zitadel/internal/api/grpc/auth/idp.go
Stefan Benz 2847806531
fix: generalise permission check for query user information (#8458)
# Which Problems Are Solved

IDPLinks list and other list endpoints can provide you with empty
results if the used user has no permission for the information.

# How the Problems Are Solved

List endpoints with subelements to users, and provided userIDQuery, will
return a PermissionDenied error if no permission for the user exsists.

# Additional Changes

Function to check for permission is re-used from the GetUserByID.

# Additional Context

Closes #8451
2024-08-23 06:44:18 +00:00

35 lines
1.1 KiB
Go

package auth
import (
"context"
idp_grpc "github.com/zitadel/zitadel/internal/api/grpc/idp"
"github.com/zitadel/zitadel/internal/api/grpc/object"
auth_pb "github.com/zitadel/zitadel/pkg/grpc/auth"
)
func (s *Server) ListMyLinkedIDPs(ctx context.Context, req *auth_pb.ListMyLinkedIDPsRequest) (*auth_pb.ListMyLinkedIDPsResponse, error) {
q, err := ListMyLinkedIDPsRequestToQuery(ctx, req)
if err != nil {
return nil, err
}
links, err := s.query.IDPUserLinks(ctx, q, nil)
if err != nil {
return nil, err
}
return &auth_pb.ListMyLinkedIDPsResponse{
Result: idp_grpc.IDPUserLinksToPb(links.Links),
Details: object.ToListDetails(links.Count, links.Sequence, links.LastRun),
}, nil
}
func (s *Server) RemoveMyLinkedIDP(ctx context.Context, req *auth_pb.RemoveMyLinkedIDPRequest) (*auth_pb.RemoveMyLinkedIDPResponse, error) {
objectDetails, err := s.command.RemoveUserIDPLink(ctx, RemoveMyLinkedIDPRequestToDomain(ctx, req))
if err != nil {
return nil, err
}
return &auth_pb.RemoveMyLinkedIDPResponse{
Details: object.DomainToChangeDetailsPb(objectDetails),
}, nil
}