zitadel/internal/command/auth_checks.go
Tim Möhlmann f680dd934d
refactor: rename package errors to zerrors (#7039)
* chore: rename package errors to zerrors

* rename package errors to gerrors

* fix error related linting issues

* fix zitadel error assertion

* fix gosimple linting issues

* fix deprecated linting issues

* resolve gci linting issues

* fix import structure

---------

Co-authored-by: Elio Bischof <elio@zitadel.com>
2023-12-08 15:30:55 +01:00

33 lines
751 B
Go

package command
import (
"context"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/zerrors"
)
func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error {
permissions := authz.GetRequestPermissionsFromCtx(ctx)
if authz.HasGlobalPermission(permissions) {
return nil
}
ids := authz.GetAllPermissionCtxIDs(permissions)
if grantID != "" && listContainsID(ids, grantID) {
return nil
}
if listContainsID(ids, projectID) {
return nil
}
return zerrors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")
}
func listContainsID(ids []string, id string) bool {
for _, i := range ids {
if i == id {
return true
}
}
return false
}