From 1a24b107023af4cf605ecdeb4c17fe126341432e Mon Sep 17 00:00:00 2001 From: masum-msphere Date: Wed, 16 Jul 2025 17:38:06 +0530 Subject: [PATCH] fix(mgmt_api) : role deletion/update fails when role key contains a slash (#9958) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # Which Problems Are Solved - Role deletion or update API returns `404 Not Found` when the role key contains a slash (`/`), even if URL encoded. - This breaks management of hierarchical role keys like `admin/org/reader`. # How the Problems Are Solved - Updated the HTTP binding in the protobuf definition for the affected endpoints to use `{role_key=**}` instead of `{role_key}`. - This change enables proper decoding and handling of slashes in role keys as a single path variable. # Additional Changes None # Additional Context - Closes https://github.com/zitadel/zitadel/issues/9948 Co-authored-by: Masum Patel Co-authored-by: Tim Möhlmann --- proto/zitadel/management.proto | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto index 09095e3b78..8bbb0cc3a0 100644 --- a/proto/zitadel/management.proto +++ b/proto/zitadel/management.proto @@ -3101,7 +3101,7 @@ service ManagementService { rpc UpdateProjectRole(UpdateProjectRoleRequest) returns (UpdateProjectRoleResponse) { option (google.api.http) = { - put: "/projects/{project_id}/roles/{role_key}" + put: "/projects/{project_id}/roles/{role_key=**}" body: "*" }; @@ -3127,7 +3127,7 @@ service ManagementService { rpc RemoveProjectRole(RemoveProjectRoleRequest) returns (RemoveProjectRoleResponse) { option (google.api.http) = { - delete: "/projects/{project_id}/roles/{role_key}" + delete: "/projects/{project_id}/roles/{role_key=**}" }; option (zitadel.v1.auth_option) = {