feat: allow global org users to create org and self delete (#2759)

* fix: grant PROJECT_OWNER_VIEWER_GLOBAL org.create permission * Update authz.yaml * feat: delete my user * console things * lint * signout after deletion * stylelint rule * Update authz.yaml * Update authz.yaml * setup step * role SELF_MANAGEMENT_GLOBAL setup * fix: change default role on global org * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/it.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 00:47:33 +00:00 · 2021-12-09 09:41:21 +01:00
parent 7ea93bd5b6
commit 43f15953c3
23 changed files with 349 additions and 62 deletions
--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -11,7 +11,9 @@ import (
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/api/grpc/org"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	user_model "github.com/caos/zitadel/internal/user/model"
 	grant_model "github.com/caos/zitadel/internal/usergrant/model"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
 )
@@ -24,6 +26,25 @@ func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*a
 	return &auth_pb.GetMyUserResponse{User: user_grpc.UserToPb(user)}, nil
 }

+func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserRequest) (*auth_pb.RemoveMyUserResponse, error) {
+	ctxData := authz.GetCtxData(ctx)
+	grants, err := s.repo.SearchMyUserGrants(ctx, &grant_model.UserGrantSearchRequest{Queries: []*grant_model.UserGrantSearchQuery{}})
+	if err != nil {
+		return nil, err
+	}
+	membersShips, err := s.repo.SearchMyUserMemberships(ctx, &user_model.UserMembershipSearchRequest{Queries: []*user_model.UserMembershipSearchQuery{}})
+	if err != nil {
+		return nil, err
+	}
+	details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, UserMembershipViewsToDomain(membersShips.Result), userGrantsToIDs(grants.Result)...)
+	if err != nil {
+		return nil, err
+	}
+	return &auth_pb.RemoveMyUserResponse{
+		Details: obj_grpc.DomainToChangeDetailsPb(details),
+	}, nil
+}
+
 func (s *Server) ListMyUserChanges(ctx context.Context, req *auth_pb.ListMyUserChangesRequest) (*auth_pb.ListMyUserChangesResponse, error) {
 	sequence, limit, asc := change.ChangeQueryToModel(req.Query)
 	features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).ResourceOwner)
@@ -137,3 +158,46 @@ func ListMyProjectOrgsRequestToModel(req *auth_pb.ListMyProjectOrgsRequest) (*gr
 		Queries: queries,
 	}, nil
 }
+
+func UserMembershipViewsToDomain(memberships []*user_model.UserMembershipView) []*domain.UserMembership {
+	result := make([]*domain.UserMembership, len(memberships))
+	for i, membership := range memberships {
+		result[i] = &domain.UserMembership{
+			UserID:            membership.UserID,
+			MemberType:        MemberTypeToDomain(membership.MemberType),
+			AggregateID:       membership.AggregateID,
+			ObjectID:          membership.ObjectID,
+			Roles:             membership.Roles,
+			DisplayName:       membership.DisplayName,
+			CreationDate:      membership.CreationDate,
+			ChangeDate:        membership.ChangeDate,
+			ResourceOwner:     membership.ResourceOwner,
+			ResourceOwnerName: membership.ResourceOwnerName,
+			Sequence:          membership.Sequence,
+		}
+	}
+	return result
+}
+
+func MemberTypeToDomain(mType user_model.MemberType) domain.MemberType {
+	switch mType {
+	case user_model.MemberTypeIam:
+		return domain.MemberTypeIam
+	case user_model.MemberTypeOrganisation:
+		return domain.MemberTypeOrganisation
+	case user_model.MemberTypeProject:
+		return domain.MemberTypeProject
+	case user_model.MemberTypeProjectGrant:
+		return domain.MemberTypeProjectGrant
+	default:
+		return domain.MemberTypeUnspecified
+	}
+}
+
+func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
+	converted := make([]string, len(userGrants))
+	for i, grant := range userGrants {
+		converted[i] = grant.ID
+	}
+	return converted
+}