diff --git a/internal/command/org_domain.go b/internal/command/org_domain.go index dc108001ba..f08b925886 100644 --- a/internal/command/org_domain.go +++ b/internal/command/org_domain.go @@ -30,7 +30,7 @@ func (c *Commands) prepareAddOrgDomain(a *org.Aggregate, addDomain string, userI if existing != nil && existing.State == domain.OrgDomainStateActive { return nil, errors.ThrowAlreadyExists(nil, "V2-e1wse", "Errors.Already.Exists") } - domainPolicy, err := domainPolicyWriteModel(ctx, filter) + domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ID) if err != nil { return nil, err } diff --git a/internal/command/org_policy_domain.go b/internal/command/org_policy_domain.go index 5e840fc4a3..167b51af6c 100644 --- a/internal/command/org_policy_domain.go +++ b/internal/command/org_policy_domain.go @@ -90,7 +90,7 @@ func prepareAddOrgDomainPolicy( ) preparation.Validation { return func() (preparation.CreateCommands, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { - writeModel, err := orgDomainPolicy(ctx, filter) + writeModel, err := orgDomainPolicy(ctx, filter, a.ID) if err != nil { return nil, err } @@ -133,7 +133,7 @@ func prepareChangeOrgDomainPolicy( ) preparation.Validation { return func() (preparation.CreateCommands, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { - writeModel, err := orgDomainPolicy(ctx, filter) + writeModel, err := orgDomainPolicy(ctx, filter, a.ID) if err != nil { return nil, err } @@ -169,7 +169,7 @@ func prepareRemoveOrgDomainPolicy( ) preparation.Validation { return func() (preparation.CreateCommands, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { - writeModel, err := orgDomainPolicy(ctx, filter) + writeModel, err := orgDomainPolicy(ctx, filter, a.ID) if err != nil { return nil, err } diff --git a/internal/command/user.go b/internal/command/user.go index bb04cd2727..049756baed 100644 --- a/internal/command/user.go +++ b/internal/command/user.go @@ -349,7 +349,7 @@ func (c *Commands) prepareUserDomainClaimed(ctx context.Context, filter preparat if !userWriteModel.UserState.Exists() { return nil, errors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound") } - domainPolicy, err := domainPolicyWriteModel(ctx, filter) + domainPolicy, err := domainPolicyWriteModel(ctx, filter, userWriteModel.ResourceOwner) if err != nil { return nil, err } diff --git a/internal/command/user_domain_policy.go b/internal/command/user_domain_policy.go index 01961a50e0..ca8f68e1cd 100644 --- a/internal/command/user_domain_policy.go +++ b/internal/command/user_domain_policy.go @@ -3,13 +3,12 @@ package command import ( "context" - "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/command/preparation" "github.com/zitadel/zitadel/internal/errors" ) -func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (*PolicyDomainWriteModel, error) { - wm, err := orgDomainPolicy(ctx, filter) +func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) (*PolicyDomainWriteModel, error) { + wm, err := orgDomainPolicy(ctx, filter, orgID) if err != nil { return nil, err } @@ -26,8 +25,8 @@ func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQuer return nil, errors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal") } -func orgDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReducer) (*OrgDomainPolicyWriteModel, error) { - policy := NewOrgDomainPolicyWriteModel(authz.GetCtxData(ctx).OrgID) +func orgDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) (*OrgDomainPolicyWriteModel, error) { + policy := NewOrgDomainPolicyWriteModel(orgID) events, err := filter(ctx, policy.Query()) if err != nil { return nil, err diff --git a/internal/command/user_domain_policy_test.go b/internal/command/user_domain_policy_test.go index 9afe30e608..bfc458b930 100644 --- a/internal/command/user_domain_policy_test.go +++ b/internal/command/user_domain_policy_test.go @@ -17,6 +17,7 @@ import ( func Test_customDomainPolicy(t *testing.T) { type args struct { filter preparation.FilterToQueryReducer + orgID string } tests := []struct { name string @@ -30,6 +31,7 @@ func Test_customDomainPolicy(t *testing.T) { filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, + orgID: "id", }, want: nil, wantErr: true, @@ -40,11 +42,15 @@ func Test_customDomainPolicy(t *testing.T) { filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { return []eventstore.Event{}, nil }, + orgID: "id", }, want: &OrgDomainPolicyWriteModel{ PolicyDomainWriteModel: PolicyDomainWriteModel{ - WriteModel: eventstore.WriteModel{}, - State: domain.PolicyStateUnspecified, + WriteModel: eventstore.WriteModel{ + AggregateID: "id", + ResourceOwner: "id", + }, + State: domain.PolicyStateUnspecified, }, }, wantErr: false, @@ -63,6 +69,7 @@ func Test_customDomainPolicy(t *testing.T) { ), }, nil }, + orgID: "id", }, want: &OrgDomainPolicyWriteModel{ PolicyDomainWriteModel: PolicyDomainWriteModel{ @@ -82,7 +89,7 @@ func Test_customDomainPolicy(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := orgDomainPolicy(context.Background(), tt.args.filter) + got, err := orgDomainPolicy(context.Background(), tt.args.filter, tt.args.orgID) if (err != nil) != tt.wantErr { t.Errorf("customDomainPolicy() error = %v, wantErr %v", err, tt.wantErr) return @@ -181,6 +188,7 @@ func Test_defaultDomainPolicy(t *testing.T) { func Test_DomainPolicy(t *testing.T) { type args struct { filter preparation.FilterToQueryReducer + orgID string } tests := []struct { name string @@ -194,6 +202,7 @@ func Test_DomainPolicy(t *testing.T) { filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal") }, + orgID: "id", }, want: nil, wantErr: true, @@ -212,6 +221,7 @@ func Test_DomainPolicy(t *testing.T) { ), }, nil }, + orgID: "id", }, want: &PolicyDomainWriteModel{ WriteModel: eventstore.WriteModel{ @@ -237,6 +247,7 @@ func Test_DomainPolicy(t *testing.T) { return nil, errors.ThrowInternal(nil, "USER-6HnsD", "Errors.Internal") }). Filter(), + orgID: "id", }, want: nil, wantErr: true, @@ -260,6 +271,7 @@ func Test_DomainPolicy(t *testing.T) { }, nil }). Filter(), + orgID: "id", }, want: &PolicyDomainWriteModel{ WriteModel: eventstore.WriteModel{ @@ -288,7 +300,7 @@ func Test_DomainPolicy(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := domainPolicyWriteModel(authz.WithInstanceID(context.Background(), "INSTANCE"), tt.args.filter) + got, err := domainPolicyWriteModel(authz.WithInstanceID(context.Background(), "INSTANCE"), tt.args.filter, tt.args.orgID) if (err != nil) != tt.wantErr { t.Errorf("defaultDomainPolicy() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/internal/command/user_human.go b/internal/command/user_human.go index 29e9423043..fd8995a487 100644 --- a/internal/command/user_human.go +++ b/internal/command/user_human.go @@ -130,7 +130,7 @@ func AddHumanCommand(a *user.Aggregate, human *AddHuman, passwordAlg crypto.Hash } return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) { - domainPolicy, err := domainPolicyWriteModel(ctx, filter) + domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ResourceOwner) if err != nil { return nil, err } diff --git a/internal/command/user_machine.go b/internal/command/user_machine.go index f78798529a..5b75a3eb6f 100644 --- a/internal/command/user_machine.go +++ b/internal/command/user_machine.go @@ -51,7 +51,7 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati if isUserStateExists(writeModel.UserState) { return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-k2una", "Errors.User.AlreadyExisting") } - domainPolicy, err := domainPolicyWriteModel(ctx, filter) + domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ResourceOwner) if err != nil { return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotFound") }