fix: improve user grants precondition checks (#4237)

* fix: improve user grants precondition checks * build rc * fix prerelease * fix: build image * remove branch from releaserc
2025-08-11 23:57:31 +00:00 · 2022-08-24 11:38:59 +02:00
parent 06fd70d457
commit 4c26665b93
3 changed files with 116 additions and 10 deletions
--- a/internal/command/user_grant_model.go
+++ b/internal/command/user_grant_model.go
@@ -89,17 +89,19 @@ type UserGrantPreConditionReadModel struct {
 	UserID             string
 	ProjectID          string
 	ProjectGrantID     string
+	ResourceOwner      string
 	UserExists         bool
 	ProjectExists      bool
 	ProjectGrantExists bool
 	ExistingRoleKeys   []string
 }

-func NewUserGrantPreConditionReadModel(userID, projectID, projectGrantID string) *UserGrantPreConditionReadModel {
+func NewUserGrantPreConditionReadModel(userID, projectID, projectGrantID, resourceOwner string) *UserGrantPreConditionReadModel {
 	return &UserGrantPreConditionReadModel{
 		UserID:         userID,
 		ProjectID:      projectID,
 		ProjectGrantID: projectGrantID,
+		ResourceOwner:  resourceOwner,
 	}
 }

@@ -115,17 +117,18 @@ func (wm *UserGrantPreConditionReadModel) Reduce() error {
 		case *user.UserRemovedEvent:
 			wm.UserExists = false
 		case *project.ProjectAddedEvent:
-			wm.ProjectExists = true
+			if wm.ProjectGrantID == "" && wm.ResourceOwner == e.Aggregate().ResourceOwner {
+				wm.ProjectExists = true
+			}
 		case *project.ProjectRemovedEvent:
 			wm.ProjectExists = false
 		case *project.GrantAddedEvent:
-			if wm.ProjectGrantID == e.GrantID {
+			if wm.ProjectGrantID == e.GrantID && wm.ResourceOwner == e.GrantedOrgID {
 				wm.ProjectGrantExists = true
 				wm.ExistingRoleKeys = e.RoleKeys
 			}
 		case *project.GrantChangedEvent:
 			if wm.ProjectGrantID == e.GrantID {
-				wm.ProjectGrantExists = true
 				wm.ExistingRoleKeys = e.RoleKeys
 			}
 		case *project.GrantRemovedEvent: