fix: improve permission checks (#682)

* separate roles for global org * remove old user grant permissions * allow context permissions Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 00:47:33 +00:00 · 2020-09-01 16:38:34 +02:00
parent 0d44b69c0e
commit 370cd19a83
10 changed files with 98 additions and 36 deletions
--- a/internal/api/authz/permissions.go
+++ b/internal/api/authz/permissions.go
@@ -43,6 +43,7 @@ func mapRoleToPerm(requiredPerm, actualRole string, authConfig Config, requestPe
 			allPermissions = append(allPermissions, permWithCtx)
 		}

+		p, _ = SplitPermission(p)
 		if p == requiredPerm {
 			if !ExistsPerm(requestPermissions, permWithCtx) {
 				requestPermissions = append(requestPermissions, permWithCtx)
--- a/internal/api/grpc/management/project_member.go
+++ b/internal/api/grpc/management/project_member.go
@@ -9,7 +9,11 @@ import (
 )

 func (s *Server) GetProjectMemberRoles(ctx context.Context, _ *empty.Empty) (*management.ProjectMemberRoles, error) {
-	return &management.ProjectMemberRoles{Roles: s.project.GetProjectMemberRoles()}, nil
+	roles, err := s.project.GetProjectMemberRoles(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &management.ProjectMemberRoles{Roles: roles}, nil
 }

 func (s *Server) SearchProjectMembers(ctx context.Context, in *management.ProjectMemberSearchRequest) (*management.ProjectMemberSearchResponse, error) {