TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow session deletion without session token (#6889)

Browse Source 
* fix: add resource owner of user and change the one of session to instance

* use user resource owner from session projection

* fix session permission check

* integration tests and fixes

* update api docs
This commit is contained in:
Livio Spring
2023-11-16 08:35:50 +02:00
committed by GitHub
parent 0948a0b9ae
commit 2e8c3b5a53
18 changed files with 448 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/defaults.yaml
View File

@@ -953,6 +953,7 @@ InternalAuthZ:
- "project.grant.member.delete"
- "events.read"
- "milestones.read"
- "session.delete"
- Role: "IAM_OWNER_VIEWER"
Permissions:
- "iam.read"
@@ -1030,6 +1031,7 @@ InternalAuthZ:
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- "session.delete"
- Role: "IAM_USER_MANAGER"
Permissions:
- "org.read"
@@ -1053,6 +1055,7 @@ InternalAuthZ:
- "project.grant.write"
- "project.grant.delete"
- "project.grant.member.read"
- "session.delete"
- Role: "ORG_OWNER"
Permissions:
- "org.read"
@@ -1102,6 +1105,7 @@ InternalAuthZ:
- "project.grant.member.read"
- "project.grant.member.write"
- "project.grant.member.delete"
- "session.delete"
- Role: "ORG_USER_MANAGER"
Permissions:
- "org.read"
@@ -1116,6 +1120,7 @@ InternalAuthZ:
- "policy.read"
- "project.read"
- "project.role.read"
- "session.delete"
- Role: "ORG_OWNER_VIEWER"
Permissions:
- "org.read"