fix: consistent permission check on user v2 (#8807)

# Which Problems Are Solved Some user v2 API calls checked for permission only on the user itself. # How the Problems Are Solved Consistent check for permissions on user v2 API. # Additional Changes None # Additional Context Closes #7944 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:17:32 +00:00 · 2024-12-03 11:14:04 +01:00
parent 26e936aec3
commit c07a5f4277
15 changed files with 213 additions and 105 deletions
--- a/internal/command/user_human_password.go
+++ b/internal/command/user_human_password.go
@@ -110,7 +110,7 @@ type setPasswordVerification func(ctx context.Context) (newEncodedPassword strin
 // setPasswordWithPermission returns a permission check as [setPasswordVerification] implementation
 func (c *Commands) setPasswordWithPermission(userID, orgID string) setPasswordVerification {
 	return func(ctx context.Context) (_ string, err error) {
-		return "", c.checkPermission(ctx, domain.PermissionUserWrite, orgID, userID)
+		return "", c.checkPermissionUpdateUser(ctx, orgID, userID)
 	}
 }