zitadel/internal/api/grpc/project/v2beta/project.go

package project

import (
	"context"

	"github.com/muhlemmer/gu"
	"google.golang.org/protobuf/types/known/timestamppb"

	"github.com/zitadel/zitadel/internal/command"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
	"github.com/zitadel/zitadel/internal/query"
	project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
)

func (s *Server) CreateProject(ctx context.Context, req *project_pb.CreateProjectRequest) (*project_pb.CreateProjectResponse, error) {
	add := projectCreateToCommand(req)
	project, err := s.command.AddProject(ctx, add)
	if err != nil {
		return nil, err
	}
	var creationDate *timestamppb.Timestamp
	if !project.EventDate.IsZero() {
		creationDate = timestamppb.New(project.EventDate)
	}
	return &project_pb.CreateProjectResponse{
		Id:           add.AggregateID,
		CreationDate: creationDate,
	}, nil
}

func projectCreateToCommand(req *project_pb.CreateProjectRequest) *command.AddProject {
	var aggregateID string
	if req.Id != nil {
		aggregateID = *req.Id
	}
	return &command.AddProject{
		ObjectRoot: models.ObjectRoot{
			ResourceOwner: req.OrganizationId,
			AggregateID:   aggregateID,
		},
		Name:                   req.Name,
		ProjectRoleAssertion:   req.ProjectRoleAssertion,
		ProjectRoleCheck:       req.AuthorizationRequired,
		HasProjectCheck:        req.ProjectAccessRequired,
		PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
	}
}

func privateLabelingSettingToDomain(setting project_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {
	switch setting {
	case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:
		return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
	case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:
		return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
	case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED:
		return domain.PrivateLabelingSettingUnspecified
	default:
		return domain.PrivateLabelingSettingUnspecified
	}
}

func (s *Server) UpdateProject(ctx context.Context, req *project_pb.UpdateProjectRequest) (*project_pb.UpdateProjectResponse, error) {
	project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req))
	if err != nil {
		return nil, err
	}
	var changeDate *timestamppb.Timestamp
	if !project.EventDate.IsZero() {
		changeDate = timestamppb.New(project.EventDate)
	}
	return &project_pb.UpdateProjectResponse{
		ChangeDate: changeDate,
	}, nil
}

func projectUpdateToCommand(req *project_pb.UpdateProjectRequest) *command.ChangeProject {
	var labeling *domain.PrivateLabelingSetting
	if req.PrivateLabelingSetting != nil {
		labeling = gu.Ptr(privateLabelingSettingToDomain(*req.PrivateLabelingSetting))
	}
	return &command.ChangeProject{
		ObjectRoot: models.ObjectRoot{
			AggregateID: req.Id,
		},
		Name:                   req.Name,
		ProjectRoleAssertion:   req.ProjectRoleAssertion,
		ProjectRoleCheck:       req.ProjectRoleCheck,
		HasProjectCheck:        req.HasProjectCheck,
		PrivateLabelingSetting: labeling,
	}
}

func (s *Server) DeleteProject(ctx context.Context, req *project_pb.DeleteProjectRequest) (*project_pb.DeleteProjectResponse, error) {
	userGrantIDs, err := s.userGrantsFromProject(ctx, req.Id)
	if err != nil {
		return nil, err
	}

	deletedAt, err := s.command.DeleteProject(ctx, req.Id, "", userGrantIDs...)
	if err != nil {
		return nil, err
	}
	var deletionDate *timestamppb.Timestamp
	if !deletedAt.IsZero() {
		deletionDate = timestamppb.New(deletedAt)
	}
	return &project_pb.DeleteProjectResponse{
		DeletionDate: deletionDate,
	}, nil
}

func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([]string, error) {
	projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
	if err != nil {
		return nil, err
	}
	userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
		Queries: []query.SearchQuery{projectQuery},
	}, false)
	if err != nil {
		return nil, err
	}
	return userGrantsToIDs(userGrants.UserGrants), nil
}

func (s *Server) DeactivateProject(ctx context.Context, req *project_pb.DeactivateProjectRequest) (*project_pb.DeactivateProjectResponse, error) {
	details, err := s.command.DeactivateProject(ctx, req.Id, "")
	if err != nil {
		return nil, err
	}
	var changeDate *timestamppb.Timestamp
	if !details.EventDate.IsZero() {
		changeDate = timestamppb.New(details.EventDate)
	}
	return &project_pb.DeactivateProjectResponse{
		ChangeDate: changeDate,
	}, nil
}

func (s *Server) ActivateProject(ctx context.Context, req *project_pb.ActivateProjectRequest) (*project_pb.ActivateProjectResponse, error) {
	details, err := s.command.ReactivateProject(ctx, req.Id, "")
	if err != nil {
		return nil, err
	}
	var changeDate *timestamppb.Timestamp
	if !details.EventDate.IsZero() {
		changeDate = timestamppb.New(details.EventDate)
	}
	return &project_pb.ActivateProjectResponse{
		ChangeDate: changeDate,
	}, nil
}

func userGrantsToIDs(userGrants []*query.UserGrant) []string {
	converted := make([]string, len(userGrants))
	for i, grant := range userGrants {
		converted[i] = grant.ID
	}
	return converted
}
feat: project v2beta resource API (#9742) # Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2025-05-21 14:40:47 +02:00			`package project`

			`import (`
			`"context"`

			`"github.com/muhlemmer/gu"`
			`"google.golang.org/protobuf/types/known/timestamppb"`

			`"github.com/zitadel/zitadel/internal/command"`
			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/eventstore/v1/models"`
			`"github.com/zitadel/zitadel/internal/query"`
			`project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"`
			`)`

			`func (s Server) CreateProject(ctx context.Context, req project_pb.CreateProjectRequest) (*project_pb.CreateProjectResponse, error) {`
			`add := projectCreateToCommand(req)`
			`project, err := s.command.AddProject(ctx, add)`
			`if err != nil {`
			`return nil, err`
			`}`
			`var creationDate *timestamppb.Timestamp`
			`if !project.EventDate.IsZero() {`
			`creationDate = timestamppb.New(project.EventDate)`
			`}`
			`return &project_pb.CreateProjectResponse{`
			`Id: add.AggregateID,`
			`CreationDate: creationDate,`
			`}, nil`
			`}`

			`func projectCreateToCommand(req project_pb.CreateProjectRequest) command.AddProject {`
			`var aggregateID string`
			`if req.Id != nil {`
			`aggregateID = *req.Id`
			`}`
			`return &command.AddProject{`
			`ObjectRoot: models.ObjectRoot{`
			`ResourceOwner: req.OrganizationId,`
			`AggregateID: aggregateID,`
			`},`
			`Name: req.Name,`
			`ProjectRoleAssertion: req.ProjectRoleAssertion,`
			`ProjectRoleCheck: req.AuthorizationRequired,`
			`HasProjectCheck: req.ProjectAccessRequired,`
			`PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),`
			`}`
			`}`

			`func privateLabelingSettingToDomain(setting project_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {`
			`switch setting {`
			`case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:`
			`return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy`
			`case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:`
			`return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy`
			`case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED:`
			`return domain.PrivateLabelingSettingUnspecified`
			`default:`
			`return domain.PrivateLabelingSettingUnspecified`
			`}`
			`}`

			`func (s Server) UpdateProject(ctx context.Context, req project_pb.UpdateProjectRequest) (*project_pb.UpdateProjectResponse, error) {`
			`project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req))`
			`if err != nil {`
			`return nil, err`
			`}`
			`var changeDate *timestamppb.Timestamp`
			`if !project.EventDate.IsZero() {`
			`changeDate = timestamppb.New(project.EventDate)`
			`}`
			`return &project_pb.UpdateProjectResponse{`
			`ChangeDate: changeDate,`
			`}, nil`
			`}`

			`func projectUpdateToCommand(req project_pb.UpdateProjectRequest) command.ChangeProject {`
			`var labeling *domain.PrivateLabelingSetting`
			`if req.PrivateLabelingSetting != nil {`
			`labeling = gu.Ptr(privateLabelingSettingToDomain(*req.PrivateLabelingSetting))`
			`}`
			`return &command.ChangeProject{`
			`ObjectRoot: models.ObjectRoot{`
			`AggregateID: req.Id,`
			`},`
			`Name: req.Name,`
			`ProjectRoleAssertion: req.ProjectRoleAssertion,`
			`ProjectRoleCheck: req.ProjectRoleCheck,`
			`HasProjectCheck: req.HasProjectCheck,`
			`PrivateLabelingSetting: labeling,`
			`}`
			`}`

			`func (s Server) DeleteProject(ctx context.Context, req project_pb.DeleteProjectRequest) (*project_pb.DeleteProjectResponse, error) {`
			`userGrantIDs, err := s.userGrantsFromProject(ctx, req.Id)`
			`if err != nil {`
			`return nil, err`
			`}`

			`deletedAt, err := s.command.DeleteProject(ctx, req.Id, "", userGrantIDs...)`
			`if err != nil {`
			`return nil, err`
			`}`
			`var deletionDate *timestamppb.Timestamp`
			`if !deletedAt.IsZero() {`
			`deletionDate = timestamppb.New(deletedAt)`
			`}`
			`return &project_pb.DeleteProjectResponse{`
			`DeletionDate: deletionDate,`
			`}, nil`
			`}`

			`func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([]string, error) {`
			`projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)`
			`if err != nil {`
			`return nil, err`
			`}`
			`userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{`
			`Queries: []query.SearchQuery{projectQuery},`
			`}, false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return userGrantsToIDs(userGrants.UserGrants), nil`
			`}`

			`func (s Server) DeactivateProject(ctx context.Context, req project_pb.DeactivateProjectRequest) (*project_pb.DeactivateProjectResponse, error) {`
			`details, err := s.command.DeactivateProject(ctx, req.Id, "")`
			`if err != nil {`
			`return nil, err`
			`}`
			`var changeDate *timestamppb.Timestamp`
			`if !details.EventDate.IsZero() {`
			`changeDate = timestamppb.New(details.EventDate)`
			`}`
			`return &project_pb.DeactivateProjectResponse{`
			`ChangeDate: changeDate,`
			`}, nil`
			`}`

			`func (s Server) ActivateProject(ctx context.Context, req project_pb.ActivateProjectRequest) (*project_pb.ActivateProjectResponse, error) {`
			`details, err := s.command.ReactivateProject(ctx, req.Id, "")`
			`if err != nil {`
			`return nil, err`
			`}`
			`var changeDate *timestamppb.Timestamp`
			`if !details.EventDate.IsZero() {`
			`changeDate = timestamppb.New(details.EventDate)`
			`}`
			`return &project_pb.ActivateProjectResponse{`
			`ChangeDate: changeDate,`
			`}, nil`
			`}`

			`func userGrantsToIDs(userGrants []*query.UserGrant) []string {`
			`converted := make([]string, len(userGrants))`
			`for i, grant := range userGrants {`
			`converted[i] = grant.ID`
			`}`
			`return converted`
			`}`