2021-09-27 13:43:49 +02:00
|
|
|
package management
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2022-04-27 01:01:45 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
2023-12-08 16:30:55 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2021-09-27 13:43:49 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error {
|
|
|
|
permissions := authz.GetRequestPermissionsFromCtx(ctx)
|
|
|
|
if authz.HasGlobalPermission(permissions) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
ids := authz.GetAllPermissionCtxIDs(permissions)
|
|
|
|
if grantID != "" && listContainsID(ids, grantID) {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
if listContainsID(ids, projectID) {
|
|
|
|
return nil
|
|
|
|
}
|
2023-12-08 16:30:55 +02:00
|
|
|
return zerrors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")
|
2021-09-27 13:43:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func listContainsID(ids []string, id string) bool {
|
|
|
|
for _, i := range ids {
|
|
|
|
if i == id {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|