Resolve conflicts

Signed-off-by: nyagamunene <[email protected]>
absmach · Nov 13, 2024 · 511e918 · 511e918
1 parent f02670b
commit 511e918
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 26 deletions.
diff --git a/clients/middleware/authorization.go b/clients/middleware/authorization.go
@@ -19,15 +19,15 @@ import (
 )
 
 var (
-	errView                   = errors.New("not authorized to view thing")
-	errUpdate                 = errors.New("not authorized to update thing")
-	errUpdateTags             = errors.New("not authorized to update thing tags")
-	errUpdateSecret           = errors.New("not authorized to update thing secret")
-	errEnable                 = errors.New("not authorized to enable thing")
-	errDisable                = errors.New("not authorized to disable thing")
-	errDelete                 = errors.New("not authorized to delete thing")
-	errSetParentGroup         = errors.New("not authorized to set parent group to thing")
-	errRemoveParentGroup      = errors.New("not authorized to remove parent group from thing")
+	errView                    = errors.New("not authorized to view thing")
+	errUpdate                  = errors.New("not authorized to update thing")
+	errUpdateTags              = errors.New("not authorized to update thing tags")
+	errUpdateSecret            = errors.New("not authorized to update thing secret")
+	errEnable                  = errors.New("not authorized to enable thing")
+	errDisable                 = errors.New("not authorized to disable thing")
+	errDelete                  = errors.New("not authorized to delete thing")
+	errSetParentGroup          = errors.New("not authorized to set parent group to thing")
+	errRemoveParentGroup       = errors.New("not authorized to remove parent group from thing")
 	errDomainCreateClients     = errors.New("not authorized to create thing in domain")
 	errGroupSetChildClients    = errors.New("not authorized to set child thing for group")
 	errGroupRemoveChildClients = errors.New("not authorized to remove child thing for group")
@@ -130,10 +130,6 @@ func (am *authorizationMiddleware) View(ctx context.Context, session authn.Sessi
 }
 
 func (am *authorizationMiddleware) ListClients(ctx context.Context, session authn.Session, reqUserID string, pm clients.Page) (clients.ClientsPage, error) {
-	if err := am.checkSuperAdmin(ctx, session.UserID); err != nil {
-		session.SuperAdmin = true
-	}
-
 	if session.Type == authn.PersonalAccessToken {
 		if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
 			UserID:                   session.UserID,
@@ -148,6 +144,10 @@ func (am *authorizationMiddleware) ListClients(ctx context.Context, session auth
 		}
 	}
 
+	if err := am.checkSuperAdmin(ctx, session.UserID); err != nil {
+		session.SuperAdmin = true
+	}
+
 	return am.svc.ListClients(ctx, session, reqUserID, pm)
 }
 

diff --git a/users/middleware/authorization.go b/users/middleware/authorization.go
@@ -190,19 +190,6 @@ func (am *authorizationMiddleware) Update(ctx context.Context, session authn.Ses
 		session.SuperAdmin = true
 	}
 
-	if session.Type == authn.PersonalAccessToken {
-		if err := am.authz.AuthorizePAT(ctx, mgauthz.PatReq{
-			UserID:                   session.UserID,
-			PatID:                    session.ID,
-			PlatformEntityType:       mgauth.PlatformUsersScope,
-			OptionalDomainEntityType: mgauth.DomainNullScope,
-			Operation:                mgauth.UpdateOp,
-			EntityIDs:                []string{user.ID},
-		}); err != nil {
-			return users.User{}, errors.Wrap(svcerr.ErrUnauthorizedPAT, err)
-		}
-	}
-
 	return am.svc.Update(ctx, session, user)
 }