mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:57:33 +00:00
feat: project v2beta resource API (#9742)
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
@@ -3,10 +3,13 @@ package management
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/muhlemmer/gu"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
member_grpc "github.com/zitadel/zitadel/internal/api/grpc/member"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/object"
|
||||
proj_grpc "github.com/zitadel/zitadel/internal/api/grpc/project"
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
@@ -14,8 +17,12 @@ import (
|
||||
proj_pb "github.com/zitadel/zitadel/pkg/grpc/project"
|
||||
)
|
||||
|
||||
func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
|
||||
return &domain.Project{
|
||||
func ProjectCreateToCommand(req *mgmt_pb.AddProjectRequest, projectID string, resourceOwner string) *command.AddProject {
|
||||
return &command.AddProject{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: projectID,
|
||||
ResourceOwner: resourceOwner,
|
||||
},
|
||||
Name: req.Name,
|
||||
ProjectRoleAssertion: req.ProjectRoleAssertion,
|
||||
ProjectRoleCheck: req.ProjectRoleCheck,
|
||||
@@ -24,16 +31,17 @@ func ProjectCreateToDomain(req *mgmt_pb.AddProjectRequest) *domain.Project {
|
||||
}
|
||||
}
|
||||
|
||||
func ProjectUpdateToDomain(req *mgmt_pb.UpdateProjectRequest) *domain.Project {
|
||||
return &domain.Project{
|
||||
func ProjectUpdateToCommand(req *mgmt_pb.UpdateProjectRequest, resourceOwner string) *command.ChangeProject {
|
||||
return &command.ChangeProject{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.Id,
|
||||
AggregateID: req.Id,
|
||||
ResourceOwner: resourceOwner,
|
||||
},
|
||||
Name: req.Name,
|
||||
ProjectRoleAssertion: req.ProjectRoleAssertion,
|
||||
ProjectRoleCheck: req.ProjectRoleCheck,
|
||||
HasProjectCheck: req.HasProjectCheck,
|
||||
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
|
||||
Name: gu.Ptr(req.Name),
|
||||
ProjectRoleAssertion: gu.Ptr(req.ProjectRoleAssertion),
|
||||
ProjectRoleCheck: gu.Ptr(req.ProjectRoleCheck),
|
||||
HasProjectCheck: gu.Ptr(req.HasProjectCheck),
|
||||
PrivateLabelingSetting: gu.Ptr(privateLabelingSettingToDomain(req.PrivateLabelingSetting)),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,10 +56,11 @@ func privateLabelingSettingToDomain(setting proj_pb.PrivateLabelingSetting) doma
|
||||
}
|
||||
}
|
||||
|
||||
func AddProjectRoleRequestToDomain(req *mgmt_pb.AddProjectRoleRequest) *domain.ProjectRole {
|
||||
return &domain.ProjectRole{
|
||||
func AddProjectRoleRequestToCommand(req *mgmt_pb.AddProjectRoleRequest, resourceOwner string) *command.AddProjectRole {
|
||||
return &command.AddProjectRole{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
AggregateID: req.ProjectId,
|
||||
ResourceOwner: resourceOwner,
|
||||
},
|
||||
Key: req.RoleKey,
|
||||
DisplayName: req.DisplayName,
|
||||
@@ -59,12 +68,13 @@ func AddProjectRoleRequestToDomain(req *mgmt_pb.AddProjectRoleRequest) *domain.P
|
||||
}
|
||||
}
|
||||
|
||||
func BulkAddProjectRolesRequestToDomain(req *mgmt_pb.BulkAddProjectRolesRequest) []*domain.ProjectRole {
|
||||
roles := make([]*domain.ProjectRole, len(req.Roles))
|
||||
func BulkAddProjectRolesRequestToCommand(req *mgmt_pb.BulkAddProjectRolesRequest, resourceOwner string) []*command.AddProjectRole {
|
||||
roles := make([]*command.AddProjectRole, len(req.Roles))
|
||||
for i, role := range req.Roles {
|
||||
roles[i] = &domain.ProjectRole{
|
||||
roles[i] = &command.AddProjectRole{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
AggregateID: req.ProjectId,
|
||||
ResourceOwner: resourceOwner,
|
||||
},
|
||||
Key: role.Key,
|
||||
DisplayName: role.DisplayName,
|
||||
@@ -74,10 +84,11 @@ func BulkAddProjectRolesRequestToDomain(req *mgmt_pb.BulkAddProjectRolesRequest)
|
||||
return roles
|
||||
}
|
||||
|
||||
func UpdateProjectRoleRequestToDomain(req *mgmt_pb.UpdateProjectRoleRequest) *domain.ProjectRole {
|
||||
return &domain.ProjectRole{
|
||||
func UpdateProjectRoleRequestToCommand(req *mgmt_pb.UpdateProjectRoleRequest, resourceOwner string) *command.ChangeProjectRole {
|
||||
return &command.ChangeProjectRole{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
AggregateID: req.ProjectId,
|
||||
ResourceOwner: resourceOwner,
|
||||
},
|
||||
Key: req.RoleKey,
|
||||
DisplayName: req.DisplayName,
|
||||
|
||||
Reference in New Issue
Block a user