feat(queries): user membership (#2768)

* refactor(domain): add user type

* fix(projections): start with login names

* fix(login_policy): correct handling of user domain claimed event

* fix(projections): add members

* refactor: simplify member projections

* add migration for members

* add metadata to member projections

* refactor: login name projection

* fix: set correct suffixes on login name projections

* test(projections): login name reduces

* fix: correct cols in reduce member

* test(projections): org, iam, project members

* member additional cols and conds as opt,
add project grant members

* fix(migration): members

* fix(migration): correct database name

* migration version

* migs

* better naming for member cond and col

* split project and project grant members

* prepare member columns

* feat(queries): membership query

* test(queries): membership prepare

* fix(queries): multiple projections for latest sequence

* fix(api): use query for membership queries in auth and management

* fix(query): member queries and user avatar column

* member cols

* fix(queries): membership stmt

* fix user test

* fix user test

internal/api/grpc/auth/permission.go

@@ -29,18 +29,18 @@ func (s *Server) ListMyProjectPermissions(ctx context.Context, _ *auth_pb.ListMy
 }
 
 func (s *Server) ListMyMemberships(ctx context.Context, req *auth_pb.ListMyMembershipsRequest) (*auth_pb.ListMyMembershipsResponse, error) {
-	request, err := ListMyMembershipsRequestToModel(req)
+	request, err := ListMyMembershipsRequestToModel(ctx, req)
 	if err != nil {
 		return nil, err
 	}
-	response, err := s.repo.SearchMyUserMemberships(ctx, request)
+	response, err := s.query.Memberships(ctx, request)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyMembershipsResponse{
-		Result: user_grpc.MembershipsToMembershipsPb(response.Result),
+		Result: user_grpc.MembershipsToMembershipsPb(response.Memberships),
 		Details: obj_grpc.ToListDetails(
-			response.TotalResult,
+			response.Count,
 			response.Sequence,
 			response.Timestamp,
 		),

internal/api/grpc/auth/permission_converter.go

@@ -1,23 +1,33 @@
 package auth
 
 import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
-	user_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/internal/query"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
 )
 
-func ListMyMembershipsRequestToModel(req *auth_pb.ListMyMembershipsRequest) (*user_model.UserMembershipSearchRequest, error) {
+func ListMyMembershipsRequestToModel(ctx context.Context, req *auth_pb.ListMyMembershipsRequest) (*query.MembershipSearchQuery, error) {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
-	queries, err := user_grpc.MembershipQueriesToModel(req.Queries)
+	queries, err := user_grpc.MembershipQueriesToQuery(req.Queries)
 	if err != nil {
 		return nil, err
 	}
-	return &user_model.UserMembershipSearchRequest{
-		Offset: offset,
-		Limit:  limit,
-		Asc:    asc,
-		//SortingColumn: //TODO: sorting
+	userQuery, err := query.NewMembershipUserIDQuery(authz.GetCtxData(ctx).UserID)
+	if err != nil {
+		return nil, err
+	}
+	queries = append(queries, userQuery)
+	return &query.MembershipSearchQuery{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+			//SortingColumn: //TODO: sorting
+		},
 		Queries: queries,
 	}, nil
 }

internal/api/grpc/auth/user.go

@@ -7,7 +7,6 @@ import (
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/change"
 	"github.com/caos/zitadel/internal/api/grpc/metadata"
-	"github.com/caos/zitadel/internal/api/grpc/object"
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/api/grpc/org"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
@@ -102,7 +101,7 @@ func (s *Server) UpdateMyUserName(ctx context.Context, req *auth_pb.UpdateMyUser
 		return nil, err
 	}
 	return &auth_pb.UpdateMyUserNameResponse{
-		Details: object.DomainToChangeDetailsPb(objectDetails),
+		Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
 	}, nil
 }
 
@@ -121,7 +120,7 @@ func (s *Server) ListMyUserGrants(ctx context.Context, req *auth_pb.ListMyUserGr
 	}
 	return &auth_pb.ListMyUserGrantsResponse{
 		Result: UserGrantsToPb(res.Result),
-		Details: object.ToListDetails(
+		Details: obj_grpc.ToListDetails(
 			res.TotalResult,
 			res.Sequence,
 			res.Timestamp,
@@ -140,13 +139,13 @@ func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProje
 	}
 	return &auth_pb.ListMyProjectOrgsResponse{
 		//TODO: not all details
-		Details: object.ToListDetails(res.TotalResult, 0, time.Time{}),
+		Details: obj_grpc.ToListDetails(res.TotalResult, 0, time.Time{}),
 		Result:  org.OrgsToPb(res.Result),
 	}, nil
 }
 
 func ListMyProjectOrgsRequestToModel(req *auth_pb.ListMyProjectOrgsRequest) (*grant_model.UserGrantSearchRequest, error) {
-	offset, limit, asc := object.ListQueryToModel(req.Query)
+	offset, limit, asc := obj_grpc.ListQueryToModel(req.Query)
 	queries, err := org.OrgQueriesToUserGrantModel(req.Queries)
 	if err != nil {
 		return nil, err

internal/api/grpc/management/user.go

@@ -634,18 +634,18 @@ func (s *Server) RemoveHumanLinkedIDP(ctx context.Context, req *mgmt_pb.RemoveHu
 }
 
 func (s *Server) ListUserMemberships(ctx context.Context, req *mgmt_pb.ListUserMembershipsRequest) (*mgmt_pb.ListUserMembershipsResponse, error) {
-	request, err := ListUserMembershipsRequestToModel(req)
+	request, err := ListUserMembershipsRequestToModel(ctx, req)
 	if err != nil {
 		return nil, err
 	}
-	response, err := s.user.SearchUserMemberships(ctx, request)
+	response, err := s.query.Memberships(ctx, request)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListUserMembershipsResponse{
-		Result: user_grpc.MembershipsToMembershipsPb(response.Result),
+		Result: user_grpc.MembershipsToMembershipsPb(response.Memberships),
 		Details: obj_grpc.ToListDetails(
-			response.TotalResult,
+			response.Count,
 			response.Sequence,
 			response.Timestamp,
 		),

internal/api/grpc/management/user_converter.go

@@ -255,21 +255,27 @@ func ListHumanLinkedIDPsRequestToQuery(ctx context.Context, req *mgmt_pb.ListHum
 	}, nil
 }
 
-func ListUserMembershipsRequestToModel(req *mgmt_pb.ListUserMembershipsRequest) (*user_model.UserMembershipSearchRequest, error) {
+func ListUserMembershipsRequestToModel(ctx context.Context, req *mgmt_pb.ListUserMembershipsRequest) (*query.MembershipSearchQuery, error) {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
-	queries, err := user_grpc.MembershipQueriesToModel(req.Queries)
+	queries, err := user_grpc.MembershipQueriesToQuery(req.Queries)
 	if err != nil {
 		return nil, err
 	}
-	queries = append(queries, &user_model.UserMembershipSearchQuery{
-		Key:    user_model.UserMembershipSearchKeyUserID,
-		Method: domain.SearchMethodEquals,
-		Value:  req.UserId,
-	})
-	return &user_model.UserMembershipSearchRequest{
-		Offset: offset,
-		Limit:  limit,
-		Asc:    asc,
+	userQuery, err := query.NewMembershipUserIDQuery(req.UserId)
+	if err != nil {
+		return nil, err
+	}
+	ownerQuery, err := query.NewMembershipResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	queries = append(queries, userQuery, ownerQuery)
+	return &query.MembershipSearchQuery{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
 		//SortingColumn: //TODO: sorting
 		Queries: queries,
 	}, nil

internal/api/grpc/object/converter.go

@@ -124,7 +124,7 @@ func TextMethodToQuery(method object_pb.TextQueryMethod) query.TextComparison {
 
 func ListQueryToModel(query *object_pb.ListQuery) (offset, limit uint64, asc bool) {
 	if query == nil {
-		return
+		return 0, 0, false
 	}
 	return query.Offset, uint64(query.Limit), query.Asc
 }

internal/api/grpc/user/membership.go

@@ -4,34 +4,35 @@ import (
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/query"
 	user_model "github.com/caos/zitadel/internal/user/model"
 	user_pb "github.com/caos/zitadel/pkg/grpc/user"
 )
 
-func MembershipQueriesToModel(queries []*user_pb.MembershipQuery) (_ []*user_model.UserMembershipSearchQuery, err error) {
-	q := make([]*user_model.UserMembershipSearchQuery, 0)
+func MembershipQueriesToQuery(queries []*user_pb.MembershipQuery) (_ []query.SearchQuery, err error) {
+	q := make([]query.SearchQuery, 0)
 	for _, query := range queries {
-		qs, err := MembershipQueryToModel(query)
+		qs, err := MembershipQueryToQuery(query)
 		if err != nil {
 			return nil, err
 		}
-		q = append(q, qs...)
+		q = append(q, qs)
 	}
 	return q, nil
 }
 
-func MembershipQueryToModel(query *user_pb.MembershipQuery) ([]*user_model.UserMembershipSearchQuery, error) {
-	switch q := query.Query.(type) {
+func MembershipQueryToQuery(req *user_pb.MembershipQuery) (query.SearchQuery, error) {
+	switch q := req.Query.(type) {
 	case *user_pb.MembershipQuery_OrgQuery:
-		return MembershipOrgQueryToModel(q.OrgQuery), nil
+		return query.NewMembershipOrgIDQuery(q.OrgQuery.OrgId)
 	case *user_pb.MembershipQuery_ProjectQuery:
-		return MembershipProjectQueryToModel(q.ProjectQuery), nil
+		return query.NewMembershipProjectIDQuery(q.ProjectQuery.ProjectId)
 	case *user_pb.MembershipQuery_ProjectGrantQuery:
-		return MembershipProjectGrantQueryToModel(q.ProjectGrantQuery), nil
+		return query.NewMembershipProjectGrantIDQuery(q.ProjectGrantQuery.ProjectGrantId)
 	case *user_pb.MembershipQuery_IamQuery:
-		return MembershipIAMQueryToModel(q.IamQuery), nil
+		return query.NewMembershipIsIAMQuery()
 	default:
-		return nil, errors.ThrowInvalidArgument(nil, "USER-dsg3z", "List.Query.Invalid")
+		return nil, errors.ThrowInvalidArgument(nil, "USER-dsg3z", "Errors.List.Query.Invalid")
 	}
 }
 
@@ -91,7 +92,7 @@ func MembershipProjectGrantQueryToModel(q *user_pb.MembershipProjectGrantQuery)
 	}
 }
 
-func MembershipsToMembershipsPb(memberships []*user_model.UserMembershipView) []*user_pb.Membership {
+func MembershipsToMembershipsPb(memberships []*query.Membership) []*user_pb.Membership {
 	converted := make([]*user_pb.Membership, len(memberships))
 	for i, membership := range memberships {
 		converted[i] = MembershipToMembershipPb(membership)
@@ -99,7 +100,7 @@ func MembershipsToMembershipsPb(memberships []*user_model.UserMembershipView) []
 	return converted
 }
 
-func MembershipToMembershipPb(membership *user_model.UserMembershipView) *user_pb.Membership {
+func MembershipToMembershipPb(membership *query.Membership) *user_pb.Membership {
 	return &user_pb.Membership{
 		UserId:      membership.UserID,
 		Type:        memberTypeToPb(membership),
@@ -114,25 +115,23 @@ func MembershipToMembershipPb(membership *user_model.UserMembershipView) *user_p
 	}
 }
 
-func memberTypeToPb(membership *user_model.UserMembershipView) user_pb.MembershipType {
-	switch membership.MemberType {
-	case user_model.MemberTypeOrganisation:
+func memberTypeToPb(membership *query.Membership) user_pb.MembershipType {
+	if membership.Org != nil {
 		return &user_pb.Membership_OrgId{
-			OrgId: membership.AggregateID,
+			OrgId: membership.Org.OrgID,
 		}
-	case user_model.MemberTypeProject:
+	} else if membership.Project != nil {
 		return &user_pb.Membership_ProjectId{
-			ProjectId: membership.AggregateID,
+			ProjectId: membership.Project.ProjectID,
 		}
-	case user_model.MemberTypeProjectGrant:
+	} else if membership.ProjectGrant != nil {
 		return &user_pb.Membership_ProjectGrantId{
-			ProjectGrantId: membership.ObjectID,
+			ProjectGrantId: membership.ProjectGrant.GrantID,
 		}
-	case user_model.MemberTypeIam:
+	} else if membership.IAM != nil {
 		return &user_pb.Membership_Iam{
-			Iam: true, //TODO: ?
+			Iam: true,
 		}
-	default:
-		return nil //TODO: ?
 	}
+	return nil
 }