TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-13 03:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check permissions for user grant (#687)

Browse Source
This commit is contained in:
Fabi 2020-09-02 11:06:08 +02:00 committed by GitHub
parent 370cd19a83
commit 4b183633ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
internal/management/repository/eventsourcing/eventstore/user_grant.go
View File

@ -148,25 +148,15 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
}
ids := authz.GetExplicitPermissionCtxIDs(permissions, projectReadPerm)
if _, q := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); q != nil {
containsID := false
for _, id := range ids {
if id == q.Value {
containsID = true
break
}
if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyGrantID); query != nil {
result := checkContainsPermID(ids, query, request, sequence)
if result != nil {
return result
}
if !containsID {
result := &grant_model.UserGrantSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(0),
Result: []*grant_model.UserGrantView{},
}
if sequence != nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
}
if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); query != nil {
result := checkContainsPermID(ids, query, request, sequence)
if result != nil {
return result
}
}
@ -174,6 +164,30 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
return nil
}
func checkContainsPermID(ids []string, query *grant_model.UserGrantSearchQuery, request *grant_model.UserGrantSearchRequest, sequence *repository.CurrentSequence) *grant_model.UserGrantSearchResponse {
containsID := false
for _, id := range ids {
if id == query.Value {
containsID = true
break
}
}
if !containsID {
result := &grant_model.UserGrantSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(0),
Result: []*grant_model.UserGrantView{},
}
if sequence != nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result
}
return nil
}
func checkExplicitPermission(ctx context.Context, grantID, projectID string) error {
permissions := authz.GetRequestPermissionsFromCtx(ctx)
if authz.HasGlobalPermission(permissions) {