TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-11-05 04:14:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2dba5fa7fc2d422a12c6680642ba1f78afdcbbd7
zitadel/internal/api/grpc/management/auth_checks.go
Stefan Benz 2dba5fa7fc fix: permission check for actions v1 post creation user grants (#10638) 
# Which Problems Are Solved

Unnecessary default permission check in creating an authorization fails
even if the functionality was called internally.

# How the Problems Are Solved

Move permission check to the proper implementation, so that necessary
permission checks are provided by the responsible API.

# Additional Changes

None

# Additional Context

Closes #10624

Co-authored-by: Livio Spring <livio.a@gmail.com>
(cherry picked from commit bdefd9147f)
2025-09-03 16:42:57 +02:00

38 lines
945 B
Go
Raw Blame History

package management
import (
"context"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/command"
"github.com/zitadel/zitadel/internal/zerrors"
)
func checkExplicitProjectPermission(ctx context.Context) command.UserGrantPermissionCheck {
permissions := authz.GetRequestPermissionsFromCtx(ctx)
if authz.HasGlobalPermission(permissions) {
return nil
}
ids := authz.GetAllPermissionCtxIDs(permissions)
return func(projectID, grantID string) command.PermissionCheck {
return func(resourceOwner, aggregateID string) error {
if grantID != "" && listContainsID(ids, grantID) {
return nil
}
if listContainsID(ids, projectID) {
return nil
}
return zerrors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")
}
}
}
func listContainsID(ids []string, id string) bool {
for _, i := range ids {
if i == id {
return true
}
}
return false
}
Reference in New Issue View Git Blame Copy Permalink