2022-01-26 09:16:33 +00:00
|
|
|
package query
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
2022-01-26 09:16:33 +00:00
|
|
|
)
|
|
|
|
|
2022-03-24 13:00:24 +00:00
|
|
|
func (q *Queries) MyZitadelPermissions(ctx context.Context, orgID, userID string) (*domain.Permissions, error) {
|
2022-01-26 09:16:33 +00:00
|
|
|
userIDQuery, err := NewMembershipUserIDQuery(userID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-04-05 05:58:09 +00:00
|
|
|
orgIDsQuery, err := NewMembershipResourceOwnersSearchQuery(orgID, authz.GetInstance(ctx).InstanceID())
|
2022-03-24 13:00:24 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-07-27 07:55:44 +00:00
|
|
|
grantedOrgIDQuery, err := NewMembershipGrantedOrgIDSearchQuery(orgID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2022-01-26 09:16:33 +00:00
|
|
|
memberships, err := q.Memberships(ctx, &MembershipSearchQuery{
|
2022-07-27 07:55:44 +00:00
|
|
|
Queries: []SearchQuery{userIDQuery, Or(orgIDsQuery, grantedOrgIDQuery)},
|
2022-01-26 09:16:33 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
permissions := &domain.Permissions{Permissions: []string{}}
|
|
|
|
for _, membership := range memberships.Memberships {
|
|
|
|
for _, role := range membership.Roles {
|
|
|
|
permissions = q.mapRoleToPermission(permissions, membership, role)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return permissions, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (q *Queries) mapRoleToPermission(permissions *domain.Permissions, membership *Membership, role string) *domain.Permissions {
|
|
|
|
for _, mapping := range q.zitadelRoles {
|
|
|
|
if mapping.Role == role {
|
|
|
|
ctxID := ""
|
|
|
|
if membership.Project != nil {
|
|
|
|
ctxID = membership.Project.ProjectID
|
|
|
|
} else if membership.ProjectGrant != nil {
|
|
|
|
ctxID = membership.ProjectGrant.GrantID
|
|
|
|
}
|
|
|
|
permissions.AppendPermissions(ctxID, mapping.Permissions...)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return permissions
|
|
|
|
}
|