fix: permission check for actions v1 post creation user grants (#10638)

# Which Problems Are Solved Unnecessary default permission check in creating an authorization fails even if the functionality was called internally. # How the Problems Are Solved Move permission check to the proper implementation, so that necessary permission checks are provided by the responsible API. # Additional Changes None # Additional Context Closes #10624 Co-authored-by: Livio Spring <livio.a@gmail.com> (cherry picked from commit bdefd9147f)
2025-12-06 06:52:38 +00:00 · 2025-09-03 16:39:18 +02:00
parent d5066237f9
commit 2dba5fa7fc
4 changed files with 18 additions and 15 deletions
--- a/internal/command/user_grant.go
+++ b/internal/command/user_grant.go
@@ -340,7 +340,7 @@ func (c *Commands) checkUserGrantPreCondition(ctx context.Context, usergrant *do
 	if check != nil {
 		return check(usergrant.ProjectID, usergrant.ProjectGrantID)(usergrant.ResourceOwner, "")
 	}
-	return checkExplicitProjectPermission(ctx, usergrant.ProjectGrantID, usergrant.ProjectID)
+	return nil
 }

 // this code needs to be rewritten anyways as soon as we improved the fields handling
@@ -488,7 +488,7 @@ func (c *Commands) checkUserGrantPreConditionOld(ctx context.Context, usergrant
 	if check != nil {
 		return check(usergrant.ProjectID, usergrant.ProjectGrantID)(usergrant.ResourceOwner, "")
 	}
-	return checkExplicitProjectPermission(ctx, usergrant.ProjectGrantID, usergrant.ProjectID)
+	return nil
 }

 func (c *Commands) searchProjectOwnerAndGrantID(ctx context.Context, projectID string, grantedOrgID string) (projectOwner string, grantID string, err error) {
--- a/internal/command/user_grant_test.go
+++ b/internal/command/user_grant_test.go
@@ -1072,9 +1072,10 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
 					},
 					UserID: "user1",
 				},
+				permissionCheck: failingUserGrantPermissionCheck,
 			},
 			res: res{
-				err: zerrors.IsPermissionDenied,
+				err: isMockedPermissionCheckErr,
 			},
 		},
 		{