From 21a0e4a972df1be4124b0227df21e46fa9c1a6b9 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Wed, 1 Jun 2022 09:50:28 +0200
Subject: [PATCH] feat: get current label and privacy policies (#3748)

---
 docs/docs/apis/proto/auth.md     | 58 ++++++++++++++++++++++++++++++++
 internal/api/grpc/auth/policy.go | 29 ++++++++++++++++
 proto/zitadel/auth.proto         | 36 ++++++++++++++++++++
 3 files changed, 123 insertions(+)
 create mode 100644 internal/api/grpc/auth/policy.go

diff --git a/docs/docs/apis/proto/auth.md b/docs/docs/apis/proto/auth.md
index 5bae5d0192..5653440268 100644
--- a/docs/docs/apis/proto/auth.md
+++ b/docs/docs/apis/proto/auth.md
@@ -570,6 +570,30 @@ Limit should always be set, there is a default limit set by the service
     POST: /memberships/me/_search
 
 
+### GetMyLabelPolicy
+
+> **rpc** GetMyLabelPolicy([GetMyLabelPolicyRequest](#getmylabelpolicyrequest))
+[GetMyLabelPolicyResponse](#getmylabelpolicyresponse)
+
+Returns the label policy of the current organisation
+
+
+
+    GET: /policies/label
+
+
+### GetMyPrivacyPolicy
+
+> **rpc** GetMyPrivacyPolicy([GetMyPrivacyPolicyRequest](#getmyprivacypolicyrequest))
+[GetMyPrivacyPolicyResponse](#getmyprivacypolicyresponse)
+
+Returns the privacy policy of the current organisation
+
+
+
+    GET: /policies/privacy
+
+
 
 
 
@@ -726,6 +750,23 @@ This is an empty request
 
 
 
+### GetMyLabelPolicyRequest
+This is an empty request
+
+
+
+
+### GetMyLabelPolicyResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| policy |  zitadel.policy.v1.LabelPolicy | - |  |
+
+
+
+
 ### GetMyMetadataRequest
 
 
@@ -783,6 +824,23 @@ This is an empty request
 
 
 
+### GetMyPrivacyPolicyRequest
+This is an empty request
+
+
+
+
+### GetMyPrivacyPolicyResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| policy |  zitadel.policy.v1.PrivacyPolicy | - |  |
+
+
+
+
 ### GetMyProfileRequest
 This is an empty request
 
diff --git a/internal/api/grpc/auth/policy.go b/internal/api/grpc/auth/policy.go
new file mode 100644
index 0000000000..7ba7a357e4
--- /dev/null
+++ b/internal/api/grpc/auth/policy.go
@@ -0,0 +1,29 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	policy_grpc "github.com/zitadel/zitadel/internal/api/grpc/policy"
+	auth_pb "github.com/zitadel/zitadel/pkg/grpc/auth"
+)
+
+func (s *Server) GetMyLabelPolicy(ctx context.Context, _ *auth_pb.GetMyLabelPolicyRequest) (*auth_pb.GetMyLabelPolicyResponse, error) {
+	policy, err := s.query.ActiveLabelPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &auth_pb.GetMyLabelPolicyResponse{
+		Policy: policy_grpc.ModelLabelPolicyToPb(policy, s.assetsAPIDomain(ctx)),
+	}, nil
+}
+
+func (s *Server) GetMyPrivacyPolicy(ctx context.Context, _ *auth_pb.GetMyPrivacyPolicyRequest) (*auth_pb.GetMyPrivacyPolicyResponse, error) {
+	policy, err := s.query.PrivacyPolicyByOrg(ctx, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &auth_pb.GetMyPrivacyPolicyResponse{
+		Policy: policy_grpc.ModelPrivacyPolicyToPb(policy),
+	}, nil
+}
diff --git a/proto/zitadel/auth.proto b/proto/zitadel/auth.proto
index 1a57e8c7d3..4f250c33ae 100644
--- a/proto/zitadel/auth.proto
+++ b/proto/zitadel/auth.proto
@@ -585,6 +585,28 @@ service AuthService {
             permission: "authenticated"
         };
     }
+
+    // Returns the label policy of the current organisation
+    rpc GetMyLabelPolicy(GetMyLabelPolicyRequest) returns (GetMyLabelPolicyResponse) {
+        option (google.api.http) = {
+            get: "/policies/label"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "authenticated"
+        };
+    }
+
+    // Returns the privacy policy of the current organisation
+    rpc GetMyPrivacyPolicy(GetMyPrivacyPolicyRequest) returns (GetMyPrivacyPolicyResponse) {
+        option (google.api.http) = {
+            get: "/policies/privacy"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "authenticated"
+        };
+    }
 }
 
 //This is an empty request
@@ -1017,3 +1039,17 @@ message ListMyMembershipsResponse {
     zitadel.v1.ListDetails details = 1;
     repeated zitadel.user.v1.Membership result = 2;
 }
+
+//This is an empty request
+message GetMyLabelPolicyRequest {}
+
+message GetMyLabelPolicyResponse {
+    zitadel.policy.v1.LabelPolicy policy = 1;
+}
+
+//This is an empty request
+message GetMyPrivacyPolicyRequest {}
+
+message GetMyPrivacyPolicyResponse {
+    zitadel.policy.v1.PrivacyPolicy policy = 1;
+}