NOISSUE - Fix list domain permission (absmach#2512)

Signed-off-by: nyagamunene <[email protected]>
nyagamunene · Nov 8, 2024 · a596afb · a596afb
1 parent 87c390d
commit a596afb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/auth/service.go b/auth/service.go
@@ -515,9 +515,9 @@ func (svc service) RetrieveDomainPermissions(ctx context.Context, token, id stri
 	if err != nil {
 		return []string{}, err
 	}
-
+	domainUserSubject := EncodeDomainUserID(id, res.User)
 	if err := svc.Authorize(ctx, policies.Policy{
-		Subject:     res.User,
+		Subject:     domainUserSubject,
 		SubjectType: policies.UserType,
 		SubjectKind: policies.UsersKind,
 		Object:      id,
@@ -529,7 +529,7 @@ func (svc service) RetrieveDomainPermissions(ctx context.Context, token, id stri
 
 	lp, err := svc.policysvc.ListPermissions(ctx, policies.Policy{
 		SubjectType: policies.UserType,
-		Subject:     res.User,
+		Subject:     domainUserSubject,
 		Object:      id,
 		ObjectType:  policies.DomainType,
 	}, []string{policies.AdminPermission, policies.EditPermission, policies.ViewPermission, policies.MembershipPermission, policies.CreatePermission})

diff --git a/users/middleware/authorization.go b/users/middleware/authorization.go
@@ -69,15 +69,15 @@ func (am *authorizationMiddleware) ListMembers(ctx context.Context, session auth
 	}
 	switch objectKind {
 	case policies.GroupsKind:
-		if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.UserID, mgauth.SwitchToPermission(pm.Permission), policies.GroupType, objectID); err != nil {
+		if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, mgauth.SwitchToPermission(pm.Permission), policies.GroupType, objectID); err != nil {
 			return users.MembersPage{}, err
 		}
 	case policies.DomainsKind:
-		if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.UserID, mgauth.SwitchToPermission(pm.Permission), policies.DomainType, objectID); err != nil {
+		if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, mgauth.SwitchToPermission(pm.Permission), policies.DomainType, objectID); err != nil {
 			return users.MembersPage{}, err
 		}
 	case policies.ThingsKind:
-		if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.UserID, mgauth.SwitchToPermission(pm.Permission), policies.ThingType, objectID); err != nil {
+		if err := am.authorize(ctx, session.DomainID, policies.UserType, policies.UsersKind, session.DomainUserID, mgauth.SwitchToPermission(pm.Permission), policies.ThingType, objectID); err != nil {
 			return users.MembersPage{}, err
 		}
 	default: