feat: allow global org users to create org and self delete (#2759)

* fix: grant PROJECT_OWNER_VIEWER_GLOBAL org.create permission * Update authz.yaml * feat: delete my user * console things * lint * signout after deletion * stylelint rule * Update authz.yaml * Update authz.yaml * setup step * role SELF_MANAGEMENT_GLOBAL setup * fix: change default role on global org * Apply suggestions from code review Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> * Update console/src/assets/i18n/it.json Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch> Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
2025-08-12 00:27:31 +00:00 · 2021-12-09 09:41:21 +01:00
parent 7ea93bd5b6
commit 43f15953c3
23 changed files with 349 additions and 62 deletions
--- a/internal/command/setup_step21.go
+++ b/internal/command/setup_step21.go
@@ -0,0 +1,103 @@
+package command
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore"
+	"github.com/caos/zitadel/internal/repository/org"
+	"github.com/caos/zitadel/internal/repository/user"
+)
+
+type Step21 struct{}
+
+func (s *Step21) Step() domain.Step {
+	return domain.Step21
+}
+
+func (s *Step21) execute(ctx context.Context, commandSide *Commands) error {
+	return commandSide.SetupStep21(ctx, s)
+}
+
+func (c *Commands) SetupStep21(ctx context.Context, step *Step21) error {
+	fn := func(iam *IAMWriteModel) ([]eventstore.EventPusher, error) {
+		events := make([]eventstore.EventPusher, 0)
+		globalMembers := newGlobalOrgMemberWriteModel(iam.GlobalOrgID, domain.RoleOrgProjectCreator)
+		orgAgg := OrgAggregateFromWriteModel(&globalMembers.WriteModel)
+		if err := c.eventstore.FilterToQueryReducer(ctx, globalMembers); err != nil {
+			return nil, err
+		}
+		for userID, roles := range globalMembers.members {
+			for i, role := range roles {
+				if role == domain.RoleOrgProjectCreator {
+					roles[i] = domain.RoleSelfManagementGlobal
+				}
+			}
+			events = append(events, org.NewMemberChangedEvent(ctx, orgAgg, userID, roles...))
+		}
+		return events, nil
+	}
+	return c.setup(ctx, step, fn)
+}
+
+type globalOrgMembersWriteModel struct {
+	eventstore.WriteModel
+
+	orgID   string
+	role    string
+	members map[string][]string
+}
+
+func newGlobalOrgMemberWriteModel(orgID, role string) *globalOrgMembersWriteModel {
+	return &globalOrgMembersWriteModel{
+		orgID:   orgID,
+		role:    role,
+		members: make(map[string][]string),
+	}
+}
+
+func (wm *globalOrgMembersWriteModel) Reduce() error {
+	for _, event := range wm.Events {
+		switch e := event.(type) {
+		case *org.MemberAddedEvent:
+			for _, role := range e.Roles {
+				if wm.role == role {
+					wm.members[e.UserID] = e.Roles
+					break
+				}
+			}
+		case *org.MemberChangedEvent:
+			delete(wm.members, e.UserID)
+			for _, role := range e.Roles {
+				if wm.role == role {
+					wm.members[e.UserID] = e.Roles
+					break
+				}
+			}
+		case *org.MemberRemovedEvent:
+			delete(wm.members, e.UserID)
+		case *org.MemberCascadeRemovedEvent:
+			delete(wm.members, e.UserID)
+		case *user.UserRemovedEvent:
+			delete(wm.members, e.Aggregate().ID)
+		}
+	}
+	return wm.WriteModel.Reduce()
+}
+
+func (wm *globalOrgMembersWriteModel) Query() *eventstore.SearchQueryBuilder {
+	return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
+		AddQuery().
+		AggregateTypes(org.AggregateType).
+		AggregateIDs(wm.orgID).
+		EventTypes(
+			org.MemberAddedEventType,
+			org.MemberChangedEventType,
+			org.MemberRemovedEventType,
+			org.MemberCascadeRemovedEventType,
+		).
+		Or().
+		AggregateTypes(user.AggregateType).
+		EventTypes(user.UserRemovedType).
+		Builder()
+}