[misc] apply feedback

This commit is contained in:
Pedro Costa
2025-03-11 08:24:23 +00:00
parent 1763a953f4
commit abaffbcc2d
2 changed files with 5 additions and 12 deletions

View File

@@ -513,11 +513,6 @@ func (am *DefaultAccountManager) DeleteAccount(ctx context.Context, accountID, u
return err
}
// @note not necessary, below it explicitly checks for Owner role
// if !user.HasAdminPower() {
// return status.Errorf(status.PermissionDenied, "user is not allowed to delete account")
// }
if user.Role != types.UserRoleOwner {
return status.Errorf(status.PermissionDenied, "user is not allowed to delete account. Only account owner can delete account")
}
@@ -1067,9 +1062,8 @@ func (am *DefaultAccountManager) GetAccountIDFromUserAuth(ctx context.Context, u
return accountID, user.Id, nil
}
// @note, this can remain cause above we explicitly early return if auth id for a child account
if user.AccountID != accountID {
return "", "", status.Errorf(status.PermissionDenied, "user %s is not part of the account %s", userAuth.UserId, accountID)
if err := am.permissionsManager.ValidateAccountAccess(ctx, accountID, user); err != nil {
return "", "", err
}
if !user.IsServiceUser && userAuth.Invited {

View File

@@ -347,7 +347,6 @@ func (am *DefaultAccountManager) CreatePAT(ctx context.Context, accountID string
return nil, err
}
// @todo how to handle this case, PAT can only be created own user?
if initiatorUserID != targetUserID && !(initiatorUser.HasAdminPower() && targetUser.IsServiceUser) {
return nil, status.NewAdminPermissionError()
}
@@ -381,7 +380,6 @@ func (am *DefaultAccountManager) DeletePAT(ctx context.Context, accountID string
return err
}
// @todo how to handle this case, PAT can only be deleted by own user?
if initiatorUserID != targetUserID && initiatorUser.IsRegularUser() {
return status.NewAdminPermissionError()
}
@@ -417,7 +415,6 @@ func (am *DefaultAccountManager) GetPAT(ctx context.Context, accountID string, i
return nil, err
}
// @todo how to handle this case, PAT can only be got by own user?
if initiatorUserID != targetUserID && initiatorUser.IsRegularUser() {
return nil, status.NewAdminPermissionError()
}
@@ -971,7 +968,9 @@ func (am *DefaultAccountManager) DeleteRegularUsers(ctx context.Context, account
return err
}
// @todo maybe add ValidateAccountPermission?
if err := am.permissionsManager.ValidateAccountAccess(ctx, accountID, initiatorUser); err != nil {
return err
}
if !initiatorUser.HasAdminPower() {
return status.NewAdminPermissionError()