fix(console): general fixes, project grants for owned and granted context (#425)

* update and delete project grants

* fix: user grant id (#421)

* fix: verboser logging on sql err (#412)

* fix(eventstore): improve insert statement

* fix: verbose logging on error

* fix: simplify insertEvents

* fix: project grant delete (#417)

* fix: add grant id to user grant if needed

* fix: add grant id to user grant if needed

Co-authored-by: Silvan <silvan.reusser@gmail.com>

* fix user grant context

* lint

* role validators

* fix: usergrantid (#424)

* fix: verboser logging on sql err (#412)

* fix(eventstore): improve insert statement

* fix: verbose logging on error

* fix: simplify insertEvents

* fix: project grant delete (#417)

* fix: add grant id to user grant if needed

* fix: add grant id to user grant if needed

* fix: add bulk remove

* fix: merge

Co-authored-by: Silvan <silvan.reusser@gmail.com>

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>

cmd/zitadel/caos_local.sh

@@ -40,7 +40,7 @@ export SMTP_TLS=TRUE
 export CHAT_URL=$(gopass zitadel-secrets/zitadel/dev/google-chat-url)
 
 #OIDC
-export ZITADEL_ISSUER=http://localhost:50002/oauth/v2/
+export ZITADEL_ISSUER=http://localhost:50002/oauth/v2
 export ZITADEL_ACCOUNTS=http://localhost:50003/login
 export ZITADEL_AUTHORIZE=http://localhost:50002/oauth/v2
 export ZITADEL_OAUTH=http://localhost:50002/oauth/v2

console/src/app/modules/user-grants/user-grants-datasource.ts

@@ -82,6 +82,7 @@ export class UserGrantsDataSource extends DataSource<UserGrant.AsObject> {
             catchError(() => of([])),
             finalize(() => this.loadingSubject.next(false)),
         ).subscribe(grants => {
+            console.log(grants);
             this.grantsSubject.next(grants);
         });
     }

console/src/app/modules/user-grants/user-grants.component.html

@@ -14,8 +14,8 @@
         (click)="deleteGrantSelection()" *ngIf="selection.hasValue() && allowDelete">
         <i class="las la-trash"></i>
     </button>
-    <a *ngIf="allowCreate" matTooltip="{{'GRANTS.ADD' | translate}}" color="primary" class="add-button" color="primary"
+    <a *ngIf="allowCreate && context !== UserGrantContext.USER" matTooltip="{{'GRANTS.ADD' | translate}}"
-        mat-raised-button [routerLink]="routerLink">
+        color="primary" class="add-button" color="primary" mat-raised-button [routerLink]="routerLink">
         <mat-icon class="icon">add</mat-icon>{{ 'GRANTS.ADD_BTN' | translate }}
     </a>
 </div>
@@ -78,21 +78,61 @@
         <ng-container matColumnDef="roleNamesList">
             <th mat-header-cell *matHeaderCellDef> {{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }} </th>
             <td mat-cell *matCellDef="let grant; let i = index">
-                <ng-container *ngIf="loadedProjectId !== grant.projectId">
+                <ng-container *ngIf="context === UserGrantContext.USER">
-                    <span class="role app-label" *ngFor="let role of grant.roleKeysList">{{role}}</span>
+                    <span class="no-roles"
-                    <button mat-icon-button (click)="loadRoleOptions(grant.projectId)">
+                        *ngIf="grant.roleKeysList?.length === 0">{{'PROJECT.GRANT.NOROLES' | translate}}</span>
-                        <i class="las la-edit"></i>
+                    <span *ngFor="let role of grant.roleKeysList">{{role}}</span>
-                    </button>
+                </ng-container>
+
+                <!-- <ng-container *ngIf="context === UserGrantContext.USER">
+                    <ng-container *ngIf="loadedGrantId !== grant.grantId">
+                        <span class="role app-label" *ngFor="let role of grant.roleKeysList">{{role}}</span>
+                        <button mat-icon-button (click)="getGrantRoleOptions(grant.grantId, grant.projectId)"
+                            matTooltip="{{'ACTIONS.CHANGE' | translate}}">
+                            <i class="las la-edit"></i>
+                        </button>
+                    </ng-container>
+                    <mat-form-field class="form-field" appearance="outline" *ngIf="loadedGrantId === grant.grantId">
+                        <mat-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</mat-label>
+                        <mat-select [(ngModel)]="grant.roleKeysList" multiple [disabled]="allowCreate == false"
+                            (selectionChange)="updateRoles(grant, $event)">
+                            <mat-option *ngFor="let role of grantRoleOptions" [value]="role">
+                                {{role}}
+                            </mat-option>
+                        </mat-select>
+                    </mat-form-field>
+                </ng-container> -->
+
+                <ng-container *ngIf="context === UserGrantContext.OWNED_PROJECT">
+                    <ng-container *ngIf="loadedProjectId !== grant.projectId">
+                        <span class="role app-label" *ngFor="let role of grant.roleKeysList">{{role}}</span>
+                        <button mat-icon-button (click)="getProjectRoleOptions(grant.projectId)"
+                            matTooltip="{{'ACTIONS.CHANGE' | translate}}">
+                            <i class="las la-edit"></i>
+                        </button>
+                    </ng-container>
+                    <mat-form-field class="form-field" appearance="outline" *ngIf="loadedProjectId === grant.projectId">
+                        <mat-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</mat-label>
+                        <mat-select [(ngModel)]="grant.roleKeysList" multiple [disabled]="allowCreate == false"
+                            (selectionChange)="updateRoles(grant, $event)">
+                            <mat-option *ngFor="let role of projectRoleOptions" [value]="role.key">
+                                {{role.key}}
+                            </mat-option>
+                        </mat-select>
+                    </mat-form-field>
+                </ng-container>
+
+                <ng-container *ngIf="context === UserGrantContext.GRANTED_PROJECT">
+                    <mat-form-field class="form-field" appearance="outline">
+                        <mat-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</mat-label>
+                        <mat-select [(ngModel)]="grant.roleKeysList" multiple [disabled]="allowCreate == false"
+                            (selectionChange)="updateRoles(grant, $event)">
+                            <mat-option *ngFor="let role of grantRoleOptions" [value]="role">
+                                {{role}}
+                            </mat-option>
+                        </mat-select>
+                    </mat-form-field>
                 </ng-container>
-                <mat-form-field class="form-field" appearance="outline" *ngIf="loadedProjectId === grant.projectId">
-                    <mat-label>{{ 'PROJECT.GRANT.TITLE' | translate }}</mat-label>
-                    <mat-select [(ngModel)]="grant.roleKeysList" multiple [disabled]="allowCreate == false"
-                        (selectionChange)="updateRoles(grant, $event)">
-                        <mat-option *ngFor="let role of roleOptions" [value]="role.key">
-                            {{role.key}}
-                        </mat-option>
-                    </mat-select>
-                </mat-form-field>
             </td>
         </ng-container>
 

console/src/app/modules/user-grants/user-grants.component.scss

@@ -70,4 +70,9 @@
 .pointer {
     outline: none;
     cursor: pointer;
+}
+
+.no-roles {
+    font-size: 14px;
+    color: #8795a1;
 }

console/src/app/modules/user-grants/user-grants.component.ts

@@ -34,10 +34,15 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
     @Input() projectId: string = '';
     @Input() grantId: string = '';
 
-    public roleOptions: ProjectRoleView.AsObject[] = [];
+    public grantRoleOptions: string[] = [];
+    public projectRoleOptions: ProjectRoleView.AsObject[] = [];
     public routerLink: any = [''];
 
+    public loadedGrantId: string = '';
     public loadedProjectId: string = '';
+
+    public UserGrantContext: any = UserGrantContext;
+
     constructor(
         private userService: MgmtUserService,
         private projectService: ProjectService,
@@ -50,6 +55,7 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
         'projectId', 'creationDate', 'changeDate', 'roleNamesList'];
 
     public ngOnInit(): void {
+        console.log(this.context);
         this.dataSource = new UserGrantsDataSource(this.userService);
         const data = {
             projectId: this.projectId,
@@ -60,13 +66,14 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
         switch (this.context) {
             case UserGrantContext.OWNED_PROJECT:
                 if (this.projectId) {
-                    this.getRoleOptions(this.projectId);
+                    this.getProjectRoleOptions(this.projectId);
                     this.routerLink = ['/grant-create', 'project', this.projectId];
                 }
                 break;
             case UserGrantContext.GRANTED_PROJECT:
                 if (data && data.grantId) {
                     this.routerLink = ['/grant-create', 'project', this.projectId, 'grant', this.grantId];
+                    this.getGrantRoleOptions(this.grantId, this.projectId);
                 }
                 break;
             case UserGrantContext.USER:
@@ -112,26 +119,49 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
             this.dataSource.grantsSubject.value.forEach(row => this.selection.select(row));
     }
 
-    public loadRoleOptions(projectId: string): void {
+    public getGrantRoleOptions(grantId: string, projectId: string): void {
-        if (this.context === UserGrantContext.USER) {
+        console.log(grantId, projectId);
-            this.getRoleOptions(projectId);
+
-        }
+        this.projectService.GetGrantedProjectByID(projectId, grantId).then(resp => {
+            this.loadedGrantId = projectId;
+            this.grantRoleOptions = resp.toObject().roleKeysList;
+        }).catch(error => {
+            this.toast.showError(error);
+        });
     }
 
-    public getRoleOptions(projectId: string): void {
+    public getProjectRoleOptions(projectId: string): void {
+        console.log(projectId);
         this.projectService.SearchProjectRoles(projectId, 100, 0).then(resp => {
             this.loadedProjectId = projectId;
-            this.roleOptions = resp.toObject().resultList;
+            this.projectRoleOptions = resp.toObject().resultList;
         });
     }
 
     updateRoles(grant: UserGrant.AsObject, selectionChange: MatSelectChange): void {
-        this.userService.UpdateUserGrant(grant.id, grant.userId, selectionChange.value)
+        switch (this.context) {
-            .then(() => {
+            case UserGrantContext.OWNED_PROJECT:
-                this.toast.showInfo('GRANTS.TOAST.UPDATED', true);
+                if (grant.id && grant.projectId) {
-            }).catch(error => {
+                    this.userService.UpdateProjectUserGrant(grant.id, grant.projectId, grant.userId, selectionChange.value)
-                this.toast.showError(error);
+                        .then(() => {
-            });
+                            this.toast.showInfo('GRANTS.TOAST.UPDATED', true);
+                        }).catch(error => {
+                            this.toast.showError(error);
+                        });
+                }
+                break;
+            case UserGrantContext.GRANTED_PROJECT:
+                if (this.grantId && this.projectId) {
+                    this.userService.updateProjectGrantUserGrant(grant.id,
+                        this.grantId, grant.userId, selectionChange.value)
+                        .then(() => {
+                            this.toast.showInfo('GRANTS.TOAST.UPDATED', true);
+                        }).catch(error => {
+                            this.toast.showError(error);
+                        });
+                }
+                break;
+        }
     }
 
     deleteGrantSelection(): void {

console/src/app/pages/apps/app-detail/app-detail.component.ts

@@ -242,8 +242,8 @@ export class AppDetailComponent implements OnInit, OnDestroy {
                 width: '400px',
             });
 
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 

console/src/app/pages/granted-projects/granted-project-detail/granted-project-detail.component.ts

@@ -91,6 +91,7 @@ export class GrantedProjectDetailComponent implements OnInit, OnDestroy {
         if (this.projectId && this.grantId) {
             this.projectService.GetGrantedProjectByID(this.projectId, this.grantId).then(proj => {
                 this.project = proj.toObject();
+                console.log('granted-project', this.project);
             }).catch(error => {
                 this.toast.showError(error);
             });

console/src/app/pages/owned-projects/owned-projects.module.ts

@@ -11,6 +11,7 @@ import { MatInputModule } from '@angular/material/input';
 import { MatPaginatorModule } from '@angular/material/paginator';
 import { MatProgressBarModule } from '@angular/material/progress-bar';
 import { MatProgressSpinnerModule } from '@angular/material/progress-spinner';
+import { MatSelectModule } from '@angular/material/select';
 import { MatSortModule } from '@angular/material/sort';
 import { MatTableModule } from '@angular/material/table';
 import { MatTabsModule } from '@angular/material/tabs';
@@ -53,6 +54,7 @@ import { ProjectGrantsComponent } from './project-grants/project-grants.componen
         UserGrantsModule,
         ProjectContributorsModule,
         FormsModule,
+        ReactiveFormsModule,
         TranslateModule,
         AvatarModule,
         ReactiveFormsModule,
@@ -73,6 +75,7 @@ import { ProjectGrantsComponent } from './project-grants/project-grants.componen
         MatTabsModule,
         MatCheckboxModule,
         CardModule,
+        MatSelectModule,
         MatTooltipModule,
         MatSortModule,
         PipesModule,

console/src/app/pages/owned-projects/project-grants/project-grants-datasource.ts

@@ -29,6 +29,7 @@ export class ProjectGrantsDataSource extends DataSource<ProjectGrant.AsObject> {
             catchError(() => of([])),
             finalize(() => this.loadingSubject.next(false)),
         ).subscribe(grants => {
+            console.log(grants);
             this.grantsSubject.next(grants);
         });
     }

console/src/app/pages/owned-projects/project-grants/project-grants.component.html

@@ -11,8 +11,8 @@
     </div>
     <span class="fill-space"></span>
     <ng-template appHasRole [appHasRole]="['project.grant.member.delete:'+projectId, 'project.grant.member.delete']">
-        <button [disabled]="disabled" matTooltip="{{'ORG_DETAIL.TABLE.DELETE' | translate}}" class="icon-button"
+        <button (click)="deleteSelectedGrants()" [disabled]="disabled" class="icon-button" mat-icon-button
-            mat-icon-button *ngIf="selection.hasValue()" color="warn">
+            *ngIf="selection.hasValue()" color="warn">
             <i class="las la-trash"></i>
         </button>
     </ng-template>
@@ -46,19 +46,22 @@
 
         <ng-container matColumnDef="grantedOrgName">
             <th mat-header-cell *matHeaderCellDef> {{ 'PROJECT.GRANT.GRANTEDORG' | translate }} </th>
-            <td class="pointer" mat-cell *matCellDef="let grant">
+            <td [routerLink]="['/projects',grant.projectId,'grant', grant.id]" class="pointer" mat-cell
+                *matCellDef="let grant">
                 {{grant.grantedOrgName}} </td>
         </ng-container>
 
         <ng-container matColumnDef="creationDate">
             <th mat-header-cell *matHeaderCellDef> {{ 'PROJECT.GRANT.CREATIONDATE' | translate }} </th>
-            <td class="pointer" mat-cell *matCellDef="let grant">
+            <td [routerLink]="['/projects',grant.projectId,'grant', grant.id]" class="pointer" mat-cell
+                *matCellDef="let grant">
                 {{grant.creationDate | timestampToDate | date: 'dd. MMM, HH:mm' }} </td>
         </ng-container>
 
         <ng-container matColumnDef="changeDate">
             <th mat-header-cell *matHeaderCellDef> {{ 'PROJECT.GRANT.CHANGEDATE' | translate }} </th>
-            <td class="pointer" mat-cell *matCellDef="let grant">
+            <td [routerLink]="['/projects',grant.projectId,'grant', grant.id]" class="pointer" mat-cell
+                *matCellDef="let grant">
                 {{grant.changeDate | timestampToDate | date: 'dd. MMM, HH:mm' }} </td>
 
         </ng-container>
@@ -66,12 +69,20 @@
         <ng-container matColumnDef="roleNamesList">
             <th mat-header-cell *matHeaderCellDef> {{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }} </th>
             <td class="pointer" mat-cell *matCellDef="let grant">
-                <span class="role" *ngFor="let role of grant.roleNamesList">{{role}}</span> </td>
+                <mat-form-field class="form-field" appearance="outline" *ngIf="grant.roleKeysList">
+                    <mat-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</mat-label>
+                    <mat-select [(ngModel)]="grant.roleKeysList" multiple
+                        (selectionChange)="updateRoles(grant, $event)">
+                        <mat-option *ngFor="let role of memberRoleOptions" [value]="role.key">
+                            {{role.key}}
+                        </mat-option>
+                    </mat-select>
+                </mat-form-field>
+            </td>
         </ng-container>
 
         <tr mat-header-row *matHeaderRowDef="displayedColumns"></tr>
-        <tr class="data-row" [routerLink]="['/projects',grant.projectId,'grant', grant.id]" mat-row
+        <tr class="data-row" mat-row *matRowDef="let grant; columns: displayedColumns;" class="element-row">
-            *matRowDef="let grant; columns: displayedColumns;" class="element-row">
         </tr>
     </table>
 

console/src/app/pages/owned-projects/project-grants/project-grants.component.ts

@@ -2,10 +2,12 @@ import { animate, state, style, transition, trigger } from '@angular/animations'
 import { SelectionModel } from '@angular/cdk/collections';
 import { AfterViewInit, Component, Input, OnInit, ViewChild } from '@angular/core';
 import { MatPaginator } from '@angular/material/paginator';
+import { MatSelectChange } from '@angular/material/select';
 import { MatTable } from '@angular/material/table';
 import { tap } from 'rxjs/operators';
-import { ProjectGrant, ProjectMemberView } from 'src/app/proto/generated/management_pb';
+import { ProjectGrant, ProjectRoleView } from 'src/app/proto/generated/management_pb';
 import { ProjectService } from 'src/app/services/project.service';
+import { ToastService } from 'src/app/services/toast.service';
 
 import { ProjectGrantsDataSource } from './project-grants-datasource';
 
@@ -28,17 +30,17 @@ export class ProjectGrantsComponent implements OnInit, AfterViewInit {
     @ViewChild(MatTable) public table!: MatTable<ProjectGrant.AsObject>;
     public dataSource!: ProjectGrantsDataSource;
     public selection: SelectionModel<ProjectGrant.AsObject> = new SelectionModel<ProjectGrant.AsObject>(true, []);
-    public expandedElement: ProjectGrant.AsObject | null = null;
+    public memberRoleOptions: ProjectRoleView.AsObject[] = [];
-    public selectedGrantMembers: ProjectMemberView.AsObject[] = [];
 
     /** Columns displayed in the table. Columns IDs can be added, removed, or reordered. */
     public displayedColumns: string[] = ['select', 'grantedOrgName', 'creationDate', 'changeDate', 'roleNamesList'];
 
-    constructor(private projectService: ProjectService) { }
+    constructor(private projectService: ProjectService, private toast: ToastService) { }
 
     public ngOnInit(): void {
         this.dataSource = new ProjectGrantsDataSource(this.projectService);
         this.dataSource.loadGrants(this.projectId, 0, 25, 'asc');
+        this.getRoleOptions(this.projectId);
     }
 
     public ngAfterViewInit(): void {
@@ -69,4 +71,41 @@ export class ProjectGrantsComponent implements OnInit, AfterViewInit {
             this.selection.clear() :
             this.dataSource.grantsSubject.value.forEach(row => this.selection.select(row));
     }
+
+    public getRoleOptions(projectId: string): void {
+        this.projectService.SearchProjectRoles(projectId, 100, 0).then(resp => {
+            this.memberRoleOptions = resp.toObject().resultList;
+            console.log(resp.toObject());
+        });
+    }
+
+    updateRoles(grant: ProjectGrant.AsObject, selectionChange: MatSelectChange): void {
+        this.projectService.UpdateProjectGrant(grant.id, grant.projectId, selectionChange.value)
+            .then((newgrant: ProjectGrant) => {
+                this.toast.showInfo('Grant updated!');
+            }).catch(error => {
+                this.toast.showError(error);
+            });
+    }
+
+    deleteSelectedGrants(): void {
+        const promises = this.selection.selected.map(grant => {
+            return this.projectService.RemoveProjectGrant(grant.id, grant.projectId);
+        });
+
+        Promise.all(promises).then(() => {
+            this.toast.showInfo('GRANTS.TOAST.BULKREMOVED', true);
+            const data = this.dataSource.grantsSubject.getValue();
+            this.selection.selected.forEach((item) => {
+                const index = data.findIndex(i => i.id === item.id);
+                if (index > -1) {
+                    data.splice(index, 1);
+                    this.dataSource.grantsSubject.next(data);
+                }
+            });
+            this.selection.clear();
+        }).catch(error => {
+            this.toast.showError(error);
+        });
+    }
 }

console/src/app/pages/project-role-create/project-role-create.component.ts

@@ -59,9 +59,9 @@ export class ProjectRoleCreateComponent implements OnInit, OnDestroy {
 
     public addEntry(): void {
         const newGroup = new FormGroup({
-            key: new FormControl(''),
+            key: new FormControl('', [Validators.required]),
             displayName: new FormControl(''),
-            group: new FormControl('', [Validators.required]),
+            group: new FormControl(''),
         });
 
         this.formArray.push(newGroup);
@@ -94,8 +94,8 @@ export class ProjectRoleCreateComponent implements OnInit, OnDestroy {
 
         this.projectService.BulkAddProjectRole(this.projectId, rolesToAdd).then(() => {
             this.router.navigate(['projects', this.projectId]);
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 

console/src/app/pages/user-detail/auth-user-detail/auth-user-detail.component.ts

@@ -114,16 +114,16 @@ export class AuthUserDetailComponent implements OnDestroy {
     public resendVerification(): void {
         this.userService.ResendEmailVerification().then(() => {
             this.toast.showInfo('USER.TOAST.EMAILSAVED', true);
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 
     public resendPhoneVerification(): void {
         this.userService.ResendPhoneVerification().then(() => {
             this.toast.showInfo('USER.TOAST.PHONEVERIFICATIONSENT', true);
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 
@@ -132,8 +132,8 @@ export class AuthUserDetailComponent implements OnDestroy {
             this.toast.showInfo('USER.TOAST.PHONEREMOVED', true);
             this.user.phone = '';
             this.phoneEditState = false;
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 

console/src/app/pages/user-detail/user-detail/user-detail.component.ts

@@ -66,12 +66,14 @@ export class UserDetailComponent implements OnInit, OnDestroy {
         if (newState === UserState.USERSTATE_ACTIVE) {
             this.mgmtUserService.ReactivateUser(this.user.id).then(() => {
                 this.toast.showInfo('USER.TOAST.REACTIVATED', true);
+                this.user.state = newState;
             }).catch(error => {
                 this.toast.showError(error);
             });
         } else if (newState === UserState.USERSTATE_INACTIVE) {
             this.mgmtUserService.DeactivateUser(this.user.id).then(() => {
                 this.toast.showInfo('USER.TOAST.DEACTIVATED', true);
+                this.user.state = newState;
             }).catch(error => {
                 this.toast.showError(error);
             });
@@ -105,16 +107,16 @@ export class UserDetailComponent implements OnInit, OnDestroy {
     public resendVerification(): void {
         this.mgmtUserService.ResendEmailVerification(this.user.id).then(() => {
             this.toast.showInfo('USER.TOAST.EMAILVERIFICATIONSENT', true);
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 
     public resendPhoneVerification(): void {
         this.mgmtUserService.ResendPhoneVerification(this.user.id).then(() => {
             this.toast.showInfo('USER.TOAST.PHONEVERIFICATIONSENT', true);
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 
@@ -123,8 +125,8 @@ export class UserDetailComponent implements OnInit, OnDestroy {
             this.toast.showInfo('USER.TOAST.PHONEREMOVED', true);
             this.user.phone = '';
             this.phoneEditState = false;
-        }).catch(data => {
+        }).catch(error => {
-            this.toast.showError(data.message);
+            this.toast.showError(error);
         });
     }
 

console/src/app/pages/user-grant-create/user-grant-create.component.html

@@ -35,10 +35,26 @@
 
     <ng-container *ngIf="currentCreateStep === STEPS">
         <h1>{{'PROJECT.GRANT.CREATE.SEL_ROLES' | translate}}</h1>
+        <ng-container *ngIf="context === UserGrantContext.OWNED_PROJECT && projectId">
+            <app-card>
+                <app-project-roles (changedSelection)="selectRoles($event)" [projectId]="projectId">
+                </app-project-roles>
+            </app-card>
+        </ng-container>
 
-        <app-card *ngIf="projectId">
+        <ng-container *ngIf="context === UserGrantContext.GRANTED_PROJECT && grantRolesKeyList; else noGrantRolesFound">
-            <app-project-roles (changedSelection)="selectRoles($event)" [projectId]="projectId"></app-project-roles>
+            <mat-form-field class="form-field" appearance="outline">
-        </app-card>
+                <mat-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</mat-label>
+                <mat-select multiple (selectionChange)="rolesList = $event.value">
+                    <mat-option *ngFor="let role of grantRolesKeyList" [value]="role">
+                        {{role}}
+                    </mat-option>
+                </mat-select>
+            </mat-form-field>
+        </ng-container>
+        <ng-template #noGrantRolesFound>
+            <span>{{'PROJECT.GRANT.NOROLES'}}</span>
+        </ng-template>
     </ng-container>
 
     <div class="btn-container">

console/src/app/pages/user-grant-create/user-grant-create.component.ts

@@ -7,6 +7,7 @@ import { Org } from 'src/app/proto/generated/auth_pb';
 import { ProjectGrantView, ProjectRole, ProjectView, User, UserGrant } from 'src/app/proto/generated/management_pb';
 import { AuthService } from 'src/app/services/auth.service';
 import { MgmtUserService } from 'src/app/services/mgmt-user.service';
+import { ProjectService } from 'src/app/services/project.service';
 import { ToastService } from 'src/app/services/toast.service';
 
 @Component({
@@ -31,12 +32,15 @@ export class UserGrantCreateComponent implements OnDestroy {
     private subscription: Subscription = new Subscription();
 
     public UserGrantContext: any = UserGrantContext;
+
+    public grantRolesKeyList: string[] = [];
     constructor(
         private authService: AuthService,
         private userService: MgmtUserService,
         private toast: ToastService,
         private _location: Location,
         private route: ActivatedRoute,
+        private projectService: ProjectService,
     ) {
         this.subscription = this.route.params.subscribe((params: Params) => {
             const { context, projectid, grantid, userid } = params;
@@ -46,12 +50,23 @@ export class UserGrantCreateComponent implements OnDestroy {
             this.grantId = grantid;
             this.userId = userid;
 
-            if (this.userId) {
+            console.log('usergrantcreate');
-                this.context = UserGrantContext.USER;
+
-            } else if (this.projectId && !this.grantId) {
+            // if (this.userId) {
+            //     this.context = UserGrantContext.USER;
+            // } else
+
+            if (this.projectId && !this.grantId) {
                 this.context = UserGrantContext.OWNED_PROJECT;
             } else if (this.projectId && this.grantId) {
                 this.context = UserGrantContext.GRANTED_PROJECT;
+                console.log(this.grantId, this.projectId);
+                this.projectService.GetGrantedProjectByID(this.projectId, this.grantId).then(resp => {
+                    console.log(resp.toObject());
+                    this.grantRolesKeyList = resp.toObject().roleKeysList;
+                }).catch(error => {
+                    this.toast.showError(error);
+                });
             }
         });
 
@@ -66,18 +81,18 @@ export class UserGrantCreateComponent implements OnDestroy {
 
     public addGrant(): void {
         switch (this.context) {
-            case UserGrantContext.USER:
+            // case UserGrantContext.USER:
-                this.userService.CreateUserGrant(
+            //     this.userService.CreateUserGrant(
-                    this.projectId,
+            //         this.projectId,
-                    this.userId,
+            //         this.userId,
-                    this.rolesList,
+            //         this.rolesList,
-                ).then((data: UserGrant) => {
+            //     ).then((data: UserGrant) => {
-                    this.toast.showInfo('User Grant added');
+            //         this.toast.showInfo('User Grant added');
-                    this.close();
+            //         this.close();
-                }).catch(error => {
+            //     }).catch(error => {
-                    this.toast.showError(error);
+            //         this.toast.showError(error);
-                });
+            //     });
-                break;
+            //     break;
             case UserGrantContext.OWNED_PROJECT:
                 this.userService.CreateProjectUserGrant(
                     this.projectId,

console/src/app/pages/user-grant-create/user-grant-create.module.ts

@@ -1,7 +1,9 @@
 import { CommonModule } from '@angular/common';
 import { CUSTOM_ELEMENTS_SCHEMA, NgModule } from '@angular/core';
 import { MatButtonModule } from '@angular/material/button';
+import { MatFormFieldModule } from '@angular/material/form-field';
 import { MatIconModule } from '@angular/material/icon';
+import { MatSelectModule } from '@angular/material/select';
 import { TranslateModule } from '@ngx-translate/core';
 import { CardModule } from 'src/app/modules/card/card.module';
 import {
@@ -24,6 +26,8 @@ import { UserGrantCreateComponent } from './user-grant-create.component';
         MatIconModule,
         TranslateModule,
         CardModule,
+        MatFormFieldModule,
+        MatSelectModule,
         SearchProjectAutocompleteModule,
         SearchUserAutocompleteModule,
         ProjectRolesModule,

console/src/app/services/mgmt-user.service.ts

@@ -21,6 +21,7 @@ import {
     ProjectGrantUserGrantUpdate,
     ProjectRoleAdd,
     ProjectUserGrantSearchRequest,
+    ProjectUserGrantUpdate,
     SetPasswordNotificationRequest,
     UpdateUserAddressRequest,
     UpdateUserEmailRequest,
@@ -36,7 +37,6 @@ import {
     UserGrantSearchQuery,
     UserGrantSearchRequest,
     UserGrantSearchResponse,
-    UserGrantUpdate,
     UserGrantView,
     UserID,
     UserPhone,
@@ -217,22 +217,22 @@ export class MgmtUserService {
         );
     }
 
-    public async CreateUserGrant(
+    // public async CreateUserGrant(
-        projectId: string,
+    //     projectId: string,
-        userId: string,
+    //     userId: string,
-        roleNamesList: string[],
+    //     roleNamesList: string[],
-    ): Promise<UserGrant> {
+    // ): Promise<UserGrant> {
-        const req = new UserGrantCreate();
+    //     const req = new UserGrantCreate();
-        req.setProjectId(projectId);
+    //     req.setProjectId(projectId);
-        req.setUserId(userId);
+    //     req.setUserId(userId);
-        req.setRoleKeysList(roleNamesList);
+    //     req.setRoleKeysList(roleNamesList);
 
-        return await this.request(
+    //     return await this.request(
-            c => c.createUserGrant,
+    //         c => c.createUserGrant,
-            req,
+    //         req,
-            f => f,
+    //         f => f,
-        );
+    //     );
-    }
+    // }
 
     public async CreateProjectUserGrant(
         projectId: string,
@@ -497,18 +497,37 @@ export class MgmtUserService {
         );
     }
 
-    public async UpdateUserGrant(
+    // public async UpdateUserGrant(
+    //     id: string,
+    //     userId: string,
+    //     roleKeysList: string[],
+    // ): Promise<UserGrant> {
+    //     const req = new UserGrantUpdate();
+    //     req.setId(id);
+    //     req.setRoleKeysList(roleKeysList);
+    //     req.setUserId(userId);
+
+    //     return await this.request(
+    //         c => c.updateUserGrant,
+    //         req,
+    //         f => f,
+    //     );
+    // }
+
+    public async UpdateProjectUserGrant(
         id: string,
+        projectId: string,
         userId: string,
         roleKeysList: string[],
     ): Promise<UserGrant> {
-        const req = new UserGrantUpdate();
+        const req = new ProjectUserGrantUpdate();
         req.setId(id);
+        req.setProjectId(projectId);
         req.setRoleKeysList(roleKeysList);
         req.setUserId(userId);
 
         return await this.request(
-            c => c.updateUserGrant,
+            c => c.updateProjectUserGrant,
             req,
             f => f,
         );
@@ -516,15 +535,15 @@ export class MgmtUserService {
 
     public async updateProjectGrantUserGrant(
         id: string,
-        roleKeysList: string[],
-        userId: string,
         projectGrantId: string,
+        userId: string,
+        roleKeysList: string[],
     ): Promise<UserGrant> {
         const req = new ProjectGrantUserGrantUpdate();
         req.setId(id);
+        req.setProjectGrantId(projectGrantId);
         req.setRoleKeysList(roleKeysList);
         req.setUserId(userId);
-        req.setProjectGrantId(projectGrantId);
 
         return await this.request(
             c => c.updateProjectGrantUserGrant,

console/src/app/services/project.service.ts

@@ -165,6 +165,17 @@ export class ProjectService {
         );
     }
 
+    public async RemoveProjectGrant(id: string, projectId: string): Promise<Empty> {
+        const req = new ProjectGrantID();
+        req.setId(id);
+        req.setProjectId(projectId);
+        return await this.request(
+            c => c.removeProjectGrant,
+            req,
+            f => f,
+        );
+    }
+
     public async DeactivateProject(projectId: string): Promise<Project> {
         const req = new ProjectID();
         req.setId(projectId);
@@ -491,8 +502,10 @@ export class ProjectService {
         );
     }
 
-    public async ProjectGrantByID(id: string): Promise<ProjectGrant> {
+    public async ProjectGrantByID(id: string, projectId: string): Promise<ProjectGrantView> {
         const req = new ProjectGrantID();
+        req.setId(id);
+        req.setProjectId(projectId);
         return await this.request(
             c => c.projectGrantByID,
             req,

console/src/assets/i18n/de.json

@@ -47,7 +47,8 @@
         "DELETE": "Löschen",
         "REMOVE":"Entfernen",
         "VERIFY":"Verifizieren",
-        "FINISH":"Abschliessen"
+        "FINISH":"Abschliessen",
+        "CHANGE":"Ändern"
     },
     "ERRORS": {
         "REQUIRED": "Bitte fülle alle benötigten Felder aus!"
@@ -418,7 +419,8 @@
             "GRANTEDORGNAME":"Org. Name",
             "CREATIONDATE": "Erstelldatum",
             "CHANGEDATE": "Letzte Änderung",
-            "ROLENAMESLIST": "Rollen"
+            "ROLENAMESLIST": "Rollen",
+            "NOROLES":"Keine Rollen"
         },
         "APP": {
             "TITLE": "Applikationen",

console/src/assets/i18n/en.json

@@ -47,7 +47,8 @@
         "DELETE": "Delete",
         "REMOVE":"Remove",
         "VERIFY":"Verify",
-        "FINISH":"Finish"
+        "FINISH":"Finish",
+        "CHANGE":"Change"
     },
     "ERRORS": {
         "REQUIRED": "Some required fields are missing!"
@@ -418,7 +419,8 @@
             "GRANTEDORGNAME":"Org. Name",
             "CREATIONDATE": "Creation Date",
             "CHANGEDATE": "Last Modified",
-            "ROLENAMESLIST": "Roles"
+            "ROLENAMESLIST": "Roles",
+            "NOROLES":"No roles"
         },
         "APP": {
             "TITLE": "Applications",

docs/local.md

@@ -31,4 +31,3 @@ cockroachdb/cockroach:v19.2.2 start --insecure
 
 #### Should show eventstore, management, admin, auth
 `show databases;`
-

internal/api/grpc/auth/user_grant_converter.go

@@ -99,6 +99,7 @@ func userGrantViewFromModel(grant *grant_model.UserGrantView) *auth.UserGrantVie
 		OrgName:   grant.OrgName,
 		ProjectId: grant.ProjectID,
 		Roles:     grant.RoleKeys,
+		GrantId:   grant.GrantID,
 	}
 }
 

internal/api/grpc/management/user_grant.go

@@ -27,21 +27,6 @@ func (s *Server) UserGrantByID(ctx context.Context, request *management.UserGran
 	return userGrantViewFromModel(user), nil
 }
 
-func (s *Server) CreateUserGrant(ctx context.Context, in *management.UserGrantCreate) (*management.UserGrant, error) {
-	user, err := s.usergrant.AddUserGrant(ctx, userGrantCreateToModel(in))
-	if err != nil {
-		return nil, err
-	}
-	return usergrantFromModel(user), nil
-}
-
-func (s *Server) UpdateUserGrant(ctx context.Context, in *management.UserGrantUpdate) (*management.UserGrant, error) {
-	user, err := s.usergrant.ChangeUserGrant(ctx, userGrantUpdateToModel(in))
-	if err != nil {
-		return nil, err
-	}
-	return usergrantFromModel(user), nil
-}
 func (s *Server) DeactivateUserGrant(ctx context.Context, in *management.UserGrantID) (*management.UserGrant, error) {
 	user, err := s.usergrant.DeactivateUserGrant(ctx, in.Id)
 	if err != nil {
@@ -62,16 +47,6 @@ func (s *Server) RemoveUserGrant(ctx context.Context, in *management.UserGrantID
 	return &empty.Empty{}, err
 }
 
-func (s *Server) BulkCreateUserGrant(ctx context.Context, in *management.UserGrantCreateBulk) (*empty.Empty, error) {
-	err := s.usergrant.BulkAddUserGrant(ctx, userGrantCreateBulkToModel(in)...)
-	return &empty.Empty{}, err
-}
-
-func (s *Server) BulkUpdateUserGrant(ctx context.Context, in *management.UserGrantUpdateBulk) (*empty.Empty, error) {
-	err := s.usergrant.BulkChangeUserGrant(ctx, userGrantUpdateBulkToModel(in)...)
-	return &empty.Empty{}, err
-}
-
 func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *management.UserGrantRemoveBulk) (*empty.Empty, error) {
 	err := s.usergrant.BulkRemoveUserGrant(ctx, userGrantRemoveBulkToModel(in)...)
 	return &empty.Empty{}, err

internal/api/grpc/management/user_grant_converter.go

@@ -80,6 +80,7 @@ func projectGrantUserGrantCreateToModel(u *management.ProjectGrantUserGrantCreat
 		UserID:    u.UserId,
 		ProjectID: u.ProjectId,
 		RoleKeys:  u.RoleKeys,
+		GrantID:   u.ProjectGrantId,
 	}
 }
 
@@ -172,6 +173,7 @@ func userGrantViewFromModel(grant *grant_model.UserGrantView) *management.UserGr
 		ProjectId:     grant.ProjectID,
 		OrgId:         grant.ResourceOwner,
 		DisplayName:   grant.DisplayName,
+		GrantId:       grant.GrantID,
 	}
 }
 

internal/usergrant/model/user_grant.go

@@ -8,6 +8,7 @@ type UserGrant struct {
 	State     UserGrantState
 	UserID    string
 	ProjectID string
+	GrantID   string
 	RoleKeys  []string
 }
 

internal/usergrant/model/user_grant_view.go

@@ -11,6 +11,7 @@ type UserGrantView struct {
 	ResourceOwner string
 	UserID        string
 	ProjectID     string
+	GrantID       string
 	UserName      string
 	FirstName     string
 	LastName      string

internal/usergrant/repository/eventsourcing/model/user_grant.go

@@ -19,6 +19,7 @@ type UserGrant struct {
 	State     int32    `json:"-"`
 	UserID    string   `json:"userId,omitempty"`
 	ProjectID string   `json:"projectId,omitempty"`
+	GrantID   string   `json:"grantId,omitempty"`
 	RoleKeys  []string `json:"roleKeys,omitempty"`
 }
 
@@ -40,6 +41,7 @@ func UserGrantFromModel(grant *model.UserGrant) *UserGrant {
 		ObjectRoot: grant.ObjectRoot,
 		UserID:     grant.UserID,
 		ProjectID:  grant.ProjectID,
+		GrantID:    grant.GrantID,
 		State:      int32(grant.State),
 		RoleKeys:   grant.RoleKeys,
 	}
@@ -50,6 +52,7 @@ func UserGrantToModel(grant *UserGrant) *model.UserGrant {
 		ObjectRoot: grant.ObjectRoot,
 		UserID:     grant.UserID,
 		ProjectID:  grant.ProjectID,
+		GrantID:    grant.GrantID,
 		State:      model.UserGrantState(grant.State),
 		RoleKeys:   grant.RoleKeys,
 	}

internal/usergrant/repository/view/model/user_grant.go

@@ -27,6 +27,7 @@ type UserGrantView struct {
 	ResourceOwner string         `json:"-" gorm:"resource_owner"`
 	UserID        string         `json:"userId" gorm:"user_id"`
 	ProjectID     string         `json:"projectId" gorm:"column:project_id"`
+	GrantID       string         `json:"grantId" gorm:"column:grant_id"`
 	UserName      string         `json:"-" gorm:"column:user_name"`
 	FirstName     string         `json:"-" gorm:"column:first_name"`
 	LastName      string         `json:"-" gorm:"column:last_name"`
@@ -49,6 +50,7 @@ func UserGrantFromModel(grant *model.UserGrantView) *UserGrantView {
 		ResourceOwner: grant.ResourceOwner,
 		UserID:        grant.UserID,
 		ProjectID:     grant.ProjectID,
+		GrantID:       grant.GrantID,
 		ChangeDate:    grant.ChangeDate,
 		CreationDate:  grant.CreationDate,
 		State:         int32(grant.State),

migrations/cockroach/V1.4__usergrant_grantid.sql

@@ -0,0 +1,7 @@
+BEGIN;
+
+ALTER TABLE management.user_grants ADD COLUMN grant_id TEXT;
+ALTER TABLE auth.user_grants ADD COLUMN grant_id TEXT;
+ALTER TABLE authz.user_grants ADD COLUMN grant_id TEXT;
+
+COMMIT;

pkg/grpc/auth/auth.swagger.json

@@ -621,7 +621,7 @@
           "200": {
             "description": "A successful response.",
             "schema": {
-              "type": "object"
+              "$ref": "#/definitions/protobufStruct"
             }
           }
         },
@@ -632,6 +632,19 @@
     }
   },
   "definitions": {
+    "protobufListValue": {
+      "type": "object",
+      "properties": {
+        "values": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/protobufValue"
+          },
+          "description": "Repeated field of dynamically typed values."
+        }
+      },
+      "description": "`ListValue` is a wrapper around a repeated field of values.\n\nThe JSON representation for `ListValue` is JSON array."
+    },
     "protobufNullValue": {
       "type": "string",
       "enum": [
@@ -640,6 +653,51 @@
       "default": "NULL_VALUE",
       "description": "`NullValue` is a singleton enumeration to represent the null value for the\n`Value` type union.\n\n The JSON representation for `NullValue` is JSON `null`.\n\n - NULL_VALUE: Null value."
     },
+    "protobufStruct": {
+      "type": "object",
+      "properties": {
+        "fields": {
+          "type": "object",
+          "additionalProperties": {
+            "$ref": "#/definitions/protobufValue"
+          },
+          "description": "Unordered map of dynamically typed values."
+        }
+      },
+      "description": "`Struct` represents a structured data value, consisting of fields\nwhich map to dynamically typed values. In some languages, `Struct`\nmight be supported by a native representation. For example, in\nscripting languages like JS a struct is represented as an\nobject. The details of that representation are described together\nwith the proto support for the language.\n\nThe JSON representation for `Struct` is JSON object."
+    },
+    "protobufValue": {
+      "type": "object",
+      "properties": {
+        "null_value": {
+          "$ref": "#/definitions/protobufNullValue",
+          "description": "Represents a null value."
+        },
+        "number_value": {
+          "type": "number",
+          "format": "double",
+          "description": "Represents a double value."
+        },
+        "string_value": {
+          "type": "string",
+          "description": "Represents a string value."
+        },
+        "bool_value": {
+          "type": "boolean",
+          "format": "boolean",
+          "description": "Represents a boolean value."
+        },
+        "struct_value": {
+          "$ref": "#/definitions/protobufStruct",
+          "description": "Represents a structured value."
+        },
+        "list_value": {
+          "$ref": "#/definitions/protobufListValue",
+          "description": "Represents a repeated `Value`."
+        }
+      },
+      "description": "`Value` represents a dynamically typed value which can be either\nnull, a number, a string, a boolean, a recursive struct value, or a\nlist of values. A producer of value is expected to set one of that\nvariants, absence of any variant indicates an error.\n\nThe JSON representation for `Value` is JSON value."
+    },
     "v1Change": {
       "type": "object",
       "properties": {
@@ -661,7 +719,7 @@
           "type": "string"
         },
         "data": {
-          "type": "object"
+          "$ref": "#/definitions/protobufStruct"
         }
       }
     },
@@ -1195,6 +1253,9 @@
         },
         "OrgName": {
           "type": "string"
+        },
+        "GrantId": {
+          "type": "string"
         }
       }
     },

pkg/grpc/auth/proto/auth.proto

@@ -610,6 +610,7 @@ message UserGrantView {
   string UserId = 3;
   repeated string Roles = 4;
   string OrgName = 5;
+  string GrantId = 6;
 }
 
 message MyProjectOrgSearchRequest {

pkg/grpc/management/management.pb.authoptions.go

@@ -489,16 +489,6 @@ var ManagementService_AuthMethods = authz.MethodMapping{
 		CheckParam: "",
 	},
 
-	"/caos.zitadel.management.api.v1.ManagementService/CreateUserGrant": authz.Option{
-		Permission: "user.grant.write",
-		CheckParam: "",
-	},
-
-	"/caos.zitadel.management.api.v1.ManagementService/UpdateUserGrant": authz.Option{
-		Permission: "user.grant.write",
-		CheckParam: "",
-	},
-
 	"/caos.zitadel.management.api.v1.ManagementService/DeactivateUserGrant": authz.Option{
 		Permission: "user.grant.write",
 		CheckParam: "",
@@ -514,16 +504,6 @@ var ManagementService_AuthMethods = authz.MethodMapping{
 		CheckParam: "",
 	},
 
-	"/caos.zitadel.management.api.v1.ManagementService/BulkCreateUserGrant": authz.Option{
-		Permission: "user.grant.write",
-		CheckParam: "",
-	},
-
-	"/caos.zitadel.management.api.v1.ManagementService/BulkUpdateUserGrant": authz.Option{
-		Permission: "user.grant.write",
-		CheckParam: "",
-	},
-
 	"/caos.zitadel.management.api.v1.ManagementService/BulkRemoveUserGrant": authz.Option{
 		Permission: "user.grant.delete",
 		CheckParam: "",

pkg/grpc/management/mock/management.proto.mock.go

@@ -197,26 +197,6 @@ func (mr *MockManagementServiceClientMockRecorder) BulkAddProjectRole(arg0, arg1
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkAddProjectRole", reflect.TypeOf((*MockManagementServiceClient)(nil).BulkAddProjectRole), varargs...)
 }
 
-// BulkCreateUserGrant mocks base method
-func (m *MockManagementServiceClient) BulkCreateUserGrant(arg0 context.Context, arg1 *management.UserGrantCreateBulk, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "BulkCreateUserGrant", varargs...)
-	ret0, _ := ret[0].(*emptypb.Empty)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// BulkCreateUserGrant indicates an expected call of BulkCreateUserGrant
-func (mr *MockManagementServiceClientMockRecorder) BulkCreateUserGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkCreateUserGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).BulkCreateUserGrant), varargs...)
-}
-
 // BulkRemoveUserGrant mocks base method
 func (m *MockManagementServiceClient) BulkRemoveUserGrant(arg0 context.Context, arg1 *management.UserGrantRemoveBulk, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
 	m.ctrl.T.Helper()
@@ -237,26 +217,6 @@ func (mr *MockManagementServiceClientMockRecorder) BulkRemoveUserGrant(arg0, arg
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkRemoveUserGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).BulkRemoveUserGrant), varargs...)
 }
 
-// BulkUpdateUserGrant mocks base method
-func (m *MockManagementServiceClient) BulkUpdateUserGrant(arg0 context.Context, arg1 *management.UserGrantUpdateBulk, arg2 ...grpc.CallOption) (*emptypb.Empty, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "BulkUpdateUserGrant", varargs...)
-	ret0, _ := ret[0].(*emptypb.Empty)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// BulkUpdateUserGrant indicates an expected call of BulkUpdateUserGrant
-func (mr *MockManagementServiceClientMockRecorder) BulkUpdateUserGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BulkUpdateUserGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).BulkUpdateUserGrant), varargs...)
-}
-
 // ChangeMyOrgMember mocks base method
 func (m *MockManagementServiceClient) ChangeMyOrgMember(arg0 context.Context, arg1 *management.ChangeOrgMemberRequest, arg2 ...grpc.CallOption) (*management.OrgMember, error) {
 	m.ctrl.T.Helper()
@@ -557,26 +517,6 @@ func (mr *MockManagementServiceClientMockRecorder) CreateUser(arg0, arg1 interfa
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateUser", reflect.TypeOf((*MockManagementServiceClient)(nil).CreateUser), varargs...)
 }
 
-// CreateUserGrant mocks base method
-func (m *MockManagementServiceClient) CreateUserGrant(arg0 context.Context, arg1 *management.UserGrantCreate, arg2 ...grpc.CallOption) (*management.UserGrant, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "CreateUserGrant", varargs...)
-	ret0, _ := ret[0].(*management.UserGrant)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// CreateUserGrant indicates an expected call of CreateUserGrant
-func (mr *MockManagementServiceClientMockRecorder) CreateUserGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateUserGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).CreateUserGrant), varargs...)
-}
-
 // DeactivateApplication mocks base method
 func (m *MockManagementServiceClient) DeactivateApplication(arg0 context.Context, arg1 *management.ApplicationID, arg2 ...grpc.CallOption) (*management.Application, error) {
 	m.ctrl.T.Helper()
@@ -2297,26 +2237,6 @@ func (mr *MockManagementServiceClientMockRecorder) UpdateUserAddress(arg0, arg1
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateUserAddress", reflect.TypeOf((*MockManagementServiceClient)(nil).UpdateUserAddress), varargs...)
 }
 
-// UpdateUserGrant mocks base method
-func (m *MockManagementServiceClient) UpdateUserGrant(arg0 context.Context, arg1 *management.UserGrantUpdate, arg2 ...grpc.CallOption) (*management.UserGrant, error) {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0, arg1}
-	for _, a := range arg2 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "UpdateUserGrant", varargs...)
-	ret0, _ := ret[0].(*management.UserGrant)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// UpdateUserGrant indicates an expected call of UpdateUserGrant
-func (mr *MockManagementServiceClientMockRecorder) UpdateUserGrant(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0, arg1}, arg2...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateUserGrant", reflect.TypeOf((*MockManagementServiceClient)(nil).UpdateUserGrant), varargs...)
-}
-
 // UpdateUserProfile mocks base method
 func (m *MockManagementServiceClient) UpdateUserProfile(arg0 context.Context, arg1 *management.UpdateUserProfileRequest, arg2 ...grpc.CallOption) (*management.UserProfile, error) {
 	m.ctrl.T.Helper()

pkg/grpc/management/proto/management.proto

@@ -1102,28 +1102,6 @@ service ManagementService {
         };
     }
 
-    rpc CreateUserGrant(UserGrantCreate) returns (UserGrant) {
-        option (google.api.http) = {
-            post: "/users/{user_id}/grants"
-            body: "*"
-        };
-
-        option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "user.grant.write"
-        };
-    }
-
-    rpc UpdateUserGrant(UserGrantUpdate) returns (UserGrant) {
-        option (google.api.http) = {
-            put: "/users/{user_id}/grants/{id}"
-            body: "*"
-        };
-
-        option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "user.grant.write"
-        };
-    }
-
     rpc DeactivateUserGrant(UserGrantID) returns (UserGrant) {
         option (google.api.http) = {
             put: "/users/{user_id}/grants/{id}/_deactivate"
@@ -1156,30 +1134,6 @@ service ManagementService {
         };
     }
 
-    // add a list of user grants in one request
-    rpc BulkCreateUserGrant(UserGrantCreateBulk) returns (google.protobuf.Empty) {
-        option (google.api.http) = {
-            post: "/usergrants/_bulk"
-            body: "*"
-        };
-
-        option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "user.grant.write"
-        };
-    }
-
-    // update a list of user grants in one request
-    rpc BulkUpdateUserGrant(UserGrantUpdateBulk) returns (google.protobuf.Empty) {
-        option (google.api.http) = {
-            put: "/usergrants/_bulk"
-            body: "*"
-        };
-
-        option (caos.zitadel.utils.v1.auth_option) = {
-            permission: "user.grant.write"
-        };
-    }
-
     // remove a list of user grants in one request
     rpc BulkRemoveUserGrant(UserGrantRemoveBulk) returns (google.protobuf.Empty) {
         option (google.api.http) = {
@@ -2475,6 +2429,7 @@ message UserGrant {
     google.protobuf.Timestamp creation_date = 7;
     google.protobuf.Timestamp change_date = 8;
     uint64 sequence = 9;
+    string grant_id = 10;
 }
 
 message UserGrantCreateBulk {
@@ -2564,6 +2519,7 @@ message UserGrantView {
     uint64 sequence = 16;
     string resource_owner = 17;
     string display_name = 18;
+    string grant_id = 19;
 }