mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-06 19:36:41 +00:00
feat: delete (#243)
* feat: project role remove * feat: search queries * feat: search queries * feat: cascade remove/change project role * fix: comment in project grant * fix: remove projecr grant * fix: only search usergrants of my org * fix: delete usergrants * fix: delete usergrants * fix: check if role exists on project grant * feat: bulk add project role * fix: tests * fix: update user grants on project update * fix: return roles * feat: add resourceowner name on project grants * fix: migration number * fix: tests * fix: generate protos * fix: some unnecessary code
This commit is contained in:
Fabi
@@ -2,6 +2,14 @@ package eventstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
es_int "github.com/caos/zitadel/internal/eventstore"
|
||||
"github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
|
||||
es_proj_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
|
||||
usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
usr_grant_event "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
|
||||
"strings"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/auth"
|
||||
@@ -15,10 +23,12 @@ import (
|
||||
)
|
||||
|
||||
type ProjectRepo struct {
|
||||
SearchLimit uint64
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
View *view.View
|
||||
Roles []string
|
||||
es_int.Eventstore
|
||||
SearchLimit uint64
|
||||
ProjectEvents *proj_event.ProjectEventstore
|
||||
UserGrantEvents *usr_grant_event.UserGrantEventStore
|
||||
View *view.View
|
||||
Roles []string
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) ProjectByID(ctx context.Context, id string) (project *proj_model.Project, err error) {
|
||||
@@ -48,7 +58,7 @@ func (repo *ProjectRepo) SearchProjects(ctx context.Context, request *proj_model
|
||||
permissions := auth.GetPermissionsFromCtx(ctx)
|
||||
if !auth.HasGlobalPermission(permissions) {
|
||||
ids := auth.GetPermissionCtxIDs(permissions)
|
||||
request.Queries = append(request.Queries, &proj_model.ProjectViewSearchQuery{Key: proj_model.PROJECTSEARCHKEY_PROJECTID, Method: global_model.SEARCHMETHOD_IN, Value: ids})
|
||||
request.Queries = append(request.Queries, &proj_model.ProjectViewSearchQuery{Key: proj_model.PROJECTSEARCHKEY_PROJECTID, Method: global_model.SEARCHMETHOD_IS_ONE_OF, Value: ids})
|
||||
}
|
||||
|
||||
projects, count, err := repo.View.SearchProjects(request)
|
||||
@@ -103,8 +113,13 @@ func (repo *ProjectRepo) SearchProjectMembers(ctx context.Context, request *proj
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) AddProjectRole(ctx context.Context, member *proj_model.ProjectRole) (*proj_model.ProjectRole, error) {
|
||||
return repo.ProjectEvents.AddProjectRole(ctx, member)
|
||||
func (repo *ProjectRepo) AddProjectRole(ctx context.Context, role *proj_model.ProjectRole) (*proj_model.ProjectRole, error) {
|
||||
return repo.ProjectEvents.AddProjectRoles(ctx, role)
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) BulkAddProjectRole(ctx context.Context, roles []*proj_model.ProjectRole) error {
|
||||
_, err := repo.ProjectEvents.AddProjectRoles(ctx, roles...)
|
||||
return err
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) ChangeProjectRole(ctx context.Context, member *proj_model.ProjectRole) (*proj_model.ProjectRole, error) {
|
||||
@@ -112,8 +127,40 @@ func (repo *ProjectRepo) ChangeProjectRole(ctx context.Context, member *proj_mod
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) RemoveProjectRole(ctx context.Context, projectID, key string) error {
|
||||
member := proj_model.NewProjectRole(projectID, key)
|
||||
return repo.ProjectEvents.RemoveProjectRole(ctx, member)
|
||||
role := proj_model.NewProjectRole(projectID, key)
|
||||
aggregates := make([]*es_models.Aggregate, 0)
|
||||
project, agg, err := repo.ProjectEvents.PrepareRemoveProjectRole(ctx, role)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, agg)
|
||||
|
||||
usergrants, err := repo.View.UserGrantsByProjectIDAndRoleKey(projectID, key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, grant := range usergrants {
|
||||
changed := &usr_grant_model.UserGrant{
|
||||
ObjectRoot: models.ObjectRoot{AggregateID: grant.ID, Sequence: grant.Sequence, ResourceOwner: grant.ResourceOwner},
|
||||
RoleKeys: grant.RoleKeys,
|
||||
ProjectID: grant.ProjectID,
|
||||
UserID: grant.UserID,
|
||||
}
|
||||
changed.RemoveRoleKeyIfExisting(key)
|
||||
_, agg, err := repo.UserGrantEvents.PrepareChangeUserGrant(ctx, changed, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, agg)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, project.AppendEvents, aggregates...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) SearchProjectRoles(ctx context.Context, request *proj_model.ProjectRoleSearchRequest) (*proj_model.ProjectRoleSearchResponse, error) {
|
||||
@@ -211,25 +258,100 @@ func (repo *ProjectRepo) SearchProjectGrants(ctx context.Context, request *proj_
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) AddProjectGrant(ctx context.Context, app *proj_model.ProjectGrant) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.AddProjectGrant(ctx, app)
|
||||
func (repo *ProjectRepo) AddProjectGrant(ctx context.Context, grant *proj_model.ProjectGrant) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.AddProjectGrant(ctx, grant)
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) ChangeProjectGrant(ctx context.Context, app *proj_model.ProjectGrant) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.ChangeProjectGrant(ctx, app)
|
||||
func (repo *ProjectRepo) ChangeProjectGrant(ctx context.Context, grant *proj_model.ProjectGrant) (*proj_model.ProjectGrant, error) {
|
||||
project, aggFunc, removedRoles, err := repo.ProjectEvents.PrepareChangeProjectGrant(ctx, grant)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
agg, err := aggFunc(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
aggregates := make([]*es_models.Aggregate, 0)
|
||||
aggregates = append(aggregates, agg)
|
||||
|
||||
usergrants, err := repo.View.UserGrantsByProjectID(grant.AggregateID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
for _, grant := range usergrants {
|
||||
changed := &usr_grant_model.UserGrant{
|
||||
ObjectRoot: models.ObjectRoot{AggregateID: grant.ID, Sequence: grant.Sequence, ResourceOwner: grant.ResourceOwner},
|
||||
RoleKeys: grant.RoleKeys,
|
||||
ProjectID: grant.ProjectID,
|
||||
UserID: grant.UserID,
|
||||
}
|
||||
existing := changed.RemoveRoleKeysIfExisting(removedRoles)
|
||||
if existing {
|
||||
_, agg, err := repo.UserGrantEvents.PrepareChangeUserGrant(ctx, changed, true)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
aggregates = append(aggregates, agg)
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, project.AppendEvents, aggregates...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if _, g := es_proj_model.GetProjectGrant(project.Grants, grant.GrantID); g != nil {
|
||||
return es_proj_model.GrantToModel(g), nil
|
||||
}
|
||||
return nil, caos_errs.ThrowInternal(nil, "EVENT-dksi8", "Could not find app in list")
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) DeactivateProjectGrant(ctx context.Context, projectID, appID string) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.DeactivateProjectGrant(ctx, projectID, appID)
|
||||
func (repo *ProjectRepo) DeactivateProjectGrant(ctx context.Context, projectID, grantID string) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.DeactivateProjectGrant(ctx, projectID, grantID)
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) ReactivateProjectGrant(ctx context.Context, projectID, appID string) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.ReactivateProjectGrant(ctx, projectID, appID)
|
||||
func (repo *ProjectRepo) ReactivateProjectGrant(ctx context.Context, projectID, grantID string) (*proj_model.ProjectGrant, error) {
|
||||
return repo.ProjectEvents.ReactivateProjectGrant(ctx, projectID, grantID)
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) RemoveProjectGrant(ctx context.Context, projectID, appID string) error {
|
||||
app := proj_model.NewProjectGrant(projectID, appID)
|
||||
return repo.ProjectEvents.RemoveProjectGrant(ctx, app)
|
||||
func (repo *ProjectRepo) RemoveProjectGrant(ctx context.Context, projectID, grantID string) error {
|
||||
grant, err := repo.ProjectEvents.ProjectGrantByIDs(ctx, projectID, grantID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates := make([]*es_models.Aggregate, 0)
|
||||
project, aggFunc, err := repo.ProjectEvents.PrepareRemoveProjectGrant(ctx, grant)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
agg, err := aggFunc(ctx)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
aggregates = append(aggregates, agg)
|
||||
|
||||
usergrants, err := repo.View.UserGrantsByOrgIDAndProjectID(grant.GrantedOrgID, projectID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, grant := range usergrants {
|
||||
_, grantAggregates, err := repo.UserGrantEvents.PrepareRemoveUserGrant(ctx, grant.ID, true)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, agg := range grantAggregates {
|
||||
aggregates = append(aggregates, agg)
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, project.AppendEvents, aggregates...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (repo *ProjectRepo) ProjectGrantMemberByID(ctx context.Context, projectID, grantID, userID string) (member *proj_model.ProjectGrantMember, err error) {
|
||||
|
||||
@@ -38,6 +38,18 @@ func (repo *UserGrantRepo) RemoveUserGrant(ctx context.Context, grantID string)
|
||||
return repo.UserGrantEvents.RemoveUserGrant(ctx, grantID)
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) BulkAddUserGrant(ctx context.Context, grants ...*grant_model.UserGrant) error {
|
||||
return repo.UserGrantEvents.AddUserGrants(ctx, grants...)
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) BulkChangeUserGrant(ctx context.Context, grants ...*grant_model.UserGrant) error {
|
||||
return repo.UserGrantEvents.ChangeUserGrants(ctx, grants...)
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) BulkRemoveUserGrant(ctx context.Context, grantIDs ...string) error {
|
||||
return repo.UserGrantEvents.RemoveUserGrants(ctx, grantIDs...)
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) {
|
||||
request.EnsureLimit(repo.SearchLimit)
|
||||
grants, count, err := repo.View.SearchUserGrants(request)
|
||||
|
||||
Reference in New Issue
Block a user