From f6b8044b58d991a18b1f2d9eb3e0c8298eccc0b5 Mon Sep 17 00:00:00 2001
From: Benedikt Kulmann <benedikt@kulmann.biz>
Date: Thu, 3 Sep 2020 18:27:55 +0200
Subject: [PATCH] Disable permission checks for GetAccount (entirely) and
 ListAcccounts (when having a query)

---
 pkg/service/v0/accounts.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/pkg/service/v0/accounts.go b/pkg/service/v0/accounts.go
index 2fdfa81..c982ed2 100644
--- a/pkg/service/v0/accounts.go
+++ b/pkg/service/v0/accounts.go
@@ -172,7 +172,7 @@ func (s Service) hasAccountManagementPermissions(ctx context.Context) bool {
 // ListAccounts implements the AccountsServiceHandler interface
 // the query contains account properties
 func (s Service) ListAccounts(ctx context.Context, in *proto.ListAccountsRequest, out *proto.ListAccountsResponse) (err error) {
-	if !s.hasAccountManagementPermissions(ctx) {
+	if len(in.Query) == 0 && !s.hasAccountManagementPermissions(ctx) {
 		return merrors.Forbidden(s.id, "no permission for ListAccounts")
 	}
 
@@ -266,10 +266,6 @@ func (s Service) ListAccounts(ctx context.Context, in *proto.ListAccountsRequest
 
 // GetAccount implements the AccountsServiceHandler interface
 func (s Service) GetAccount(ctx context.Context, in *proto.GetAccountRequest, out *proto.Account) (err error) {
-	if !s.hasAccountManagementPermissions(ctx) {
-		return merrors.Forbidden(s.id, "no permission for GetAccount")
-	}
-
 	accLock.Lock()
 	defer accLock.Unlock()
 	var id string