From 5251fc712c6170ba3c9871351e215ace256c306b Mon Sep 17 00:00:00 2001 From: Fabi <38692350+fgerschwiler@users.noreply.github.com> Date: Mon, 6 Jul 2020 15:27:29 +0200 Subject: [PATCH] feat: usergrant (#348) * fix: add needed permissions * feat: search project/projectgrant user grants * fix: no zitadel permissions * fix: queries length --- cmd/zitadel/authz.yaml | 12 +++++++++ .../eventsourcing/eventstore/user_grant.go | 3 +++ internal/usergrant/model/user_grant_view.go | 4 +++ pkg/management/api/grpc/user_grant.go | 27 +++++++++++++++---- .../api/grpc/user_grant_converter.go | 16 +++++++++++ 5 files changed, 57 insertions(+), 5 deletions(-) diff --git a/cmd/zitadel/authz.yaml b/cmd/zitadel/authz.yaml index 8879e417a0..062bccef0f 100644 --- a/cmd/zitadel/authz.yaml +++ b/cmd/zitadel/authz.yaml @@ -36,12 +36,18 @@ InternalAuthZ: - "project.app.read" - "project.app.write" - "project.app.delete" + - "project.user.grant.read" + - "project.user.grant.write" + - "project.user.grant.delete" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" + - "project.grant.user.grant.read" + - "project.grant.user.grant.write" + - "project.grant.user.grant.delete" - Role: 'ORG_OWNER' Permissions: - "org.read" @@ -69,12 +75,18 @@ InternalAuthZ: - "project.role.delete" - "project.app.read" - "project.app.write" + - "project.user.grant.read" + - "project.user.grant.write" + - "project.user.grant.delete" - "project.grant.read" - "project.grant.write" - "project.grant.delete" - "project.grant.member.read" - "project.grant.member.write" - "project.grant.member.delete" + - "project.grant.user.grant.read" + - "project.grant.user.grant.write" + - "project.grant.user.grant.delete" - Role: 'ORG_EDITOR' Permissions: - "org.read" diff --git a/internal/auth/repository/eventsourcing/eventstore/user_grant.go b/internal/auth/repository/eventsourcing/eventstore/user_grant.go index c388ace528..03a3fbc5ed 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user_grant.go +++ b/internal/auth/repository/eventsourcing/eventstore/user_grant.go @@ -69,6 +69,9 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st if err != nil { return nil, err } + if grant == nil { + return []string{}, nil + } permissions := &grant_model.Permissions{Permissions: []string{}} for _, role := range grant.Roles { roleName, ctxID := auth.SplitPermission(role) diff --git a/internal/usergrant/model/user_grant_view.go b/internal/usergrant/model/user_grant_view.go index 76065a06bf..7a6a8c22f5 100644 --- a/internal/usergrant/model/user_grant_view.go +++ b/internal/usergrant/model/user_grant_view.go @@ -71,3 +71,7 @@ func (r *UserGrantSearchRequest) EnsureLimit(limit uint64) { func (r *UserGrantSearchRequest) AppendMyOrgQuery(orgID string) { r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyResourceOwner, Method: model.SearchMethodEquals, Value: orgID}) } + +func (r *UserGrantSearchRequest) AppendProjectIDQuery(projectID string) { + r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyProjectID, Method: model.SearchMethodEquals, Value: projectID}) +} diff --git a/pkg/management/api/grpc/user_grant.go b/pkg/management/api/grpc/user_grant.go index f11ef45b7e..44a16b1f24 100644 --- a/pkg/management/api/grpc/user_grant.go +++ b/pkg/management/api/grpc/user_grant.go @@ -3,7 +3,6 @@ package grpc import ( "context" "github.com/caos/zitadel/internal/api/auth" - "github.com/caos/zitadel/internal/errors" "github.com/golang/protobuf/ptypes/empty" ) @@ -75,8 +74,15 @@ func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *UserGrantRemoveBul return &empty.Empty{}, err } -func (s *Server) SearchProjectUserGrants(ctx context.Context, request *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) { - return nil, errors.ThrowUnimplemented(nil, "GRPC-8jdSw", "Not implemented") +func (s *Server) SearchProjectUserGrants(ctx context.Context, in *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) { + request := projectUserGrantSearchRequestsToModel(in) + request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID) + request.AppendProjectIDQuery(in.ProjectId) + response, err := s.usergrant.SearchUserGrants(ctx, request) + if err != nil { + return nil, err + } + return userGrantSearchResponseFromModel(response), nil } func (s *Server) ProjectUserGrantByID(ctx context.Context, request *ProjectUserGrantID) (*UserGrantView, error) { @@ -118,8 +124,19 @@ func (s *Server) ReactivateProjectUserGrant(ctx context.Context, in *ProjectUser return usergrantFromModel(user), nil } -func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, request *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) { - return nil, errors.ThrowUnimplemented(nil, "GRPC-32sFs", "Not implemented") +func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, in *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) { + grant, err := s.project.ProjectGrantByID(ctx, in.ProjectGrantId) + if err != nil { + return nil, err + } + request := projectGrantUserGrantSearchRequestsToModel(in) + request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID) + request.AppendProjectIDQuery(grant.ProjectID) + response, err := s.usergrant.SearchUserGrants(ctx, request) + if err != nil { + return nil, err + } + return userGrantSearchResponseFromModel(response), nil } func (s *Server) ProjectGrantUserGrantByID(ctx context.Context, request *ProjectGrantUserGrantID) (*UserGrantView, error) { diff --git a/pkg/management/api/grpc/user_grant_converter.go b/pkg/management/api/grpc/user_grant_converter.go index 5f612dde07..b3ecfa4e90 100644 --- a/pkg/management/api/grpc/user_grant_converter.go +++ b/pkg/management/api/grpc/user_grant_converter.go @@ -183,3 +183,19 @@ func usergrantStateFromModel(state grant_model.UserGrantState) UserGrantState { return UserGrantState_USERGRANTSTATE_UNSPECIFIED } } + +func projectUserGrantSearchRequestsToModel(project *ProjectUserGrantSearchRequest) *grant_model.UserGrantSearchRequest { + return &grant_model.UserGrantSearchRequest{ + Offset: project.Offset, + Limit: project.Limit, + Queries: userGrantSearchQueriesToModel(project.Queries), + } +} + +func projectGrantUserGrantSearchRequestsToModel(project *ProjectGrantUserGrantSearchRequest) *grant_model.UserGrantSearchRequest { + return &grant_model.UserGrantSearchRequest{ + Offset: project.Offset, + Limit: project.Limit, + Queries: userGrantSearchQueriesToModel(project.Queries), + } +}