TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 11:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: generalise permission check for query user information (#8458)

Browse Source 
# Which Problems Are Solved

IDPLinks list and other list endpoints can provide you with empty
results if the used user has no permission for the information.

# How the Problems Are Solved

List endpoints with subelements to users, and provided userIDQuery, will
return a PermissionDenied error if no permission for the user exsists.

# Additional Changes

Function to check for permission is re-used from the GetUserByID.

# Additional Context

Closes #8451
This commit is contained in:
Stefan Benz
2024-08-23 08:44:18 +02:00
committed by GitHub
parent 8051a63147
commit 2847806531
27 changed files with 552 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/grpc/management/idp.go
View File

@@ -91,7 +91,7 @@ func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequ
}
userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
Queries: []query.SearchQuery{idpQuery},
}, true)
}, nil)
if err != nil {
return nil, err
}

6
internal/api/grpc/management/user.go
View File

@@ -608,7 +608,7 @@ func (s *Server) ListHumanAuthFactors(ctx context.Context, req *mgmt_pb.ListHuma
if err != nil {
return nil, err
}
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, nil)
if err != nil {
return nil, err
}
@@ -671,7 +671,7 @@ func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHum
if err != nil {
return nil, err
}
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, false)
authMethods, err := s.query.SearchUserAuthMethods(ctx, query, nil)
if err != nil {
return nil, err
}
@@ -892,7 +892,7 @@ func (s *Server) ListHumanLinkedIDPs(ctx context.Context, req *mgmt_pb.ListHuman
if err != nil {
return nil, err
}
res, err := s.query.IDPUserLinks(ctx, queries, false)
res, err := s.query.IDPUserLinks(ctx, queries, nil)
if err != nil {
return nil, err
}