zitadel/internal/domain/project_role.go

package domain

import (
	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
)

type ProjectRole struct {
	models.ObjectRoot

	Key         string
	DisplayName string
	Group       string
}

type ProjectRoleState int32

const (
	ProjectRoleStateUnspecified ProjectRoleState = iota
	ProjectRoleStateActive
	ProjectRoleStateRemoved
)

func (s ProjectRoleState) Exists() bool {
	return s != ProjectRoleStateUnspecified && s != ProjectRoleStateRemoved
}

func (p *ProjectRole) IsValid() bool {
	return p.AggregateID != "" && p.Key != ""
}

func HasInvalidRoles(validRoles, roles []string) bool {
	for _, roleKey := range roles {
		if !containsRoleKey(roleKey, validRoles) {
			return true
		}
	}
	return false
}

func containsRoleKey(roleKey string, validRoles []string) bool {
	for _, validRole := range validRoles {
		if roleKey == validRole {
			return true
		}
	}
	return false
}
feat: setup (#1166) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-12 12:59:51 +01:00			`package domain`

			`import (`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-27 01:01:45 +02:00			`"github.com/zitadel/zitadel/internal/eventstore/v1/models"`
feat: setup (#1166) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-12 12:59:51 +01:00			`)`

			`type ProjectRole struct {`
			`models.ObjectRoot`

			`Key string`
			`DisplayName string`
			`Group string`
			`}`

feat: new projects (#1207) * fix: project events * fix: project events * fix: project events * fix: eventmapper * fix: project commands * fix: project role commands * fix: project command side * fix: oidc application * fix: oidc application * fix: reduce * fix: reduce * fix: project member * fix: project grant command side * fix: application command side * fix: project grant member remove * Update internal/v2/command/project.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/project.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/project_application.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/project_application.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/v2/command/project_application.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: oidc application string pw * fix: project events * fix: project grant member * feat: change application to interface Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-28 06:35:26 +01:00			`type ProjectRoleState int32`

			`const (`
			`ProjectRoleStateUnspecified ProjectRoleState = iota`
			`ProjectRoleStateActive`
			`ProjectRoleStateRemoved`
			`)`

feat: project v2beta resource API (#9742) # Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2025-05-21 14:40:47 +02:00			`func (s ProjectRoleState) Exists() bool {`
			`return s != ProjectRoleStateUnspecified && s != ProjectRoleStateRemoved`
feat: setup (#1166) * add setup steps * refactoring * omitempty * cleanup * begin org * create org * setup org * setup org * merge * fixes * fixes * fixes * add project * add oidc application * fix app creation * add resourceOwner to writemodels * resource owner * cleanup * global org, iam project and iam member in setup * logs * logs * logs * cleanup * Update internal/v2/command/project.go Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * check project state Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> 2021-01-12 12:59:51 +01:00			`}`

			`func (p *ProjectRole) IsValid() bool {`
			`return p.AggregateID != "" && p.Key != ""`
			`}`
fix: new es testing (#1411) * fix: org tests * fix: org tests * fix: user grant test * fix: user grant test * fix: project and project role test * fix: project grant test * fix: project grant test * fix: project member, grant member, app changed tests * fix: application tests * fix: application tests * fix: add oidc app test * fix: add oidc app test * fix: add api keys test * fix: iam policies * fix: iam and org member tests * fix: clock skew validation * revert crypto changes * fix: tests * fix project grant member commands Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-03-15 12:51:15 +01:00
feat: project v2beta resource API (#9742) # Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2025-05-21 14:40:47 +02:00			`func HasInvalidRoles(validRoles, roles []string) bool {`
			`for _, roleKey := range roles {`
			`if !containsRoleKey(roleKey, validRoles) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

fix: new es testing (#1411) * fix: org tests * fix: org tests * fix: user grant test * fix: user grant test * fix: project and project role test * fix: project grant test * fix: project grant test * fix: project member, grant member, app changed tests * fix: application tests * fix: application tests * fix: add oidc app test * fix: add oidc app test * fix: add api keys test * fix: iam policies * fix: iam and org member tests * fix: clock skew validation * revert crypto changes * fix: tests * fix project grant member commands Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-03-15 12:51:15 +01:00			`func containsRoleKey(roleKey string, validRoles []string) bool {`
			`for _, validRole := range validRoles {`
			`if roleKey == validRole {`
			`return true`
			`}`
			`}`
			`return false`
			`}`