TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-14 09:57:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve querying and returned objects

Browse Source
This commit is contained in:
Livio Spring
2025-02-10 11:05:15 +01:00
parent ccfc8fb98d
commit 0efb4769cf
2 changed files with 177 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
proto/zitadel/authorizations/v2/authorization.proto
View File

@@ -18,30 +18,17 @@ message Authorization {
google.protobuf.Timestamp change_date = 3; google.protobuf.Timestamp change_date = 3;
// State is the current state of the authorization. // State is the current state of the authorization.
State state = 4; State state = 4;
// UserID represents the ID of the user who was granted the authorization. User user = 5;
string user_id = 5; // Grant contains the project or project grant the user was granted the authorization for.
// UserOrganisationID represents the ID of the organisation the user is part of. oneof grant {
string user_organization_id = 6; // Project represents the project the user was granted the authorization for.
// UserPreferredLoginName represents the preferred login name of the granted user. Project project = 6;
string user_preferred_login_name = 7; // ProjectGrant represents the project grant the user was granted the authorization for.
// UserDisplayName represents the public display name of the granted user. ProjectGrant project_grant = 7;
// By default it's the user's given name and family name, their username or their email address. }
string user_display_name = 8; Organization organization = 8;
// AvatarURL represents the URL to the public avatar of the granted user.
string avatar_url = 9;
// ProjectID represents the ID of the project the user was granted the authorization for.
string project_id = 10;
// ProjectName represents the name of the project the user was granted the authorization for.
string project_name = 11;
// ProjectGrantID represents the ID of the project grant the user was granted the authorization for.
// This field is only set if the authorization was granted for a project grant and not a project directly.
string project_grant_id = 12;
// OrganizationID represents the ID of the organization the authorization was granted for.
string organization_id = 13;
// OrganizationName represents the name of the organization the authorization was granted for.
string organization_name = 14;
// Roles contains the roles the user was granted for the project or project grant. // Roles contains the roles the user was granted for the project or project grant.
repeated Role roles = 15; repeated Role roles = 9;
} }
enum State { enum State {
@@ -50,6 +37,48 @@ enum State {
STATE_INACTIVE = 2; STATE_INACTIVE = 2;
} }
message User {
// ID represents the ID of the user who was granted the authorization.
string id = 1;
// PreferredLoginName represents the preferred login name of the granted user.
string preferred_login_name = 2;
// DisplayName represents the public display name of the granted user.
// By default it's the user's given name and family name, their username or their email address.
string display_name = 3;
// AvatarURL is the URL to the user's public avatar image.
string avatar_url = 4;
// The organization the user belong to.
// This must not correspond to the organization the authorization was granted for.
string organization_id = 5;
}
message Project {
// ID is the unique identifier of the project the user was granted the authorization for.
string id = 1;
// Name is the name of the project the user was granted the authorization for.
string name = 2;
// OrganizationID is the ID of the organization the project belongs to.
string organization_id = 3;
}
message ProjectGrant {
// ID is the unique identifier of the project grant the user was granted the authorization for.
string id = 1;
// ProjectID is the ID of the project the project grant belongs to.
string project_id = 2;
// ProjectName is the name of the project the project grant belongs to.
string project_name = 3;
// OrganizationID is the ID of the organization the project grant belongs to.
string organization_id = 4;
}
message Organization {
// ID is the unique identifier of the organization the user was granted the authorization for.
string id = 1;
// Name is the name of the organization the user was granted the authorization for.
string name = 2;
}
message Role { message Role {
// Key is the unique identifier of the role. // Key is the unique identifier of the role.
string key = 1; string key = 1;
@@ -62,46 +91,43 @@ message AuthorizationQuery {
option (validate.required) = true; option (validate.required) = true;
// Search for authorizations by their ID. // Search for authorizations by their ID.
AuthorizationIDQuery authorization_id_query = 1; AuthorizationIDQuery authorization_id = 1;
// Search for authorizations by their creation date. // Search for authorizations by their creation date.
CreationDateQuery creation_date_query = 2; CreationDateQuery creation_date = 2;
// Search for authorizations by their change date. // Search for authorizations by their change date.
ChangeDateQuery change_date_query = 3; ChangeDateQuery change_date = 3;
// Search for authorizations by their state. // Search for authorizations by their state.
StateQuery state_query = 4; StateQuery state = 4;
// Search for authorizations by the ID of the user who was granted the authorization. // Search for authorizations by the ID of the user who was granted the authorization.
UserIDQuery user_id_query = 5; UserIDQuery user_id = 5;
// Search for authorizations by the ID of the organisation the user is part of. // Search for authorizations by the ID of the organisation the user is part of.
UserOrganizationIDQuery user_organization_id_query = 6; UserOrganizationIDQuery user_organization_id = 6;
UserPreferredLoginNameQuery user_preferred_login_name_query = 7; // Search for authorizations by the preferred login name of the granted user.
UserDisplayNameQuery user_display_name_query = 8; UserPreferredLoginNameQuery user_preferred_login_name = 7;
// Search for authorizations by the public display name of the granted user.
UserDisplayNameQuery user_display_name = 8;
// Search for authorizations by the ID of the project the user was granted the authorization for. // Search for authorizations by the ID of the project the user was granted the authorization for.
ProjectIDQuery project_id_query = 9; // This will also include authorizations granted for project grants of the same project.
ProjectNameQuery project_name_query = 10; ProjectIDQuery project_id = 9;
// Search for authorizations by the name of the project the user was granted the authorization for.
// This will also include authorizations granted for project grants of the same project.
ProjectNameQuery project_name = 10;
// Search for authorizations by the ID of the project grant the user was granted the authorization for. // Search for authorizations by the ID of the project grant the user was granted the authorization for.
ProjectGrantIDQuery project_grant_id_query = 11; ProjectGrantIDQuery project_grant_id = 11;
// Search for authorizations by the ID of the organization the authorization was granted for. // Search for authorizations by the ID of the organization the authorization was granted for.
// This can either be the organization the project or the project grant is part of. // This can either be the organization the project or the project grant is part of.
OrganizationIDQuery organization_id_query = 12; OrganizationIDQuery organization_id = 12;
OrganizationNameQuery organization_name_query = 13; OrganizationNameQuery organization_name = 13;
// Search for authorizations by the key of the role the user was granted. // Search for authorizations by the key of the role the user was granted.
RoleKeyQuery role_key_query = 14; RoleKeyQuery role_key = 14;
// Combine multiple authorization queries with an AND operation. // Combine multiple authorization queries with an AND operation.
AndQuery and_query = 15; AndQuery and = 15;
// Combine multiple authorization queries with an OR operation. // Combine multiple authorization queries with an OR operation.
// For example, to search for authorizations of multiple OrganizationIDs. // For example, to search for authorizations of multiple OrganizationIDs.
OrQuery or_query = 16; OrQuery or = 16;
// Negate an authorization query. // Negate an authorization query.
NotQuery not_query = 17; NotQuery not = 17;
// UserGrantWithGrantedQuery with_granted_query = 3; searched for the oauthz.OrganizationID as ro
// UserGrantUserNameQuery user_name_query = 6; ??
// UserGrantFirstNameQuery first_name_query = 7;
// UserGrantLastNameQuery last_name_query = 8;
// UserGrantEmailQuery email_query = 9;
// UserGrantOrgDomainQuery org_domain_query = 11;
// UserGrantUserTypeQuery user_type_query = 14;
} }
} }
@@ -159,8 +185,8 @@ message UserPreferredLoginNameQuery {
max_len: 200 max_len: 200
}]; }];
// Specify the method to search for the preferred login name. Default is EQUAL. // Specify the method to search for the preferred login name. Default is EQUAL.
// For example, to search for all authorizations with a preferred login name containing a specific string, // For example, to search for all authorizations granted to a user with
// use CONTAINS or CONTAINS_IGNORE_CASE. // a preferred login name containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
} }
@@ -171,8 +197,8 @@ message UserDisplayNameQuery {
max_len: 200 max_len: 200
}]; }];
// Specify the method to search for the display name. Default is EQUAL. // Specify the method to search for the display name. Default is EQUAL.
// For example, to search for all authorizations with a display name containing a specific string, // For example, to search for all authorizations granted to a user with
// use CONTAINS or CONTAINS_IGNORE_CASE. // a display name containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
} }
@@ -190,8 +216,8 @@ message ProjectNameQuery {
// Note that this will also include authorizations granted for project grants of the same project. // Note that this will also include authorizations granted for project grants of the same project.
string project_name = 1 [(validate.rules).string = {max_len: 200}]; string project_name = 1 [(validate.rules).string = {max_len: 200}];
// Specify the method to search for the project name. Default is EQUAL. // Specify the method to search for the project name. Default is EQUAL.
// For example, to search for all authorizations with a project name containing a specific string, // For example, to search for all authorizations granted on a project with
// use CONTAINS or CONTAINS_IGNORE_CASE. // a name containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true]; zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
} }

109
proto/zitadel/permissions/v2/manager.proto
View File

@@ -18,11 +18,6 @@ message Manager {
google.protobuf.Timestamp change_date = 3; google.protobuf.Timestamp change_date = 3;
// User is the user who was granted the manager role. // User is the user who was granted the manager role.
User user = 4; User user = 4;
// string user_id = 3;
// string user_preferred_login_name = 4;
// string user_display_name = 5;
// string user_avatar_url = 6;
// string user_organization_id = 7;
// Resource is the type of the resource the manager roles were granted for. // Resource is the type of the resource the manager roles were granted for.
oneof resource { oneof resource {
// Instance is returned if the manager roles were granted on the instance level. // Instance is returned if the manager roles were granted on the instance level.
@@ -50,8 +45,6 @@ message User {
string avatar_url = 4; string avatar_url = 4;
// The organization the user belong to. // The organization the user belong to.
string organization_id = 5; string organization_id = 5;
// zitadel.user.v1.Type user_type = 10 TODO: peintner?
} }
message Organization { message Organization {
@@ -83,15 +76,61 @@ message ManagerQuery {
oneof query { oneof query {
option (validate.required) = true; option (validate.required) = true;
// Search for managers roles granted to a specific user. // Search for manager roles by their ID.
UserIDQuery user_id_query = 1; ManagerIDQuery manager_id = 1;
// Search for manager roles by their creation date.
CreationDateQuery creation_date = 2;
// Search for manager roles by their change date.
ChangeDateQuery change_date = 3;
// Search for managers roles by the ID of the user who was granted the manager role.
UserIDQuery user_id = 4;
// Search for managers roles by the ID of the organization the user is part of.
UserOrganizationIDQuery user_organization_id = 5;
// Search for managers roles by the preferred login name of the user.
UserPreferredLoginNameQuery user_preferred_login_name = 6;
// Search for managers roles by the display name of the user.
UserDisplayNameQuery user_display_name = 7;
// Search for managers roles granted for a specific resource. // Search for managers roles granted for a specific resource.
ResourceQuery resource_query = 2; ResourceQuery resource = 8;
// Search for managers roles granted with a specific role. // Search for managers roles granted with a specific role.
RoleQuery role_query = 3; RoleQuery role = 9;
// Combine multiple authorization queries with an AND operation.
AndQuery and = 10;
// Combine multiple authorization queries with an OR operation.
// For example, to search for authorizations of multiple OrganizationIDs.
OrQuery or = 11;
// Negate an authorization query.
NotQuery not = 12;
} }
} }
message ManagerIDQuery {
// Search for managers by their ID.
string manager_id = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
}
message CreationDateQuery {
// Specify the creation date of the manager role to search for.
google.protobuf.Timestamp creation_date = 1;
// Specify the method to search for the creation date. Default is EQUAL.
// For example, to search for all manager roles created after a specific date, use GREATER_THAN.
// To search for all manager roles created before a specific date, use LESS_THAN.
zitadel.object.v2.TimestampQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message ChangeDateQuery {
// Specify the change date of the manager role to search for.
google.protobuf.Timestamp change_date = 1;
// Specify the method to search for the change date. Default is EQUAL.
// For example, to search for all manager roles changed after a specific date, use GREATER_THAN.
// To search for all manager roles changed before a specific date, use LESS_THAN.
zitadel.object.v2.TimestampQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message UserIDQuery { message UserIDQuery {
// Search for managers by user ID. // Search for managers by user ID.
string user_id = 1 [(validate.rules).string = { string user_id = 1 [(validate.rules).string = {
@@ -100,6 +139,39 @@ message UserIDQuery {
}]; }];
} }
message UserOrganizationIDQuery {
// Search for managers by the organization ID of the user.
// Note that this might not be the organization the manager role was granted for.
string organization_id = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
}
message UserPreferredLoginNameQuery {
// Search for managers by the preferred login name of the user.
string preferred_login_name = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
// Specify the method to search for the preferred login name. Default is EQUAL.
// For example, to search for all manager roles of a user with a preferred login name
// containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message UserDisplayNameQuery {
// Search for managers by the display name of the user.
string display_name = 1 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
// Specify the method to search for the display name. Default is EQUAL.
// For example, to search for all manager roles of a user with a display name
// containing a specific string, use CONTAINS or CONTAINS_IGNORE_CASE.
zitadel.object.v2.TextQueryMethod method = 2 [(validate.rules).enum.defined_only = true];
}
message ResourceQuery { message ResourceQuery {
// Search for managers by the granted resource. // Search for managers by the granted resource.
oneof resource { oneof resource {
@@ -120,4 +192,17 @@ message RoleQuery {
min_len: 1 min_len: 1
max_len: 200 max_len: 200
}]; }];
} }
message AndQuery {
repeated ManagerQuery queries = 1;
}
message OrQuery {
repeated ManagerQuery queries = 1;
}
message NotQuery {
ManagerQuery query = 1;
}