We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see ourdocumentation.
There was an error while loading.Please reload this page.
1 parentf7d22ea commit5bd1280Copy full SHA for 5bd1280
coderd/database/dbauthz/dbauthz.go
@@ -2851,6 +2851,13 @@ func (q *querier) UpdateMemberRoles(ctx context.Context, arg database.UpdateMemb
2851
// Convert the argument roles for validation.
2852
scopedGranted:=make([]string,0,len(arg.GrantedRoles))
2853
for_,grantedRole:=rangearg.GrantedRoles {
2854
+// This check is a developer safety check. Old code might try to invoke this code path with
2855
+// organization id suffixes. Catch this and return a nice error so it can be fixed.
2856
+_,foundOrg,_:=rbac.RoleSplit(grantedRole)
2857
+iffoundOrg!="" {
2858
+return database.OrganizationMember{},xerrors.Errorf("attempt to assign a role %q, remove the ':<organization_id> suffix",grantedRole)
2859
+}
2860
+
2861
scopedGranted=append(scopedGranted,rbac.RoleName(grantedRole,arg.OrgID.String()))
2862
}
2863