fix: (org) context handling (#1429)

* fix: add context queries

* typo

* handle org context corretly in mgmt api

* isDefault in policy converter

* handle org context correctly in auth api

internal/api/grpc/management/project.go

@@ -36,16 +36,17 @@ func (s *Server) ListProjects(ctx context.Context, req *mgmt_pb.ListProjectsRequ
 	if err != nil {
 		return nil, err
 	}
-	domains, err := s.project.SearchProjects(ctx, queries)
+	queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	projects, err := s.project.SearchProjects(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListProjectsResponse{
-		Result: project_grpc.ProjectsToPb(domains.Result),
+		Result: project_grpc.ProjectsToPb(projects.Result),
 		Details: object_grpc.ToListDetails(
-			domains.TotalResult,
-			domains.Sequence,
-			domains.Timestamp,
+			projects.TotalResult,
+			projects.Sequence,
+			projects.Timestamp,
 		),
 	}, nil
 }
@@ -55,16 +56,17 @@ func (s *Server) ListGrantedProjects(ctx context.Context, req *mgmt_pb.ListGrant
 	if err != nil {
 		return nil, err
 	}
-	domains, err := s.project.SearchGrantedProjects(ctx, queries)
+	queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	projects, err := s.project.SearchGrantedProjects(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListGrantedProjectsResponse{
-		Result: project_grpc.GrantedProjectsToPb(domains.Result),
+		Result: project_grpc.GrantedProjectsToPb(projects.Result),
 		Details: object_grpc.ToListDetails(
-			domains.TotalResult,
-			domains.Sequence,
-			domains.Timestamp,
+			projects.TotalResult,
+			projects.Sequence,
+			projects.Timestamp,
 		),
 	}, nil
 }
@@ -82,7 +84,7 @@ func (s *Server) ListProjectChanges(ctx context.Context, req *mgmt_pb.ListProjec
 
 func (s *Server) AddProject(ctx context.Context, req *mgmt_pb.AddProjectRequest) (*mgmt_pb.AddProjectResponse, error) {
 	ctxData := authz.GetCtxData(ctx)
-	project, err := s.command.AddProject(ctx, ProjectCreateToDomain(req), ctxData.ResourceOwner, ctxData.UserID)
+	project, err := s.command.AddProject(ctx, ProjectCreateToDomain(req), ctxData.OrgID, ctxData.UserID)
 	if err != nil {
 		return nil, err
 	}
@@ -97,7 +99,7 @@ func (s *Server) AddProject(ctx context.Context, req *mgmt_pb.AddProjectRequest)
 }
 
 func (s *Server) UpdateProject(ctx context.Context, req *mgmt_pb.UpdateProjectRequest) (*mgmt_pb.UpdateProjectResponse, error) {
-	project, err := s.command.ChangeProject(ctx, ProjectUpdateToDomain(req), authz.GetCtxData(ctx).ResourceOwner)
+	project, err := s.command.ChangeProject(ctx, ProjectUpdateToDomain(req), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -111,7 +113,7 @@ func (s *Server) UpdateProject(ctx context.Context, req *mgmt_pb.UpdateProjectRe
 }
 
 func (s *Server) DeactivateProject(ctx context.Context, req *mgmt_pb.DeactivateProjectRequest) (*mgmt_pb.DeactivateProjectResponse, error) {
-	details, err := s.command.DeactivateProject(ctx, req.Id, authz.GetCtxData(ctx).ResourceOwner)
+	details, err := s.command.DeactivateProject(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -121,7 +123,7 @@ func (s *Server) DeactivateProject(ctx context.Context, req *mgmt_pb.DeactivateP
 }
 
 func (s *Server) ReactivateProject(ctx context.Context, req *mgmt_pb.ReactivateProjectRequest) (*mgmt_pb.ReactivateProjectResponse, error) {
-	details, err := s.command.ReactivateProject(ctx, req.Id, authz.GetCtxData(ctx).ResourceOwner)
+	details, err := s.command.ReactivateProject(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
@@ -149,6 +151,7 @@ func (s *Server) ListProjectRoles(ctx context.Context, req *mgmt_pb.ListProjectR
 	if err != nil {
 		return nil, err
 	}
+	queries.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
 	roles, err := s.project.SearchProjectRoles(ctx, req.ProjectId, queries)
 	if err != nil {
 		return nil, err
@@ -219,7 +222,7 @@ func (s *Server) RemoveProjectRole(ctx context.Context, req *mgmt_pb.RemoveProje
 	}, nil
 }
 
-func (s *Server) ListProjectMemberRoles(ctx context.Context, req *mgmt_pb.ListProjectMemberRolesRequest) (*mgmt_pb.ListProjectMemberRolesResponse, error) {
+func (s *Server) ListProjectMemberRoles(ctx context.Context, _ *mgmt_pb.ListProjectMemberRolesRequest) (*mgmt_pb.ListProjectMemberRolesResponse, error) {
 	roles, err := s.project.GetProjectMemberRoles(ctx)
 	if err != nil {
 		return nil, err
@@ -232,16 +235,17 @@ func (s *Server) ListProjectMembers(ctx context.Context, req *mgmt_pb.ListProjec
 	if err != nil {
 		return nil, err
 	}
-	domains, err := s.project.SearchProjectMembers(ctx, queries)
+	queries.AppendProjectQuery(req.ProjectId)
+	members, err := s.project.SearchProjectMembers(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListProjectMembersResponse{
-		Result: member_grpc.ProjectMembersToPb(domains.Result),
+		Result: member_grpc.ProjectMembersToPb(members.Result),
 		Details: object_grpc.ToListDetails(
-			domains.TotalResult,
-			domains.Sequence,
-			domains.Timestamp,
+			members.TotalResult,
+			members.Sequence,
+			members.Timestamp,
 		),
 	}, nil
 }

internal/api/grpc/management/project_converter.go

@@ -117,11 +117,6 @@ func ListProjectRolesRequestToModel(req *mgmt_pb.ListProjectRolesRequest) (*proj
 	if err != nil {
 		return nil, err
 	}
-	queries = append(queries, &proj_model.ProjectRoleSearchQuery{
-		Key:    proj_model.ProjectRoleSearchKeyProjectID,
-		Method: domain.SearchMethodEquals,
-		Value:  req.ProjectId,
-	})
 	return &proj_model.ProjectRoleSearchRequest{
 		Offset: offset,
 		Limit:  limit,
@@ -134,11 +129,6 @@ func ListProjectRolesRequestToModel(req *mgmt_pb.ListProjectRolesRequest) (*proj
 func ListProjectMembersRequestToModel(req *mgmt_pb.ListProjectMembersRequest) (*proj_model.ProjectMemberSearchRequest, error) {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
 	queries := member_grpc.MemberQueriesToProjectMember(req.Queries)
-	queries = append(queries, &proj_model.ProjectMemberSearchQuery{
-		Key:    proj_model.ProjectMemberSearchKeyProjectID,
-		Method: domain.SearchMethodEquals,
-		Value:  req.ProjectId,
-	})
 	return &proj_model.ProjectMemberSearchRequest{
 		Offset: offset,
 		Limit:  limit,

internal/api/grpc/management/project_grant.go

@@ -25,6 +25,7 @@ func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProject
 	if err != nil {
 		return nil, err
 	}
+	queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
 	domains, err := s.project.SearchProjectGrants(ctx, queries)
 	if err != nil {
 		return nil, err

internal/api/grpc/management/project_grant_converter.go

@@ -50,11 +50,17 @@ func UpdateProjectGrantRequestToDomain(req *mgmt_pb.UpdateProjectGrantRequest) *
 func ListProjectGrantMembersRequestToModel(req *mgmt_pb.ListProjectGrantMembersRequest) *proj_model.ProjectGrantMemberSearchRequest {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
 	queries := member_grpc.MemberQueriesToProjectGrantMember(req.Queries)
-	queries = append(queries, &proj_model.ProjectGrantMemberSearchQuery{
-		Key:    proj_model.ProjectGrantMemberSearchKeyProjectID,
-		Method: domain.SearchMethodEquals,
-		Value:  req.ProjectId,
-	})
+	queries = append(queries,
+		&proj_model.ProjectGrantMemberSearchQuery{
+			Key:    proj_model.ProjectGrantMemberSearchKeyProjectID,
+			Method: domain.SearchMethodEquals,
+			Value:  req.ProjectId,
+		},
+		&proj_model.ProjectGrantMemberSearchQuery{
+			Key:    proj_model.ProjectGrantMemberSearchKeyGrantID,
+			Method: domain.SearchMethodEquals,
+			Value:  req.GrantId,
+		})
 	return &proj_model.ProjectGrantMemberSearchRequest{
 		Offset: offset,
 		Limit:  limit,

internal/api/grpc/management/user_grant.go

@@ -21,6 +21,7 @@ func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrant
 
 func (s *Server) ListUserGrants(ctx context.Context, req *mgmt_pb.ListUserGrantRequest) (*mgmt_pb.ListUserGrantResponse, error) {
 	r := ListUserGrantsRequestToModel(ctx, req)
+	r.AppendMyOrgQuery(authz.GetCtxData(ctx).OrgID)
 	res, err := s.usergrant.SearchUserGrants(ctx, r)
 	if err != nil {
 		return nil, err