TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-06 15:24:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: permission check for actions v1 post creation user grants (#10638)

Browse Source 
# Which Problems Are Solved

Unnecessary default permission check in creating an authorization fails
even if the functionality was called internally.

# How the Problems Are Solved

Move permission check to the proper implementation, so that necessary
permission checks are provided by the responsible API.

# Additional Changes

None

# Additional Context

Closes #10624

Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit bdefd9147f)
This commit is contained in:
Stefan Benz
2025-09-03 16:39:18 +02:00
committed by Livio Spring
parent d5066237f9
commit 2dba5fa7fc
4 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/command/user_grant.go
View File

@@ -340,7 +340,7 @@ func (c *Commands) checkUserGrantPreCondition(ctx context.Context, usergrant *do
if check != nil {
return check(usergrant.ProjectID, usergrant.ProjectGrantID)(usergrant.ResourceOwner, "")
}
return checkExplicitProjectPermission(ctx, usergrant.ProjectGrantID, usergrant.ProjectID)
return nil
}
// this code needs to be rewritten anyways as soon as we improved the fields handling
@@ -488,7 +488,7 @@ func (c *Commands) checkUserGrantPreConditionOld(ctx context.Context, usergrant
if check != nil {
return check(usergrant.ProjectID, usergrant.ProjectGrantID)(usergrant.ResourceOwner, "")
}
return checkExplicitProjectPermission(ctx, usergrant.ProjectGrantID, usergrant.ProjectID)
return nil
}
func (c *Commands) searchProjectOwnerAndGrantID(ctx context.Context, projectID string, grantedOrgID string) (projectOwner string, grantID string, err error) {