TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-23 17:55:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! feat(permissions): Addeding system user support for permission check v2

Browse Source
This commit is contained in:
Iraq Jaber
2025-03-12 15:09:49 +00:00
parent c696075a64
commit aedd767838
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/query/permission.go
View File

@@ -24,7 +24,7 @@ const (
// and is typically the `resource_owner` column in ZITADEL.
// We use full identifiers in the query builder so this function should be
// called with something like `UserResourceOwnerCol.identifier()` for example.
func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserRoles []string, filterOrgIds, orgIDColumn, permission string) sq.SelectBuilder {
func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserPermissions []string, filterOrgIds, orgIDColumn, permission string) sq.SelectBuilder {
userID := authz.GetCtxData(ctx).UserID
logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "permission", permission, "user_id", userID).Debug("permitted orgs check used")
@@ -33,12 +33,12 @@ func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, systemUserR
authz.GetInstance(ctx).InstanceID(),
userID,
permission,
systemUserRoles,
systemUserPermissions,
filterOrgIds,
)
}
func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, systemUserRoles []string, filterOrgIds, orgIDColumn, userIdColum, permission string) sq.SelectBuilder {
func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder, systemUserPermissions []string, filterOrgIds, orgIDColumn, userIdColum, permission string) sq.SelectBuilder {
userID := authz.GetCtxData(ctx).UserID
logging.WithFields("permission_check_v2_flag", authz.GetFeatures(ctx).PermissionCheckV2, "org_id_column", orgIDColumn, "user_id_colum", userIdColum, "permission", permission, "user_id", userID).Debug("permitted orgs check used")
@@ -47,7 +47,7 @@ func wherePermittedOrgsOrCurrentUser(ctx context.Context, query sq.SelectBuilder
authz.GetInstance(ctx).InstanceID(),
userID,
permission,
systemUserRoles,
systemUserPermissions,
filterOrgIds,
userID,
)

4
internal/query/user.go
View File

@@ -656,11 +656,11 @@ func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, f
})
if permissionCheckV2 {
// extract system user roles
systemUserRoles, err := authz.GetSystemUserRoles(ctx)
systemUserPermissions, err := authz.GetSystemUserRoles(ctx)
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-GS9gs", "Errors.Internal")
}
query = wherePermittedOrgsOrCurrentUser(ctx, query, systemUserRoles, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead)
query = wherePermittedOrgsOrCurrentUser(ctx, query, systemUserPermissions, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead)
}
stmt, args, err := query.ToSql()