zitadel/internal/authz/repository/eventsourcing/eventstore/user_membership.go

package eventstore

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/query"
	"github.com/zitadel/zitadel/internal/telemetry/tracing"
)

type UserMembershipRepo struct {
	Queries *query.Queries
}

func (repo *UserMembershipRepo) SearchMyMemberships(ctx context.Context, orgID string) (_ []*authz.Membership, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()
	memberships, err := repo.searchUserMemberships(ctx, orgID)
	if err != nil {
		return nil, err
	}
	return userMembershipsToMemberships(memberships), nil
}

func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context, orgID string) (_ []*query.Membership, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()
	ctxData := authz.GetCtxData(ctx)
	userIDQuery, err := query.NewMembershipUserIDQuery(ctxData.UserID)
	if err != nil {
		return nil, err
	}
	orgIDsQuery, err := query.NewMembershipResourceOwnersSearchQuery(orgID, authz.GetInstance(ctx).InstanceID())
	if err != nil {
		return nil, err
	}
	grantedIDQuery, err := query.NewMembershipGrantedOrgIDSearchQuery(orgID)
	if err != nil {
		return nil, err
	}
	memberships, err := repo.Queries.Memberships(ctx, &query.MembershipSearchQuery{
		Queries: []query.SearchQuery{userIDQuery, query.Or(orgIDsQuery, grantedIDQuery)},
	}, false)
	if err != nil {
		return nil, err
	}
	return memberships.Memberships, nil
}

func userMembershipToMembership(membership *query.Membership) *authz.Membership {
	if membership.IAM != nil {
		return &authz.Membership{
			MemberType:  authz.MemberTypeIam,
			AggregateID: membership.IAM.IAMID,
			ObjectID:    membership.IAM.IAMID,
			Roles:       membership.Roles,
		}
	}
	if membership.Org != nil {
		return &authz.Membership{
			MemberType:  authz.MemberTypeOrganisation,
			AggregateID: membership.Org.OrgID,
			ObjectID:    membership.Org.OrgID,
			Roles:       membership.Roles,
		}
	}
	if membership.Project != nil {
		return &authz.Membership{
			MemberType:  authz.MemberTypeProject,
			AggregateID: membership.Project.ProjectID,
			ObjectID:    membership.Project.ProjectID,
			Roles:       membership.Roles,
		}
	}
	return &authz.Membership{
		MemberType:  authz.MemberTypeProjectGrant,
		AggregateID: membership.ProjectGrant.ProjectID,
		ObjectID:    membership.ProjectGrant.GrantID,
		Roles:       membership.Roles,
	}
}

func userMembershipsToMemberships(memberships []*query.Membership) []*authz.Membership {
	result := make([]*authz.Membership, len(memberships))
	for i, m := range memberships {
		result[i] = userMembershipToMembership(m)
	}
	return result
}
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`package eventstore`

			`import (`
			`"context"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/api/authz"`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`"github.com/zitadel/zitadel/internal/query"`
fix(tracing): parsing of fraction (#3705) * fix(tracing): parsing of fraction * log id 2022-05-24 09:18:25 +00:00			`"github.com/zitadel/zitadel/internal/telemetry/tracing"`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`)`

			`type UserMembershipRepo struct {`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`Queries *query.Queries`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`}`

feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`func (repo UserMembershipRepo) SearchMyMemberships(ctx context.Context, orgID string) (_ []authz.Membership, err error) {`
fix(tracing): parsing of fraction (#3705) * fix(tracing): parsing of fraction * log id 2022-05-24 09:18:25 +00:00			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`memberships, err := repo.searchUserMemberships(ctx, orgID)`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`return userMembershipsToMemberships(memberships), nil`
			`}`

feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`func (repo UserMembershipRepo) searchUserMemberships(ctx context.Context, orgID string) (_ []query.Membership, err error) {`
fix(tracing): parsing of fraction (#3705) * fix(tracing): parsing of fraction * log id 2022-05-24 09:18:25 +00:00			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`ctxData := authz.GetCtxData(ctx)`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`userIDQuery, err := query.NewMembershipUserIDQuery(ctxData.UserID)`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`if err != nil {`
			`return nil, err`
			`}`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`orgIDsQuery, err := query.NewMembershipResourceOwnersSearchQuery(orgID, authz.GetInstance(ctx).InstanceID())`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`if err != nil {`
			`return nil, err`
			`}`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`grantedIDQuery, err := query.NewMembershipGrantedOrgIDSearchQuery(orgID)`
fix: project grants (#4031) * fix: filter granted memberships correctly * fix: only show changes of granted project * Apply suggestions from code review Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update internal/query/user_membership.go Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-07-27 07:55:44 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`memberships, err := repo.Queries.Memberships(ctx, &query.MembershipSearchQuery{`
fix: project grants (#4031) * fix: filter granted memberships correctly * fix: only show changes of granted project * Apply suggestions from code review Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> * Update internal/query/user_membership.go Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> 2022-07-27 07:55:44 +00:00			`Queries: []query.SearchQuery{userIDQuery, query.Or(orgIDsQuery, grantedIDQuery)},`
feat: remove org (#4148) * feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> 2022-11-30 16:01:17 +00:00			`}, false)`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`if err != nil {`
			`return nil, err`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`}`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`return memberships.Memberships, nil`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`}`

fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`func userMembershipToMembership(membership query.Membership) authz.Membership {`
			`if membership.IAM != nil {`
			`return &authz.Membership{`
			`MemberType: authz.MemberTypeIam,`
			`AggregateID: membership.IAM.IAMID,`
			`ObjectID: membership.IAM.IAMID,`
			`Roles: membership.Roles,`
			`}`
			`}`
			`if membership.Org != nil {`
			`return &authz.Membership{`
			`MemberType: authz.MemberTypeOrganisation,`
			`AggregateID: membership.Org.OrgID,`
			`ObjectID: membership.Org.OrgID,`
			`Roles: membership.Roles,`
			`}`
			`}`
			`if membership.Project != nil {`
			`return &authz.Membership{`
			`MemberType: authz.MemberTypeProject,`
			`AggregateID: membership.Project.ProjectID,`
			`ObjectID: membership.Project.ProjectID,`
			`Roles: membership.Roles,`
			`}`
			`}`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`return &authz.Membership{`
fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`MemberType: authz.MemberTypeProjectGrant,`
			`AggregateID: membership.ProjectGrant.ProjectID,`
			`ObjectID: membership.ProjectGrant.GrantID,`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`Roles: membership.Roles,`
			`}`
			`}`

fix: check membership from projection (#3710) * fix: check membership from projection * remove authz setup 2022-05-25 12:07:16 +00:00			`func userMembershipsToMemberships(memberships []query.Membership) []authz.Membership {`
fix: move activity log to queries and remove old code (#3096) * move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse 2022-01-26 09:16:33 +00:00			`result := make([]*authz.Membership, len(memberships))`
			`for i, m := range memberships {`
			`result[i] = userMembershipToMembership(m)`
			`}`
			`return result`
			`}`