feat: add resource owner scope / claim (#2274)

* feat: add resource owner scope / claime

* fix: private claimes

* fix: private claims

* fix: add claim description

* Update claims.md

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/auth/repository/eventsourcing/eventstore/user.go

@@ -17,6 +17,7 @@ import (
 	iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
 	key_model "github.com/caos/zitadel/internal/key/model"
 	key_view_model "github.com/caos/zitadel/internal/key/repository/view/model"
+	org_model "github.com/caos/zitadel/internal/org/repository/view/model"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
 	"github.com/caos/zitadel/internal/user/model"
 	usr_view "github.com/caos/zitadel/internal/user/repository/view"
@@ -307,6 +308,18 @@ func (repo *UserRepo) GetMyMetadataByKey(ctx context.Context, key string) (*doma
 	return iam_model.MetadataViewToDomain(data), nil
 }
 
+func (repo *UserRepo) OrgByUserID(ctx context.Context, userID string) (*domain.Org, error) {
+	user, err := repo.View.UserByID(userID)
+	if err != nil {
+		return nil, err
+	}
+	org, err := repo.View.OrgByID(user.ResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	return org_model.OrgToDomain(org), nil
+}
+
 func (repo *UserRepo) SearchUserMetadata(ctx context.Context, userID string) (*domain.MetadataSearchResponse, error) {
 	req := new(domain.MetadataSearchRequest)
 	return repo.searchUserMetadata(userID, "", req)

internal/auth/repository/user.go

@@ -23,6 +23,7 @@ type UserRepository interface {
 	SearchUsers(ctx context.Context, request *model.UserSearchRequest) (*model.UserSearchResponse, error)
 
 	SearchUserMetadata(ctx context.Context, userID string) (*domain.MetadataSearchResponse, error)
+	OrgByUserID(ctx context.Context, userID string) (*domain.Org, error)
 }
 
 type myUserRepo interface {