From 1cd26d5b7df840d94f2b10e1c92315386669e0ad Mon Sep 17 00:00:00 2001
From: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Date: Thu, 2 Sep 2021 09:22:28 +0200
Subject: [PATCH] fix: remove manipulate metadata from authapi (#2303)

---
 docs/docs/apis/proto/auth.md   | 48 ---------------------------------
 internal/api/grpc/auth/user.go | 49 ----------------------------------
 proto/zitadel/auth.proto       | 47 --------------------------------
 3 files changed, 144 deletions(-)

diff --git a/docs/docs/apis/proto/auth.md b/docs/docs/apis/proto/auth.md
index 5b1ccf2a5b..80ba2d5784 100644
--- a/docs/docs/apis/proto/auth.md
+++ b/docs/docs/apis/proto/auth.md
@@ -67,30 +67,6 @@ Returns the user sessions of the authorized user of the current useragent
     POST: /users/me/sessions/_search
 
 
-### SetMyMetadata
-
-> **rpc** SetMyMetadata([SetMyMetadataRequest](#setmymetadatarequest))
-[SetMyMetadataResponse](#setmymetadataresponse)
-
-Sets a user metadata by key to the authorized user
-
-
-
-    POST: /users/me/metadata/{key}
-
-
-### BulkSetMyMetadata
-
-> **rpc** BulkSetMyMetadata([BulkSetMyMetadataRequest](#bulksetmymetadatarequest))
-[BulkSetMyMetadataResponse](#bulksetmymetadataresponse)
-
-Set a list of user metadata to the authorized user
-
-
-
-    POST: /users/me/metadata/_bulk
-
-
 ### ListMyMetadata
 
 > **rpc** ListMyMetadata([ListMyMetadataRequest](#listmymetadatarequest))
@@ -115,30 +91,6 @@ Returns the user metadata by key of the authorized user
     GET: /users/me/metadata/{key}
 
 
-### RemoveMyMetadata
-
-> **rpc** RemoveMyMetadata([RemoveMyMetadataRequest](#removemymetadatarequest))
-[RemoveMyMetadataResponse](#removemymetadataresponse)
-
-Removes a user metadata by key to the authorized user
-
-
-
-    DELETE: /users/me/metadata/{key}
-
-
-### BulkRemoveMyMetadata
-
-> **rpc** BulkRemoveMyMetadata([BulkRemoveMyMetadataRequest](#bulkremovemymetadatarequest))
-[BulkRemoveMyMetadataResponse](#bulkremovemymetadataresponse)
-
-Set a list of user metadata to the authorized user
-
-
-
-    DELETE: /users/me/metadata/_bulk
-
-
 ### ListMyRefreshTokens
 
 > **rpc** ListMyRefreshTokens([ListMyRefreshTokensRequest](#listmyrefreshtokensrequest))
diff --git a/internal/api/grpc/auth/user.go b/internal/api/grpc/auth/user.go
index c831525c27..3fb2cdaf16 100644
--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -11,7 +11,6 @@ import (
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/api/grpc/org"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
-	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	grant_model "github.com/caos/zitadel/internal/usergrant/model"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
@@ -65,54 +64,6 @@ func (s *Server) GetMyMetadata(ctx context.Context, req *auth_pb.GetMyMetadataRe
 	}, nil
 }
 
-func (s *Server) SetMyMetadata(ctx context.Context, req *auth_pb.SetMyMetadataRequest) (*auth_pb.SetMyMetadataResponse, error) {
-	ctxData := authz.GetCtxData(ctx)
-	result, err := s.command.SetUserMetadata(ctx, &domain.Metadata{Key: req.Key, Value: req.Value}, ctxData.UserID, ctxData.ResourceOwner)
-	if err != nil {
-		return nil, err
-	}
-	return &auth_pb.SetMyMetadataResponse{
-		Details: obj_grpc.AddToDetailsPb(
-			result.Sequence,
-			result.ChangeDate,
-			result.ResourceOwner,
-		),
-	}, nil
-}
-
-func (s *Server) BulkSetMyMetadata(ctx context.Context, req *auth_pb.BulkSetMyMetadataRequest) (*auth_pb.BulkSetMyMetadataResponse, error) {
-	ctxData := authz.GetCtxData(ctx)
-	result, err := s.command.BulkSetUserMetadata(ctx, ctxData.UserID, ctxData.ResourceOwner, BulkSetMetadataToDomain(req)...)
-	if err != nil {
-		return nil, err
-	}
-	return &auth_pb.BulkSetMyMetadataResponse{
-		Details: obj_grpc.DomainToChangeDetailsPb(result),
-	}, nil
-}
-
-func (s *Server) RemoveMyMetadata(ctx context.Context, req *auth_pb.RemoveMyMetadataRequest) (*auth_pb.RemoveMyMetadataResponse, error) {
-	ctxData := authz.GetCtxData(ctx)
-	result, err := s.command.RemoveUserMetadata(ctx, req.Key, ctxData.UserID, ctxData.ResourceOwner)
-	if err != nil {
-		return nil, err
-	}
-	return &auth_pb.RemoveMyMetadataResponse{
-		Details: obj_grpc.DomainToChangeDetailsPb(result),
-	}, nil
-}
-
-func (s *Server) BulkRemoveMyMetadata(ctx context.Context, req *auth_pb.BulkRemoveMyMetadataRequest) (*auth_pb.BulkRemoveMyMetadataResponse, error) {
-	ctxData := authz.GetCtxData(ctx)
-	result, err := s.command.BulkRemoveUserMetadata(ctx, ctxData.UserID, ctxData.ResourceOwner, req.Keys...)
-	if err != nil {
-		return nil, err
-	}
-	return &auth_pb.BulkRemoveMyMetadataResponse{
-		Details: obj_grpc.DomainToChangeDetailsPb(result),
-	}, nil
-}
-
 func (s *Server) ListMyUserSessions(ctx context.Context, req *auth_pb.ListMyUserSessionsRequest) (*auth_pb.ListMyUserSessionsResponse, error) {
 	userSessions, err := s.repo.GetMyUserSessions(ctx)
 	if err != nil {
diff --git a/proto/zitadel/auth.proto b/proto/zitadel/auth.proto
index e40a3edfb0..c2cb85dbb7 100644
--- a/proto/zitadel/auth.proto
+++ b/proto/zitadel/auth.proto
@@ -97,30 +97,6 @@ service AuthService {
         };
     }
 
-    // Sets a user metadata by key to the authorized user
-    rpc SetMyMetadata(SetMyMetadataRequest) returns (SetMyMetadataResponse) {
-        option (google.api.http) = {
-            post: "/users/me/metadata/{key}"
-            body: "*"
-        };
-
-        option (zitadel.v1.auth_option) = {
-            permission: "authenticated"
-        };
-    }
-
-    // Set a list of user metadata to the authorized user
-    rpc BulkSetMyMetadata(BulkSetMyMetadataRequest) returns (BulkSetMyMetadataResponse) {
-        option (google.api.http) = {
-            post: "/users/me/metadata/_bulk"
-            body: "*"
-        };
-
-        option (zitadel.v1.auth_option) = {
-            permission: "authenticated"
-        };
-    }
-
     // Returns the user metadata of the authorized user
     rpc ListMyMetadata(ListMyMetadataRequest) returns (ListMyMetadataResponse) {
         option (google.api.http) = {
@@ -144,29 +120,6 @@ service AuthService {
         };
     }
 
-    // Removes a user metadata by key to the authorized user
-    rpc RemoveMyMetadata(RemoveMyMetadataRequest) returns (RemoveMyMetadataResponse) {
-        option (google.api.http) = {
-            delete: "/users/me/metadata/{key}"
-        };
-
-        option (zitadel.v1.auth_option) = {
-            permission: "authenticated"
-        };
-    }
-
-    // Set a list of user metadata to the authorized user
-    rpc BulkRemoveMyMetadata(BulkRemoveMyMetadataRequest) returns (BulkRemoveMyMetadataResponse) {
-        option (google.api.http) = {
-            delete: "/users/me/metadata/_bulk"
-            body: "*"
-        };
-
-        option (zitadel.v1.auth_option) = {
-            permission: "authenticated"
-        };
-    }
-
     // Returns the refresh tokens of the authorized user
     rpc ListMyRefreshTokens(ListMyRefreshTokensRequest) returns (ListMyRefreshTokensResponse) {
         option (google.api.http) = {