fix: add organizationID query for user v2 ListUsers and clean up depeprecated attribute (#7593)

Add organizationID as query for ListUsers and clean up the deprecated Organisation attributes in other queries. This PR removes the following fields from API requests (user service v2): organisation from AddHumanUser (deprecated some time ago, organization still exists) organization from GetUserByID
2025-08-11 18:33:28 +00:00 · 2024-03-21 09:07:00 +01:00
parent 7e24a1adbc
commit 319ebe7898
8 changed files with 217 additions and 143 deletions
--- a/proto/zitadel/user/v2beta/query.proto
+++ b/proto/zitadel/user/v2beta/query.proto
@@ -29,9 +29,11 @@ message SearchQuery {
        AndQuery and_query = 12;
        NotQuery not_query = 13;
        InUserEmailsQuery in_user_emails_query = 14;
+        OrganizationIdQuery organization_id_query = 15;
    }
 }

+// Connect multiple sub-condition with and OR operator.
 message OrQuery {
    repeated SearchQuery queries = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -39,6 +41,8 @@ message OrQuery {
        }
    ];
 }
+
+// Connect multiple sub-condition with and AND operator.
 message AndQuery {
    repeated SearchQuery queries = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -47,6 +51,7 @@ message AndQuery {
    ];
 }

+// Negate the sub-condition.
 message NotQuery {
    SearchQuery query = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -55,6 +60,7 @@ message NotQuery {
    ];
 }

+// Query for users with ID in list of IDs.
 message InUserIDQuery {
    repeated string user_ids = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -64,10 +70,13 @@ message InUserIDQuery {
    ];
 }

+// Query for users with a specific user name.
 message UserNameQuery {
    string user_name = 1 [
-        (validate.rules).string = {max_len: 200},
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
            max_length: 200;
            example: "\"gigi-giraffe\"";
        }
@@ -80,10 +89,13 @@ message UserNameQuery {
    ];
 }

+// Query for users with a specific first name.
 message FirstNameQuery {
    string first_name = 1 [
-        (validate.rules).string = {max_len: 200},
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
            max_length: 200;
            example: "\"Gigi\"";
        }
@@ -96,10 +108,13 @@ message FirstNameQuery {
    ];
 }

+// Query for users with a specific last name.
 message LastNameQuery {
    string last_name = 1 [
-        (validate.rules).string = {max_len: 200},
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
            max_length: 200;
            example: "\"Giraffe\"";
        }
@@ -112,8 +127,17 @@ message LastNameQuery {
    ];
 }

+// Query for users with a specific nickname.
 message NickNameQuery {
-    string nick_name = 1 [(validate.rules).string = {max_len: 200}];
+    string nick_name = 1 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
+            max_length: 200;
+            example: "\"Gigi\"";
+        }
+    ];
    zitadel.object.v2beta.TextQueryMethod method = 2 [
        (validate.rules).enum.defined_only = true,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -122,10 +146,13 @@ message NickNameQuery {
    ];
 }

+// Query for users with a specific display name.
 message DisplayNameQuery {
    string display_name = 1 [
-        (validate.rules).string = {max_len: 200},
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
            max_length: 200;
            example: "\"Gigi Giraffe\"";
        }
@@ -138,11 +165,14 @@ message DisplayNameQuery {
    ];
 }

+// Query for users with a specific email.
 message EmailQuery {
    string email_address = 1 [
-        (validate.rules).string = {max_len: 200},
+        (validate.rules).string = {min_len: 1, max_len: 200, email: true},
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "email address of the user. (spec: https://tools.ietf.org/html/rfc2822#section-3.4.1)"
+            min_length: 1;
            max_length: 200;
            example: "\"gigi@zitadel.com\"";
        }
@@ -155,10 +185,13 @@ message EmailQuery {
    ];
 }

+// Query for users with a specific state.
 message LoginNameQuery {
    string login_name = 1 [
-        (validate.rules).string = {max_len: 200},
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
            max_length: 200;
            example: "\"gigi@zitadel.cloud\"";
        }
@@ -171,26 +204,29 @@ message LoginNameQuery {
    ];
 }

-//UserStateQuery always equals
+// Query for users with a specific state.
 message StateQuery {
    UserState state = 1 [
        (validate.rules).enum.defined_only = true,
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "current state of the user";
        }
    ];
 }

-//UserTypeQuery always equals
+// Query for users with a specific type.
 message TypeQuery {
    Type type = 1 [
        (validate.rules).enum.defined_only = true,
+        (google.api.field_behavior) = REQUIRED,
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            description: "the type of the user";
        }
    ];
 }

+// Query for users with email in list of emails.
 message InUserEmailsQuery {
    repeated string user_emails = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -200,6 +236,19 @@ message InUserEmailsQuery {
    ];
 }

+// Query for users under a specific organization as resource owner.
+message OrganizationIdQuery {
+    string organization_id = 1 [
+        (validate.rules).string = {min_len: 1, max_len: 200},
+        (google.api.field_behavior) = REQUIRED,
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            min_length: 1;
+            max_length: 200;
+            example: "\"69629023906488334\""
+        }
+    ];
+}
+
 enum Type {
    TYPE_UNSPECIFIED = 0;
    TYPE_HUMAN = 1;
--- a/proto/zitadel/user/v2beta/user_service.proto
+++ b/proto/zitadel/user/v2beta/user_service.proto
@@ -157,7 +157,6 @@ service UserService {
    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
      summary: "User by ID";
      description: "Returns the full user object (human or machine) including the profile, email, etc."
-      tags: "Users";
      responses: {
        key: "200"
        value: {
@@ -183,7 +182,6 @@ service UserService {
    };

    option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
-      tags: "Users";
      summary: "Search Users";
      description: "Search for users. By default, we will return users of your organization. Make sure to include a limit and sorting for pagination."
      responses: {
@@ -897,7 +895,9 @@ service UserService {
 }

 message AddHumanUserRequest{
-  // optionally set your own id unique for the user
+  reserved 3;
+  reserved "organisation";
+  // optionally set your own id unique for the user.
  optional string user_id = 1 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -906,7 +906,7 @@ message AddHumanUserRequest{
      example: "\"d654e6ba-70a3-48ef-a95d-37c8d8a7901a\"";
    }
  ];
-  // optionally set a unique username, if none is provided the email will be used
+  // optionally set a unique username, if none is provided the email will be used.
  optional string username = 2 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@@ -915,12 +915,6 @@ message AddHumanUserRequest{
      example: "\"minnie-mouse\"";
    }
  ];
-  // deprecated: use organization (if both are set, organization will take precedence)
-  zitadel.object.v2beta.Organisation organisation = 3 [
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      description: "deprecated: use organization (if both are set, organization will take precedence)"
-    }
-  ];
  zitadel.object.v2beta.Organization organization = 11;
  SetHumanProfile profile = 4 [
    (validate.rules).message.required = true,
@@ -947,6 +941,8 @@ message AddHumanUserResponse {
 }

 message GetUserByIDRequest {
+  reserved 2;
+  reserved "organization";
  string user_id = 1 [
    (validate.rules).string = {min_len: 1, max_len: 200},
    (google.api.field_behavior) = REQUIRED,
@@ -957,7 +953,6 @@ message GetUserByIDRequest {
      description: "User ID of the user you like to get."
    }
  ];
-  zitadel.object.v2beta.Organization organization = 2;
 }

 message GetUserByIDResponse {