From 5251fc712c6170ba3c9871351e215ace256c306b Mon Sep 17 00:00:00 2001
From: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Date: Mon, 6 Jul 2020 15:27:29 +0200
Subject: [PATCH] feat: usergrant (#348)

* fix: add needed permissions

* feat: search project/projectgrant user grants

* fix: no zitadel permissions

* fix: queries length
---
 cmd/zitadel/authz.yaml                        | 12 +++++++++
 .../eventsourcing/eventstore/user_grant.go    |  3 +++
 internal/usergrant/model/user_grant_view.go   |  4 +++
 pkg/management/api/grpc/user_grant.go         | 27 +++++++++++++++----
 .../api/grpc/user_grant_converter.go          | 16 +++++++++++
 5 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/cmd/zitadel/authz.yaml b/cmd/zitadel/authz.yaml
index 8879e417a0..062bccef0f 100644
--- a/cmd/zitadel/authz.yaml
+++ b/cmd/zitadel/authz.yaml
@@ -36,12 +36,18 @@ InternalAuthZ:
         - "project.app.read"
         - "project.app.write"
         - "project.app.delete"
+        - "project.user.grant.read"
+        - "project.user.grant.write"
+        - "project.user.grant.delete"
         - "project.grant.read"
         - "project.grant.write"
         - "project.grant.delete"
         - "project.grant.member.read"
         - "project.grant.member.write"
         - "project.grant.member.delete"
+        - "project.grant.user.grant.read"
+        - "project.grant.user.grant.write"
+        - "project.grant.user.grant.delete"
     - Role: 'ORG_OWNER'
       Permissions:
         - "org.read"
@@ -69,12 +75,18 @@ InternalAuthZ:
         - "project.role.delete"
         - "project.app.read"
         - "project.app.write"
+        - "project.user.grant.read"
+        - "project.user.grant.write"
+        - "project.user.grant.delete"
         - "project.grant.read"
         - "project.grant.write"
         - "project.grant.delete"
         - "project.grant.member.read"
         - "project.grant.member.write"
         - "project.grant.member.delete"
+        - "project.grant.user.grant.read"
+        - "project.grant.user.grant.write"
+        - "project.grant.user.grant.delete"
     - Role: 'ORG_EDITOR'
       Permissions:
         - "org.read"
diff --git a/internal/auth/repository/eventsourcing/eventstore/user_grant.go b/internal/auth/repository/eventsourcing/eventstore/user_grant.go
index c388ace528..03a3fbc5ed 100644
--- a/internal/auth/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user_grant.go
@@ -69,6 +69,9 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
 	if err != nil {
 		return nil, err
 	}
+	if grant == nil {
+		return []string{}, nil
+	}
 	permissions := &grant_model.Permissions{Permissions: []string{}}
 	for _, role := range grant.Roles {
 		roleName, ctxID := auth.SplitPermission(role)
diff --git a/internal/usergrant/model/user_grant_view.go b/internal/usergrant/model/user_grant_view.go
index 76065a06bf..7a6a8c22f5 100644
--- a/internal/usergrant/model/user_grant_view.go
+++ b/internal/usergrant/model/user_grant_view.go
@@ -71,3 +71,7 @@ func (r *UserGrantSearchRequest) EnsureLimit(limit uint64) {
 func (r *UserGrantSearchRequest) AppendMyOrgQuery(orgID string) {
 	r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyResourceOwner, Method: model.SearchMethodEquals, Value: orgID})
 }
+
+func (r *UserGrantSearchRequest) AppendProjectIDQuery(projectID string) {
+	r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyProjectID, Method: model.SearchMethodEquals, Value: projectID})
+}
diff --git a/pkg/management/api/grpc/user_grant.go b/pkg/management/api/grpc/user_grant.go
index f11ef45b7e..44a16b1f24 100644
--- a/pkg/management/api/grpc/user_grant.go
+++ b/pkg/management/api/grpc/user_grant.go
@@ -3,7 +3,6 @@ package grpc
 import (
 	"context"
 	"github.com/caos/zitadel/internal/api/auth"
-	"github.com/caos/zitadel/internal/errors"
 	"github.com/golang/protobuf/ptypes/empty"
 )
 
@@ -75,8 +74,15 @@ func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *UserGrantRemoveBul
 	return &empty.Empty{}, err
 }
 
-func (s *Server) SearchProjectUserGrants(ctx context.Context, request *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
-	return nil, errors.ThrowUnimplemented(nil, "GRPC-8jdSw", "Not implemented")
+func (s *Server) SearchProjectUserGrants(ctx context.Context, in *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
+	request := projectUserGrantSearchRequestsToModel(in)
+	request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID)
+	request.AppendProjectIDQuery(in.ProjectId)
+	response, err := s.usergrant.SearchUserGrants(ctx, request)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantSearchResponseFromModel(response), nil
 }
 
 func (s *Server) ProjectUserGrantByID(ctx context.Context, request *ProjectUserGrantID) (*UserGrantView, error) {
@@ -118,8 +124,19 @@ func (s *Server) ReactivateProjectUserGrant(ctx context.Context, in *ProjectUser
 	return usergrantFromModel(user), nil
 }
 
-func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, request *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
-	return nil, errors.ThrowUnimplemented(nil, "GRPC-32sFs", "Not implemented")
+func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, in *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
+	grant, err := s.project.ProjectGrantByID(ctx, in.ProjectGrantId)
+	if err != nil {
+		return nil, err
+	}
+	request := projectGrantUserGrantSearchRequestsToModel(in)
+	request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID)
+	request.AppendProjectIDQuery(grant.ProjectID)
+	response, err := s.usergrant.SearchUserGrants(ctx, request)
+	if err != nil {
+		return nil, err
+	}
+	return userGrantSearchResponseFromModel(response), nil
 }
 
 func (s *Server) ProjectGrantUserGrantByID(ctx context.Context, request *ProjectGrantUserGrantID) (*UserGrantView, error) {
diff --git a/pkg/management/api/grpc/user_grant_converter.go b/pkg/management/api/grpc/user_grant_converter.go
index 5f612dde07..b3ecfa4e90 100644
--- a/pkg/management/api/grpc/user_grant_converter.go
+++ b/pkg/management/api/grpc/user_grant_converter.go
@@ -183,3 +183,19 @@ func usergrantStateFromModel(state grant_model.UserGrantState) UserGrantState {
 		return UserGrantState_USERGRANTSTATE_UNSPECIFIED
 	}
 }
+
+func projectUserGrantSearchRequestsToModel(project *ProjectUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
+	return &grant_model.UserGrantSearchRequest{
+		Offset:  project.Offset,
+		Limit:   project.Limit,
+		Queries: userGrantSearchQueriesToModel(project.Queries),
+	}
+}
+
+func projectGrantUserGrantSearchRequestsToModel(project *ProjectGrantUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
+	return &grant_model.UserGrantSearchRequest{
+		Offset:  project.Offset,
+		Limit:   project.Limit,
+		Queries: userGrantSearchQueriesToModel(project.Queries),
+	}
+}