2022-01-20 15:40:25 +01:00
|
|
|
package query
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"database/sql"
|
2023-12-08 16:30:55 +02:00
|
|
|
"errors"
|
2025-07-04 18:12:59 +02:00
|
|
|
"slices"
|
2022-01-20 15:40:25 +01:00
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
2023-10-19 12:19:10 +02:00
|
|
|
"github.com/zitadel/logging"
|
|
|
|
|
|
2022-04-27 01:01:45 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
2025-07-04 18:12:59 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
2023-10-19 12:19:10 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
2022-04-27 01:01:45 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
2022-12-01 09:18:53 +01:00
|
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
2023-12-08 16:30:55 +02:00
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
2022-01-20 15:40:25 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type UserMetadataList struct {
|
|
|
|
|
SearchResponse
|
|
|
|
|
Metadata []*UserMetadata
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type UserMetadata struct {
|
2023-11-21 14:11:38 +02:00
|
|
|
CreationDate time.Time `json:"creation_date,omitempty"`
|
2025-01-21 13:31:54 +01:00
|
|
|
UserID string `json:"-"`
|
2023-11-21 14:11:38 +02:00
|
|
|
ChangeDate time.Time `json:"change_date,omitempty"`
|
|
|
|
|
ResourceOwner string `json:"resource_owner,omitempty"`
|
|
|
|
|
Sequence uint64 `json:"sequence,omitempty"`
|
|
|
|
|
Key string `json:"key,omitempty"`
|
|
|
|
|
Value []byte `json:"value,omitempty"`
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type UserMetadataSearchQueries struct {
|
|
|
|
|
SearchRequest
|
|
|
|
|
Queries []SearchQuery
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-04 18:12:59 +02:00
|
|
|
func userMetadataCheckPermission(ctx context.Context, userMetadataList *UserMetadataList, permissionCheck domain.PermissionCheck) {
|
|
|
|
|
userMetadataList.Metadata = slices.DeleteFunc(userMetadataList.Metadata,
|
|
|
|
|
func(userMetadata *UserMetadata) bool {
|
|
|
|
|
return userCheckPermission(ctx, userMetadata.ResourceOwner, userMetadata.UserID, permissionCheck) != nil
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func userMetadataPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *UserMetadataSearchQueries) sq.SelectBuilder {
|
|
|
|
|
if !enabled {
|
|
|
|
|
return query
|
|
|
|
|
}
|
|
|
|
|
join, args := PermissionClause(
|
|
|
|
|
ctx,
|
|
|
|
|
UserMetadataResourceOwnerCol,
|
|
|
|
|
domain.PermissionUserRead,
|
|
|
|
|
SingleOrgPermissionOption(queries.Queries),
|
|
|
|
|
OwnedRowsPermissionOption(UserMetadataUserIDCol),
|
|
|
|
|
)
|
|
|
|
|
return query.JoinClause(join, args...)
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-20 15:40:25 +01:00
|
|
|
var (
|
|
|
|
|
userMetadataTable = table{
|
2022-10-27 08:08:36 +02:00
|
|
|
name: projection.UserMetadataProjectionTable,
|
|
|
|
|
instanceIDCol: projection.UserMetadataColumnInstanceID,
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
UserMetadataUserIDCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnUserID,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
|
|
|
|
UserMetadataCreationDateCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnCreationDate,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
|
|
|
|
UserMetadataChangeDateCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnChangeDate,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
|
|
|
|
UserMetadataResourceOwnerCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnResourceOwner,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
2022-03-23 09:02:39 +01:00
|
|
|
UserMetadataInstanceIDCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnInstanceID,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
2022-01-20 15:40:25 +01:00
|
|
|
UserMetadataSequenceCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnSequence,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
|
|
|
|
UserMetadataKeyCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnKey,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
|
|
|
|
UserMetadataValueCol = Column{
|
|
|
|
|
name: projection.UserMetadataColumnValue,
|
|
|
|
|
table: userMetadataTable,
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
2023-08-22 14:49:02 +02:00
|
|
|
func (q *Queries) GetUserMetadataByKey(ctx context.Context, shouldTriggerBulk bool, userID, key string, withOwnerRemoved bool, queries ...SearchQuery) (metadata *UserMetadata, err error) {
|
2022-12-01 09:18:53 +01:00
|
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
|
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
|
|
2022-06-14 07:51:00 +02:00
|
|
|
if shouldTriggerBulk {
|
2023-10-26 17:07:56 +02:00
|
|
|
_, traceSpan := tracing.NewNamedSpan(ctx, "TriggerUserMetadataProjection")
|
2023-10-19 12:19:10 +02:00
|
|
|
ctx, err = projection.UserMetadataProjection.Trigger(ctx, handler.WithAwaitRunning())
|
|
|
|
|
logging.OnError(err).Debug("trigger failed")
|
2023-10-26 17:07:56 +02:00
|
|
|
traceSpan.EndWithError(err)
|
2022-06-14 07:51:00 +02:00
|
|
|
}
|
|
|
|
|
|
2025-04-02 16:53:06 +02:00
|
|
|
query, scan := prepareUserMetadataQuery()
|
2022-01-20 15:40:25 +01:00
|
|
|
for _, q := range queries {
|
|
|
|
|
query = q.toQuery(query)
|
|
|
|
|
}
|
2022-11-30 17:01:17 +01:00
|
|
|
eq := sq.Eq{
|
|
|
|
|
UserMetadataUserIDCol.identifier(): userID,
|
|
|
|
|
UserMetadataKeyCol.identifier(): key,
|
|
|
|
|
UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
|
|
|
}
|
|
|
|
|
stmt, args, err := query.Where(eq).ToSql()
|
2022-01-20 15:40:25 +01:00
|
|
|
if err != nil {
|
2025-06-06 10:48:29 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-aDGG2", "Errors.Query.SQLStatement")
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
|
2023-08-22 14:49:02 +02:00
|
|
|
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
|
|
|
|
|
metadata, err = scan(row)
|
|
|
|
|
return err
|
|
|
|
|
}, stmt, args...)
|
|
|
|
|
return metadata, err
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
|
2025-01-21 13:31:54 +01:00
|
|
|
func (q *Queries) SearchUserMetadataForUsers(ctx context.Context, shouldTriggerBulk bool, userIDs []string, queries *UserMetadataSearchQueries) (metadata *UserMetadataList, err error) {
|
|
|
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
|
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
|
|
|
|
|
|
if shouldTriggerBulk {
|
|
|
|
|
_, traceSpan := tracing.NewNamedSpan(ctx, "TriggerUserMetadataProjection")
|
|
|
|
|
ctx, err = projection.UserMetadataProjection.Trigger(ctx, handler.WithAwaitRunning())
|
|
|
|
|
logging.OnError(err).Debug("trigger failed")
|
|
|
|
|
traceSpan.EndWithError(err)
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-02 16:53:06 +02:00
|
|
|
query, scan := prepareUserMetadataListQuery()
|
2025-01-21 13:31:54 +01:00
|
|
|
eq := sq.Eq{
|
|
|
|
|
UserMetadataUserIDCol.identifier(): userIDs,
|
|
|
|
|
UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
|
|
|
}
|
|
|
|
|
stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
|
|
|
|
|
if err != nil {
|
2025-06-06 10:48:29 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatement")
|
2025-01-21 13:31:54 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
|
|
|
|
|
metadata, err = scan(rows)
|
|
|
|
|
return err
|
|
|
|
|
}, stmt, args...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
metadata.State, err = q.latestState(ctx, userMetadataTable)
|
|
|
|
|
return metadata, err
|
|
|
|
|
}
|
|
|
|
|
|
2025-07-04 18:12:59 +02:00
|
|
|
func (q *Queries) SearchUserMetadata(ctx context.Context, shouldTriggerBulk bool, userID string, queries *UserMetadataSearchQueries, permissionCheck domain.PermissionCheck) (metadata *UserMetadataList, err error) {
|
|
|
|
|
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
|
|
|
|
|
users, err := q.searchUserMetadata(ctx, shouldTriggerBulk, userID, queries, permissionCheckV2)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
|
|
|
|
|
userMetadataCheckPermission(ctx, users, permissionCheck)
|
|
|
|
|
}
|
|
|
|
|
return users, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (q *Queries) searchUserMetadata(ctx context.Context, shouldTriggerBulk bool, userID string, queries *UserMetadataSearchQueries, permissionCheckV2 bool) (metadata *UserMetadataList, err error) {
|
2022-12-01 09:18:53 +01:00
|
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
|
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
|
|
2022-06-14 07:51:00 +02:00
|
|
|
if shouldTriggerBulk {
|
2023-10-26 17:07:56 +02:00
|
|
|
_, traceSpan := tracing.NewNamedSpan(ctx, "TriggerUserMetadataProjection")
|
2023-10-19 12:19:10 +02:00
|
|
|
ctx, err = projection.UserMetadataProjection.Trigger(ctx, handler.WithAwaitRunning())
|
|
|
|
|
logging.OnError(err).Debug("trigger failed")
|
2023-10-26 17:07:56 +02:00
|
|
|
traceSpan.EndWithError(err)
|
2022-06-14 07:51:00 +02:00
|
|
|
}
|
|
|
|
|
|
2025-04-02 16:53:06 +02:00
|
|
|
query, scan := prepareUserMetadataListQuery()
|
2025-07-04 18:12:59 +02:00
|
|
|
query = userMetadataPermissionCheckV2(ctx, query, permissionCheckV2, queries)
|
2022-11-30 17:01:17 +01:00
|
|
|
eq := sq.Eq{
|
|
|
|
|
UserMetadataUserIDCol.identifier(): userID,
|
|
|
|
|
UserMetadataInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
|
|
|
}
|
|
|
|
|
stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
|
2022-01-20 15:40:25 +01:00
|
|
|
if err != nil {
|
2025-06-06 10:48:29 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-Egbgd", "Errors.Query.SQLStatement")
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
|
2023-08-22 14:49:02 +02:00
|
|
|
err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
|
|
|
|
|
metadata, err = scan(rows)
|
|
|
|
|
return err
|
|
|
|
|
}, stmt, args...)
|
2022-01-20 15:40:25 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-10-19 12:19:10 +02:00
|
|
|
metadata.State, err = q.latestState(ctx, userMetadataTable)
|
2022-01-20 15:40:25 +01:00
|
|
|
return metadata, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (q *UserMetadataSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
|
|
|
|
|
query = q.SearchRequest.toQuery(query)
|
|
|
|
|
for _, q := range q.Queries {
|
|
|
|
|
query = q.toQuery(query)
|
|
|
|
|
}
|
|
|
|
|
return query
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *UserMetadataSearchQueries) AppendMyResourceOwnerQuery(orgID string) error {
|
|
|
|
|
query, err := NewUserMetadataResourceOwnerSearchQuery(orgID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
r.Queries = append(r.Queries, query)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewUserMetadataResourceOwnerSearchQuery(value string) (SearchQuery, error) {
|
|
|
|
|
return NewTextQuery(UserMetadataResourceOwnerCol, value, TextEquals)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewUserMetadataKeySearchQuery(value string, comparison TextComparison) (SearchQuery, error) {
|
|
|
|
|
return NewTextQuery(UserMetadataKeyCol, value, comparison)
|
|
|
|
|
}
|
|
|
|
|
|
2025-01-21 13:31:54 +01:00
|
|
|
func NewUserMetadataExistsQuery(key string, value []byte, keyComparison TextComparison, valueComparison BytesComparison) (SearchQuery, error) {
|
|
|
|
|
// linking queries for the subselect
|
|
|
|
|
instanceQuery, err := NewColumnComparisonQuery(UserMetadataInstanceIDCol, UserInstanceIDCol, ColumnEquals)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userIDQuery, err := NewColumnComparisonQuery(UserMetadataUserIDCol, UserIDCol, ColumnEquals)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// text query to select data from the linked sub select
|
|
|
|
|
metadataKeyQuery, err := NewTextQuery(UserMetadataKeyCol, key, keyComparison)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// text query to select data from the linked sub select
|
|
|
|
|
metadataValueQuery, err := NewBytesQuery(UserMetadataValueCol, value, valueComparison)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// full definition of the sub select
|
|
|
|
|
subSelect, err := NewSubSelect(UserMetadataUserIDCol, []SearchQuery{instanceQuery, userIDQuery, metadataKeyQuery, metadataValueQuery})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// "WHERE * IN (*)" query with subquery as list-data provider
|
|
|
|
|
return NewListQuery(
|
|
|
|
|
UserIDCol,
|
|
|
|
|
subSelect,
|
|
|
|
|
ListIn,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-02 16:53:06 +02:00
|
|
|
func prepareUserMetadataQuery() (sq.SelectBuilder, func(*sql.Row) (*UserMetadata, error)) {
|
2022-01-20 15:40:25 +01:00
|
|
|
return sq.Select(
|
|
|
|
|
UserMetadataCreationDateCol.identifier(),
|
|
|
|
|
UserMetadataChangeDateCol.identifier(),
|
|
|
|
|
UserMetadataResourceOwnerCol.identifier(),
|
|
|
|
|
UserMetadataSequenceCol.identifier(),
|
|
|
|
|
UserMetadataKeyCol.identifier(),
|
|
|
|
|
UserMetadataValueCol.identifier(),
|
|
|
|
|
).
|
2025-04-02 16:53:06 +02:00
|
|
|
From(userMetadataTable.identifier()).
|
2022-01-20 15:40:25 +01:00
|
|
|
PlaceholderFormat(sq.Dollar),
|
|
|
|
|
func(row *sql.Row) (*UserMetadata, error) {
|
|
|
|
|
m := new(UserMetadata)
|
|
|
|
|
err := row.Scan(
|
|
|
|
|
&m.CreationDate,
|
|
|
|
|
&m.ChangeDate,
|
|
|
|
|
&m.ResourceOwner,
|
|
|
|
|
&m.Sequence,
|
|
|
|
|
&m.Key,
|
|
|
|
|
&m.Value,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
2023-12-08 16:30:55 +02:00
|
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
|
|
|
return nil, zerrors.ThrowNotFound(err, "QUERY-Rgh32", "Errors.Metadata.NotFound")
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-Hhjt2", "Errors.Internal")
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
return m, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-02 16:53:06 +02:00
|
|
|
func prepareUserMetadataListQuery() (sq.SelectBuilder, func(*sql.Rows) (*UserMetadataList, error)) {
|
2022-01-20 15:40:25 +01:00
|
|
|
return sq.Select(
|
|
|
|
|
UserMetadataCreationDateCol.identifier(),
|
|
|
|
|
UserMetadataChangeDateCol.identifier(),
|
2025-01-21 13:31:54 +01:00
|
|
|
UserMetadataUserIDCol.identifier(),
|
2022-01-20 15:40:25 +01:00
|
|
|
UserMetadataResourceOwnerCol.identifier(),
|
|
|
|
|
UserMetadataSequenceCol.identifier(),
|
|
|
|
|
UserMetadataKeyCol.identifier(),
|
|
|
|
|
UserMetadataValueCol.identifier(),
|
|
|
|
|
countColumn.identifier()).
|
2025-04-02 16:53:06 +02:00
|
|
|
From(userMetadataTable.identifier()).
|
2022-01-20 15:40:25 +01:00
|
|
|
PlaceholderFormat(sq.Dollar),
|
|
|
|
|
func(rows *sql.Rows) (*UserMetadataList, error) {
|
|
|
|
|
metadata := make([]*UserMetadata, 0)
|
|
|
|
|
var count uint64
|
|
|
|
|
for rows.Next() {
|
|
|
|
|
m := new(UserMetadata)
|
|
|
|
|
err := rows.Scan(
|
|
|
|
|
&m.CreationDate,
|
|
|
|
|
&m.ChangeDate,
|
2025-01-21 13:31:54 +01:00
|
|
|
&m.UserID,
|
2022-01-20 15:40:25 +01:00
|
|
|
&m.ResourceOwner,
|
|
|
|
|
&m.Sequence,
|
|
|
|
|
&m.Key,
|
|
|
|
|
&m.Value,
|
|
|
|
|
&count,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
metadata = append(metadata, m)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := rows.Close(); err != nil {
|
2023-12-08 16:30:55 +02:00
|
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-sd3gh", "Errors.Query.CloseRows")
|
2022-01-20 15:40:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &UserMetadataList{
|
|
|
|
|
Metadata: metadata,
|
|
|
|
|
SearchResponse: SearchResponse{
|
|
|
|
|
Count: count,
|
|
|
|
|
},
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
