TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: usergrant (#348)

Browse Source 
* fix: add needed permissions

* feat: search project/projectgrant user grants

* fix: no zitadel permissions

* fix: queries length
This commit is contained in:
Fabi 2020-07-06 15:27:29 +02:00 committed by GitHub
parent 26634505ba
commit 5251fc712c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 57 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/zitadel/authz.yaml
View File

@ -36,12 +36,18 @@ InternalAuthZ:
- "project.app.read" - "project.app.read"
- "project.app.write" - "project.app.write"
- "project.app.delete" - "project.app.delete"
- "project.user.grant.read"
- "project.user.grant.write"
- "project.user.grant.delete"
- "project.grant.read" - "project.grant.read"
- "project.grant.write" - "project.grant.write"
- "project.grant.delete" - "project.grant.delete"
- "project.grant.member.read" - "project.grant.member.read"
- "project.grant.member.write" - "project.grant.member.write"
- "project.grant.member.delete" - "project.grant.member.delete"
- "project.grant.user.grant.read"
- "project.grant.user.grant.write"
- "project.grant.user.grant.delete"
- Role: 'ORG_OWNER' - Role: 'ORG_OWNER'
Permissions: Permissions:
- "org.read" - "org.read"
@ -69,12 +75,18 @@ InternalAuthZ:
- "project.role.delete" - "project.role.delete"
- "project.app.read" - "project.app.read"
- "project.app.write" - "project.app.write"
- "project.user.grant.read"
- "project.user.grant.write"
- "project.user.grant.delete"
- "project.grant.read" - "project.grant.read"
- "project.grant.write" - "project.grant.write"
- "project.grant.delete" - "project.grant.delete"
- "project.grant.member.read" - "project.grant.member.read"
- "project.grant.member.write" - "project.grant.member.write"
- "project.grant.member.delete" - "project.grant.member.delete"
- "project.grant.user.grant.read"
- "project.grant.user.grant.write"
- "project.grant.user.grant.delete"
- Role: 'ORG_EDITOR' - Role: 'ORG_EDITOR'
Permissions: Permissions:
- "org.read" - "org.read"

3
internal/auth/repository/eventsourcing/eventstore/user_grant.go
View File

@ -69,6 +69,9 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
if err != nil { if err != nil {
return nil, err return nil, err
} }
if grant == nil {
return []string{}, nil
}
permissions := &grant_model.Permissions{Permissions: []string{}} permissions := &grant_model.Permissions{Permissions: []string{}}
for _, role := range grant.Roles { for _, role := range grant.Roles {
roleName, ctxID := auth.SplitPermission(role) roleName, ctxID := auth.SplitPermission(role)

4
internal/usergrant/model/user_grant_view.go
View File

@ -71,3 +71,7 @@ func (r *UserGrantSearchRequest) EnsureLimit(limit uint64) {
func (r *UserGrantSearchRequest) AppendMyOrgQuery(orgID string) { func (r *UserGrantSearchRequest) AppendMyOrgQuery(orgID string) {
r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyResourceOwner, Method: model.SearchMethodEquals, Value: orgID}) r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyResourceOwner, Method: model.SearchMethodEquals, Value: orgID})
} }
func (r *UserGrantSearchRequest) AppendProjectIDQuery(projectID string) {
r.Queries = append(r.Queries, &UserGrantSearchQuery{Key: UserGrantSearchKeyProjectID, Method: model.SearchMethodEquals, Value: projectID})
}

27
pkg/management/api/grpc/user_grant.go
View File

@ -3,7 +3,6 @@ package grpc
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/api/auth" "github.com/caos/zitadel/internal/api/auth"
"github.com/caos/zitadel/internal/errors"
"github.com/golang/protobuf/ptypes/empty" "github.com/golang/protobuf/ptypes/empty"
) )
@ -75,8 +74,15 @@ func (s *Server) BulkRemoveUserGrant(ctx context.Context, in *UserGrantRemoveBul
return &empty.Empty{}, err return &empty.Empty{}, err
} }
func (s *Server) SearchProjectUserGrants(ctx context.Context, request *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) { func (s *Server) SearchProjectUserGrants(ctx context.Context, in *ProjectUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-8jdSw", "Not implemented") request := projectUserGrantSearchRequestsToModel(in)
request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID)
request.AppendProjectIDQuery(in.ProjectId)
response, err := s.usergrant.SearchUserGrants(ctx, request)
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
} }
func (s *Server) ProjectUserGrantByID(ctx context.Context, request *ProjectUserGrantID) (*UserGrantView, error) { func (s *Server) ProjectUserGrantByID(ctx context.Context, request *ProjectUserGrantID) (*UserGrantView, error) {
@ -118,8 +124,19 @@ func (s *Server) ReactivateProjectUserGrant(ctx context.Context, in *ProjectUser
return usergrantFromModel(user), nil return usergrantFromModel(user), nil
} }
func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, request *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) { func (s *Server) SearchProjectGrantUserGrants(ctx context.Context, in *ProjectGrantUserGrantSearchRequest) (*UserGrantSearchResponse, error) {
return nil, errors.ThrowUnimplemented(nil, "GRPC-32sFs", "Not implemented") grant, err := s.project.ProjectGrantByID(ctx, in.ProjectGrantId)
if err != nil {
return nil, err
}
request := projectGrantUserGrantSearchRequestsToModel(in)
request.AppendMyOrgQuery(auth.GetCtxData(ctx).OrgID)
request.AppendProjectIDQuery(grant.ProjectID)
response, err := s.usergrant.SearchUserGrants(ctx, request)
if err != nil {
return nil, err
}
return userGrantSearchResponseFromModel(response), nil
} }
func (s *Server) ProjectGrantUserGrantByID(ctx context.Context, request *ProjectGrantUserGrantID) (*UserGrantView, error) { func (s *Server) ProjectGrantUserGrantByID(ctx context.Context, request *ProjectGrantUserGrantID) (*UserGrantView, error) {

16
pkg/management/api/grpc/user_grant_converter.go
View File

@ -183,3 +183,19 @@ func usergrantStateFromModel(state grant_model.UserGrantState) UserGrantState {
return UserGrantState_USERGRANTSTATE_UNSPECIFIED return UserGrantState_USERGRANTSTATE_UNSPECIFIED
} }
} }
func projectUserGrantSearchRequestsToModel(project *ProjectUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userGrantSearchQueriesToModel(project.Queries),
}
}
func projectGrantUserGrantSearchRequestsToModel(project *ProjectGrantUserGrantSearchRequest) *grant_model.UserGrantSearchRequest {
return &grant_model.UserGrantSearchRequest{
Offset: project.Offset,
Limit: project.Limit,
Queries: userGrantSearchQueriesToModel(project.Queries),
}
}