mirror of
				https://github.com/zitadel/zitadel.git
				synced 2025-10-25 06:39:06 +00:00 
			
		
		
		
	 43f15953c3
			
		
	
	43f15953c3
	
	
	
		
			
			* fix: grant PROJECT_OWNER_VIEWER_GLOBAL org.create permission * Update authz.yaml * feat: delete my user * console things * lint * signout after deletion * stylelint rule * Update authz.yaml * Update authz.yaml * setup step * role SELF_MANAGEMENT_GLOBAL setup * fix: change default role on global org * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/it.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
		
			
				
	
	
		
			40 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package domain
 | |
| 
 | |
| import (
 | |
| 	"strings"
 | |
| 
 | |
| 	"github.com/caos/zitadel/internal/api/authz"
 | |
| )
 | |
| 
 | |
| const (
 | |
| 	IAMRolePrefix            = "IAM"
 | |
| 	OrgRolePrefix            = "ORG"
 | |
| 	ProjectRolePrefix        = "PROJECT"
 | |
| 	ProjectGrantRolePrefix   = "PROJECT_GRANT"
 | |
| 	RoleOrgOwner             = "ORG_OWNER"
 | |
| 	RoleOrgProjectCreator    = "ORG_PROJECT_CREATOR"
 | |
| 	RoleIAMOwner             = "IAM_OWNER"
 | |
| 	RoleProjectOwner         = "PROJECT_OWNER"
 | |
| 	RoleProjectOwnerGlobal   = "PROJECT_OWNER_GLOBAL"
 | |
| 	RoleSelfManagementGlobal = "SELF_MANAGEMENT_GLOBAL"
 | |
| )
 | |
| 
 | |
| func CheckForInvalidRoles(roles []string, rolePrefix string, validRoles []authz.RoleMapping) []string {
 | |
| 	invalidRoles := make([]string, 0)
 | |
| 	for _, role := range roles {
 | |
| 		if !containsRole(role, rolePrefix, validRoles) {
 | |
| 			invalidRoles = append(invalidRoles, role)
 | |
| 		}
 | |
| 	}
 | |
| 	return invalidRoles
 | |
| }
 | |
| 
 | |
| func containsRole(role, rolePrefix string, validRoles []authz.RoleMapping) bool {
 | |
| 	for _, validRole := range validRoles {
 | |
| 		if role == validRole.Role && strings.HasPrefix(role, rolePrefix) {
 | |
| 			return true
 | |
| 		}
 | |
| 	}
 | |
| 	return false
 | |
| }
 |