feat: allow session deletion without session token (#6889)

* fix: add resource owner of user and change the one of session to instance * use user resource owner from session projection * fix session permission check * integration tests and fixes * update api docs
2025-08-11 21:17:32 +00:00 · 2023-11-16 08:35:50 +02:00
parent 0948a0b9ae
commit 2e8c3b5a53
18 changed files with 448 additions and 301 deletions
--- a/internal/repository/session/session.go
+++ b/internal/repository/session/session.go
@@ -75,8 +75,9 @@ func AddedEventMapper(event eventstore.Event) (eventstore.Event, error) {
 type UserCheckedEvent struct {
 	eventstore.BaseEvent `json:"-"`

-	UserID    string    `json:"userID"`
-	CheckedAt time.Time `json:"checkedAt"`
+	UserID            string    `json:"userID"`
+	UserResourceOwner string    `json:"userResourceOwner"`
+	CheckedAt         time.Time `json:"checkedAt"`
 }

 func (e *UserCheckedEvent) Payload() interface{} {
@@ -90,7 +91,8 @@ func (e *UserCheckedEvent) UniqueConstraints() []*eventstore.UniqueConstraint {
 func NewUserCheckedEvent(
 	ctx context.Context,
 	aggregate *eventstore.Aggregate,
-	userID string,
+	userID,
+	userResourceOwner string,
 	checkedAt time.Time,
 ) *UserCheckedEvent {
 	return &UserCheckedEvent{
@@ -99,8 +101,9 @@ func NewUserCheckedEvent(
 			aggregate,
 			UserCheckedType,
 		),
-		UserID:    userID,
-		CheckedAt: checkedAt,
+		UserID:            userID,
+		UserResourceOwner: userResourceOwner,
+		CheckedAt:         checkedAt,
 	}
 }