mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
504fe5b761
* feat: remove exif data from uploaded images (#3221) * feat: remove exif tags from images * feat: remove exif data * feat: remove exif * fix: add preferredLoginName to user grant response (#3271) * chore: log webauthn parse error (#3272) * log error * log error * feat: Help link in privacy policy * fix: convert correct detail data on organization (#3279) * fix: handle empty editor users * fix: add some missing translations (#3291) * fix: org policy translations * fix: metadata event types translation * fix: translations * fix: filter resource owner correctly on project grant members (#3281) * fix: filter resource owner correctly on project grant members * fix: filter resource owner correctly on project grant members * fix: add orgIDs to zitadel permissions request Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fix: get IAM memberships correctly in MyZitadelPermissions (#3309) * fix: correct login names on auth and notification users (#3349) * fix: correct login names on auth and notification users * fix: migration * fix: handle resource owner in action flows (#3361) * fix merge * fix: exchange exif library (#3366) * fix: exchange exif library * ignore tiffs * requested fixes * feat: Help link in privacy policy Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
47 lines
1.3 KiB
Go
47 lines
1.3 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/caos/zitadel/internal/domain"
|
|
)
|
|
|
|
func (q *Queries) MyZitadelPermissions(ctx context.Context, orgID, userID string) (*domain.Permissions, error) {
|
|
userIDQuery, err := NewMembershipUserIDQuery(userID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
orgIDsQuery, err := NewMembershipResourceOwnersSearchQuery(orgID, domain.IAMID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
memberships, err := q.Memberships(ctx, &MembershipSearchQuery{
|
|
Queries: []SearchQuery{userIDQuery, orgIDsQuery},
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
permissions := &domain.Permissions{Permissions: []string{}}
|
|
for _, membership := range memberships.Memberships {
|
|
for _, role := range membership.Roles {
|
|
permissions = q.mapRoleToPermission(permissions, membership, role)
|
|
}
|
|
}
|
|
return permissions, nil
|
|
}
|
|
|
|
func (q *Queries) mapRoleToPermission(permissions *domain.Permissions, membership *Membership, role string) *domain.Permissions {
|
|
for _, mapping := range q.zitadelRoles {
|
|
if mapping.Role == role {
|
|
ctxID := ""
|
|
if membership.Project != nil {
|
|
ctxID = membership.Project.ProjectID
|
|
} else if membership.ProjectGrant != nil {
|
|
ctxID = membership.ProjectGrant.GrantID
|
|
}
|
|
permissions.AppendPermissions(ctxID, mapping.Permissions...)
|
|
}
|
|
}
|
|
return permissions
|
|
}
|