coder
diff --git a/‎coderd/coderd.go
Lines changed: 1 addition & 1 deletion b/‎coderd/coderd.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 8 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 8 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 11 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz_test.go
Lines changed: 11 additions & 0 deletions
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 30 additions & 0 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 30 additions & 0 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 7 additions & 0 deletions b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎coderd/database/models.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/models.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/querier.go
Lines changed: 3 additions & 1 deletion b/‎coderd/database/querier.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 49 additions & 1 deletion b/‎coderd/database/queries.sql.go
Lines changed: 49 additions & 1 deletion
diff --git a/‎coderd/database/queries/groupmembers.sql
Lines changed: 19 additions & 0 deletions b/‎coderd/database/queries/groupmembers.sql
Lines changed: 19 additions & 0 deletions
@@ -312,7 +312,7 @@ func New(options *Options) *API {
 	)
 
 	if options.IDPSync == nil {
-		options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.SyncSettings{
+		options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.DeploymentSyncSettings{
 			OrganizationField:         options.DeploymentValues.OIDC.OrganizationField.Value(),
 			OrganizationMapping:       options.DeploymentValues.OIDC.OrganizationMapping.Value,
 			OrganizationAssignDefault: options.DeploymentValues.OIDC.OrganizationAssignDefault.Value(),
 
@@ -2892,6 +2892,14 @@ func (q *querier) InsertUser(ctx context.Context, arg database.InsertUserParams)
 	return insert(q.log, q.auth, obj, q.db.InsertUser)(ctx, arg)
 }
 
+func (q *querier) InsertUserGroupsByID(ctx context.Context, arg database.InsertUserGroupsByIDParams) ([]uuid.UUID, error) {
+	// This is used by OIDC sync. So only used by a system user.
+	if err := q.authorizeContext(ctx, policy.ActionUpdate, rbac.ResourceSystem); err != nil {
+		return nil, err
+	}
+	return q.db.InsertUserGroupsByID(ctx, arg)
+}
+
 func (q *querier) InsertUserGroupsByName(ctx context.Context, arg database.InsertUserGroupsByNameParams) error {
 	// This will add the user to all named groups. This counts as updating a group.
 	// NOTE: instead of checking if the user has permission to update each group, we instead
 
@@ -388,6 +388,17 @@ func (s *MethodTestSuite) TestGroup() {
 			GroupNames:     slice.New(g1.Name, g2.Name),
 		}).Asserts(rbac.ResourceGroup.InOrg(o.ID), policy.ActionUpdate).Returns()
 	}))
+	s.Run("InsertUserGroupsByID", s.Subtest(func(db database.Store, check *expects) {
+		o := dbgen.Organization(s.T(), db, database.Organization{})
+		u1 := dbgen.User(s.T(), db, database.User{})
+		g1 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
+		g2 := dbgen.Group(s.T(), db, database.Group{OrganizationID: o.ID})
+		_ = dbgen.GroupMember(s.T(), db, database.GroupMemberTable{GroupID: g1.ID, UserID: u1.ID})
+		check.Args(database.InsertUserGroupsByIDParams{
+			UserID:   u1.ID,
+			GroupIds: slice.New(g1.ID, g2.ID),
+		}).Asserts(rbac.ResourceSystem, policy.ActionUpdate).Returns(slice.New(g1, g2))
+	}))
 	s.Run("RemoveUserFromAllGroups", s.Subtest(func(db database.Store, check *expects) {
 		o := dbgen.Organization(s.T(), db, database.Organization{})
 		u1 := dbgen.User(s.T(), db, database.User{})
 
@@ -7015,7 +7015,37 @@ func (q *FakeQuerier) InsertUser(_ context.Context, arg database.InsertUserParam
 	return user, nil
 }
 
+func (q *FakeQuerier) InsertUserGroupsByID(ctx context.Context, arg database.InsertUserGroupsByIDParams) ([]uuid.UUID, error) {
+	err := validateDatabaseType(arg)
+	if err != nil {
+		return nil, err
+	}
+
+	q.mutex.Lock()
+	defer q.mutex.Unlock()
+
+	var groupIDs []uuid.UUID
+	for _, group := range q.groups {
+		for _, groupID := range arg.GroupIds {
+			if group.ID == groupID {
+				q.groupMembers = append(q.groupMembers, database.GroupMemberTable{
+					UserID:  arg.UserID,
+					GroupID: groupID,
+				})
+				groupIDs = append(groupIDs, group.ID)
+			}
+		}
+	}
+
+	return groupIDs, nil
+}
+
 func (q *FakeQuerier) InsertUserGroupsByName(_ context.Context, arg database.InsertUserGroupsByNameParams) error {
+	err := validateDatabaseType(arg)
+	if err != nil {
+		return err
+	}
+
 	q.mutex.Lock()
 	defer q.mutex.Unlock()
 
 
@@ -29,6 +29,25 @@ SELECT
 FROM
     groups;
 
+-- InsertUserGroupsByID adds a user to all provided groups, if they exist.
+-- name: InsertUserGroupsByID :many
+WITH groups AS (
+	SELECT
+		id
+	FROM
+		groups
+	WHERE
+		groups.id = ANY(@group_ids :: uuid [])
+)
+INSERT INTO
+	group_members (user_id, group_id)
+SELECT
+	@user_id,
+	groups.id
+FROM
+	groups
+RETURNING group_id;
+
 -- name: RemoveUserFromAllGroups :exec
 DELETE FROM
 	group_members
Original file line number	Diff line number	Diff line change
`@@ -312,7 +312,7 @@ func New(options Options) API {`
`312`	`312`	`)`
`313`	`313`
`314`	`314`	`if options.IDPSync == nil {`
`315`		`- options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.SyncSettings{`
	`315`	`+ options.IDPSync = idpsync.NewAGPLSync(options.Logger, idpsync.DeploymentSyncSettings{`
`316`	`316`	`OrganizationField: options.DeploymentValues.OIDC.OrganizationField.Value(),`
`317`	`317`	`OrganizationMapping: options.DeploymentValues.OIDC.OrganizationMapping.Value,`
`318`	`318`	`OrganizationAssignDefault: options.DeploymentValues.OIDC.OrganizationAssignDefault.Value(),`