feat: set private labeling setting on project (#2184)

* docs: add scope to request private labeling * feat: add enum to project * fix: remove unused code, add private labeling setting to query side * fix: set private labeling depending on setting * fix: private labeling depending on project setting * Update proto/zitadel/management.proto Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: rename sql file * fix: private labeling setting Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 04:57:33 +00:00 · 2021-08-24 08:34:10 +02:00
parent 7993d92907
commit 74688394d8
47 changed files with 443 additions and 2047 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -124,6 +124,8 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
 	}
 	request.Audience = appIDs
 	request.AppendAudIfNotExisting(app.ProjectID)
+	request.ApplicationResourceOwner = app.ResourceOwner
+	request.PrivateLabelingSetting = app.PrivateLabelingSetting
 	if err := setOrgID(repo.OrgViewProvider, request); err != nil {
 		return nil, err
 	}
@@ -510,7 +512,16 @@ func (repo *AuthRequestRepo) fillPolicies(ctx context.Context, request *domain.A
 		return err
 	}
 	request.PrivacyPolicy = privacyPolicy
-	labelPolicy, err := repo.getLabelPolicy(ctx, orgID)
+	privateLabelingOrgID := domain.IAMID
+	if request.PrivateLabelingSetting != domain.PrivateLabelingSettingUnspecified {
+		privateLabelingOrgID = request.ApplicationResourceOwner
+	}
+	if request.PrivateLabelingSetting == domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy || request.PrivateLabelingSetting == domain.PrivateLabelingSettingUnspecified {
+		if request.UserOrgID != "" {
+			privateLabelingOrgID = request.UserOrgID
+		}
+	}
+	labelPolicy, err := repo.getLabelPolicy(ctx, privateLabelingOrgID)
 	if err != nil {
 		return err
 	}