zitadel/internal/query/zitadel_permission.go

package query

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/telemetry/tracing"
)

func (q *Queries) MyZitadelPermissions(ctx context.Context, orgID, userID string) (_ *domain.Permissions, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()

	userIDQuery, err := NewMembershipUserIDQuery(userID)
	if err != nil {
		return nil, err
	}
	orgIDsQuery, err := NewMembershipResourceOwnersSearchQuery(orgID, authz.GetInstance(ctx).InstanceID())
	if err != nil {
		return nil, err
	}
	grantedOrgIDQuery, err := NewMembershipGrantedOrgIDSearchQuery(orgID)
	if err != nil {
		return nil, err
	}
	memberships, err := q.Memberships(ctx, &MembershipSearchQuery{
		Queries: []SearchQuery{userIDQuery, Or(orgIDsQuery, grantedOrgIDQuery)},
	}, false)
	if err != nil {
		return nil, err
	}
	permissions := &domain.Permissions{Permissions: []string{}}
	for _, membership := range memberships.Memberships {
		for _, role := range membership.Roles {
			permissions = q.mapRoleToPermission(permissions, membership, role)
		}
	}
	return permissions, nil
}

func (q *Queries) mapRoleToPermission(permissions *domain.Permissions, membership *Membership, role string) *domain.Permissions {
	for _, mapping := range q.zitadelRoles {
		if mapping.Role == role {
			ctxID := ""
			if membership.Project != nil {
				ctxID = membership.Project.ProjectID
			} else if membership.ProjectGrant != nil {
				ctxID = membership.ProjectGrant.GrantID
			}
			permissions.AppendPermissions(ctxID, mapping.Permissions...)
		}
	}
	return permissions
}
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 10:16:33 +01:00			`package query`

			`import (`
			`"context"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-27 01:01:45 +02:00			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/domain"`
fix(query): add tracing for each method (#4777) * fix(query): add tracing for each method 2022-12-01 09:18:53 +01:00			`"github.com/zitadel/zitadel/internal/telemetry/tracing"`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 10:16:33 +01:00			`)`

fix(query): add tracing for each method (#4777) * fix(query): add tracing for each method 2022-12-01 09:18:53 +01:00			`func (q Queries) MyZitadelPermissions(ctx context.Context, orgID, userID string) (_ domain.Permissions, err error) {`
			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`

fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 10:16:33 +01:00			`userIDQuery, err := NewMembershipUserIDQuery(userID)`
			`if err != nil {`
			`return nil, err`
			`}`
feat: Instance commands (#3385) * fix: add events for domain * fix: add/remove domain command side * fix: add/remove domain command side * fix: add/remove domain query side * fix: create instance * fix: merge v2 * fix: instance domain * fix: instance domain * fix: instance domain * fix: instance domain * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from api * fix: remove domain.IAMID * fix: remove domain.IAMID * fix: add instance domain queries * fix: fix after merge * Update auth_request.go * fix keypair * remove unused code * feat: read instance id from context * feat: remove unused code * feat: use instance id from context * some fixes Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-04-05 07:58:09 +02:00			`orgIDsQuery, err := NewMembershipResourceOwnersSearchQuery(orgID, authz.GetInstance(ctx).InstanceID())`
cherry pick changes from main (#3371) * feat: remove exif data from uploaded images (#3221) * feat: remove exif tags from images * feat: remove exif data * feat: remove exif * fix: add preferredLoginName to user grant response (#3271) * chore: log webauthn parse error (#3272) * log error * log error * feat: Help link in privacy policy * fix: convert correct detail data on organization (#3279) * fix: handle empty editor users * fix: add some missing translations (#3291) * fix: org policy translations * fix: metadata event types translation * fix: translations * fix: filter resource owner correctly on project grant members (#3281) * fix: filter resource owner correctly on project grant members * fix: filter resource owner correctly on project grant members * fix: add orgIDs to zitadel permissions request Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> * fix: get IAM memberships correctly in MyZitadelPermissions (#3309) * fix: correct login names on auth and notification users (#3349) * fix: correct login names on auth and notification users * fix: migration * fix: handle resource owner in action flows (#3361) * fix merge * fix: exchange exif library (#3366) * fix: exchange exif library * ignore tiffs * requested fixes * feat: Help link in privacy policy Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-24 14:00:24 +01:00			`if err != nil {`
			`return nil, err`
			`}`
fix: project grants (#4031) * fix: filter granted memberships correctly * fix: only show changes of granted project * Apply suggestions from code review Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update internal/query/user_membership.go Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-07-27 09:55:44 +02:00			`grantedOrgIDQuery, err := NewMembershipGrantedOrgIDSearchQuery(orgID)`
			`if err != nil {`
			`return nil, err`
			`}`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 10:16:33 +01:00			`memberships, err := q.Memberships(ctx, &MembershipSearchQuery{`
fix: project grants (#4031) * fix: filter granted memberships correctly * fix: only show changes of granted project * Apply suggestions from code review Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update internal/query/user_membership.go Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-07-27 09:55:44 +02:00			`Queries: []SearchQuery{userIDQuery, Or(orgIDsQuery, grantedOrgIDQuery)},`
perf: remove owner removed columns from projections for oidc (#6925) * fix: remove owner removed columns from login names projection * fix: remove owner removed columns from flow projection * fix: remove owner removed columns from project, projectgrant and member projections * fix: correct unit tests for session projection * fix: correct unit tests for session projection 2023-11-20 16:21:08 +01:00			`}, false)`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 10:16:33 +01:00			`if err != nil {`
			`return nil, err`
			`}`
			`permissions := &domain.Permissions{Permissions: []string{}}`
			`for _, membership := range memberships.Memberships {`
			`for _, role := range membership.Roles {`
			`permissions = q.mapRoleToPermission(permissions, membership, role)`
			`}`
			`}`
			`return permissions, nil`
			`}`

			`func (q Queries) mapRoleToPermission(permissions domain.Permissions, membership Membership, role string) domain.Permissions {`
			`for _, mapping := range q.zitadelRoles {`
			`if mapping.Role == role {`
			`ctxID := ""`
			`if membership.Project != nil {`
			`ctxID = membership.Project.ProjectID`
			`} else if membership.ProjectGrant != nil {`
			`ctxID = membership.ProjectGrant.GrantID`
			`}`
			`permissions.AppendPermissions(ctxID, mapping.Permissions...)`
			`}`
			`}`
			`return permissions`
			`}`