feat: add schema user create and remove (#8494)

# Which Problems Are Solved Added functionality that user with a userschema can be created and removed. # How the Problems Are Solved Added logic and moved APIs so that everything is API v3 conform. # Additional Changes - move of user and userschema API to resources folder - changed testing and parameters - some renaming # Additional Context closes #7308 --------- Co-authored-by: Elio Bischof <elio@zitadel.com>
2025-08-11 18:17:35 +00:00 · 2024-08-28 21:46:45 +02:00
parent 90b908c361
commit 41ae35f2ef
61 changed files with 5766 additions and 2247 deletions
--- a/internal/domain/schema/permission.go
+++ b/internal/domain/schema/permission.go
@@ -20,16 +20,16 @@ const (
 	PermissionProperty = "urn:zitadel:schema:permission"
 )

-type role int32
+type Role int32

 const (
-	roleUnspecified role = iota
-	roleSelf
-	roleOwner
+	RoleUnspecified Role = iota
+	RoleSelf
+	RoleOwner
 )

 type permissionExtension struct {
-	role role
+	role Role
 }

 // Compile implements the [jsonschema.ExtCompiler] interface.
@@ -57,14 +57,14 @@ func (c permissionExtension) Compile(ctx jsonschema.CompilerContext, m map[strin
 				return
 			}
 		default:
-			return nil, zerrors.ThrowInvalidArgument(nil, "SCHEMA-GFjio", "invalid permission role")
+			return nil, zerrors.ThrowInvalidArgument(nil, "SCHEMA-GFjio", "invalid permission Role")
 		}
 	}
 	return permissionExtensionConfig{c.role, perms}, nil
 }

 type permissionExtensionConfig struct {
-	role        role
+	role        Role
 	permissions *permissions
 }

@@ -72,17 +72,17 @@ type permissionExtensionConfig struct {
 // It validates the fields of the json instance according to the permission schema.
 func (s permissionExtensionConfig) Validate(ctx jsonschema.ValidationContext, v interface{}) error {
 	switch s.role {
-	case roleSelf:
+	case RoleSelf:
 		if s.permissions.self == nil || !s.permissions.self.write {
 			return ctx.Error("permission", "missing required permission")
 		}
 		return nil
-	case roleOwner:
+	case RoleOwner:
 		if s.permissions.owner == nil || !s.permissions.owner.write {
 			return ctx.Error("permission", "missing required permission")
 		}
 		return nil
-	case roleUnspecified:
+	case RoleUnspecified:
 		fallthrough
 	default:
 		return ctx.Error("permission", "missing required permission")
--- a/internal/domain/schema/permission_test.go
+++ b/internal/domain/schema/permission_test.go
@@ -14,7 +14,7 @@ import (

 func TestPermissionExtension(t *testing.T) {
 	type args struct {
-		role     role
+		role     Role
 		schema   string
 		instance string
 	}
@@ -83,7 +83,7 @@ func TestPermissionExtension(t *testing.T) {
 			},
 		},
 		{
-			"invalid role, compilation err",
+			"invalid Role, compilation err",
 			args{
 				schema: `{
 							"type": "object",
@@ -98,13 +98,13 @@ func TestPermissionExtension(t *testing.T) {
 						}`,
 			},
 			want{
-				compilationErr: zerrors.ThrowInvalidArgument(nil, "SCHEMA-GFjio", "invalid permission role"),
+				compilationErr: zerrors.ThrowInvalidArgument(nil, "SCHEMA-GFjio", "invalid permission Role"),
 			},
 		},
 		{
 			"invalid permission self, validation err",
 			args{
-				role: roleSelf,
+				role: RoleSelf,
 				schema: `{
 							"type": "object",
 							"properties": {
@@ -126,7 +126,7 @@ func TestPermissionExtension(t *testing.T) {
 		{
 			"invalid permission owner, validation err",
 			args{
-				role: roleOwner,
+				role: RoleOwner,
 				schema: `{
 							"type": "object",
 							"properties": {
@@ -148,7 +148,7 @@ func TestPermissionExtension(t *testing.T) {
 		{
 			"valid permission self, ok",
 			args{
-				role: roleSelf,
+				role: RoleSelf,
 				schema: `{
 							"type": "object",
 							"properties": {
@@ -170,7 +170,7 @@ func TestPermissionExtension(t *testing.T) {
 		{
 			"valid permission owner, ok",
 			args{
-				role: roleOwner,
+				role: RoleOwner,
 				schema: `{
 							"type": "object",
 							"properties": {
@@ -190,9 +190,9 @@ func TestPermissionExtension(t *testing.T) {
 			},
 		},
 		{
-			"no role, validation err",
+			"no Role, validation err",
 			args{
-				role: roleUnspecified,
+				role: RoleUnspecified,
 				schema: `{
 							"type": "object",
 							"properties": {
@@ -214,7 +214,7 @@ func TestPermissionExtension(t *testing.T) {
 		{
 			"no permission required, ok",
 			args{
-				role: roleSelf,
+				role: RoleSelf,
 				schema: `{
 							"type": "object",
 							"properties": {
--- a/internal/domain/schema/schema.go
+++ b/internal/domain/schema/schema.go
@@ -19,7 +19,7 @@ const (
 	MetaSchemaID = "urn:zitadel:schema:v1"
 )

-func NewSchema(role role, r io.Reader) (*jsonschema.Schema, error) {
+func NewSchema(role Role, r io.Reader) (*jsonschema.Schema, error) {
 	c := jsonschema.NewCompiler()
 	if err := c.AddResource(PermissionSchemaID, strings.NewReader(permissionJSON)); err != nil {
 		return nil, err
@@ -31,11 +31,11 @@ func NewSchema(role role, r io.Reader) (*jsonschema.Schema, error) {
 		role,
 	})
 	if err := c.AddResource("schema.json", r); err != nil {
-		return nil, zerrors.ThrowInvalidArgument(err, "COMMA-Frh42", "Errors.UserSchema.Schema.Invalid")
+		return nil, zerrors.ThrowInvalidArgument(err, "COMMA-Frh42", "Errors.UserSchema.Invalid")
 	}
 	schema, err := c.Compile("schema.json")
 	if err != nil {
-		return nil, zerrors.ThrowInvalidArgument(err, "COMMA-W21tg", "Errors.UserSchema.Schema.Invalid")
+		return nil, zerrors.ThrowInvalidArgument(err, "COMMA-W21tg", "Errors.UserSchema.Invalid")
 	}
 	return schema, nil
 }