@@ -152,19 +152,11 @@ func setCurrentMembershipFromOrgName(ctx context.Context, user *entities.User, o
152152 var role authz.Role
153153 if membership == nil {
154154 // if not found, check if the user is instance admin
155- m := entities .CurrentMembership (ctx )
156- if m != nil {
157- if slices .ContainsFunc (m .Resources , func (r * entities.ResourceMembership ) bool {
158- return r .Role == authz .RoleInstanceAdmin && r .ResourceType == authz .ResourceTypeInstance
159- }) {
160- org , err := orgUC .FindByName (ctx , orgName )
161- if err != nil {
162- return nil , fmt .Errorf ("failed to find organization: %w" , err )
163- }
164- role = authz .RoleInstanceAdmin
165- ctx = entities .WithCurrentOrg (ctx , & entities.Org {Name : org .Name , ID : org .ID , CreatedAt : org .CreatedAt })
166- }
155+ ctx , err = setMembershipIfInstanceAdmin (ctx , orgName , orgUC )
156+ if err != nil {
157+ return nil , err
167158 }
159+ role = authz .RoleInstanceAdmin
168160 } else {
169161 role = membership .Role
170162 ctx = entities .WithCurrentOrg (ctx , & entities.Org {Name : membership .Org .Name , ID : membership .Org .ID , CreatedAt : membership .CreatedAt })
@@ -174,6 +166,28 @@ func setCurrentMembershipFromOrgName(ctx context.Context, user *entities.User, o
174166 return WithAuthzSubject (ctx , string (role )), nil
175167}
176168
169+ // sets membership to any organization if the user is an instance admin
170+ func setMembershipIfInstanceAdmin (ctx context.Context , orgName string , orgUC * biz.OrganizationUseCase ) (context.Context , error ) {
171+ // look for user membership with instance admin role
172+ m := entities .CurrentMembership (ctx )
173+ if m != nil {
174+ if slices .ContainsFunc (m .Resources , func (r * entities.ResourceMembership ) bool {
175+ return r .Role == authz .RoleInstanceAdmin && r .ResourceType == authz .ResourceTypeInstance
176+ }) {
177+ org , err := orgUC .FindByName (ctx , orgName )
178+ if err != nil {
179+ return nil , fmt .Errorf ("failed to find organization: %w" , err )
180+ }
181+ ctx = entities .WithCurrentOrg (ctx , & entities.Org {Name : org .Name , ID : org .ID , CreatedAt : org .CreatedAt })
182+ }
183+ } else {
184+ // if no membership and no instance admin, return error
185+ return nil , errors .New ("user membership not found" )
186+ }
187+
188+ return ctx , nil
189+ }
190+
177191// Find the current membership of the user and sets it on the context
178192func setCurrentOrganizationFromDB (ctx context.Context , user * entities.User , userUC biz.UserOrgFinder , logger * log.Helper ) (context.Context , error ) {
179193 // We load the current organization
0 commit comments