TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-14 07:17:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve querying and returned objects

Browse Source
This commit is contained in:
Livio Spring
2025-02-10 11:05:15 +01:00
parent ccfc8fb98d
commit 0efb4769cf
2 changed files with 177 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
proto/zitadel/authorizations/v2/authorization.proto
View File

@@ -18,30 +18,17 @@ message Authorization {
google.protobuf.Timestamp change_date = 3;
// State is the current state of the authorization.
State state = 4;
// UserID represents the ID of the user who was granted the authorization.
string user_id = 5;
// UserOrganisationID represents the ID of the organisation the user is part of.
string user_organization_id = 6;
// UserPreferredLoginName represents the preferred login name of the granted user.
string user_preferred_login_name = 7;
// UserDisplayName represents the public display name of the granted user.
// By default it's the user's given name and family name, their username or their email address.
string user_display_name = 8;
// AvatarURL represents the URL to the public avatar of the granted user.
string avatar_url = 9;
// ProjectID represents the ID of the project the user was granted the authorization for.
string project_id = 10;
// ProjectName represents the name of the project the user was granted the authorization for.
string project_name = 11;
// ProjectGrantID represents the ID of the project grant the user was granted the authorization for.
// This field is only set if the authorization was granted for a project grant and not a project directly.
string project_grant_id = 12;
// OrganizationID represents the ID of the organization the authorization was granted for.
string organization_id = 13;
// OrganizationName represents the name of the organization the authorization was granted for.
string organization_name = 14;
User user = 5;
// Grant contains the project or project grant the user was granted the authorization for.
oneof grant {
// Project represents the project the user was granted the authorization for.
Project project = 6;
// ProjectGrant represents the project grant the user was granted the authorization for.
ProjectGrant project_grant = 7;
}
Organization organization = 8;
// Roles contains the roles the user was granted for the project or project grant.
repeated Role roles = 15;
repeated Role roles = 9;
}
enum State {
@@ -50,6 +37,48 @@ enum State {
STATE_INACTIVE = 2;
}
message User {
// ID represents the ID of the user who was granted the authorization.
string id = 1;
// PreferredLoginName represents the preferred login name of the granted user.
string preferred_login_name = 2;
// DisplayName represents the public display name of the granted user.
// By default it's the user's given name and family name, their username or their email address.
string display_name = 3;
// AvatarURL is the URL to the user's public avatar image.
string avatar_url = 4;
// The organization the user belong to.
// This must not correspond to the organization the authorization was granted for.
string organization_id = 5;
}
message Project {
// ID is the unique identifier of the project the user was granted the authorization for.
string id = 1;
// Name is the name of the project the user was granted the authorization for.
string name = 2;
// OrganizationID is the ID of the organization the project belongs to.
string organization_id = 3;
}
message ProjectGrant {
// ID is the unique identifier of the project grant the user was granted the authorization for.
string id = 1;
// ProjectID is the ID of the project the project grant belongs to.
string project_id = 2;
// ProjectName is the name of the project the project grant belongs to.
string project_name = 3;
// OrganizationID is the ID of the organization the project grant belongs to.
string organization_id = 4;
}
message Organization {
// ID is the unique identifier of the organization the user was granted the authorization for.
string id = 1;
// Name is the name of the organization the user was granted the authorization for.
string name = 2;
}
message Role {
// Key is the unique identifier of the role.
string key = 1;
@@ -62,46 +91,43 @@ message AuthorizationQuery {
option (validate.required) = true;
// Search for authorizations by their ID.
AuthorizationIDQuery authorization_id_query = 1;
AuthorizationIDQuery authorization_id = 1;
// Search for authorizations by their creation date.
CreationDateQuery creation_date_query = 2;
CreationDateQuery creation_date = 2;
// Search for authorizations by their change date.
ChangeDateQuery change_date_query = 3;
ChangeDateQuery change_date = 3;
// Search for authorizations by their state.
StateQuery state_query = 4;
StateQuery state = 4;
// Search for authorizations by the ID of the user who was granted the authorization.
UserIDQuery user_id_query = 5;
UserIDQuery user_id = 5;
// Search for authorizations by the ID of the organisation the user is part of.
UserOrganizationIDQuery user_organization_id_query = 6;
UserPreferredLoginNameQuery user_preferred_login_name_query = 7;
UserDisplayNameQuery user_display_name_query = 8;
UserOrganizationIDQuery user_organization_id = 6;
// Search for authorizations by the preferred login name of the granted user.
UserPreferredLoginNameQuery user_preferred_login_name = 7;
// Search for authorizations by the public display name of the granted user.
UserDisplayNameQuery user_display_name = 8;
// Search for authorizations by the ID of the project the user was granted the authorization for.
ProjectIDQuery project_id_query = 9;
ProjectNameQuery project_name_query = 10;
// This will also include authorizations granted for project grants of the same project.
ProjectIDQuery project_id = 9;
// Search for authorizations by the name of the project the user was granted the authorization for.
// This will also include authorizations granted for project grants of the same project.
ProjectNameQuery project_name = 10;
// Search for authorizations by the ID of the project grant the user was granted the authorization for.
ProjectGrantIDQuery project_grant_id_query = 11;
ProjectGrantIDQuery project_grant_id = 11;
// Search for authorizations by the ID of the organization the authorization was granted for.
// This can either be the organization the project or the project grant is part of.
OrganizationIDQuery organization_id_query = 12;
OrganizationNameQuery organization_name_query = 13;
OrganizationIDQuery organization_id = 12;
OrganizationNameQuery organization_name = 13;
// Search for authorizations by the key of the role the user was granted.
RoleKeyQuery role_key_query = 14;
RoleKeyQuery role_key = 14;
// Combine multiple authorization queries with an AND operation.
AndQuery and_query = 15;
AndQuery and = 15;
// Combine multiple authorization queries with an OR operation.
// For example, to search for authorizations of multiple OrganizationIDs.
OrQuery or_query = 16;
OrQuery or = 16;
// Negate an authorization query.
NotQuery not_query = 17;
// UserGrantWithGrantedQuery with_granted_query = 3; searched for the oauthz.OrganizationID as ro
// UserGrantUserNameQuery user_name_query = 6; ??
// UserGrantFirstNameQuery first_name_query = 7;
// UserGrantLastNameQuery last_name_query = 8;
// UserGrantEmailQuery email_query = 9;
// UserGrantOrgDomainQuery org_domain_query = 11;
// UserGrantUserTypeQuery user_type_query = 14;
NotQuery not = 17;
}
}
@@ -159,8 +185,8 @@ message UserPreferredLoginNameQuery {
max_len: 200
}];
// Specify the method to search for the preferred login name. Default is EQUAL.
// For example, to search for all authorizations with a preferred login name containing a specific string,
// use CONTAINS or CONTAINS_IGNORE_CASE.
// For example, to search for all authorizations granted to a user with
// a preferred login name containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
@@ -171,8 +197,8 @@ message UserDisplayNameQuery {
max_len: 200
}];
// Specify the method to search for the display name. Default is EQUAL.
// For example, to search for all authorizations with a display name containing a specific string,
// use CONTAINS or CONTAINS_IGNORE_CASE.
// For example, to search for all authorizations granted to a user with
// a display name containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
@@ -190,8 +216,8 @@ message ProjectNameQuery {
// Note that this will also include authorizations granted for project grants of the same project.
string project_name = 1 [(validate.rules).string = {max_len: 200}];
// Specify the method to search for the project name. Default is EQUAL.
// For example, to search for all authorizations with a project name containing a specific string,
// use CONTAINS or CONTAINS_IGNORE_CASE.
// For example, to search for all authorizations granted on a project with
// a name containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}

109
proto/zitadel/permissions/v2/manager.proto
View File

@@ -18,11 +18,6 @@ message Manager {
google.protobuf.Timestamp change_date = 3;
// User is the user who was granted the manager role.
User user = 4;
// string user_id = 3;
// string user_preferred_login_name = 4;
// string user_display_name = 5;
// string user_avatar_url = 6;
// string user_organization_id = 7;
// Resource is the type of the resource the manager roles were granted for.
oneof resource {
// Instance is returned if the manager roles were granted on the instance level.
@@ -50,8 +45,6 @@ message User {
string avatar_url = 4;
// The organization the user belong to.
string organization_id = 5;
// zitadel.user.v1.Type user_type = 10 TODO: peintner?
}
message Organization {
@@ -83,15 +76,61 @@ message ManagerQuery {
oneof query {
option (validate.required) = true;
// Search for managers roles granted to a specific user.
UserIDQuery user_id_query = 1;
// Search for manager roles by their ID.
ManagerIDQuery manager_id = 1;
// Search for manager roles by their creation date.
CreationDateQuery creation_date = 2;
// Search for manager roles by their change date.
ChangeDateQuery change_date = 3;
// Search for managers roles by the ID of the user who was granted the manager role.
UserIDQuery user_id = 4;
// Search for managers roles by the ID of the organization the user is part of.
UserOrganizationIDQuery user_organization_id = 5;
// Search for managers roles by the preferred login name of the user.
UserPreferredLoginNameQuery user_preferred_login_name = 6;
// Search for managers roles by the display name of the user.
UserDisplayNameQuery user_display_name = 7;
// Search for managers roles granted for a specific resource.
ResourceQuery resource_query = 2;
ResourceQuery resource = 8;
// Search for managers roles granted with a specific role.
RoleQuery role_query = 3;
RoleQuery role = 9;
// Combine multiple authorization queries with an AND operation.
AndQuery and = 10;
// Combine multiple authorization queries with an OR operation.
// For example, to search for authorizations of multiple OrganizationIDs.
OrQuery or = 11;
// Negate an authorization query.
NotQuery not = 12;
}
}
message ManagerIDQuery {
// Search for managers by their ID.
string manager_id = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
}
message CreationDateQuery {
// Specify the creation date of the manager role to search for.
google.protobuf.Timestamp creation_date = 1;
// Specify the method to search for the creation date. Default is EQUAL.
// For example, to search for all manager roles created after a specific date, use GREATER_THAN.
// To search for all manager roles created before a specific date, use LESS_THAN.
zitadel.object.v2.TimestampQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message ChangeDateQuery {
// Specify the change date of the manager role to search for.
google.protobuf.Timestamp change_date = 1;
// Specify the method to search for the change date. Default is EQUAL.
// For example, to search for all manager roles changed after a specific date, use GREATER_THAN.
// To search for all manager roles changed before a specific date, use LESS_THAN.
zitadel.object.v2.TimestampQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message UserIDQuery {
// Search for managers by user ID.
string user_id = 1 [(validate.rules).string = {
@@ -100,6 +139,39 @@ message UserIDQuery {
}];
}
message UserOrganizationIDQuery {
// Search for managers by the organization ID of the user.
// Note that this might not be the organization the manager role was granted for.
string organization_id = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
}
message UserPreferredLoginNameQuery {
// Search for managers by the preferred login name of the user.
string preferred_login_name = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
// Specify the method to search for the preferred login name. Default is EQUAL.
// For example, to search for all manager roles of a user with a preferred login name
// containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message UserDisplayNameQuery {
// Search for managers by the display name of the user.
string display_name = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
// Specify the method to search for the display name. Default is EQUAL.
// For example, to search for all manager roles of a user with a display name
// containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message ResourceQuery {
// Search for managers by the granted resource.
oneof resource {
@@ -120,4 +192,17 @@ message RoleQuery {
min_len: 1
max_len: 200
}];
}
}
message AndQuery {
repeated ManagerQuery queries = 1;
}
message OrQuery {
repeated ManagerQuery queries = 1;
}
message NotQuery {
ManagerQuery query = 1;
}