,
}
for _, perm := range perms {
role, err := rbac.WorkspaceRoleFromString(perm.Role.String)
if err != nil {
return internal.WorkspacePolicy{}, err
}
policy.Permissions = append(policy.Permissions, internal.WorkspacePermission{
TeamID: perm.TeamID.String,
Role: role,
})
}
return policy, nil
}
func (db *pgdb) UnsetWorkspacePermission(ctx context.Context, workspaceID, team string) error {
_, err := db.Conn(ctx).DeleteWorkspacePermissionByID(ctx, sql.String(workspaceID), sql.String(team))
if err != nil {
return sql.Error(err)
}
return nil
}