fix: create project with the right permission (#10485)

# Which Problems Are Solved When a user with an `ORG_PROJECT_CREATOR` role tries to create a project, the request fails with `No matching permissions found (AUTH-AWfge)` error. This is because `project.write` was set as the required permission instead of `project.create` during project creation. # How the Problems Are Solved By setting the right required permission (`project.create`) while creating new projects. # Additional Changes N/A # Additional Context - Closes #10399 (cherry picked from commit 0929c4d235)
2025-12-06 15:02:13 +00:00 · 2025-08-15 11:35:43 +02:00
parent 3156c5bc02
commit 62403d27e4
5 changed files with 74 additions and 4 deletions
--- a/internal/command/permission_checks.go
+++ b/internal/command/permission_checks.go
@@ -64,6 +64,10 @@ func (c *Commands) checkPermissionUpdateUserCredentials(ctx context.Context, res
 	return c.checkPermissionOnUser(ctx, domain.PermissionUserCredentialWrite)(resourceOwner, userID)
 }

+func (c *Commands) checkPermissionCreateProject(ctx context.Context, resourceOwner, projectID string) error {
+	return c.newPermissionCheck(ctx, domain.PermissionProjectCreate, project.AggregateType)(resourceOwner, projectID)
+}
+
 func (c *Commands) checkPermissionDeleteProject(ctx context.Context, resourceOwner, projectID string) error {
 	return c.newPermissionCheck(ctx, domain.PermissionProjectDelete, project.AggregateType)(resourceOwner, projectID)
 }
--- a/internal/command/project.go
+++ b/internal/command/project.go
@@ -60,7 +60,7 @@ func (c *Commands) AddProject(ctx context.Context, add *AddProject) (_ *domain.O
 	if isProjectStateExists(wm.State) {
 		return nil, zerrors.ThrowAlreadyExists(nil, "COMMAND-opamwu", "Errors.Project.AlreadyExisting")
 	}
-	if err := c.checkPermissionUpdateProject(ctx, wm.ResourceOwner, wm.AggregateID); err != nil {
+	if err := c.checkPermissionCreateProject(ctx, wm.ResourceOwner, wm.AggregateID); err != nil {
 		return nil, err
 	}