TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-23 07:27:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Merge branch 'main' into syste-users-permissions

Browse Source
This commit is contained in:
Iraq Jaber
2025-03-21 09:28:04 +04:00
parent 8fdc46c7af
commit f84b89f656
3 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/mirror/projections.go
View File

@@ -84,6 +84,7 @@ type ProjectionsConfig struct {
ExternalDomain string ExternalDomain string
ExternalSecure bool ExternalSecure bool
InternalAuthZ internal_authz.Config InternalAuthZ internal_authz.Config
SystemAuthZ internal_authz.Config
SystemDefaults systemdefaults.SystemDefaults SystemDefaults systemdefaults.SystemDefaults
Telemetry *handlers.TelemetryPusherConfig Telemetry *handlers.TelemetryPusherConfig
Login login.Config Login login.Config
@@ -147,7 +148,7 @@ func projections(
sessionTokenVerifier, sessionTokenVerifier,
func(q *query.Queries) domain.PermissionCheck { func(q *query.Queries) domain.PermissionCheck {
return func(ctx context.Context, permission, orgID, resourceID string) (err error) { return func(ctx context.Context, permission, orgID, resourceID string) (err error) {
return internal_authz.CheckPermission(ctx, &authz_es.UserMembershipRepo{Queries: q}, nil, config.InternalAuthZ.RolePermissionMappings, permission, orgID, resourceID) return internal_authz.CheckPermission(ctx, &authz_es.UserMembershipRepo{Queries: q}, config.SystemAuthZ.RolePermissionMappings, config.InternalAuthZ.RolePermissionMappings, permission, orgID, resourceID)
} }
}, },
0, 0,
@@ -184,7 +185,7 @@ func projections(
keys.Target, keys.Target,
&http.Client{}, &http.Client{},
func(ctx context.Context, permission, orgID, resourceID string) (err error) { func(ctx context.Context, permission, orgID, resourceID string) (err error) {
return internal_authz.CheckPermission(ctx, authZRepo, nil, config.InternalAuthZ.RolePermissionMappings, permission, orgID, resourceID) return internal_authz.CheckPermission(ctx, authZRepo, config.SystemAuthZ.RolePermissionMappings, config.InternalAuthZ.RolePermissionMappings, permission, orgID, resourceID)
}, },
sessionTokenVerifier, sessionTokenVerifier,
config.OIDC.DefaultAccessTokenLifetime, config.OIDC.DefaultAccessTokenLifetime,

2
internal/query/permission.go
View File

@@ -35,7 +35,7 @@ func wherePermittedOrgs(ctx context.Context, query sq.SelectBuilder, filterOrgId
var err error var err error
systemUserPermissionsJson, err = json.Marshal(systemUserPermissions) systemUserPermissionsJson, err = json.Marshal(systemUserPermissions)
if err != nil { if err != nil {
return query, zerrors.ThrowInternal(err, "AUTHZ-HS4us", "Errors.Internal") return query, err
} }
} }

2
internal/query/user.go
View File

@@ -657,7 +657,7 @@ func (q *Queries) searchUsers(ctx context.Context, queries *UserSearchQueries, f
if permissionCheckV2 { if permissionCheckV2 {
query, err = wherePermittedOrgsOrCurrentUser(ctx, query, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead) query, err = wherePermittedOrgsOrCurrentUser(ctx, query, filterOrgIds, UserResourceOwnerCol.identifier(), UserIDCol.identifier(), domain.PermissionUserRead)
if err != nil { if err != nil {
return nil, err return nil, zerrors.ThrowInternal(err, "AUTHZ-HS4us", "Errors.Internal")
} }
} }