From 13f9d2d142a482720591d0af73061029d44e85e6 Mon Sep 17 00:00:00 2001
From: Vlad Zagvozdkin <40493412+sirewix@users.noreply.github.com>
Date: Tue, 11 Feb 2025 23:09:50 +0500
Subject: [PATCH] Add uid to few events (#9332)

# Which Problems Are Solved

When implementing simple stateless event processor, `the
user.grant.changed` bears too little information: just grant id and list
of role keys. This makes it impossible to change a users permissions
solely based on available role keys and requires to either:

- Store a mapping grant id -> user id, making a service stateful
- Make an extra call to zitadel to resolve user id by grant id (And it
doesn't seem that such an endpoint exists)

Same with `user.grant.removed` events.

# How the Problems Are Solved

Added `userId` field to `user.grant.changed` and `user.grant.removed`
events

# Additional Changes

`user.grant.removed` now has `projectId` and `grantId` as well

# Additional Context

- Closes #9113
---
 internal/command/user_grant.go              |  4 ++--
 internal/command/user_grant_test.go         |  2 ++
 internal/repository/usergrant/user_grant.go | 19 +++++++++++--------
 3 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/internal/command/user_grant.go b/internal/command/user_grant.go
index e17fece115..6bb4a20b0a 100644
--- a/internal/command/user_grant.go
+++ b/internal/command/user_grant.go
@@ -108,7 +108,7 @@ func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGr
 	if cascade {
 		return usergrant.NewUserGrantCascadeChangedEvent(ctx, userGrantAgg, userGrant.RoleKeys), existingUserGrant, nil
 	}
-	return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, userGrant.RoleKeys), existingUserGrant, nil
+	return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, existingUserGrant.UserID, userGrant.RoleKeys), existingUserGrant, nil
 }
 
 func (c *Commands) removeRoleFromUserGrant(ctx context.Context, userGrantID string, roleKeys []string, cascade bool) (_ eventstore.Command, err error) {
@@ -141,7 +141,7 @@ func (c *Commands) removeRoleFromUserGrant(ctx context.Context, userGrantID stri
 		return usergrant.NewUserGrantCascadeChangedEvent(ctx, userGrantAgg, existingUserGrant.RoleKeys), nil
 	}
 
-	return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, existingUserGrant.RoleKeys), nil
+	return usergrant.NewUserGrantChangedEvent(ctx, userGrantAgg, existingUserGrant.UserID, existingUserGrant.RoleKeys), nil
 }
 
 func (c *Commands) DeactivateUserGrant(ctx context.Context, grantID, resourceOwner string) (objectDetails *domain.ObjectDetails, err error) {
diff --git a/internal/command/user_grant_test.go b/internal/command/user_grant_test.go
index a5fafde836..dec5903fe8 100644
--- a/internal/command/user_grant_test.go
+++ b/internal/command/user_grant_test.go
@@ -1073,6 +1073,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
 					expectPush(
 						usergrant.NewUserGrantChangedEvent(context.Background(),
 							&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
+							"user1",
 							[]string{"rolekey1", "rolekey2"},
 						),
 					),
@@ -1167,6 +1168,7 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
 					expectPush(
 						usergrant.NewUserGrantChangedEvent(context.Background(),
 							&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
+							"user1",
 							[]string{"rolekey1", "rolekey2"},
 						),
 					),
diff --git a/internal/repository/usergrant/user_grant.go b/internal/repository/usergrant/user_grant.go
index 4f4b27572f..ee5c8fb8bc 100644
--- a/internal/repository/usergrant/user_grant.go
+++ b/internal/repository/usergrant/user_grant.go
@@ -85,6 +85,7 @@ func UserGrantAddedEventMapper(event eventstore.Event) (eventstore.Event, error)
 
 type UserGrantChangedEvent struct {
 	eventstore.BaseEvent `json:"-"`
+	UserID               string   `json:"userId"`
 	RoleKeys             []string `json:"roleKeys"`
 }
 
@@ -99,6 +100,7 @@ func (e *UserGrantChangedEvent) UniqueConstraints() []*eventstore.UniqueConstrai
 func NewUserGrantChangedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
+	userID string,
 	roleKeys []string) *UserGrantChangedEvent {
 	return &UserGrantChangedEvent{
 		BaseEvent: *eventstore.NewBaseEventForPush(
@@ -106,6 +108,7 @@ func NewUserGrantChangedEvent(
 			aggregate,
 			UserGrantChangedType,
 		),
+		UserID:   userID,
 		RoleKeys: roleKeys,
 	}
 }
@@ -165,17 +168,17 @@ func UserGrantCascadeChangedEventMapper(event eventstore.Event) (eventstore.Even
 
 type UserGrantRemovedEvent struct {
 	eventstore.BaseEvent `json:"-"`
-	userID               string `json:"-"`
-	projectID            string `json:"-"`
-	projectGrantID       string `json:"-"`
+	UserID               string `json:"userId,omitempty"`
+	ProjectID            string `json:"projectId,omitempty"`
+	ProjectGrantID       string `json:"grantId,omitempty"`
 }
 
 func (e *UserGrantRemovedEvent) Payload() interface{} {
-	return nil
+	return e
 }
 
 func (e *UserGrantRemovedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
-	return []*eventstore.UniqueConstraint{NewRemoveUserGrantUniqueConstraint(e.Aggregate().ResourceOwner, e.userID, e.projectID, e.projectGrantID)}
+	return []*eventstore.UniqueConstraint{NewRemoveUserGrantUniqueConstraint(e.Aggregate().ResourceOwner, e.UserID, e.ProjectID, e.ProjectGrantID)}
 }
 
 func NewUserGrantRemovedEvent(
@@ -191,9 +194,9 @@ func NewUserGrantRemovedEvent(
 			aggregate,
 			UserGrantRemovedType,
 		),
-		userID:         userID,
-		projectID:      projectID,
-		projectGrantID: projectGrantID,
+		UserID:         userID,
+		ProjectID:      projectID,
+		ProjectGrantID: projectGrantID,
 	}
 }