2022-12-14 07:17:36 +01:00
|
|
|
package command
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2024-02-28 12:21:11 +02:00
|
|
|
"slices"
|
2022-12-14 07:17:36 +01:00
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
|
|
|
)
|
|
|
|
|
|
|
|
type InstanceSecurityPolicyWriteModel struct {
|
|
|
|
eventstore.WriteModel
|
2024-02-28 12:21:11 +02:00
|
|
|
SecurityPolicy
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
func NewInstanceSecurityPolicyWriteModel(ctx context.Context) *InstanceSecurityPolicyWriteModel {
|
|
|
|
return &InstanceSecurityPolicyWriteModel{
|
|
|
|
WriteModel: eventstore.WriteModel{
|
|
|
|
AggregateID: authz.GetInstance(ctx).InstanceID(),
|
|
|
|
ResourceOwner: authz.GetInstance(ctx).InstanceID(),
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (wm *InstanceSecurityPolicyWriteModel) Reduce() error {
|
|
|
|
for _, event := range wm.Events {
|
|
|
|
if e, ok := event.(*instance.SecurityPolicySetEvent); ok {
|
2024-02-28 12:21:11 +02:00
|
|
|
|
|
|
|
if e.EnableIframeEmbedding != nil {
|
|
|
|
wm.EnableIframeEmbedding = *e.EnableIframeEmbedding
|
|
|
|
} else if e.Enabled != nil {
|
|
|
|
wm.EnableIframeEmbedding = *e.Enabled
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
if e.AllowedOrigins != nil {
|
|
|
|
wm.AllowedOrigins = *e.AllowedOrigins
|
|
|
|
}
|
2024-03-20 12:18:46 +02:00
|
|
|
if e.EnableImpersonation != nil {
|
|
|
|
wm.EnableImpersonation = *e.EnableImpersonation
|
|
|
|
}
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return wm.WriteModel.Reduce()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (wm *InstanceSecurityPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
|
|
ResourceOwner(wm.ResourceOwner).
|
|
|
|
AddQuery().
|
|
|
|
AggregateTypes(instance.AggregateType).
|
|
|
|
AggregateIDs(wm.AggregateID).
|
|
|
|
EventTypes(
|
|
|
|
instance.SecurityPolicySetEventType).
|
|
|
|
Builder()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (wm *InstanceSecurityPolicyWriteModel) NewSetEvent(
|
|
|
|
ctx context.Context,
|
|
|
|
aggregate *eventstore.Aggregate,
|
2024-02-28 12:21:11 +02:00
|
|
|
policy *SecurityPolicy,
|
2022-12-14 07:17:36 +01:00
|
|
|
) (*instance.SecurityPolicySetEvent, error) {
|
|
|
|
changes := make([]instance.SecurityPolicyChanges, 0, 2)
|
|
|
|
var err error
|
|
|
|
|
2024-02-28 12:21:11 +02:00
|
|
|
if wm.EnableIframeEmbedding != policy.EnableIframeEmbedding {
|
|
|
|
changes = append(changes, instance.ChangeSecurityPolicyEnableIframeEmbedding(policy.EnableIframeEmbedding))
|
|
|
|
}
|
|
|
|
if !slices.Equal(wm.AllowedOrigins, policy.AllowedOrigins) {
|
|
|
|
changes = append(changes, instance.ChangeSecurityPolicyAllowedOrigins(policy.AllowedOrigins))
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
2024-02-28 12:21:11 +02:00
|
|
|
if wm.EnableImpersonation != policy.EnableImpersonation {
|
|
|
|
changes = append(changes, instance.ChangeSecurityPolicyEnableImpersonation(policy.EnableImpersonation))
|
2022-12-14 07:17:36 +01:00
|
|
|
}
|
|
|
|
changeEvent, err := instance.NewSecurityPolicySetEvent(ctx, aggregate, changes)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return changeEvent, nil
|
|
|
|
}
|