feat: updating eventstore.permitted_orgs sql function (#9309)

# Which Problems Are Solved Performance issue for GRPC call `zitadel.user.v2.UserService.ListUsers` due to lack of org filtering on `ListUsers` # Additional Context Replace this example with links to related issues, discussions, discord threads, or other sources with more context. Use the Closing #issue syntax for issues that are resolved with this PR. - Closes https://github.com/zitadel/zitadel/issues/9191 --------- Co-authored-by: Iraq Jaber <IraqJaber@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2025-08-11 18:07:31 +00:00 · 2025-02-17 09:55:28 +00:00
parent 7c96dcd9a2
commit 0cb0380826
14 changed files with 143 additions and 36 deletions
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -554,7 +554,7 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
-	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}}, nil)
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{orgSearch}}, org, nil)
 	if err != nil {
 		return nil, nil, nil, nil, err
 	}
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -108,7 +108,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain str
 	if err != nil {
 		return nil, err
 	}
-	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, nil)
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: []query.SearchQuery{loginName}}, "", nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -330,7 +330,7 @@ func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain, or
 		}
 		queries = append(queries, owner)
 	}
-	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, nil)
+	users, err := s.query.SearchUsers(ctx, &query.UserSearchQueries{Queries: queries}, orgID, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -64,11 +64,12 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (
 		return nil, err
 	}

-	err = queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	orgID := authz.GetCtxData(ctx).OrgID
+	err = queries.AppendMyResourceOwnerQuery(orgID)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchUsers(ctx, queries, nil)
+	res, err := s.query.SearchUsers(ctx, queries, orgID, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/user/v2/query.go
+++ b/internal/api/grpc/user/v2/query.go
@@ -29,11 +29,11 @@ func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest)
 }

 func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*user.ListUsersResponse, error) {
-	queries, err := listUsersRequestToModel(req)
+	queries, filterOrgId, err := listUsersRequestToModel(req)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchUsers(ctx, queries, s.checkPermission)
+	res, err := s.query.SearchUsers(ctx, queries, filterOrgId, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
@@ -169,11 +169,11 @@ func accessTokenTypeToPb(accessTokenType domain.OIDCTokenType) user.AccessTokenT
 	}
 }

-func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, error) {
+func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, string, error) {
 	offset, limit, asc := object.ListQueryToQuery(req.Query)
-	queries, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
+	queries, filterOrgId, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 	return &query.UserSearchQueries{
 		SearchRequest: query.SearchRequest{
@@ -183,7 +183,7 @@ func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueri
 			SortingColumn: userFieldNameToSortingColumn(req.SortingColumn),
 		},
 		Queries: queries,
-	}, nil
+	}, filterOrgId, nil
 }

 func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
@@ -213,15 +213,18 @@ func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
 	}
 }

-func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, err error) {
+func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, filterOrgId string, err error) {
 	q := make([]query.SearchQuery, len(queries))
 	for i, query := range queries {
+		if orgFilter := query.GetOrganizationIdQuery(); orgFilter != nil {
+			filterOrgId = orgFilter.OrganizationId
+		}
 		q[i], err = userQueryToQuery(query, level)
 		if err != nil {
-			return nil, err
+			return nil, filterOrgId, err
 		}
 	}
-	return q, nil
+	return q, filterOrgId, nil
 }

 func userQueryToQuery(query *user.SearchQuery, level uint8) (query.SearchQuery, error) {
@@ -315,14 +318,14 @@ func inUserIdsQueryToQuery(q *user.InUserIDQuery) (query.SearchQuery, error) {
 	return query.NewUserInUserIdsSearchQuery(q.UserIds)
 }
 func orQueryToQuery(q *user.OrQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
 	return query.NewUserOrSearchQuery(mappedQueries)
 }
 func andQueryToQuery(q *user.AndQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/user/v2beta/query.go
+++ b/internal/api/grpc/user/v2beta/query.go
@@ -29,11 +29,11 @@ func (s *Server) GetUserByID(ctx context.Context, req *user.GetUserByIDRequest)
 }

 func (s *Server) ListUsers(ctx context.Context, req *user.ListUsersRequest) (*user.ListUsersResponse, error) {
-	queries, err := listUsersRequestToModel(req)
+	queries, filterOrgIds, err := listUsersRequestToModel(req)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.query.SearchUsers(ctx, queries, s.checkPermission)
+	res, err := s.query.SearchUsers(ctx, queries, filterOrgIds, s.checkPermission)
 	if err != nil {
 		return nil, err
 	}
@@ -165,11 +165,11 @@ func accessTokenTypeToPb(accessTokenType domain.OIDCTokenType) user.AccessTokenT
 	}
 }

-func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, error) {
+func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueries, string, error) {
 	offset, limit, asc := object.ListQueryToQuery(req.Query)
-	queries, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
+	queries, filterOrgId, err := userQueriesToQuery(req.Queries, 0 /*start from level 0*/)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 	return &query.UserSearchQueries{
 		SearchRequest: query.SearchRequest{
@@ -179,7 +179,7 @@ func listUsersRequestToModel(req *user.ListUsersRequest) (*query.UserSearchQueri
 			SortingColumn: userFieldNameToSortingColumn(req.SortingColumn),
 		},
 		Queries: queries,
-	}, nil
+	}, filterOrgId, nil
 }

 func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
@@ -209,15 +209,18 @@ func userFieldNameToSortingColumn(field user.UserFieldName) query.Column {
 	}
 }

-func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, err error) {
+func userQueriesToQuery(queries []*user.SearchQuery, level uint8) (_ []query.SearchQuery, filterOrgId string, err error) {
 	q := make([]query.SearchQuery, len(queries))
 	for i, query := range queries {
+		if orgFilter := query.GetOrganizationIdQuery(); orgFilter != nil {
+			filterOrgId = orgFilter.OrganizationId
+		}
 		q[i], err = userQueryToQuery(query, level)
 		if err != nil {
-			return nil, err
+			return nil, filterOrgId, err
 		}
 	}
-	return q, nil
+	return q, filterOrgId, nil
 }

 func userQueryToQuery(query *user.SearchQuery, level uint8) (query.SearchQuery, error) {
@@ -311,14 +314,14 @@ func inUserIdsQueryToQuery(q *user.InUserIDQuery) (query.SearchQuery, error) {
 	return query.NewUserInUserIdsSearchQuery(q.UserIds)
 }
 func orQueryToQuery(q *user.OrQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}
 	return query.NewUserOrSearchQuery(mappedQueries)
 }
 func andQueryToQuery(q *user.AndQuery, level uint8) (query.SearchQuery, error) {
-	mappedQueries, err := userQueriesToQuery(q.Queries, level+1)
+	mappedQueries, _, err := userQueriesToQuery(q.Queries, level+1)
 	if err != nil {
 		return nil, err
 	}