TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-23 16:20:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! feat(permissions): Addeding system user support for permission check v2

Browse Source
This commit is contained in:
Iraq Jaber
2025-03-12 15:09:49 +00:00
parent c696075a64
commit aedd767838
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/query/permission.go
View File

@@ -24,7 +24,7 @@ const (
// and is typically the `resource_owner` column in ZITADEL. // and is typically the `resource_owner` column in ZITADEL.
// We use full identifiers in the query builder so this function should be // We use full identifiers in the query builder so this function should be
// called with something like `UserResourceOwnerCol.identifier()` for example. // called with something like `UserResourceOwnerCol.identifier()` for example.
func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserRoles []string, filterOrgIds, orgIDColumn, permission string) sq.SelectBuilder { func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserPermissions []string, filterOrgIds, orgIDColumn, permission string) sq.SelectBuilder {
userID := authz.GetCtxData(ctx).UserID userID := authz.GetCtxData(ctx).UserID
logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "permission", permission, "user_id", userID).Debug("permitted orgs check used") logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "permission", permission, "user_id", userID).Debug("permitted orgs check used")
@@ -33,12 +33,12 @@ func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserR
authz.GetInstance(ctx).InstanceID(), authz.GetInstance(ctx).InstanceID(),
userID, userID,
permission, permission,
systemUserRoles, systemUserPermissions,
filterOrgIds, filterOrgIds,
) )
} }
func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, systemUserRoles []string, filterOrgIds, orgIDColumn, userIdColum, permission string) sq.SelectBuilder { func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, systemUserPermissions []string, filterOrgIds, orgIDColumn, userIdColum, permission string) sq.SelectBuilder {
userID := authz.GetCtxData(ctx).UserID userID := authz.GetCtxData(ctx).UserID
logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "user_id_colum", userIdColum, "permission", permission, "user_id", userID).Debug("permitted orgs check used") logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "user_id_colum", userIdColum, "permission", permission, "user_id", userID).Debug("permitted orgs check used")
@@ -47,7 +47,7 @@ func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder
authz.GetInstance(ctx).InstanceID(), authz.GetInstance(ctx).InstanceID(),
userID, userID,
permission, permission,
systemUserRoles, systemUserPermissions,
filterOrgIds, filterOrgIds,
userID, userID,
) )

4
internal/query/user.go
View File

@@ -656,11 +656,11 @@ func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, f
}) })
if permissionCheckV2 { if permissionCheckV2 {
// extract system user roles // extract system user roles
systemUserRoles, err := authz.GetSystemUserRoles(ctx) systemUserPermissions, err := authz.GetSystemUserRoles(ctx)
if err != nil { if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-GS9gs", "Errors.Internal") return nil, zerrors.ThrowInternal(err, "QUERY-GS9gs", "Errors.Internal")
} }
query = wherePermittedOrgsOrCurrentUser(ctx, query, systemUserRoles, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead) query = wherePermittedOrgsOrCurrentUser(ctx, query, systemUserPermissions, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead)
} }
stmt, args, err := query.ToSql() stmt, args, err := query.ToSql()