TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:27:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: project grant permissions v2 remove (#10337)

Browse Source 
# Which Problems Are Solved

[Permissions v2](https://github.com/zitadel/zitadel/issues/9972) is not
possible in the current implementation.

# How the Problems Are Solved

We remove Permissions v2 from project grants related API calls, to
alleviate this problems.
Resulting in some removals of testing, implementations and performance
impact

# Additional Changes

None

# Additional Context

None
This commit is contained in:
Stefan Benz
2025-07-29 11:55:29 +02:00
parent 71d30b5ea4
commit ec1289356f
7 changed files with 127 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/query/administrators.go
View File

@@ -165,12 +165,13 @@ func administratorProjectGrantCheckPermission(ctx context.Context, resourceOwner
}
func (q *Queries) SearchAdministrators(ctx context.Context, queries *MembershipSearchQuery, permissionCheck domain.PermissionCheck) (*Administrators, error) {
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
admins, err := q.searchAdministrators(ctx, queries, permissionCheckV2)
// removed as permission v2 is not implemented yet for project grant level permissions
// permissionCheckV2 := PermissionV2(ctx, permissionCheck)
admins, err := q.searchAdministrators(ctx, queries, false)
if err != nil {
return nil, err
}
if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
if permissionCheck != nil { // && !authz.GetFeatures(ctx).PermissionCheckV2 {
administratorsCheckPermission(ctx, admins, permissionCheck)
}
return admins, nil

7
internal/query/project.go
View File

@@ -282,12 +282,13 @@ func projectPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabl
}
func (q *Queries) SearchGrantedProjects(ctx context.Context, queries *ProjectAndGrantedProjectSearchQueries, permissionCheck domain.PermissionCheck) (*GrantedProjects, error) {
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
projects, err := q.searchGrantedProjects(ctx, queries, permissionCheckV2)
// removed as permission v2 is not implemented yet for project grant level permissions
// permissionCheckV2 := PermissionV2(ctx, permissionCheck)
projects, err := q.searchGrantedProjects(ctx, queries, false)
if err != nil {
return nil, err
}
if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
if permissionCheck != nil { // && !authz.GetFeatures(ctx).PermissionCheckV2 {
grantedProjectsCheckPermission(ctx, projects, permissionCheck)
}
return projects, nil

7
internal/query/project_grant.go
View File

@@ -200,12 +200,13 @@ func (q *Queries) ProjectGrantByIDAndGrantedOrg(ctx context.Context, id, granted
}
func (q *Queries) SearchProjectGrants(ctx context.Context, queries *ProjectGrantSearchQueries, permissionCheck domain.PermissionCheck) (grants *ProjectGrants, err error) {
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
projectsGrants, err := q.searchProjectGrants(ctx, queries, permissionCheckV2)
// removed as permission v2 is not implemented yet for project grant level permissions
// permissionCheckV2 := PermissionV2(ctx, permissionCheck)
projectsGrants, err := q.searchProjectGrants(ctx, queries, false)
if err != nil {
return nil, err
}
if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
if permissionCheck != nil { // && !authz.GetFeatures(ctx).PermissionCheckV2 {
projectGrantsCheckPermission(ctx, projectsGrants, permissionCheck)
}
return projectsGrants, nil

7
internal/query/user_grant.go
View File

@@ -305,12 +305,13 @@ func (q *Queries) UserGrant(ctx context.Context, shouldTriggerBulk bool, queries
}
func (q *Queries) UserGrants(ctx context.Context, queries *UserGrantsQueries, shouldTriggerBulk bool, permissionCheck domain.PermissionCheck) (*UserGrants, error) {
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
grants, err := q.userGrants(ctx, queries, shouldTriggerBulk, permissionCheckV2)
// removed as permission v2 is not implemented yet for project grant level permissions
// permissionCheckV2 := PermissionV2(ctx, permissionCheck)
grants, err := q.userGrants(ctx, queries, shouldTriggerBulk, false)
if err != nil {
return nil, err
}
if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
if permissionCheck != nil { // && !authz.GetFeatures(ctx).PermissionCheckV2 {
userGrantsCheckPermission(ctx, grants, permissionCheck)
}
return grants, nil