zitadel/internal/command/auth_checks.go

package command

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	caos_errors "github.com/zitadel/zitadel/internal/errors"
)

func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error {
	permissions := authz.GetRequestPermissionsFromCtx(ctx)
	if authz.HasGlobalPermission(permissions) {
		return nil
	}
	ids := authz.GetAllPermissionCtxIDs(permissions)
	if grantID != "" && listContainsID(ids, grantID) {
		return nil
	}
	if listContainsID(ids, projectID) {
		return nil
	}
	return caos_errors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")
}

func listContainsID(ids []string, id string) bool {
	for _, i := range ids {
		if i == id {
			return true
		}
	}
	return false
}
feat: user grants command side (#1191) * fix: user grant command side * fix: user grant command side * fix: user grant command side check permissions * fix: unique constraint on user grants * fix: add usergrant * fix: add usergrant * fix: add usergrant * fix: user grant remove * Update internal/v2/command/auth_checks.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/auth_checks.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/project.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/user_grant.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: project events Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-22 12:31:52 +00:00			`package command`

			`import (`
			`"context"`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00
			`"github.com/zitadel/zitadel/internal/api/authz"`
			`caos_errors "github.com/zitadel/zitadel/internal/errors"`
feat: user grants command side (#1191) * fix: user grant command side * fix: user grant command side * fix: user grant command side check permissions * fix: unique constraint on user grants * fix: add usergrant * fix: add usergrant * fix: add usergrant * fix: user grant remove * Update internal/v2/command/auth_checks.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/auth_checks.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/project.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/user_grant.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: project events Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-22 12:31:52 +00:00			`)`

			`func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error {`
			`permissions := authz.GetRequestPermissionsFromCtx(ctx)`
			`if authz.HasGlobalPermission(permissions) {`
			`return nil`
			`}`
			`ids := authz.GetAllPermissionCtxIDs(permissions)`
			`if grantID != "" && listContainsID(ids, grantID) {`
			`return nil`
			`}`
			`if listContainsID(ids, projectID) {`
			`return nil`
			`}`
			`return caos_errors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")`
			`}`

			`func listContainsID(ids []string, id string) bool {`
			`for _, i := range ids {`
			`if i == id {`
			`return true`
			`}`
			`}`
			`return false`
			`}`