Skip to content

Commit 0488f3a

Browse files
jiparisjiparis
committed
move membership to function
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent 69054e0 commit 0488f3a

File tree

1 file changed

+26
-12
lines changed

1 file changed

+26
-12
lines changed

app/controlplane/internal/usercontext/currentorganization_middleware.go

Lines changed: 26 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -152,19 +152,11 @@ func setCurrentMembershipFromOrgName(ctx context.Context, user *entities.User, o
152152
var role authz.Role
153153
if membership == nil {
154154
// if not found, check if the user is instance admin
155-
m := entities.CurrentMembership(ctx)
156-
if m != nil {
157-
if slices.ContainsFunc(m.Resources, func(r *entities.ResourceMembership) bool {
158-
return r.Role == authz.RoleInstanceAdmin && r.ResourceType == authz.ResourceTypeInstance
159-
}) {
160-
org, err := orgUC.FindByName(ctx, orgName)
161-
if err != nil {
162-
return nil, fmt.Errorf("failed to find organization: %w", err)
163-
}
164-
role = authz.RoleInstanceAdmin
165-
ctx = entities.WithCurrentOrg(ctx, &entities.Org{Name: org.Name, ID: org.ID, CreatedAt: org.CreatedAt})
166-
}
155+
ctx, err = setMembershipIfInstanceAdmin(ctx, orgName, orgUC)
156+
if err != nil {
157+
return nil, err
167158
}
159+
role = authz.RoleInstanceAdmin
168160
} else {
169161
role = membership.Role
170162
ctx = entities.WithCurrentOrg(ctx, &entities.Org{Name: membership.Org.Name, ID: membership.Org.ID, CreatedAt: membership.CreatedAt})
@@ -174,6 +166,28 @@ func setCurrentMembershipFromOrgName(ctx context.Context, user *entities.User, o
174166
return WithAuthzSubject(ctx, string(role)), nil
175167
}
176168

169+
// sets membership to any organization if the user is an instance admin
170+
func setMembershipIfInstanceAdmin(ctx context.Context, orgName string, orgUC *biz.OrganizationUseCase) (context.Context, error) {
171+
// look for user membership with instance admin role
172+
m := entities.CurrentMembership(ctx)
173+
if m != nil {
174+
if slices.ContainsFunc(m.Resources, func(r *entities.ResourceMembership) bool {
175+
return r.Role == authz.RoleInstanceAdmin && r.ResourceType == authz.ResourceTypeInstance
176+
}) {
177+
org, err := orgUC.FindByName(ctx, orgName)
178+
if err != nil {
179+
return nil, fmt.Errorf("failed to find organization: %w", err)
180+
}
181+
ctx = entities.WithCurrentOrg(ctx, &entities.Org{Name: org.Name, ID: org.ID, CreatedAt: org.CreatedAt})
182+
}
183+
} else {
184+
// if no membership and no instance admin, return error
185+
return nil, errors.New("user membership not found")
186+
}
187+
188+
return ctx, nil
189+
}
190+
177191
// Find the current membership of the user and sets it on the context
178192
func setCurrentOrganizationFromDB(ctx context.Context, user *entities.User, userUC biz.UserOrgFinder, logger *log.Helper) (context.Context, error) {
179193
// We load the current organization

0 commit comments

Comments
 (0)