mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-06 14:17:17 +00:00
ed80a8bb1e
* feat(actions): begin api * feat(actions): begin api * api and projections * fix: handle multiple statements for a single event in projections * export func type * fix test * update to new reduce interface * flows in login * feat: jwt idp * feat: command side * feat: add tests * actions and flows * fill idp views with jwt idps and return apis * add jwtEndpoint to jwt idp * begin jwt request handling * add feature * merge * merge * handle jwt idp * cleanup * bug fixes * autoregister * get token from specific header name * fix: proto * fixes * i18n * begin tests * fix and log http proxy * remove docker cache * fixes * usergrants in actions api * tests adn cleanup * cleanup * fix add user grant * set login context * i18n Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
33 lines
763 B
Go
33 lines
763 B
Go
package management
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
caos_errors "github.com/caos/zitadel/internal/errors"
|
|
)
|
|
|
|
func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error {
|
|
permissions := authz.GetRequestPermissionsFromCtx(ctx)
|
|
if authz.HasGlobalPermission(permissions) {
|
|
return nil
|
|
}
|
|
ids := authz.GetAllPermissionCtxIDs(permissions)
|
|
if grantID != "" && listContainsID(ids, grantID) {
|
|
return nil
|
|
}
|
|
if listContainsID(ids, projectID) {
|
|
return nil
|
|
}
|
|
return caos_errors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")
|
|
}
|
|
|
|
func listContainsID(ids []string, id string) bool {
|
|
for _, i := range ids {
|
|
if i == id {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|