feat: usergrant (#348)

* fix: add needed permissions * feat: search project/projectgrant user grants * fix: no zitadel permissions * fix: queries length
2024-12-12 02:54:20 +00:00 · 2020-07-06 15:27:29 +02:00 · 2020-07-06 15:27:29 +02:00 · 5251fc712c
commit 5251fc712c
parent 26634505ba
5 changed files with 57 additions and 5 deletions
--- a/cmd/zitadel/authz.yaml
+++ b/cmd/zitadel/authz.yaml
@ -36,12 +36,18 @@ InternalAuthZ:
        - "project.app.read"
        - "project.app.write"
        - "project.app.delete"
+        - "project.user.grant.read"
+        - "project.user.grant.write"
+        - "project.user.grant.delete"
        - "project.grant.read"
        - "project.grant.write"
        - "project.grant.delete"
        - "project.grant.member.read"
        - "project.grant.member.write"
        - "project.grant.member.delete"
+        - "project.grant.user.grant.read"
+        - "project.grant.user.grant.write"
+        - "project.grant.user.grant.delete"
    - Role: 'ORG_OWNER'
      Permissions:
        - "org.read"
@ -69,12 +75,18 @@ InternalAuthZ:
        - "project.role.delete"
        - "project.app.read"
        - "project.app.write"
+        - "project.user.grant.read"
+        - "project.user.grant.write"
+        - "project.user.grant.delete"
        - "project.grant.read"
        - "project.grant.write"
        - "project.grant.delete"
        - "project.grant.member.read"
        - "project.grant.member.write"
        - "project.grant.member.delete"
+        - "project.grant.user.grant.read"
+        - "project.grant.user.grant.write"
+        - "project.grant.user.grant.delete"
    - Role: 'ORG_EDITOR'
      Permissions:
        - "org.read"
--- a/internal/auth/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user_grant.go
@ -69,6 +69,9 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
 	if err != nil {
 		return nil, err
 	}
+	if grant == nil {
+		return []string{}, nil
+	}
 	permissions := &grant_model.Permissions{Permissions: []string{}}
 	for _, role := range grant.Roles {
 		roleName, ctxID := auth.SplitPermission(role)
--- a/internal/usergrant/model/user_grant_view.go
+++ b/internal/usergrant/model/user_grant_view.go
@ -71,3 +71,7 @@ func (r *UserGrantSearchRequest) EnsureLimit(limit uint64) {
 func (r *UserGrantSearchRequest) AppendMyOrgQuery(orgID string) {
 	r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyResourceOwner, Method: model.SearchMethodEquals, Value: orgID})
 }
+
+func (r *UserGrantSearchRequest) AppendProjectIDQuery(projectID string) {
+	r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyProjectID, Method: model.SearchMethodEquals, Value: projectID})
+}
--- a/pkg/management/api/grpc/user_grant.go
+++ b/pkg/management/api/grpc/user_grant.go
@ -3,7 +3,6 @@ package grpc
 import (
 	"context"
 	"github.com/caos/zitadel/internal/api/auth"
-	"github.com/caos/zitadel/internal/errors"
 	"github.com/golang/protobuf/ptypes/empty"
 )

@ -75,8 +74,15 @@ func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *UserGrantRemoveBul
 	return &empty.Empty{}, err
 }

-func (s *Server) SearchProjectUserGrants(ctx context.Context, request *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
-	return nil, errors.ThrowUnimplemented(nil, "GRPC-8jdSw", "Not implemented")
+func (s *Server) SearchProjectUserGrants(ctx context.Context, in *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
+	request := projectUserGrantSearchRequestsToModel(in)
+	request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID)
+	request.AppendProjectIDQuery(in.ProjectId)
+	response, err := s.usergrant.SearchUserGrants(ctx, request)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantSearchResponseFromModel(response), nil
 }

 func (s *Server) ProjectUserGrantByID(ctx context.Context, request *ProjectUserGrantID) (*UserGrantView, error) {
@ -118,8 +124,19 @@ func (s *Server) ReactivateProjectUserGrant(ctx context.Context, in *ProjectUser
 	return usergrantFromModel(user), nil
 }

-func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, request *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
-	return nil, errors.ThrowUnimplemented(nil, "GRPC-32sFs", "Not implemented")
+func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, in *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
+	grant, err := s.project.ProjectGrantByID(ctx, in.ProjectGrantId)
+	if err != nil {
+		return nil, err
+	}
+	request := projectGrantUserGrantSearchRequestsToModel(in)
+	request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID)
+	request.AppendProjectIDQuery(grant.ProjectID)
+	response, err := s.usergrant.SearchUserGrants(ctx, request)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantSearchResponseFromModel(response), nil
 }

 func (s *Server) ProjectGrantUserGrantByID(ctx context.Context, request *ProjectGrantUserGrantID) (*UserGrantView, error) {
--- a/pkg/management/api/grpc/user_grant_converter.go
+++ b/pkg/management/api/grpc/user_grant_converter.go
@ -183,3 +183,19 @@ func usergrantStateFromModel(state grant_model.UserGrantState) UserGrantState {
 		return UserGrantState_USERGRANTSTATE_UNSPECIFIED
 	}
 }
+
+func projectUserGrantSearchRequestsToModel(project *ProjectUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
+	return &grant_model.UserGrantSearchRequest{
+		Offset:  project.Offset,
+		Limit:   project.Limit,
+		Queries: userGrantSearchQueriesToModel(project.Queries),
+	}
+}
+
+func projectGrantUserGrantSearchRequestsToModel(project *ProjectGrantUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
+	return &grant_model.UserGrantSearchRequest{
+		Offset:  project.Offset,
+		Limit:   project.Limit,
+		Queries: userGrantSearchQueriesToModel(project.Queries),
+	}
+}