TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-05-01 12:00:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: new es bug fixes (#1477)

Browse Source 
* fix: displayname on members

* fix: user grant update

* fix: user grant id

* console grantid

Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
Fabi 2021-03-25 18:12:24 +01:00 committed by GitHub
parent a4763b1e4c
commit 31b542015e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 181 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
console/src/app/modules/user-grants/user-grants.component.html
View File

@ -26,7 +26,7 @@
</th> </th>
<td class="selection" mat-cell *matCellDef="let row"> <td class="selection" mat-cell *matCellDef="let row">
<mat-checkbox <mat-checkbox
[disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + row?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + row?.grantId] : []) | hasRole | async))" [disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + row?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + row?.id] : []) | hasRole | async))"
color="primary" (click)="$event.stopPropagation()" color="primary" (click)="$event.stopPropagation()"
(change)="$event ? selection.toggle(row) : null" [checked]="selection.isSelected(row)"> (change)="$event ? selection.toggle(row) : null" [checked]="selection.isSelected(row)">
<app-avatar <app-avatar
@ -86,15 +86,15 @@
</th> </th>
<td mat-cell *matCellDef="let grant; let i = index" class="role-data"> <td mat-cell *matCellDef="let grant; let i = index" class="role-data">
<ng-container <ng-container
*ngIf="(context === UserGrantContext.USER || context === UserGrantContext.NONE) && (grant.grantId && grantToEdit !== grant.grantId) || (grantToEdit !== grant.grantId)"> *ngIf="(context === UserGrantContext.USER || context === UserGrantContext.NONE) && (grant.id && grantToEdit !== grant.id) || (grantToEdit !== grant.id)">
<div class="flex-row"> <div class="flex-row">
<div class="role"> <div class="role">
<span *ngFor="let role of grant.roleKeysList">{{ role }}</span> <span *ngFor="let role of grant.roleKeysList">{{ role }}</span>
</div> </div>
<span class="fill-space"></span> <span class="fill-space"></span>
<button mat-stroked-button <button mat-stroked-button
*ngIf="grant.grantId ? grantToEdit !== grant.grantId : grantToEdit !== grant.grantId" *ngIf="grant.id ? grantToEdit !== grant.id : grantToEdit !== grant.id"
[disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + grant?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + grant?.grantId] : []) | hasRole | async))" [disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + grant?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + grant?.id] : []) | hasRole | async))"
(click)="loadGrantOptions(grant)" matTooltip="{{'ACTIONS.CHANGE' | translate}}"> (click)="loadGrantOptions(grant)" matTooltip="{{'ACTIONS.CHANGE' | translate}}">
<i class="las la-edit"></i> <i class="las la-edit"></i>
{{'ACTIONS.EDIT' | translate}} {{'ACTIONS.EDIT' | translate}}
@ -104,11 +104,11 @@
<div class="row-form"> <div class="row-form">
<ng-container <ng-container
*ngIf="(context === UserGrantContext.OWNED_PROJECT || context === UserGrantContext.USER || context === UserGrantContext.NONE) && grantToEdit == grant.grantId && loadedProjectId && loadedProjectId === grant.projectId"> *ngIf="(context === UserGrantContext.OWNED_PROJECT || context === UserGrantContext.USER || context === UserGrantContext.NONE) && grantToEdit == grant.id && loadedProjectId && loadedProjectId === grant.projectId">
<cnsl-form-field class="form-field" appearance="outline"> <cnsl-form-field class="form-field" appearance="outline">
<!-- <cnsl-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</cnsl-label> --> <!-- <cnsl-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</cnsl-label> -->
<mat-select [(ngModel)]="grant.roleKeysList" multiple <mat-select [(ngModel)]="grant.roleKeysList" multiple
[disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + grant?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + grant?.grantId] : []) | hasRole | async))" [disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + grant?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + grant?.id] : []) | hasRole | async))"
(selectionChange)="updateRoles(grant, $event)"> (selectionChange)="updateRoles(grant, $event)">
<mat-option *ngFor="let role of projectRoleOptions" [value]="role.key"> <mat-option *ngFor="let role of projectRoleOptions" [value]="role.key">
{{role.key}} {{role.key}}
@ -123,11 +123,11 @@
</ng-container> </ng-container>
<ng-container <ng-container
*ngIf="(context === UserGrantContext.GRANTED_PROJECT || context === UserGrantContext.USER || context === UserGrantContext.NONE) && loadedGrantId && loadedGrantId === grant.grantId && grantToEdit == grant.grantId"> *ngIf="(context === UserGrantContext.GRANTED_PROJECT || context === UserGrantContext.USER || context === UserGrantContext.NONE) && loadedId && loadedId === grant.id && grantToEdit == grant.id">
<cnsl-form-field class="form-field" appearance="outline"> <cnsl-form-field class="form-field" appearance="outline">
<!-- <cnsl-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</cnsl-label> --> <!-- <cnsl-label>{{ 'PROJECT.GRANT.ROLENAMESLIST' | translate }}</cnsl-label> -->
<mat-select [(ngModel)]="grant.roleKeysList" multiple <mat-select [(ngModel)]="grant.roleKeysList" multiple
[disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + grant?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + grant?.grantId] : []) | hasRole | async))" [disabled]="disableWrite || !((['user.grant.write$'] | hasRole | async) || ((context === UserGrantContext.OWNED_PROJECT ? ['user.grant.write:' + grant?.projectId] : context === UserGrantContext.GRANTED_PROJECT ? ['user.grant.write:' + grant?.id] : []) | hasRole | async))"
(selectionChange)="updateRoles(grant, $event)"> (selectionChange)="updateRoles(grant, $event)">
<mat-option *ngFor="let role of grantRoleOptions" [value]="role"> <mat-option *ngFor="let role of grantRoleOptions" [value]="role">
{{role}} {{role}}

18
console/src/app/modules/user-grants/user-grants.component.ts
View File

@ -60,7 +60,7 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
public projectRoleOptions: Role.AsObject[] = []; public projectRoleOptions: Role.AsObject[] = [];
public routerLink: any = ['']; public routerLink: any = [''];
public loadedGrantId: string = ''; public loadedId: string = '';
public loadedProjectId: string = ''; public loadedProjectId: string = '';
public grantToEdit: string = ''; public grantToEdit: string = '';
@ -173,7 +173,7 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
} }
public loadGrantOptions(grant: UserGrant.AsObject): void { public loadGrantOptions(grant: UserGrant.AsObject): void {
this.grantToEdit = grant.grantId; this.grantToEdit = grant.id;
if (grant.projectGrantId && grant.projectId) { if (grant.projectGrantId && grant.projectId) {
this.getGrantRoleOptions(grant.projectGrantId, grant.projectId); this.getGrantRoleOptions(grant.projectGrantId, grant.projectId);
} else if (grant.projectId) { } else if (grant.projectId) {
@ -181,11 +181,11 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
} }
} }
private getGrantRoleOptions(grantId: string, projectId: string): void { private getGrantRoleOptions(id: string, projectId: string): void {
console.log(projectId, grantId); console.log(projectId, id);
this.mgmtService.getGrantedProjectByID(projectId, grantId).then(resp => { this.mgmtService.getGrantedProjectByID(projectId, id).then(resp => {
if (resp.grantedProject) { if (resp.grantedProject) {
this.loadedGrantId = grantId; this.loadedId = id;
this.grantRoleOptions = resp.grantedProject?.grantedRoleKeysList; this.grantRoleOptions = resp.grantedProject?.grantedRoleKeysList;
} }
}).catch(error => { }).catch(error => {
@ -202,7 +202,7 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
} }
updateRoles(grant: UserGrant.AsObject, selectionChange: MatSelectChange): void { updateRoles(grant: UserGrant.AsObject, selectionChange: MatSelectChange): void {
this.userService.updateUserGrant(grant.grantId, grant.userId, selectionChange.value) this.userService.updateUserGrant(grant.id, grant.userId, selectionChange.value)
.then(() => { .then(() => {
this.toast.showInfo('GRANTS.TOAST.UPDATED', true); this.toast.showInfo('GRANTS.TOAST.UPDATED', true);
}).catch(error => { }).catch(error => {
@ -211,11 +211,11 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
} }
deleteGrantSelection(): void { deleteGrantSelection(): void {
this.userService.bulkRemoveUserGrant(this.selection.selected.map(grant => grant.grantId)).then(() => { this.userService.bulkRemoveUserGrant(this.selection.selected.map(grant => grant.id)).then(() => {
this.toast.showInfo('GRANTS.TOAST.BULKREMOVED', true); this.toast.showInfo('GRANTS.TOAST.BULKREMOVED', true);
const data = this.dataSource.grantsSubject.getValue(); const data = this.dataSource.grantsSubject.getValue();
this.selection.selected.forEach((item) => { this.selection.selected.forEach((item) => {
const index = data.findIndex(i => i.grantId === item.grantId); const index = data.findIndex(i => i.id === item.id);
if (index > -1) { if (index > -1) {
data.splice(index, 1); data.splice(index, 1);
this.dataSource.grantsSubject.next(data); this.dataSource.grantsSubject.next(data);

2
internal/api/grpc/user/user_grant.go
View File

@ -17,7 +17,7 @@ func UserGrantsToPb(grants []*usr_grant_model.UserGrantView) []*user_pb.UserGran
func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant { func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant {
return &user_pb.UserGrant{ return &user_pb.UserGrant{
GrantId: grant.ID, Id: grant.ID,
UserId: grant.UserID, UserId: grant.UserID,
State: ModelUserGrantStateToPb(grant.State), State: ModelUserGrantStateToPb(grant.State),
RoleKeys: grant.RoleKeys, RoleKeys: grant.RoleKeys,

11
internal/command/user_grant.go
View File

@ -79,14 +79,9 @@ func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGr
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
if !userGrant.IsValid() || userGrant.AggregateID == "" { if userGrant.AggregateID == "" {
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid") return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M0sd", "Errors.UserGrant.Invalid")
} }
err = c.checkUserGrantPreCondition(ctx, userGrant)
if err != nil {
return nil, nil, err
}
existingUserGrant, err := c.userGrantWriteModelByID(ctx, userGrant.AggregateID, userGrant.ResourceOwner) existingUserGrant, err := c.userGrantWriteModelByID(ctx, userGrant.AggregateID, userGrant.ResourceOwner)
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
@ -97,6 +92,10 @@ func (c *Commands) changeUserGrant(ctx context.Context, userGrant *domain.UserGr
if reflect.DeepEqual(existingUserGrant.RoleKeys, userGrant.RoleKeys) { if reflect.DeepEqual(existingUserGrant.RoleKeys, userGrant.RoleKeys) {
return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Rs8fy", "Errors.UserGrant.NotChanged") return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Rs8fy", "Errors.UserGrant.NotChanged")
} }
err = c.checkUserGrantPreCondition(ctx, userGrantWriteModelToUserGrant(existingUserGrant))
if err != nil {
return nil, nil, err
}
changedUserGrant := NewUserGrantWriteModel(userGrant.AggregateID, resourceOwner) changedUserGrant := NewUserGrantWriteModel(userGrant.AggregateID, resourceOwner)
userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel) userGrantAgg := UserGrantAggregateFromWriteModel(&changedUserGrant.WriteModel)

3
internal/command/user_grant_model.go
View File

@ -104,6 +104,8 @@ func (wm *UserGrantPreConditionReadModel) Reduce() error {
switch e := event.(type) { switch e := event.(type) {
case *user.HumanAddedEvent: case *user.HumanAddedEvent:
wm.UserExists = true wm.UserExists = true
case *user.HumanRegisteredEvent:
wm.UserExists = true
case *user.MachineAddedEvent: case *user.MachineAddedEvent:
wm.UserExists = true wm.UserExists = true
case *user.UserRemovedEvent: case *user.UserRemovedEvent:
@ -150,6 +152,7 @@ func (wm *UserGrantPreConditionReadModel) Query() *eventstore.SearchQueryBuilder
query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, user.AggregateType, project.AggregateType). query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, user.AggregateType, project.AggregateType).
AggregateIDs(wm.UserID, wm.ProjectID). AggregateIDs(wm.UserID, wm.ProjectID).
EventTypes(user.HumanAddedType, EventTypes(user.HumanAddedType,
user.HumanRegisteredType,
user.MachineAddedEventType, user.MachineAddedEventType,
user.UserRemovedType, user.UserRemovedType,
project.ProjectAddedType, project.ProjectAddedType,

317
internal/command/user_grant_test.go
View File

@ -538,11 +538,100 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
err: caos_errs.IsErrorInvalidArgument, err: caos_errs.IsErrorInvalidArgument,
}, },
}, },
{
name: "usergrant not existing, not found error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
),
},
args: args{
ctx: authz.NewMockContextWithPermissions("", "", []string{domain.RoleProjectOwner}),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
ProjectID: "project1",
RoleKeys: []string{"rolekey1"},
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
},
},
{
name: "usergrant not existing, not found error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
),
},
args: args{
ctx: authz.NewMockContextWithPermissions("", "", []string{domain.RoleProjectOwner}),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
ProjectID: "project1",
RoleKeys: []string{"rolekey1"},
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
},
},
{
name: "usergrant roles not changed, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
),
},
args: args{
ctx: authz.NewMockContextWithPermissions("", "", []string{domain.RoleProjectOwner}),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
ProjectID: "project1",
RoleKeys: []string{"rolekey1"},
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
},
},
{ {
name: "user removed, precondition error", name: "user removed, precondition error",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -589,6 +678,15 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -639,6 +737,15 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -684,6 +791,15 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -730,6 +846,15 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -788,180 +913,19 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
}, },
}, },
{ {
name: "usergrant not existing, not found error", name: "usergrant for project, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
"username1",
"firstname1",
"lastname1",
"nickname1",
"displayname1",
language.German,
domain.GenderMale,
"email1",
true,
),
),
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1",
),
),
eventFromEventPusher(
project.NewRoleAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"rolekey1",
"rolekey",
"",
),
),
),
expectFilter(),
),
},
args: args{
ctx: authz.NewMockContextWithPermissions("", "", []string{domain.RoleProjectOwner}),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
ProjectID: "project1",
RoleKeys: []string{"rolekey1"},
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
},
},
{
name: "usergrant not existing, not found error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
"username1",
"firstname1",
"lastname1",
"nickname1",
"displayname1",
language.German,
domain.GenderMale,
"email1",
true,
),
),
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1",
),
),
eventFromEventPusher(
project.NewRoleAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"rolekey1",
"rolekey",
"",
),
),
),
expectFilter(),
),
},
args: args{
ctx: authz.NewMockContextWithPermissions("", "", []string{domain.RoleProjectOwner}),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
ProjectID: "project1",
RoleKeys: []string{"rolekey1"},
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
},
},
{
name: "usergrant roles not changed, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
"username1",
"firstname1",
"lastname1",
"nickname1",
"displayname1",
language.German,
domain.GenderMale,
"email1",
true,
),
),
eventFromEventPusher(
project.NewProjectAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"projectname1",
),
),
eventFromEventPusher(
project.NewRoleAddedEvent(context.Background(),
&project.NewAggregate("project1", "org1").Aggregate,
"rolekey1",
"rolekey",
"",
),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(), usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org").Aggregate, &usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1", "user1",
"project1", "project1",
"", []string{"rolekey1"}), "", []string{"rolekey1"}),
), ),
), ),
),
},
args: args{
ctx: authz.NewMockContextWithPermissions("", "", []string{domain.RoleProjectOwner}),
userGrant: &domain.UserGrant{
ObjectRoot: models.ObjectRoot{
AggregateID: "usergrant1",
},
UserID: "user1",
ProjectID: "project1",
RoleKeys: []string{"rolekey1"},
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
},
},
{
name: "usergrant for project, ok",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -1000,15 +964,6 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"", []string{"rolekey1"}),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher(usergrant.NewUserGrantChangedEvent(context.Background(), eventFromEventPusher(usergrant.NewUserGrantChangedEvent(context.Background(),
@ -1049,6 +1004,15 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"projectgrant1", []string{"rolekey1"}),
),
),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
@ -1095,15 +1059,6 @@ func TestCommandSide_ChangeUserGrant(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
usergrant.NewUserGrantAddedEvent(context.Background(),
&usergrant.NewAggregate("usergrant1", "org1").Aggregate,
"user1",
"project1",
"projectgrant1", []string{"rolekey1"}),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher(usergrant.NewUserGrantChangedEvent(context.Background(), eventFromEventPusher(usergrant.NewUserGrantChangedEvent(context.Background(),

2
internal/management/repository/eventsourcing/handler/org_member.go
View File

@ -175,7 +175,7 @@ func (m *OrgMember) fillUserData(member *org_view_model.OrgMemberView, user *usr
if user.HumanView != nil { if user.HumanView != nil {
member.FirstName = user.FirstName member.FirstName = user.FirstName
member.LastName = user.LastName member.LastName = user.LastName
member.DisplayName = user.FirstName + " " + user.LastName member.DisplayName = user.DisplayName
member.Email = user.Email member.Email = user.Email
} }
if user.MachineView != nil { if user.MachineView != nil {

2
internal/management/repository/eventsourcing/handler/project_grant_member.go
View File

@ -182,7 +182,7 @@ func (p *ProjectGrantMember) fillUserData(member *view_model.ProjectGrantMemberV
if user.HumanView != nil { if user.HumanView != nil {
member.FirstName = user.FirstName member.FirstName = user.FirstName
member.LastName = user.LastName member.LastName = user.LastName
member.DisplayName = user.FirstName + " " + user.LastName member.DisplayName = user.DisplayName
member.Email = user.Email member.Email = user.Email
} }
if user.MachineView != nil { if user.MachineView != nil {

2
internal/management/repository/eventsourcing/handler/project_member.go
View File

@ -179,7 +179,7 @@ func (p *ProjectMember) fillUserData(member *view_model.ProjectMemberView, user
member.FirstName = user.FirstName member.FirstName = user.FirstName
member.LastName = user.LastName member.LastName = user.LastName
member.Email = user.Email member.Email = user.Email
member.DisplayName = user.FirstName + " " + user.LastName member.DisplayName = user.DisplayName
} }
if user.MachineView != nil { if user.MachineView != nil {
member.DisplayName = user.MachineView.Name member.DisplayName = user.MachineView.Name

4
internal/org/repository/view/org_member_view.go
View File

@ -48,9 +48,9 @@ func OrgMembersByUserID(db *gorm.DB, table string, userID string) ([]*model.OrgM
return members, nil return members, nil
} }
func PutOrgMember(db *gorm.DB, table string, role *model.OrgMemberView) error { func PutOrgMember(db *gorm.DB, table string, member *model.OrgMemberView) error {
save := repository.PrepareSave(table) save := repository.PrepareSave(table)
return save(db, role) return save(db, member)
} }
func PutOrgMembers(db *gorm.DB, table string, members ...*model.OrgMemberView) error { func PutOrgMembers(db *gorm.DB, table string, members ...*model.OrgMemberView) error {

8
internal/user/repository/view/model/user.go
View File

@ -500,3 +500,11 @@ func (u *UserView) ComputeMFAMaxSetUp() {
} }
u.MFAMaxSetUp = int32(req_model.MFALevelNotSetUp) u.MFAMaxSetUp = int32(req_model.MFALevelNotSetUp)
} }
func (u *UserView) SetEmptyUserType() {
if u.MachineView != nil && u.MachineView.Name == "" {
u.MachineView = nil
} else {
u.HumanView = nil
}
}

5
internal/user/repository/view/user_view.go
View File

@ -18,6 +18,7 @@ func UserByID(db *gorm.DB, table, userID string) (*model.UserView, error) {
if caos_errs.IsNotFound(err) { if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-sj8Sw", "Errors.User.NotFound") return nil, caos_errs.ThrowNotFound(nil, "VIEW-sj8Sw", "Errors.User.NotFound")
} }
user.SetEmptyUserType()
return user, err return user, err
} }
@ -28,6 +29,7 @@ func UserByUserName(db *gorm.DB, table, userName string) (*model.UserView, error
if caos_errs.IsNotFound(err) { if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso9s", "Errors.User.NotFound") return nil, caos_errs.ThrowNotFound(nil, "VIEW-Lso9s", "Errors.User.NotFound")
} }
user.SetEmptyUserType()
return user, err return user, err
} }
@ -43,6 +45,7 @@ func UserByLoginName(db *gorm.DB, table, loginName string) (*model.UserView, err
if caos_errs.IsNotFound(err) { if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFound") return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFound")
} }
user.SetEmptyUserType()
return user, err return user, err
} }
@ -63,6 +66,7 @@ func UserByLoginNameAndResourceOwner(db *gorm.DB, table, loginName, resourceOwne
if caos_errs.IsNotFound(err) { if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFoundOnOrg") return nil, caos_errs.ThrowNotFound(nil, "VIEW-AD4qs", "Errors.User.NotFoundOnOrg")
} }
user.SetEmptyUserType()
return user, err return user, err
} }
@ -121,6 +125,7 @@ func GetGlobalUserByLoginName(db *gorm.DB, table, loginName string) (*model.User
if caos_errs.IsNotFound(err) { if caos_errs.IsNotFound(err) {
return nil, caos_errs.ThrowNotFound(nil, "VIEW-8uWer", "Errors.User.NotFound") return nil, caos_errs.ThrowNotFound(nil, "VIEW-8uWer", "Errors.User.NotFound")
} }
user.SetEmptyUserType()
return user, err return user, err
} }

2
proto/zitadel/user.proto
View File

@ -244,7 +244,7 @@ enum SessionState {
} }
message UserGrant { message UserGrant {
string grant_id = 1; string id = 1;
zitadel.v1.ObjectDetails details = 2; zitadel.v1.ObjectDetails details = 2;
repeated string role_keys = 3; repeated string role_keys = 3;
UserGrantState state = 4; UserGrantState state = 4;