zitadel/internal/query/idp_user_link.go

213 lines
6.0 KiB
Go
Raw Normal View History

2021-12-07 07:33:52 +00:00
package query
import (
"context"
"database/sql"
sq "github.com/Masterminds/squirrel"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/call"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query/projection"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
"github.com/zitadel/zitadel/internal/zerrors"
2021-12-07 07:33:52 +00:00
)
type IDPUserLink struct {
2021-12-07 07:33:52 +00:00
IDPID string
UserID string
IDPName string
ProvidedUserID string
ProvidedUsername string
fix: use query side for requests (#2818) * refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * refactor: remove unsued methods in repo-interfaces * start * fix(query): membership * fix(auth): list my project orgs * fix(query): member queries and user avatar column * refactor(auth): MyProjectOrgs * fix(queries): member and membership stmts * fix user test * fix(management): use query for project (-grant) members * fix(admin): use query for member calls * fix(api): add domain to org mapping * remove old idp * membership * refactor: remove old files * idp * refactor: use query for idps and idp user links * refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter * gloabl org check for org roles Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-13 07:58:14 +00:00
ResourceOwner string
IDPType domain.IDPType
2021-12-07 07:33:52 +00:00
}
type IDPUserLinks struct {
2021-12-07 07:33:52 +00:00
SearchResponse
Links []*IDPUserLink
2021-12-07 07:33:52 +00:00
}
type IDPUserLinksSearchQuery struct {
2021-12-07 07:33:52 +00:00
SearchRequest
Queries []SearchQuery
}
func (q *IDPUserLinksSearchQuery) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
2021-12-07 07:33:52 +00:00
query = q.SearchRequest.toQuery(query)
for _, q := range q.Queries {
query = q.toQuery(query)
}
return query
}
var (
idpUserLinkTable = table{
name: projection.IDPUserLinkTable,
instanceIDCol: projection.IDPUserLinkInstanceIDCol,
2021-12-07 07:33:52 +00:00
}
IDPUserLinkIDPIDCol = Column{
name: projection.IDPUserLinkIDPIDCol,
table: idpUserLinkTable,
}
IDPUserLinkUserIDCol = Column{
name: projection.IDPUserLinkUserIDCol,
table: idpUserLinkTable,
}
IDPUserLinkExternalUserIDCol = Column{
name: projection.IDPUserLinkExternalUserIDCol,
table: idpUserLinkTable,
}
IDPUserLinkCreationDateCol = Column{
name: projection.IDPUserLinkCreationDateCol,
table: idpUserLinkTable,
}
IDPUserLinkChangeDateCol = Column{
name: projection.IDPUserLinkChangeDateCol,
table: idpUserLinkTable,
}
IDPUserLinkSequenceCol = Column{
name: projection.IDPUserLinkSequenceCol,
table: idpUserLinkTable,
}
IDPUserLinkResourceOwnerCol = Column{
name: projection.IDPUserLinkResourceOwnerCol,
table: idpUserLinkTable,
}
IDPUserLinkInstanceIDCol = Column{
name: projection.IDPUserLinkInstanceIDCol,
table: idpUserLinkTable,
}
2021-12-07 07:33:52 +00:00
IDPUserLinkDisplayNameCol = Column{
name: projection.IDPUserLinkDisplayNameCol,
table: idpUserLinkTable,
}
feat: remove org (#4148) * feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 16:01:17 +00:00
IDPUserLinkOwnerRemovedCol = Column{
name: projection.IDPUserLinkOwnerRemovedCol,
table: idpUserLinkTable,
}
2021-12-07 07:33:52 +00:00
)
func (l *IDPUserLinks) RemoveNoPermission(ctx context.Context, permissionCheck domain.PermissionCheck) {
removableIndexes := make([]int, 0)
for i := range l.Links {
ctxData := authz.GetCtxData(ctx)
if ctxData.UserID != l.Links[i].UserID {
if err := permissionCheck(ctx, domain.PermissionUserRead, l.Links[i].ResourceOwner, l.Links[i].UserID); err != nil {
removableIndexes = append(removableIndexes, i)
}
}
}
removed := 0
for _, removeIndex := range removableIndexes {
l.Links = removeIDPLink(l.Links, removeIndex-removed)
removed++
}
// reset count as some users could be removed
l.SearchResponse.Count = uint64(len(l.Links))
}
func removeIDPLink(slice []*IDPUserLink, s int) []*IDPUserLink {
return append(slice[:s], slice[s+1:]...)
}
feat: remove org (#4148) * feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 16:01:17 +00:00
func (q *Queries) IDPUserLinks(ctx context.Context, queries *IDPUserLinksSearchQuery, withOwnerRemoved bool) (idps *IDPUserLinks, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
query, scan := prepareIDPUserLinksQuery(ctx, q.client)
feat: remove org (#4148) * feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2022-11-30 16:01:17 +00:00
eq := sq.Eq{IDPUserLinkInstanceIDCol.identifier(): authz.GetInstance(ctx).InstanceID()}
if !withOwnerRemoved {
eq[IDPUserLinkOwnerRemovedCol.identifier()] = false
}
stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
2021-12-07 07:33:52 +00:00
if err != nil {
return nil, zerrors.ThrowInvalidArgument(err, "QUERY-4zzFK", "Errors.Query.InvalidRequest")
2021-12-07 07:33:52 +00:00
}
err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
idps, err = scan(rows)
return err
}, stmt, args...)
2021-12-07 07:33:52 +00:00
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-C1E4D", "Errors.Internal")
2021-12-07 07:33:52 +00:00
}
idps.State, err = q.latestState(ctx, idpUserLinkTable)
2021-12-07 07:33:52 +00:00
return idps, err
}
fix: use query side for requests (#2818) * refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * refactor: remove unsued methods in repo-interfaces * start * fix(query): membership * fix(auth): list my project orgs * fix(query): member queries and user avatar column * refactor(auth): MyProjectOrgs * fix(queries): member and membership stmts * fix user test * fix(management): use query for project (-grant) members * fix(admin): use query for member calls * fix(api): add domain to org mapping * remove old idp * membership * refactor: remove old files * idp * refactor: use query for idps and idp user links * refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter * gloabl org check for org roles Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-13 07:58:14 +00:00
func NewIDPUserLinkIDPIDSearchQuery(value string) (SearchQuery, error) {
return NewTextQuery(IDPUserLinkIDPIDCol, value, TextEquals)
}
func NewIDPUserLinksUserIDSearchQuery(value string) (SearchQuery, error) {
2021-12-07 07:33:52 +00:00
return NewTextQuery(IDPUserLinkUserIDCol, value, TextEquals)
}
func NewIDPUserLinksResourceOwnerSearchQuery(value string) (SearchQuery, error) {
2021-12-07 07:33:52 +00:00
return NewTextQuery(IDPUserLinkResourceOwnerCol, value, TextEquals)
}
func NewIDPUserLinksExternalIDSearchQuery(value string) (SearchQuery, error) {
return NewTextQuery(IDPUserLinkExternalUserIDCol, value, TextEquals)
}
func prepareIDPUserLinksQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Rows) (*IDPUserLinks, error)) {
2021-12-07 07:33:52 +00:00
return sq.Select(
IDPUserLinkIDPIDCol.identifier(),
IDPUserLinkUserIDCol.identifier(),
IDPTemplateNameCol.identifier(),
2021-12-07 07:33:52 +00:00
IDPUserLinkExternalUserIDCol.identifier(),
IDPUserLinkDisplayNameCol.identifier(),
IDPTemplateTypeCol.identifier(),
fix: use query side for requests (#2818) * refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * refactor: remove unsued methods in repo-interfaces * start * fix(query): membership * fix(auth): list my project orgs * fix(query): member queries and user avatar column * refactor(auth): MyProjectOrgs * fix(queries): member and membership stmts * fix user test * fix(management): use query for project (-grant) members * fix(admin): use query for member calls * fix(api): add domain to org mapping * remove old idp * membership * refactor: remove old files * idp * refactor: use query for idps and idp user links * refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter * gloabl org check for org roles Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-13 07:58:14 +00:00
IDPUserLinkResourceOwnerCol.identifier(),
2021-12-07 07:33:52 +00:00
countColumn.identifier()).
From(idpUserLinkTable.identifier()).
LeftJoin(join(IDPTemplateIDCol, IDPUserLinkIDPIDCol) + db.Timetravel(call.Took(ctx))).
PlaceholderFormat(sq.Dollar),
func(rows *sql.Rows) (*IDPUserLinks, error) {
idps := make([]*IDPUserLink, 0)
2021-12-07 07:33:52 +00:00
var count uint64
for rows.Next() {
var (
idpName = sql.NullString{}
idpType = sql.NullInt16{}
idp = new(IDPUserLink)
2021-12-07 07:33:52 +00:00
)
err := rows.Scan(
&idp.IDPID,
&idp.UserID,
&idpName,
&idp.ProvidedUserID,
&idp.ProvidedUsername,
&idpType,
fix: use query side for requests (#2818) * refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * refactor: remove unsued methods in repo-interfaces * start * fix(query): membership * fix(auth): list my project orgs * fix(query): member queries and user avatar column * refactor(auth): MyProjectOrgs * fix(queries): member and membership stmts * fix user test * fix(management): use query for project (-grant) members * fix(admin): use query for member calls * fix(api): add domain to org mapping * remove old idp * membership * refactor: remove old files * idp * refactor: use query for idps and idp user links * refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter * gloabl org check for org roles Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2022-01-13 07:58:14 +00:00
&idp.ResourceOwner,
2021-12-07 07:33:52 +00:00
&count,
)
if err != nil {
return nil, err
}
idp.IDPName = idpName.String
//IDPType 0 is oidc so we have to set unspecified manually
if idpType.Valid {
idp.IDPType = domain.IDPType(idpType.Int16)
2021-12-07 07:33:52 +00:00
} else {
idp.IDPType = domain.IDPTypeUnspecified
2021-12-07 07:33:52 +00:00
}
idps = append(idps, idp)
}
if err := rows.Close(); err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-nwx6U", "Errors.Query.CloseRows")
2021-12-07 07:33:52 +00:00
}
return &IDPUserLinks{
2021-12-07 07:33:52 +00:00
Links: idps,
SearchResponse: SearchResponse{
Count: count,
},
}, nil
}
}