Skip to content

Commit 8e1e97d

Browse files
committed
fix updates
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent 595d85c commit 8e1e97d

1 file changed

Lines changed: 11 additions & 5 deletions

File tree

app/controlplane/pkg/biz/group.go

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -769,24 +769,25 @@ func (uc *GroupUseCase) UpdateMemberMaintainerStatus(ctx context.Context, orgID
769769
// Find the user by reference or email
770770
var userUUID uuid.UUID
771771
var userEmail string
772+
var userMembership *Membership
772773

773774
// If UserReference is provided, use it to resolve the user ID
774775
if opts.UserReference != nil && (opts.UserReference.ID != nil || opts.UserReference.Name != nil) {
775776
// If ID is provided directly, use it
776777
if opts.UserReference.ID != nil {
777778
userUUID = *opts.UserReference.ID
778779
// Look up the user to verify they exist and get their email
779-
user, err := uc.membershipRepo.FindByOrgAndUser(ctx, orgID, userUUID)
780+
userMembership, err = uc.membershipRepo.FindByOrgAndUser(ctx, orgID, userUUID)
780781
if err != nil {
781782
return fmt.Errorf("failed to find user by ID: %w", err)
782783
}
783-
if user == nil {
784+
if userMembership == nil {
784785
return NewErrNotFound("user")
785786
}
786-
userEmail = user.User.Email
787+
userEmail = userMembership.User.Email
787788
} else if opts.UserReference.Name != nil {
788789
// If name (email) is provided, look up the user
789-
userMembership, err := uc.membershipRepo.FindByOrgIDAndUserEmail(ctx, orgID, *opts.UserReference.Name)
790+
userMembership, err = uc.membershipRepo.FindByOrgIDAndUserEmail(ctx, orgID, *opts.UserReference.Name)
790791
if err != nil && !IsNotFound(err) {
791792
return fmt.Errorf("failed to find user by email: %w", err)
792793
}
@@ -798,7 +799,7 @@ func (uc *GroupUseCase) UpdateMemberMaintainerStatus(ctx context.Context, orgID
798799
}
799800
} else {
800801
// Fall back to using UserEmail
801-
userMembership, err := uc.membershipRepo.FindByOrgIDAndUserEmail(ctx, orgID, *opts.UserReference.Name)
802+
userMembership, err = uc.membershipRepo.FindByOrgIDAndUserEmail(ctx, orgID, *opts.UserReference.Name)
802803
if err != nil && !IsNotFound(err) {
803804
return fmt.Errorf("failed to find user by email: %w", err)
804805
}
@@ -809,6 +810,11 @@ func (uc *GroupUseCase) UpdateMemberMaintainerStatus(ctx context.Context, orgID
809810
userEmail = *opts.UserReference.Name
810811
}
811812

813+
// illegal combination: org viewers cannot become maintainers
814+
if userMembership != nil && userMembership.Role == authz.RoleViewer && opts.IsMaintainer {
815+
return NewErrValidationStr("org viewers cannot become group maintainers")
816+
}
817+
812818
// Check if the user is a member of the group
813819
existingMembership, err := uc.groupRepo.FindGroupMembershipByGroupAndID(ctx, resolvedGroupID, userUUID)
814820
if err != nil && !IsNotFound(err) {

0 commit comments

Comments
 (0)