From c205d65117f66c8740a6d15775ccd001f2152d90 Mon Sep 17 00:00:00 2001
From: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Date: Wed, 10 Feb 2021 10:01:00 +0100
Subject: [PATCH] fix: login policy bug (#1268)

* fix: permissions on login policy multifactors and secondfactors

* fix idp restriction

Co-authored-by: Max Peintner <max@caos.ch>
---
 .../app/modules/idp-table/idp-table.component.html   |  4 ++--
 .../login-policy/login-policy.component.html         |  4 ++--
 pkg/grpc/management/proto/management.proto           | 12 ++++++------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/console/src/app/modules/idp-table/idp-table.component.html b/console/src/app/modules/idp-table/idp-table.component.html
index 510c8f4522..2e9cb06291 100644
--- a/console/src/app/modules/idp-table/idp-table.component.html
+++ b/console/src/app/modules/idp-table/idp-table.component.html
@@ -1,6 +1,6 @@
 <app-refresh-table [loading]="loading$ | async" (refreshed)="refreshPage()" [dataSize]="dataSource.data.length"
     [emitRefreshOnPreviousRoutes]="['/iam/idp/create']" [timestamp]="idpResult?.viewTimestamp" [selection]="selection">
-    <ng-template appHasRole [appHasRole]="['iam.write']" actions>
+    <div actions>
         <button (click)="deactivateSelectedIdps()" matTooltip="{{'IDP.DEACTIVATE' | translate}}" class="icon-button"
             mat-icon-button *ngIf="selection.hasValue()" [disabled]="disabled">
             <mat-icon>block</mat-icon>
@@ -16,7 +16,7 @@
         <a [routerLink]="createRouterLink" color="primary" mat-raised-button [disabled]="disabled">
             <mat-icon class="icon">add</mat-icon>{{ 'ACTIONS.NEW' | translate }}
         </a>
-    </ng-template>
+    </div>
 
     <div class="table-wrapper">
         <table class="table" mat-table [dataSource]="dataSource">
diff --git a/console/src/app/modules/policies/login-policy/login-policy.component.html b/console/src/app/modules/policies/login-policy/login-policy.component.html
index e88404bf39..930f2f869d 100644
--- a/console/src/app/modules/policies/login-policy/login-policy.component.html
+++ b/console/src/app/modules/policies/login-policy/login-policy.component.html
@@ -73,14 +73,14 @@
         <p class="subdesc">{{ 'MFA.LIST.MULTIFACTORDESCRIPTION' | translate }}</p>
         <app-mfa-table [service]="service" [serviceType]="serviceType"
             [componentType]="LoginMethodComponentType.MultiFactor"
-            [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'iam.policy.write' : ''] | hasRole | async) == false">
+            [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'policy.write' : ''] | hasRole | async) == false">
         </app-mfa-table>
 
         <h3 class="subheader">{{ 'MFA.LIST.SECONDFACTORTITLE' | translate }}</h3>
         <p class="subdesc">{{ 'MFA.LIST.SECONDFACTORDESCRIPTION' | translate }}</p>
         <app-mfa-table [service]="service" [serviceType]="serviceType"
             [componentType]="LoginMethodComponentType.SecondFactor"
-            [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'iam.policy.write' : ''] | hasRole | async) == false">
+            [disabled]="([serviceType == PolicyComponentServiceType.ADMIN ? 'iam.policy.write' : serviceType == PolicyComponentServiceType.MGMT ? 'policy.write' : ''] | hasRole | async) == false">
         </app-mfa-table>
     </ng-container>
 
diff --git a/pkg/grpc/management/proto/management.proto b/pkg/grpc/management/proto/management.proto
index 70afb9adbb..909722263d 100644
--- a/pkg/grpc/management/proto/management.proto
+++ b/pkg/grpc/management/proto/management.proto
@@ -1409,7 +1409,7 @@ service ManagementService {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-      permission: "iam.policy.read"
+      permission: "policy.read"
     };
   }
 
@@ -1420,7 +1420,7 @@ service ManagementService {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-      permission: "iam.policy.write"
+      permission: "policy.write"
     };
   }
 
@@ -1430,7 +1430,7 @@ service ManagementService {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-      permission: "iam.policy.write"
+      permission: "policy.write"
     };
   }
 
@@ -1440,7 +1440,7 @@ service ManagementService {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-      permission: "iam.policy.read"
+      permission: "policy.read"
     };
   }
 
@@ -1451,7 +1451,7 @@ service ManagementService {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-      permission: "iam.policy.write"
+      permission: "policy.write"
     };
   }
 
@@ -1461,7 +1461,7 @@ service ManagementService {
     };
 
     option (caos.zitadel.utils.v1.auth_option) = {
-      permission: "iam.policy.write"
+      permission: "policy.write"
     };
   }