From fcdf27c683cca2716fac86b2b5aa25ba1d557dbe Mon Sep 17 00:00:00 2001
From: Silvan <silvan.reusser@gmail.com>
Date: Thu, 2 Jul 2020 08:04:43 +0200
Subject: [PATCH] fix(usergrant): verify project id is equal (#319)

* fix(usergrant): verify project id is equal

* fix: delete wrong code
---
 internal/usergrant/repository/eventsourcing/user_grant.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/usergrant/repository/eventsourcing/user_grant.go b/internal/usergrant/repository/eventsourcing/user_grant.go
index 831ca5b259..4b995fe731 100644
--- a/internal/usergrant/repository/eventsourcing/user_grant.go
+++ b/internal/usergrant/repository/eventsourcing/user_grant.go
@@ -214,7 +214,11 @@ func addUserGrantValidation(resourceOwner string, grant *model.UserGrant) func(.
 	}
 }
 
+//TODO: rethink this function i know it's ugly.
 func checkProjectConditions(resourceOwner string, grant *model.UserGrant, project *proj_es_model.Project) error {
+	if grant.ProjectID != project.AggregateID {
+		return errors.ThrowInvalidArgument(nil, "EVENT-ixlMx", "project doesn't exist")
+	}
 	if project.State == int32(proj_model.ProjectStateRemoved) {
 		return errors.ThrowPreconditionFailed(nil, "EVENT-Lxp0s", "project doesn't exist")
 	}