mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 03:54:21 +00:00
fix(authz): fix user grant handler (#795)
This commit is contained in:
parent
c2e046548e
commit
bdcf9fcc5c
@ -71,7 +71,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
|
|||||||
case proj_es_model.ProjectAggregate:
|
case proj_es_model.ProjectAggregate:
|
||||||
err = u.processProject(event)
|
err = u.processProject(event)
|
||||||
case iam_es_model.IAMAggregate:
|
case iam_es_model.IAMAggregate:
|
||||||
err = u.processIamMember(event, "IAM", false)
|
err = u.processIAMMember(event, "IAM", false)
|
||||||
case org_es_model.OrgAggregate:
|
case org_es_model.OrgAggregate:
|
||||||
return u.processOrg(event)
|
return u.processOrg(event)
|
||||||
}
|
}
|
||||||
@ -132,7 +132,6 @@ func (u *UserGrant) processUser(event *models.Event) (err error) {
|
|||||||
default:
|
default:
|
||||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||||
}
|
}
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *UserGrant) processProject(event *models.Event) (err error) {
|
func (u *UserGrant) processProject(event *models.Event) (err error) {
|
||||||
@ -161,7 +160,6 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
|
|||||||
default:
|
default:
|
||||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||||
}
|
}
|
||||||
return nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
||||||
@ -175,7 +173,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
|
func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suffix bool) error {
|
||||||
member := new(iam_es_model.IAMMember)
|
member := new(iam_es_model.IAMMember)
|
||||||
|
|
||||||
switch event.Type {
|
switch event.Type {
|
||||||
|
@ -57,7 +57,7 @@ func (u *UserGrant) Reduce(event *models.Event) (err error) {
|
|||||||
case proj_es_model.ProjectAggregate:
|
case proj_es_model.ProjectAggregate:
|
||||||
err = u.processProject(event)
|
err = u.processProject(event)
|
||||||
case iam_es_model.IAMAggregate:
|
case iam_es_model.IAMAggregate:
|
||||||
err = u.processIamMember(event, "IAM", false)
|
err = u.processIAMMember(event, "IAM", false)
|
||||||
case org_es_model.OrgAggregate:
|
case org_es_model.OrgAggregate:
|
||||||
return u.processOrg(event)
|
return u.processOrg(event)
|
||||||
}
|
}
|
||||||
@ -90,7 +90,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suffix bool) error {
|
func (u *UserGrant) processIAMMember(event *models.Event, rolePrefix string, suffix bool) error {
|
||||||
member := new(iam_es_model.IAMMember)
|
member := new(iam_es_model.IAMMember)
|
||||||
|
|
||||||
switch event.Type {
|
switch event.Type {
|
||||||
@ -158,6 +158,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
|
|||||||
RoleKeys: roleKeys,
|
RoleKeys: roleKeys,
|
||||||
CreationDate: event.CreationDate,
|
CreationDate: event.CreationDate,
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
newRoles := roleKeys
|
newRoles := roleKeys
|
||||||
if grant.RoleKeys != nil {
|
if grant.RoleKeys != nil {
|
||||||
@ -174,10 +175,20 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix st
|
|||||||
proj_es_model.ProjectGrantMemberRemoved:
|
proj_es_model.ProjectGrantMemberRemoved:
|
||||||
|
|
||||||
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
|
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
|
||||||
if err != nil {
|
if err != nil && !errors.IsNotFound(err) {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return u.view.DeleteUserGrant(grant.ID, event.Sequence)
|
if errors.IsNotFound(err) {
|
||||||
|
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||||
|
}
|
||||||
|
if roleSuffix != "" {
|
||||||
|
roleKeys = suffixRoles(roleSuffix, roleKeys)
|
||||||
|
}
|
||||||
|
if grant.RoleKeys == nil {
|
||||||
|
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||||
|
}
|
||||||
|
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
|
||||||
|
return u.view.PutUserGrant(grant, event.Sequence)
|
||||||
default:
|
default:
|
||||||
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
return u.view.ProcessedUserGrantSequence(event.Sequence)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user