fix(login): changed permission check for sending invite code on log in (#10197)

# Which Problems Are Solved Fixes issue when users would get an error message when attempting to resend invitation code when logging in # How the Problems Are Solved Changing the permission check for looking for `org.write` to `ommand.checkPermissionUpdateUser()` # Additional Context - Closes https://github.com/zitadel/zitadel/issues/10100 - backport to 3.x
2025-08-11 19:07:30 +00:00 · 2025-07-14 09:19:50 +02:00
parent 1b01fc6c40
commit 23d6d24bc8
2 changed files with 135 additions and 2 deletions
--- a/internal/command/user_v2_invite.go
+++ b/internal/command/user_v2_invite.go
@@ -6,6 +6,7 @@ import (

 	"github.com/zitadel/logging"

+	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
@@ -50,8 +51,10 @@ func (c *Commands) sendInviteCode(ctx context.Context, invite *CreateUserInvite,
 	if err != nil {
 		return nil, nil, err
 	}
-	if err := c.checkPermission(ctx, domain.PermissionUserWrite, wm.ResourceOwner, wm.AggregateID); err != nil {
-		return nil, nil, err
+	if wm.AggregateID != authz.GetCtxData(ctx).UserID {
+		if err := c.checkPermission(ctx, domain.PermissionUserWrite, wm.ResourceOwner, wm.AggregateID); err != nil {
+			return nil, nil, err
+		}
 	}
 	if !wm.UserState.Exists() {
 		return nil, nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-Wgvn4", "Errors.User.NotFound")