Skip to content

Commit e446f01

Browse files
committed
fix condition
Signed-off-by: Jose I. Paris <jiparis@chainloop.dev>
1 parent 92474e7 commit e446f01

1 file changed

Lines changed: 10 additions & 8 deletions

File tree

app/controlplane/internal/service/service.go

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -188,14 +188,16 @@ func (s *service) authorizeResource(ctx context.Context, op *authz.Policy, resou
188188

189189
// iterate through all resource memberships and find any that matches
190190
for _, rm := range m.Resources {
191-
pass, err := s.enforcer.Enforce(string(rm.Role), op)
192-
if err != nil {
193-
return handleUseCaseErr(err, s.log)
194-
}
195-
196-
if pass {
197-
s.log.Debugw("msg", "authorized using user membership", "resource_id", resourceID.String(), "resource_type", resourceType, "role", rm.Role, "membership_id", rm.MembershipID, "user_id", m.UserID)
198-
return nil
191+
if rm.ResourceType == resourceType && rm.ResourceID == resourceID {
192+
pass, err := s.enforcer.Enforce(string(rm.Role), op)
193+
if err != nil {
194+
return handleUseCaseErr(err, s.log)
195+
}
196+
197+
if pass {
198+
s.log.Debugw("msg", "authorized using user membership", "resource_id", resourceID.String(), "resource_type", resourceType, "role", rm.Role, "membership_id", rm.MembershipID, "user_id", m.UserID)
199+
return nil
200+
}
199201
}
200202
}
201203

0 commit comments

Comments
 (0)