TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 20:57:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: iam permission (#720)

Browse Source 
* fix: get iam permissions

* fix: iam permissions
This commit is contained in:
Livio Amstutz 2020-09-10 15:40:20 +02:00 committed by GitHub
parent 463294669e
commit 8fcb03854b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
internal/auth/repository/eventsourcing/eventstore/user_grant.go
View File

@ -95,7 +95,7 @@ func membershipsToOrgResp(memberships []*user_view_model.UserMembershipView, cou
func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]string, error) {
ctxData := authz.GetCtxData(ctx)
memberships, count, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
Queries: []*user_model.UserMembershipSearchQuery{
{
Key: user_model.UserMembershipSearchKeyUserID,
@ -104,19 +104,37 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
},
{
Key: user_model.UserMembershipSearchKeyResourceOwner,
Method: global_model.SearchMethodIsOneOf,
Value: []string{repo.IamID, ctxData.OrgID},
Method: global_model.SearchMethodEquals,
Value: ctxData.OrgID,
},
},
})
if err != nil {
return nil, err
}
if count == 0 {
iamMemberships, iamCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
Queries: []*user_model.UserMembershipSearchQuery{
{
Key: user_model.UserMembershipSearchKeyUserID,
Method: global_model.SearchMethodEquals,
Value: ctxData.UserID,
},
{
Key: user_model.UserMembershipSearchKeyAggregateID,
Method: global_model.SearchMethodEquals,
Value: repo.IamID,
},
},
})
if err != nil {
return nil, err
}
if orgCount == 0 && iamCount == 0 {
return []string{}, nil
}
orgMemberships = append(orgMemberships, iamMemberships...)
permissions := &grant_model.Permissions{Permissions: []string{}}
for _, membership := range memberships {
for _, membership := range orgMemberships {
for _, role := range membership.Roles {
permissions = repo.mapRoleToPermission(permissions, membership, role)
}