Skip to content

Commit

Permalink
flyio: account for Access impl that doesn't require org id
Browse files Browse the repository at this point in the history
  • Loading branch information
@btoews
btoews committed Feb 2, 2024
1 parent ae080f5 commit 3918b4e
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion flyio/caveats.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ func (c *Organization) Prohibits(a macaroon.Access) error {
return macaroon.ErrInvalidAccess
case f.GetOrgID() == nil:
return fmt.Errorf("%w org", resset.ErrResourceUnspecified)
case c.ID != *f.GetOrgID():
case c.ID != resset.ZeroID[uint64]() && c.ID != *f.GetOrgID():
return fmt.Errorf("%w org %d, only %d", resset.ErrUnauthorizedForResource, *f.GetOrgID(), c.ID)
case !f.GetAction().IsSubsetOf(c.Mask):
return fmt.Errorf("%w access %s (%s not allowed)", resset.ErrUnauthorizedForAction, f.GetAction(), f.GetAction().Remove(c.Mask))
Expand Down

0 comments on commit 3918b4e

Please sign in to comment.