mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 23:17:33 +00:00
fix: protect default and zitadel project org from remove (#4875)
This commit is contained in:
Livio Spring
@@ -234,7 +234,7 @@ func (m *mockInstance) DefaultLanguage() language.Tag {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockInstance) DefaultOrganisationID() string {
|
func (m *mockInstance) DefaultOrganisationID() string {
|
||||||
return "orgID"
|
return "defaultOrgID"
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockInstance) RequestedDomain() string {
|
func (m *mockInstance) RequestedDomain() string {
|
||||||
|
|||||||
@@ -314,6 +314,19 @@ func (c *Commands) RemoveOrg(ctx context.Context, id string) (*domain.ObjectDeta
|
|||||||
func (c *Commands) prepareRemoveOrg(a *org.Aggregate) preparation.Validation {
|
func (c *Commands) prepareRemoveOrg(a *org.Aggregate) preparation.Validation {
|
||||||
return func() (preparation.CreateCommands, error) {
|
return func() (preparation.CreateCommands, error) {
|
||||||
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
|
||||||
|
instance := authz.GetInstance(ctx)
|
||||||
|
if a.ID == instance.DefaultOrganisationID() {
|
||||||
|
return nil, errors.ThrowPreconditionFailed(nil, "COMMA-wG9p1", "Errors.Org.DefaultOrgNotDeletable")
|
||||||
|
}
|
||||||
|
err := c.checkProjectExists(ctx, instance.ProjectID(), a.ID)
|
||||||
|
// if there is no error, the ZITADEL project was found on the org to be deleted
|
||||||
|
if err == nil {
|
||||||
|
return nil, errors.ThrowPreconditionFailed(err, "COMMA-AF3JW", "Errors.Org.ZitadelOrgNotDeletable")
|
||||||
|
}
|
||||||
|
// "precondition failed" error means the project does not exist, return other errors
|
||||||
|
if !errors.IsPreconditionFailed(err) {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
writeModel, err := c.getOrgWriteModelByID(ctx, a.ID)
|
writeModel, err := c.getOrgWriteModelByID(ctx, a.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.ThrowPreconditionFailed(err, "COMMA-wG9p1", "Errors.Org.NotFound")
|
return nil, errors.ThrowPreconditionFailed(err, "COMMA-wG9p1", "Errors.Org.NotFound")
|
||||||
|
|||||||
@@ -1026,11 +1026,53 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
|
|||||||
args args
|
args args
|
||||||
res res
|
res res
|
||||||
}{
|
}{
|
||||||
|
{
|
||||||
|
name: "default org, error",
|
||||||
|
fields: fields{
|
||||||
|
eventstore: eventstoreExpect(
|
||||||
|
t,
|
||||||
|
),
|
||||||
|
},
|
||||||
|
args: args{
|
||||||
|
ctx: authz.WithInstance(context.Background(), &mockInstance{}),
|
||||||
|
orgID: "defaultOrgID",
|
||||||
|
},
|
||||||
|
res: res{
|
||||||
|
err: errors.IsPreconditionFailed,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: "zitadel org, error",
|
||||||
|
fields: fields{
|
||||||
|
eventstore: eventstoreExpect(
|
||||||
|
t,
|
||||||
|
expectFilter(
|
||||||
|
eventFromEventPusher(
|
||||||
|
project.NewProjectAddedEvent(context.Background(),
|
||||||
|
&project.NewAggregate("projectID", "org1").Aggregate,
|
||||||
|
"ZITADEL",
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
false,
|
||||||
|
domain.PrivateLabelingSettingUnspecified,
|
||||||
|
),
|
||||||
|
)),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
args: args{
|
||||||
|
ctx: context.Background(),
|
||||||
|
orgID: "org1",
|
||||||
|
},
|
||||||
|
res: res{
|
||||||
|
err: errors.IsPreconditionFailed,
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "org not found, error",
|
name: "org not found, error",
|
||||||
fields: fields{
|
fields: fields{
|
||||||
eventstore: eventstoreExpect(
|
eventstore: eventstoreExpect(
|
||||||
t,
|
t,
|
||||||
|
expectFilter(), // zitadel project check
|
||||||
expectFilter(),
|
expectFilter(),
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
@@ -1047,6 +1089,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
|
|||||||
fields: fields{
|
fields: fields{
|
||||||
eventstore: eventstoreExpect(
|
eventstore: eventstoreExpect(
|
||||||
t,
|
t,
|
||||||
|
expectFilter(), // zitadel project check
|
||||||
expectFilter(
|
expectFilter(
|
||||||
eventFromEventPusher(
|
eventFromEventPusher(
|
||||||
org.NewOrgAddedEvent(context.Background(),
|
org.NewOrgAddedEvent(context.Background(),
|
||||||
@@ -1074,6 +1117,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
|
|||||||
fields: fields{
|
fields: fields{
|
||||||
eventstore: eventstoreExpect(
|
eventstore: eventstoreExpect(
|
||||||
t,
|
t,
|
||||||
|
expectFilter(), // zitadel project check
|
||||||
expectFilter(
|
expectFilter(
|
||||||
eventFromEventPusher(
|
eventFromEventPusher(
|
||||||
org.NewOrgAddedEvent(context.Background(),
|
org.NewOrgAddedEvent(context.Background(),
|
||||||
@@ -1121,6 +1165,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
|
|||||||
fields: fields{
|
fields: fields{
|
||||||
eventstore: eventstoreExpect(
|
eventstore: eventstoreExpect(
|
||||||
t,
|
t,
|
||||||
|
expectFilter(), // zitadel project check
|
||||||
expectFilter(
|
expectFilter(
|
||||||
eventFromEventPusher(
|
eventFromEventPusher(
|
||||||
org.NewOrgAddedEvent(context.Background(),
|
org.NewOrgAddedEvent(context.Background(),
|
||||||
@@ -1165,6 +1210,7 @@ func TestCommandSide_RemoveOrg(t *testing.T) {
|
|||||||
fields: fields{
|
fields: fields{
|
||||||
eventstore: eventstoreExpect(
|
eventstore: eventstoreExpect(
|
||||||
t,
|
t,
|
||||||
|
expectFilter(), // zitadel project check
|
||||||
expectFilter(
|
expectFilter(
|
||||||
eventFromEventPusher(
|
eventFromEventPusher(
|
||||||
org.NewOrgAddedEvent(context.Background(),
|
org.NewOrgAddedEvent(context.Background(),
|
||||||
|
|||||||
@@ -155,6 +155,8 @@ Errors:
|
|||||||
Empty: Organisation ist leer
|
Empty: Organisation ist leer
|
||||||
NotFound: Organisation konnte nicht gefunden werden
|
NotFound: Organisation konnte nicht gefunden werden
|
||||||
NotChanged: Organisation wurde nicht verändert
|
NotChanged: Organisation wurde nicht verändert
|
||||||
|
DefaultOrgNotDeletable: Default Organisation kann nicht gelöscht werden
|
||||||
|
ZitadelOrgNotDeletable: Organisation mit ZITADEL Projekt kann nicht gelöscht werden
|
||||||
InvalidDomain: Domäne ist ungültig
|
InvalidDomain: Domäne ist ungültig
|
||||||
DomainMissing: Domäne fehlt
|
DomainMissing: Domäne fehlt
|
||||||
DomainNotOnOrg: Domäne fehlt auf Organisation
|
DomainNotOnOrg: Domäne fehlt auf Organisation
|
||||||
@@ -928,4 +930,4 @@ Action:
|
|||||||
PreCreation: Vor Erstellung
|
PreCreation: Vor Erstellung
|
||||||
PostCreation: Nach Erstellung
|
PostCreation: Nach Erstellung
|
||||||
PreUserinfoCreation: Vor Userinfo Erstellung
|
PreUserinfoCreation: Vor Userinfo Erstellung
|
||||||
PreAccessTokenCreation: Vor Access Token Erstellung
|
PreAccessTokenCreation: Vor Access Token Erstellung
|
||||||
|
|||||||
@@ -155,6 +155,8 @@ Errors:
|
|||||||
Empty: Organisation is empty
|
Empty: Organisation is empty
|
||||||
NotFound: Organisation not found
|
NotFound: Organisation not found
|
||||||
NotChanged: Organisation not changed
|
NotChanged: Organisation not changed
|
||||||
|
DefaultOrgNotDeletable: Default Organisation must not be deleted
|
||||||
|
ZitadelOrgNotDeletable: Organisation with ZITADEL project must not be deleted
|
||||||
InvalidDomain: Invalid domain
|
InvalidDomain: Invalid domain
|
||||||
DomainMissing: Domain missing
|
DomainMissing: Domain missing
|
||||||
DomainNotOnOrg: Domain doesn't exist on organization
|
DomainNotOnOrg: Domain doesn't exist on organization
|
||||||
@@ -928,4 +930,4 @@ Action:
|
|||||||
PreCreation: Pre Creation
|
PreCreation: Pre Creation
|
||||||
PostCreation: Post Creation
|
PostCreation: Post Creation
|
||||||
PreUserinfoCreation: Pre Userinfo creation
|
PreUserinfoCreation: Pre Userinfo creation
|
||||||
PreAccessTokenCreation: Pre access token creation
|
PreAccessTokenCreation: Pre access token creation
|
||||||
|
|||||||
@@ -155,6 +155,8 @@ Errors:
|
|||||||
Empty: L'organisation est vide
|
Empty: L'organisation est vide
|
||||||
NotFound: Organisation non trouvée
|
NotFound: Organisation non trouvée
|
||||||
NotChanged: L'organisation n'a pas changé
|
NotChanged: L'organisation n'a pas changé
|
||||||
|
DefaultOrgNotDeletable: L'organisation par défault ne doit pas être supprimée
|
||||||
|
ZitadelOrgNotDeletable: L'organisation avec ZITADEL project ne doit pas être supprimée
|
||||||
InvalidDomain: Domaine non valide
|
InvalidDomain: Domaine non valide
|
||||||
DomainMissing: Domaine manquant
|
DomainMissing: Domaine manquant
|
||||||
DomainNotOnOrg: Le domaine n'existe pas dans l'organisation
|
DomainNotOnOrg: Le domaine n'existe pas dans l'organisation
|
||||||
@@ -928,4 +930,4 @@ Action:
|
|||||||
PreCreation: Pré création
|
PreCreation: Pré création
|
||||||
PostCreation: Post-création
|
PostCreation: Post-création
|
||||||
PreUserinfoCreation: Pré Userinfo création
|
PreUserinfoCreation: Pré Userinfo création
|
||||||
PreAccessTokenCreation: Pré access token création
|
PreAccessTokenCreation: Pré access token création
|
||||||
|
|||||||
@@ -155,6 +155,8 @@ Errors:
|
|||||||
Empty: L'organizzazione è vuota
|
Empty: L'organizzazione è vuota
|
||||||
NotFound: Organizzazione non trovata
|
NotFound: Organizzazione non trovata
|
||||||
NotChanged: Organizzazione non cambiata
|
NotChanged: Organizzazione non cambiata
|
||||||
|
DefaultOrgNotDeletable: L'organizzazione predefinita non deve essere cancellata
|
||||||
|
ZitadelOrgNotDeletable: L'organizzazione con il progetto ZITADEL non deve essere cancellata
|
||||||
InvalidDomain: Dominio non valido
|
InvalidDomain: Dominio non valido
|
||||||
DomainMissing: Dominio mancante
|
DomainMissing: Dominio mancante
|
||||||
DomainNotOnOrg: Il dominio non esistente nell'organizzazione
|
DomainNotOnOrg: Il dominio non esistente nell'organizzazione
|
||||||
@@ -928,4 +930,4 @@ Action:
|
|||||||
PreCreation: Pre-creazione
|
PreCreation: Pre-creazione
|
||||||
PostCreation: Creazione successiva
|
PostCreation: Creazione successiva
|
||||||
PreUserinfoCreation: Pre userinfo creazione
|
PreUserinfoCreation: Pre userinfo creazione
|
||||||
PreAccessTokenCreation: Pre access token creazione
|
PreAccessTokenCreation: Pre access token creazione
|
||||||
|
|||||||
@@ -155,6 +155,8 @@ Errors:
|
|||||||
Empty: 组织为空
|
Empty: 组织为空
|
||||||
NotFound: 未找到组织
|
NotFound: 未找到组织
|
||||||
NotChanged: 组织信息未改变
|
NotChanged: 组织信息未改变
|
||||||
|
DefaultOrgNotDeletable: 默认组织不应删除
|
||||||
|
ZitadelOrgNotDeletable: 不得删除与ZITADEL项目有关的组织
|
||||||
InvalidDomain: 无效的域名
|
InvalidDomain: 无效的域名
|
||||||
DomainMissing: 域名缺失
|
DomainMissing: 域名缺失
|
||||||
DomainNotOnOrg: 组织中不存在域
|
DomainNotOnOrg: 组织中不存在域
|
||||||
|
|||||||
Reference in New Issue
Block a user