TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-12 08:13:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: project role view, remove project grants (#419)

Browse Source
This commit is contained in:
Fabi 2020-07-09 13:24:35 +02:00 committed by GitHub
parent aeae04c90b
commit 7cf13a646d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
internal/management/repository/eventsourcing/handler/project_role.go
View File

@ -1,11 +1,9 @@
package handler
import (
"context"
"github.com/caos/logging"
"github.com/caos/zitadel/internal/eventstore/models"
"github.com/caos/zitadel/internal/eventstore/spooler"
proj_model "github.com/caos/zitadel/internal/project/model"
"github.com/caos/zitadel/internal/project/repository/eventsourcing"
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
@ -57,16 +55,6 @@ func (p *ProjectRole) Reduce(event *models.Event) (err error) {
return err
}
return p.view.DeleteProjectRole(event.AggregateID, event.ResourceOwner, role.Key, event.Sequence)
case es_model.ProjectGrantAdded:
return p.addGrantRoles(event)
case es_model.ProjectGrantChanged:
err = p.removeRolesFromResourceowner(event)
if err != nil {
return err
}
return p.addGrantRoles(event)
case es_model.ProjectGrantRemoved:
return p.removeRolesFromResourceowner(event)
default:
return p.view.ProcessedProjectRoleSequence(event.Sequence)
}
@ -76,76 +64,6 @@ func (p *ProjectRole) Reduce(event *models.Event) (err error) {
return p.view.PutProjectRole(role)
}
func (p *ProjectRole) removeRoleFromAllResourceowners(event *models.Event, role *view_model.ProjectRoleView) error {
roles, err := p.view.ResourceOwnerProjectRolesByKey(event.AggregateID, event.ResourceOwner, role.Key)
if err != nil {
logging.LogWithFields("HANDL-slo03", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "Key", role.Key).WithError(err).Warn("could not read roles to remove")
return err
}
for _, r := range roles {
err = p.view.DeleteProjectRole(r.ProjectID, r.OrgID, r.Key, event.Sequence)
if err != nil {
logging.LogWithFields("HANDL-kloa2", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "OrgID", r.OrgID, "Key", role.Key).WithError(err).Warn("could not remove role")
return err
}
}
return nil
}
func (p *ProjectRole) removeRolesFromResourceowner(event *models.Event) error {
roles, err := p.view.ResourceOwnerProjectRoles(event.AggregateID, event.ResourceOwner)
if err != nil {
logging.LogWithFields("HANDL-slo03", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "Key").WithError(err).Warn("could not read roles to remove")
return err
}
for _, r := range roles {
err = p.view.DeleteProjectRole(r.ProjectID, r.OrgID, r.Key, event.Sequence)
if err != nil {
logging.LogWithFields("HANDL-kloa2", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "OrgID", r.OrgID).WithError(err).Warn("could not remove role")
return err
}
}
return nil
}
func (p *ProjectRole) addGrantRoles(event *models.Event) error {
project, err := p.projectEvents.ProjectByID(context.Background(), event.AggregateID)
if err != nil {
return err
}
grant := new(view_model.ProjectGrant)
err = grant.SetData(event)
if err != nil {
return err
}
for _, roleKey := range grant.RoleKeys {
role := getRoleFromProject(roleKey, project)
projectRole := &view_model.ProjectRoleView{
OrgID: grant.GrantedOrgID,
ProjectID: event.AggregateID,
Key: roleKey,
DisplayName: role.DisplayName,
Group: role.Group,
ResourceOwner: event.ResourceOwner,
CreationDate: event.CreationDate,
Sequence: event.Sequence,
}
err := p.view.PutProjectRole(projectRole)
logging.LogWithFields("HANDL-sj3TG", "eventID", event.ID).OnError(err).Warn("could not save project role")
}
return nil
}
func getRoleFromProject(roleKey string, project *proj_model.Project) *proj_model.ProjectRole {
for _, role := range project.Roles {
if roleKey == role.Key {
return role
}
}
return nil
}
func (p *ProjectRole) OnError(event *models.Event, err error) error {
logging.LogWithFields("SPOOL-lso9w", "id", event.AggregateID).WithError(err).Warn("something went wrong in project role handler")
return spooler.HandleError(event, err, p.view.GetLatestProjectRoleFailedEvent, p.view.ProcessedProjectRoleFailedEvent, p.view.ProcessedProjectRoleSequence, p.errorCountUntilSkip)