From aedd76783833aabcaa3497b1bfe643d9357ad1f8 Mon Sep 17 00:00:00 2001 From: Iraq Jaber Date: Wed, 12 Mar 2025 15:09:49 +0000 Subject: [PATCH] fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! feat(permissions): Addeding system user support for permission check v2 --- internal/query/permission.go | 8 ++++---- internal/query/user.go | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/query/permission.go b/internal/query/permission.go index 7209ed6543..5217311e69 100644 --- a/internal/query/permission.go +++ b/internal/query/permission.go @@ -24,7 +24,7 @@ const ( // and is typically the `resource_owner` column in ZITADEL. // We use full identifiers in the query builder so this function should be // called with something like `UserResourceOwnerCol.identifier()` for example. -func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserRoles []string, filterOrgIds, orgIDColumn, permission string) sq.SelectBuilder { +func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserPermissions []string, filterOrgIds, orgIDColumn, permission string) sq.SelectBuilder { userID := authz.GetCtxData(ctx).UserID logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "permission", permission, "user_id", userID).Debug("permitted orgs check used") @@ -33,12 +33,12 @@ func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserR authz.GetInstance(ctx).InstanceID(), userID, permission, - systemUserRoles, + systemUserPermissions, filterOrgIds, ) } -func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, systemUserRoles []string, filterOrgIds, orgIDColumn, userIdColum, permission string) sq.SelectBuilder { +func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, systemUserPermissions []string, filterOrgIds, orgIDColumn, userIdColum, permission string) sq.SelectBuilder { userID := authz.GetCtxData(ctx).UserID logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "user_id_colum", userIdColum, "permission", permission, "user_id", userID).Debug("permitted orgs check used") @@ -47,7 +47,7 @@ func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder authz.GetInstance(ctx).InstanceID(), userID, permission, - systemUserRoles, + systemUserPermissions, filterOrgIds, userID, ) diff --git a/internal/query/user.go b/internal/query/user.go index 5f51117f86..8d94cd7d3d 100644 --- a/internal/query/user.go +++ b/internal/query/user.go @@ -656,11 +656,11 @@ func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, f }) if permissionCheckV2 { // extract system user roles - systemUserRoles, err := authz.GetSystemUserRoles(ctx) + systemUserPermissions, err := authz.GetSystemUserRoles(ctx) if err != nil { return nil, zerrors.ThrowInternal(err, "QUERY-GS9gs", "Errors.Internal") } - query = wherePermittedOrgsOrCurrentUser(ctx, query, systemUserRoles, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead) + query = wherePermittedOrgsOrCurrentUser(ctx, query, systemUserPermissions, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead) } stmt, args, err := query.ToSql()