TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 03:57:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check permissions for user grant (#687)

Browse Source
This commit is contained in:
Fabi
2020-09-02 11:06:08 +02:00
committed by GitHub
parent 370cd19a83
commit 4b183633ab
1 changed files with 32 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
internal/management/repository/eventsourcing/eventstore/user_grant.go
View File

@@ -148,25 +148,15 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
} }
ids := authz.GetExplicitPermissionCtxIDs(permissions, projectReadPerm) ids := authz.GetExplicitPermissionCtxIDs(permissions, projectReadPerm)
if _, q := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); q != nil { if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyGrantID); query != nil {
containsID := false result := checkContainsPermID(ids, query, request, sequence)
for _, id := range ids { if result != nil {
if id == q.Value { return result
containsID = true
break
}
} }
if !containsID { }
result := &grant_model.UserGrantSearchResponse{ if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); query != nil {
Offset: request.Offset, result := checkContainsPermID(ids, query, request, sequence)
Limit: request.Limit, if result != nil {
TotalResult: uint64(0),
Result: []*grant_model.UserGrantView{},
}
if sequence != nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result return result
} }
} }
@@ -174,6 +164,30 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
return nil return nil
} }
func checkContainsPermID(ids []string, query *grant_model.UserGrantSearchQuery, request *grant_model.UserGrantSearchRequest, sequence *repository.CurrentSequence) *grant_model.UserGrantSearchResponse {
containsID := false
for _, id := range ids {
if id == query.Value {
containsID = true
break
}
}
if !containsID {
result := &grant_model.UserGrantSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: uint64(0),
Result: []*grant_model.UserGrantView{},
}
if sequence != nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.CurrentTimestamp
}
return result
}
return nil
}
func checkExplicitPermission(ctx context.Context, grantID, projectID string) error { func checkExplicitPermission(ctx context.Context, grantID, projectID string) error {
permissions := authz.GetRequestPermissionsFromCtx(ctx) permissions := authz.GetRequestPermissionsFromCtx(ctx)
if authz.HasGlobalPermission(permissions) { if authz.HasGlobalPermission(permissions) {