TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-04 03:15:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: user grant change (#1953)

Browse Source
This commit is contained in:
Livio Amstutz 2021-07-01 17:08:40 +02:00 committed by GitHub
parent 15ae8be3c3
commit 62b4df8c09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
internal/command/user_grant.go
View File

@ -75,10 +75,6 @@ func (c *Commands) ChangeUserGrant(ctx context.Context, userGrant *domain.UserGr
} }
func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ eventstore.EventPusher, _ *UserGrantWriteModel, err error) { func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGrant, resourceOwner string, cascade bool) (_ eventstore.EventPusher, _ *UserGrantWriteModel, err error) {
err = checkExplicitProjectPermission(ctx, userGrant.ProjectGrantID, userGrant.ProjectID)
if err != nil {
return nil, nil, err
}
if userGrant.AggregateID == "" { if userGrant.AggregateID == "" {
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid") return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid")
} }
@ -86,12 +82,18 @@ func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGr
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
err = checkExplicitProjectPermission(ctx, existingUserGrant.ProjectGrantID, existingUserGrant.ProjectID)
if err != nil {
return nil, nil, err
}
if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved { if existingUserGrant.State == domain.UserGrantStateUnspecified || existingUserGrant.State == domain.UserGrantStateRemoved {
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound") return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.UserGrant.NotFound")
} }
if reflect.DeepEqual(existingUserGrant.RoleKeys, userGrant.RoleKeys) { if reflect.DeepEqual(existingUserGrant.RoleKeys, userGrant.RoleKeys) {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Rs8fy", "Errors.UserGrant.NotChanged") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Rs8fy", "Errors.UserGrant.NotChanged")
} }
userGrant.ProjectID = existingUserGrant.ProjectID
userGrant.ProjectGrantID = existingUserGrant.ProjectGrantID
err = c.checkUserGrantPreCondition(ctx, userGrant) err = c.checkUserGrantPreCondition(ctx, userGrant)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err

48
internal/command/user_grant_test.go
View File

@ -502,24 +502,6 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
args args args args
res res res res
}{ }{
{
name: "invalid permissions, error",
fields: fields{
eventstore: eventstoreExpect(
t,
),
},
args: args{
ctx: context.Background(),
userGrant: &domain.UserGrant{
UserID: "user1",
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPermissionDenied,
},
},
{ {
name: "invalid usergrant, error", name: "invalid usergrant, error",
fields: fields{ fields: fields{
@ -538,6 +520,36 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
err: caos_errs.IsErrorInvalidArgument, err: caos_errs.IsErrorInvalidArgument,
}, },
}, },
{
name: "invalid permissions, error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
),
},
args: args{
ctx: context.Background(),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPermissionDenied,
},
},
{ {
name: "usergrant not existing, not found error", name: "usergrant not existing, not found error",
fields: fields{ fields: fields{