Skip to content

Commit 0a2f322

Browse files
committed
check policies in all cases
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent 32add98 commit 0a2f322

1 file changed

Lines changed: 4 additions & 7 deletions

File tree

app/controlplane/internal/service/organization.go

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -214,15 +214,12 @@ func (s *OrganizationService) UpdateMembership(ctx context.Context, req *pb.Orga
214214
}
215215

216216
func (s *OrganizationService) canCreateOrganization(ctx context.Context) (bool, error) {
217-
// Restricted org creation is disabled, allow creation only to users
218-
if !s.authz.RestrictOrgCreation {
219-
if entities.CurrentMembership(ctx) != nil {
220-
return true, nil
221-
}
222-
return false, nil
217+
// if org creation restriction is disabled, allow creation to all users
218+
if !s.authz.RestrictOrgCreation && entities.CurrentMembership(ctx) != nil {
219+
return true, nil
223220
}
224221

225-
// otherwise, check for permissions
222+
// otherwise, check for permissions (both users and API tokens)
226223
if err := s.checkPolicy(ctx, authz.PolicyOrganizationCreate); err != nil {
227224
return false, err
228225
}

0 commit comments

Comments
 (0)