TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: allow session deletion without session token (#6889)

Browse Source 
* fix: add resource owner of user and change the one of session to instance

* use user resource owner from session projection

* fix session permission check

* integration tests and fixes

* update api docs
This commit is contained in:
Livio Spring
2023-11-16 08:35:50 +02:00
committed by GitHub
parent 0948a0b9ae
commit 2e8c3b5a53
18 changed files with 448 additions and 301 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/grpc/session/v2/session.go
View File

@@ -355,7 +355,7 @@ func (s *Server) checksToCommand(ctx context.Context, checks *session.Checks) ([
// trigger activity log for session for user
activity.Trigger(ctx, user.ResourceOwner, user.ID, activity.SessionAPI)
sessionChecks = append(sessionChecks, command.CheckUser(user.ID))
sessionChecks = append(sessionChecks, command.CheckUser(user.ID, user.ResourceOwner))
}
if password := checks.GetPassword(); password != nil {
sessionChecks = append(sessionChecks, command.CheckPassword(password.GetPassword()))