TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 07:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check permissions for user grant (#687)

Browse Source
This commit is contained in:
Fabi
2020-09-02 11:06:08 +02:00
committed by GitHub
parent 370cd19a83
commit 4b183633ab
1 changed files with 32 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
internal/management/repository/eventsourcing/eventstore/user_grant.go
View File

@@ -148,10 +148,26 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
} }
ids := authz.GetExplicitPermissionCtxIDs(permissions, projectReadPerm) ids := authz.GetExplicitPermissionCtxIDs(permissions, projectReadPerm)
if _, q := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); q != nil { if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyGrantID); query != nil {
result := checkContainsPermID(ids, query, request, sequence)
if result != nil {
return result
}
}
if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); query != nil {
result := checkContainsPermID(ids, query, request, sequence)
if result != nil {
return result
}
}
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyProjectID, Method: global_model.SearchMethodIsOneOf, Value: ids})
return nil
}
func checkContainsPermID(ids []string, query *grant_model.UserGrantSearchQuery, request *grant_model.UserGrantSearchRequest, sequence *repository.CurrentSequence) *grant_model.UserGrantSearchResponse {
containsID := false containsID := false
for _, id := range ids { for _, id := range ids {
if id == q.Value { if id == query.Value {
containsID = true containsID = true
break break
} }
@@ -169,8 +185,6 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
} }
return result return result
} }
}
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyProjectID, Method: global_model.SearchMethodIsOneOf, Value: ids})
return nil return nil
} }