TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-13 02:58:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check permissions for user grant (#687)

Browse Source
This commit is contained in:
Fabi
2020-09-02 11:06:08 +02:00
committed by GitHub
parent 370cd19a83
commit 4b183633ab
1 changed files with 32 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
internal/management/repository/eventsourcing/eventstore/user_grant.go
View File

@@ -148,10 +148,26 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
}
ids := authz.GetExplicitPermissionCtxIDs(permissions, projectReadPerm)
if _, q := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); q != nil {
if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyGrantID); query != nil {
result := checkContainsPermID(ids, query, request, sequence)
if result != nil {
return result
}
}
if _, query := request.GetSearchQuery(grant_model.UserGrantSearchKeyProjectID); query != nil {
result := checkContainsPermID(ids, query, request, sequence)
if result != nil {
return result
}
}
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyProjectID, Method: global_model.SearchMethodIsOneOf, Value: ids})
return nil
}
func checkContainsPermID(ids []string, query *grant_model.UserGrantSearchQuery, request *grant_model.UserGrantSearchRequest, sequence *repository.CurrentSequence) *grant_model.UserGrantSearchResponse {
containsID := false
for _, id := range ids {
if id == q.Value {
if id == query.Value {
containsID = true
break
}
@@ -169,8 +185,6 @@ func handleSearchUserGrantPermissions(ctx context.Context, request *grant_model.
}
return result
}
}
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyProjectID, Method: global_model.SearchMethodIsOneOf, Value: ids})
return nil
}