zitadel/internal/command/instance_policy_privacy.go

package command

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/command/preparation"
	"github.com/zitadel/zitadel/internal/domain"
	caos_errs "github.com/zitadel/zitadel/internal/errors"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/instance"
	"github.com/zitadel/zitadel/internal/telemetry/tracing"
)

func (c *Commands) AddDefaultPrivacyPolicy(ctx context.Context, tosLink, privacyLink, helpLink string, supportEmail domain.EmailAddress) (*domain.ObjectDetails, error) {
	instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddDefaultPrivacyPolicy(instanceAgg, tosLink, privacyLink, helpLink, supportEmail))
	if err != nil {
		return nil, err
	}
	pushedEvents, err := c.eventstore.Push(ctx, cmds...)
	if err != nil {
		return nil, err
	}
	return pushedEventsToObjectDetails(pushedEvents), nil
}

func (c *Commands) ChangeDefaultPrivacyPolicy(ctx context.Context, policy *domain.PrivacyPolicy) (*domain.PrivacyPolicy, error) {
	if policy.SupportEmail != "" {
		if err := policy.SupportEmail.Validate(); err != nil {
			return nil, err
		}
		policy.SupportEmail = policy.SupportEmail.Normalize()
	}

	existingPolicy, err := c.defaultPrivacyPolicyWriteModelByID(ctx)
	if err != nil {
		return nil, err
	}
	if existingPolicy.State == domain.PolicyStateUnspecified || existingPolicy.State == domain.PolicyStateRemoved {
		return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PrivacyPolicy.NotFound")
	}

	instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PrivacyPolicyWriteModel.WriteModel)
	changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.TOSLink, policy.PrivacyLink, policy.HelpLink, policy.SupportEmail)
	if !hasChanged {
		return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9jJfs", "Errors.IAM.PrivacyPolicy.NotChanged")
	}
	pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
	if err != nil {
		return nil, err
	}
	err = AppendAndReduce(existingPolicy, pushedEvents...)
	if err != nil {
		return nil, err
	}
	return writeModelToPrivacyPolicy(&existingPolicy.PrivacyPolicyWriteModel), nil
}

func (c *Commands) defaultPrivacyPolicyWriteModelByID(ctx context.Context) (policy *InstancePrivacyPolicyWriteModel, err error) {
	ctx, span := tracing.NewSpan(ctx)
	defer func() { span.EndWithError(err) }()

	writeModel := NewInstancePrivacyPolicyWriteModel(ctx)
	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
	if err != nil {
		return nil, err
	}
	return writeModel, nil
}

func (c *Commands) getDefaultPrivacyPolicy(ctx context.Context) (*domain.PrivacyPolicy, error) {
	policyWriteModel := NewInstancePrivacyPolicyWriteModel(ctx)
	err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)
	if err != nil {
		return nil, err
	}
	if !policyWriteModel.State.Exists() {
		return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-559os", "Errors.IAM.PrivacyPolicy.NotFound")
	}
	policy := writeModelToPrivacyPolicy(&policyWriteModel.PrivacyPolicyWriteModel)
	policy.Default = true
	return policy, nil
}

func prepareAddDefaultPrivacyPolicy(
	a *instance.Aggregate,
	tosLink,
	privacyLink,
	helpLink string,
	supportEmail domain.EmailAddress,
) preparation.Validation {
	return func() (preparation.CreateCommands, error) {
		if supportEmail != "" {
			if err := supportEmail.Validate(); err != nil {
				return nil, err
			}
			supportEmail = supportEmail.Normalize()
		}
		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
			writeModel := NewInstancePrivacyPolicyWriteModel(ctx)
			events, err := filter(ctx, writeModel.Query())
			if err != nil {
				return nil, err
			}
			writeModel.AppendEvents(events...)
			if err = writeModel.Reduce(); err != nil {
				return nil, err
			}
			if writeModel.State == domain.PolicyStateActive {
				return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-M00rJ", "Errors.Instance.PrivacyPolicy.AlreadyExists")
			}
			return []eventstore.Command{
				instance.NewPrivacyPolicyAddedEvent(ctx, &a.Aggregate, tosLink, privacyLink, helpLink, supportEmail),
			}, nil
		}, nil
	}
}
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`package command`

			`import (`
			`"context"`
refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/command/preparation"`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/domain"`
			`caos_errs "github.com/zitadel/zitadel/internal/errors"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/repository/instance"`
			`"github.com/zitadel/zitadel/internal/telemetry/tracing"`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`)`

feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`func (c Commands) AddDefaultPrivacyPolicy(ctx context.Context, tosLink, privacyLink, helpLink string, supportEmail domain.EmailAddress) (domain.ObjectDetails, error) {`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())`
feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddDefaultPrivacyPolicy(instanceAgg, tosLink, privacyLink, helpLink, supportEmail))`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`pushedEvents, err := c.eventstore.Push(ctx, cmds...)`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`return pushedEventsToObjectDetails(pushedEvents), nil`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`}`

			`func (c Commands) ChangeDefaultPrivacyPolicy(ctx context.Context, policy domain.PrivacyPolicy) (*domain.PrivacyPolicy, error) {`
feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`if policy.SupportEmail != "" {`
			`if err := policy.SupportEmail.Validate(); err != nil {`
			`return nil, err`
			`}`
			`policy.SupportEmail = policy.SupportEmail.Normalize()`
			`}`

feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`existingPolicy, err := c.defaultPrivacyPolicyWriteModelByID(ctx)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if existingPolicy.State == domain.PolicyStateUnspecified \|\| existingPolicy.State == domain.PolicyStateRemoved {`
fix: V2 docs / error messages (#3611) * docs: rewrite concept section * docs: add instance to guides * chore: error messages * fix: scenarios * docs: urls * docs: change images * docs: change images * docs: change images Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-05-16 12:00:33 +00:00			`return nil, caos_errs.ThrowNotFound(nil, "INSTANCE-0oPew", "Errors.IAM.PrivacyPolicy.NotFound")`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`}`

fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`instanceAgg := InstanceAggregateFromWriteModel(&existingPolicy.PrivacyPolicyWriteModel.WriteModel)`
feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`changedEvent, hasChanged := existingPolicy.NewChangedEvent(ctx, instanceAgg, policy.TOSLink, policy.PrivacyLink, policy.HelpLink, policy.SupportEmail)`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`if !hasChanged {`
fix: V2 docs / error messages (#3611) * docs: rewrite concept section * docs: add instance to guides * chore: error messages * fix: scenarios * docs: urls * docs: change images * docs: change images * docs: change images Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-05-16 12:00:33 +00:00			`return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-9jJfs", "Errors.IAM.PrivacyPolicy.NotChanged")`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`}`
refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter (#2907) 2022-01-03 08:19:07 +00:00			`pushedEvents, err := c.eventstore.Push(ctx, changedEvent)`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`err = AppendAndReduce(existingPolicy, pushedEvents...)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return writeModelToPrivacyPolicy(&existingPolicy.PrivacyPolicyWriteModel), nil`
			`}`

fix: rename iam to instance (#3345) * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename orgiampolicy to domain policy * fix: merge conflicts * fix: protos * fix: md files * implement deprecated org iam policy again Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-03-24 16:21:34 +00:00			`func (c Commands) defaultPrivacyPolicyWriteModelByID(ctx context.Context) (policy InstancePrivacyPolicyWriteModel, err error) {`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`ctx, span := tracing.NewSpan(ctx)`
			`defer func() { span.EndWithError(err) }()`

feat: Instance commands (#3385) * fix: add events for domain * fix: add/remove domain command side * fix: add/remove domain command side * fix: add/remove domain query side * fix: create instance * fix: merge v2 * fix: instance domain * fix: instance domain * fix: instance domain * fix: instance domain * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from writemodels * fix: remove domain.IAMID from api * fix: remove domain.IAMID * fix: remove domain.IAMID * fix: add instance domain queries * fix: fix after merge * Update auth_request.go * fix keypair * remove unused code * feat: read instance id from context * feat: remove unused code * feat: use instance id from context * some fixes Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2022-04-05 05:58:09 +00:00			`writeModel := NewInstancePrivacyPolicyWriteModel(ctx)`
feat: Privacy policy (#1957) * feat: command side privacy policy * feat: add privacy policy to api * feat: add privacy policy query side * fix: add privacy policy to mgmt api * fix: add privacy policy to auth and base data * feat: use privacyPolicy in login gui * feat: use privacyPolicy in login gui * feat: test org fatures * feat: typos * feat: tos in register 2021-07-05 08:36:51 +00:00			`err = c.eventstore.FilterToQueryReducer(ctx, writeModel)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return writeModel, nil`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00
			`func (c Commands) getDefaultPrivacyPolicy(ctx context.Context) (domain.PrivacyPolicy, error) {`
			`policyWriteModel := NewInstancePrivacyPolicyWriteModel(ctx)`
			`err := c.eventstore.FilterToQueryReducer(ctx, policyWriteModel)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if !policyWriteModel.State.Exists() {`
			`return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-559os", "Errors.IAM.PrivacyPolicy.NotFound")`
			`}`
			`policy := writeModelToPrivacyPolicy(&policyWriteModel.PrivacyPolicyWriteModel)`
			`policy.Default = true`
			`return policy, nil`
			`}`

			`func prepareAddDefaultPrivacyPolicy(`
			`a *instance.Aggregate,`
			`tosLink,`
			`privacyLink,`
			`helpLink string,`
feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`supportEmail domain.EmailAddress,`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`) preparation.Validation {`
			`return func() (preparation.CreateCommands, error) {`
feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`if supportEmail != "" {`
			`if err := supportEmail.Validate(); err != nil {`
			`return nil, err`
			`}`
			`supportEmail = supportEmail.Normalize()`
			`}`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {`
			`writeModel := NewInstancePrivacyPolicyWriteModel(ctx)`
			`events, err := filter(ctx, writeModel.Query())`
			`if err != nil {`
			`return nil, err`
			`}`
			`writeModel.AppendEvents(events...)`
			`if err = writeModel.Reduce(); err != nil {`
			`return nil, err`
			`}`
			`if writeModel.State == domain.PolicyStateActive {`
			`return nil, caos_errs.ThrowAlreadyExists(nil, "INSTANCE-M00rJ", "Errors.Instance.PrivacyPolicy.AlreadyExists")`
			`}`
			`return []eventstore.Command{`
feat: add Help/Support e-mail for instance/org (#5445) feat: help and support email in privacy policy 2023-03-28 19:36:52 +00:00			`instance.NewPrivacyPolicyAddedEvent(ctx, &a.Aggregate, tosLink, privacyLink, helpLink, supportEmail),`
fix: unify commands (and remove todos for checking existence) (#3696) 2022-05-24 09:28:17 +00:00			`}, nil`
			`}, nil`
			`}`
			`}`