TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-07-13 11:58:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal/api
History
Elio Bischof 898366c537
fix: allow user self deletion (#9828) 
# Which Problems Are Solved

Currently, users can't delete themselves using the V2 RemoveUser API
because of the redunant API middleware permission check.

On main, using a machine user PAT to delete the same machine user:

```bash
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"userId": "318838604669387137"}' localhost:8080 zitadel.user.v2.UserService.DeleteUser
ERROR:
  Code: NotFound
  Message: membership not found (AUTHZ-cdgFk)
  Details:
  1)	{
    	  "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
    	  "id": "AUTHZ-cdgFk",
    	  "message": "membership not found"
    	}
```

Same on this PRs branch:

```bash
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"userId": "318838604669387137"}' localhost:8080 zitadel.user.v2.UserService.DeleteUser
{
  "details": {
    "sequence": "3",
    "changeDate": "2025-05-06T13:44:54.349048Z",
    "resourceOwner": "318838541083804033"
  }
}
```

Repeated call
```bash
grpcurl -plaintext -H "Authorization: Bearer ${ZITADEL_ACCESS_TOKEN}" -d '{"userId": "318838604669387137"}' localhost:8080 zitadel.user.v2.UserService.DeleteUser
ERROR:
  Code: Unauthenticated
  Message: Errors.Token.Invalid (AUTH-7fs1e)
  Details:
  1)	{
    	  "@type": "type.googleapis.com/zitadel.v1.ErrorDetail",
    	  "id": "AUTH-7fs1e",
    	  "message": "Errors.Token.Invalid"
    	}
```

# How the Problems Are Solved

The middleware permission check is disabled and the
domain.PermissionCheck is used exclusively.

# Additional Changes

A new type command.PermissionCheck allows to optionally accept a
permission check for commands, so APIs with middleware permission checks
can omit redundant permission checks by passing nil while APIs without
middleware permission checks can pass one to the command.

# Additional Context

This is a subtask of #9763

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-05-07 15:24:24 +02:00
..
assets
chore!: Introduce ZITADEL v3 (#9645)
2025-04-02 16:53:06 +02:00
authz
feat(permissions): project member permission filter (#9757)
2025-04-22 08:42:59 +00:00
call
fix: reset the call timestamp after a bulk trigger (#6080)
2023-07-07 08:15:05 +00:00
grpc
fix: allow user self deletion (#9828)
2025-05-07 15:24:24 +02:00
http
chore!: Introduce ZITADEL v3 (#9645)
2025-04-02 16:53:06 +02:00
idp
Merge commit from fork
2025-05-02 13:44:24 +02:00
info
fix: correct method and path for session api activity (#6880)
2023-11-22 12:12:23 +02:00
oidc
chore!: Introduce ZITADEL v3 (#9645)
2025-04-02 16:53:06 +02:00
robots_txt
fix: introduce measures to avoid bots crawling and indexing activities (#5728)
2023-05-05 10:25:02 +02:00
saml
fix: SAML and OIDC issuer (in proxied use cases) (#9638)
2025-03-26 17:08:13 +00:00
scim
perf(query): org permission function for resources (#9677)
2025-04-15 18:38:25 +02:00
service
fix(eventstore): tests
2020-11-26 09:19:14 +01:00
ui
fix: text buttons overflow in login page (#9637)
2025-04-24 09:56:52 +00:00
api.go
chore!: Introduce ZITADEL v3 (#9645)
2025-04-02 16:53:06 +02:00