TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:57:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add additional permission tests to user v2 query endpoints (#7382)

Browse Source 
Add additional permission integration tests to the user v2 query endpoints including some fixes to correctly check the permissions after the data is known which you want to query.
This commit is contained in:
Stefan Benz
2024-03-08 09:37:23 +01:00
committed by GitHub
parent 6df4b1b2c2
commit 9f72fc63ac
5 changed files with 451 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/query/user.go
View File

@@ -127,7 +127,7 @@ func (u *Users) RemoveNoPermission(ctx context.Context, permissionCheck domain.P
for i := range u.Users {
ctxData := authz.GetCtxData(ctx)
if ctxData.UserID != u.Users[i].ID {
if err := permissionCheck(ctx, domain.PermissionUserRead, ctxData.OrgID, u.Users[i].ID); err != nil {
if err := permissionCheck(ctx, domain.PermissionUserRead, u.Users[i].ResourceOwner, u.Users[i].ID); err != nil {
removableIndexes = append(removableIndexes, i)
}
}