mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:27:42 +00:00
feat: project v2beta resource API (#9742)
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
1292
internal/api/grpc/project/v2beta/integration/project_grant_test.go
Normal file
1292
internal/api/grpc/project/v2beta/integration/project_grant_test.go
Normal file
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,698 @@
|
||||
//go:build integration
|
||||
|
||||
package project_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/brianvoe/gofakeit/v6"
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/integration"
|
||||
project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
func TestServer_AddProjectRole(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
alreadyExistingProject := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
alreadyExistingProjectRoleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, alreadyExistingProject.GetId(), alreadyExistingProjectRoleName, alreadyExistingProjectRoleName, "")
|
||||
|
||||
type want struct {
|
||||
creationDate bool
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
prepare func(request *project.AddProjectRoleRequest)
|
||||
req *project.AddProjectRoleRequest
|
||||
want
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "empty key",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: "",
|
||||
DisplayName: gofakeit.AppName(),
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "empty displayname",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.AppName(),
|
||||
DisplayName: "",
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "already existing, error",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
request.ProjectId = alreadyExistingProject.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: alreadyExistingProjectRoleName,
|
||||
DisplayName: alreadyExistingProjectRoleName,
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "empty, ok",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.Name(),
|
||||
DisplayName: gofakeit.Name(),
|
||||
},
|
||||
want: want{
|
||||
creationDate: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.prepare != nil {
|
||||
tt.prepare(tt.req)
|
||||
}
|
||||
|
||||
creationDate := time.Now().UTC()
|
||||
got, err := instance.Client.Projectv2Beta.AddProjectRole(tt.ctx, tt.req)
|
||||
changeDate := time.Now().UTC()
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
assert.NoError(t, err)
|
||||
assertAddProjectRoleResponse(t, creationDate, changeDate, tt.want.creationDate, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_AddProjectRole_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
alreadyExistingProject := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
alreadyExistingProjectRoleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, alreadyExistingProject.GetId(), alreadyExistingProjectRoleName, alreadyExistingProjectRoleName, "")
|
||||
|
||||
type want struct {
|
||||
creationDate bool
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
prepare func(request *project.AddProjectRoleRequest)
|
||||
req *project.AddProjectRoleRequest
|
||||
want
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "unauthenticated",
|
||||
ctx: CTX,
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.AppName(),
|
||||
DisplayName: gofakeit.AppName(),
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "no permission",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.AppName(),
|
||||
DisplayName: gofakeit.AppName(),
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, other org",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.AppName(),
|
||||
DisplayName: gofakeit.AppName(),
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, ok",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.AppName(),
|
||||
DisplayName: gofakeit.AppName(),
|
||||
},
|
||||
want: want{
|
||||
creationDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance owner, ok",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.AddProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
request.ProjectId = projectResp.GetId()
|
||||
},
|
||||
req: &project.AddProjectRoleRequest{
|
||||
RoleKey: gofakeit.AppName(),
|
||||
DisplayName: gofakeit.AppName(),
|
||||
},
|
||||
want: want{
|
||||
creationDate: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
if tt.prepare != nil {
|
||||
tt.prepare(tt.req)
|
||||
}
|
||||
|
||||
creationDate := time.Now().UTC()
|
||||
got, err := instance.Client.Projectv2Beta.AddProjectRole(tt.ctx, tt.req)
|
||||
changeDate := time.Now().UTC()
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
assert.NoError(t, err)
|
||||
assertAddProjectRoleResponse(t, creationDate, changeDate, tt.want.creationDate, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func assertAddProjectRoleResponse(t *testing.T, creationDate, changeDate time.Time, expectedCreationDate bool, actualResp *project.AddProjectRoleResponse) {
|
||||
if expectedCreationDate {
|
||||
if !changeDate.IsZero() {
|
||||
assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, changeDate)
|
||||
} else {
|
||||
assert.WithinRange(t, actualResp.GetCreationDate().AsTime(), creationDate, time.Now().UTC())
|
||||
}
|
||||
} else {
|
||||
assert.Nil(t, actualResp.CreationDate)
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_UpdateProjectRole(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *project.UpdateProjectRoleRequest
|
||||
}
|
||||
type want struct {
|
||||
change bool
|
||||
changeDate bool
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
prepare func(request *project.UpdateProjectRoleRequest)
|
||||
args args
|
||||
want want
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "missing permission",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr("changed"),
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "not existing",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
request.RoleKey = "notexisting"
|
||||
return
|
||||
},
|
||||
args: args{
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr("changed"),
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "no change, ok",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
request.DisplayName = gu.Ptr(roleName)
|
||||
},
|
||||
args: args{
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.UpdateProjectRoleRequest{},
|
||||
},
|
||||
want: want{
|
||||
change: false,
|
||||
changeDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "change display name, ok",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr(gofakeit.AppName()),
|
||||
},
|
||||
},
|
||||
want: want{
|
||||
change: true,
|
||||
changeDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "change full, ok",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr(gofakeit.AppName()),
|
||||
Group: gu.Ptr(gofakeit.AppName()),
|
||||
},
|
||||
},
|
||||
want: want{
|
||||
change: true,
|
||||
changeDate: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
creationDate := time.Now().UTC()
|
||||
tt.prepare(tt.args.req)
|
||||
|
||||
got, err := instance.Client.Projectv2Beta.UpdateProjectRole(tt.args.ctx, tt.args.req)
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
changeDate := time.Time{}
|
||||
if tt.want.change {
|
||||
changeDate = time.Now().UTC()
|
||||
}
|
||||
assert.NoError(t, err)
|
||||
assertUpdateProjectRoleResponse(t, creationDate, changeDate, tt.want.changeDate, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_UpdateProjectRole_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *project.UpdateProjectRoleRequest
|
||||
}
|
||||
type want struct {
|
||||
change bool
|
||||
changeDate bool
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
prepare func(request *project.UpdateProjectRoleRequest)
|
||||
args args
|
||||
want want
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "unauthenicated",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: CTX,
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr("changed"),
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "no permission",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr("changed"),
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, other org",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr("changed"),
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, ok",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr(gofakeit.AppName()),
|
||||
},
|
||||
},
|
||||
want: want{
|
||||
change: true,
|
||||
changeDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "instance owner, ok",
|
||||
prepare: func(request *project.UpdateProjectRoleRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
},
|
||||
args: args{
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.UpdateProjectRoleRequest{
|
||||
DisplayName: gu.Ptr(gofakeit.AppName()),
|
||||
},
|
||||
},
|
||||
want: want{
|
||||
change: true,
|
||||
changeDate: true,
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
creationDate := time.Now().UTC()
|
||||
tt.prepare(tt.args.req)
|
||||
|
||||
got, err := instance.Client.Projectv2Beta.UpdateProjectRole(tt.args.ctx, tt.args.req)
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
changeDate := time.Time{}
|
||||
if tt.want.change {
|
||||
changeDate = time.Now().UTC()
|
||||
}
|
||||
assert.NoError(t, err)
|
||||
assertUpdateProjectRoleResponse(t, creationDate, changeDate, tt.want.changeDate, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func assertUpdateProjectRoleResponse(t *testing.T, creationDate, changeDate time.Time, expectedChangeDate bool, actualResp *project.UpdateProjectRoleResponse) {
|
||||
if expectedChangeDate {
|
||||
if !changeDate.IsZero() {
|
||||
assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, changeDate)
|
||||
} else {
|
||||
assert.WithinRange(t, actualResp.GetChangeDate().AsTime(), creationDate, time.Now().UTC())
|
||||
}
|
||||
} else {
|
||||
assert.Nil(t, actualResp.ChangeDate)
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_DeleteProjectRole(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
prepare func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time)
|
||||
req *project.RemoveProjectRoleRequest
|
||||
wantDeletionDate bool
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "empty id",
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.RemoveProjectRoleRequest{
|
||||
ProjectId: "",
|
||||
RoleKey: "notexisting",
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "delete, not existing",
|
||||
ctx: iamOwnerCtx,
|
||||
req: &project.RemoveProjectRoleRequest{
|
||||
ProjectId: "notexisting",
|
||||
RoleKey: "notexisting",
|
||||
},
|
||||
wantDeletionDate: false,
|
||||
},
|
||||
{
|
||||
name: "delete",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantDeletionDate: true,
|
||||
},
|
||||
{
|
||||
name: "delete, already removed",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
instance.RemoveProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName)
|
||||
return creationDate, time.Now().UTC()
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantDeletionDate: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
var creationDate, deletionDate time.Time
|
||||
if tt.prepare != nil {
|
||||
creationDate, deletionDate = tt.prepare(tt.req)
|
||||
}
|
||||
got, err := instance.Client.Projectv2Beta.RemoveProjectRole(tt.ctx, tt.req)
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
assert.NoError(t, err)
|
||||
assertRemoveProjectRoleResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServer_DeleteProjectRole_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
prepare func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time)
|
||||
req *project.RemoveProjectRoleRequest
|
||||
wantDeletionDate bool
|
||||
wantErr bool
|
||||
}{
|
||||
{
|
||||
name: "unauthenticated",
|
||||
ctx: CTX,
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "no permission",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, other org",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, ok",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantDeletionDate: true,
|
||||
},
|
||||
{
|
||||
name: "instance owner, ok",
|
||||
ctx: iamOwnerCtx,
|
||||
prepare: func(request *project.RemoveProjectRoleRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
roleName := gofakeit.AppName()
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectResp.GetId(), roleName, roleName, "")
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.RoleKey = roleName
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.RemoveProjectRoleRequest{},
|
||||
wantDeletionDate: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
var creationDate, deletionDate time.Time
|
||||
if tt.prepare != nil {
|
||||
creationDate, deletionDate = tt.prepare(tt.req)
|
||||
}
|
||||
got, err := instance.Client.Projectv2Beta.RemoveProjectRole(tt.ctx, tt.req)
|
||||
if tt.wantErr {
|
||||
assert.Error(t, err)
|
||||
return
|
||||
}
|
||||
assert.NoError(t, err)
|
||||
assertRemoveProjectRoleResponse(t, creationDate, deletionDate, tt.wantDeletionDate, got)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func assertRemoveProjectRoleResponse(t *testing.T, creationDate, deletionDate time.Time, expectedDeletionDate bool, actualResp *project.RemoveProjectRoleResponse) {
|
||||
if expectedDeletionDate {
|
||||
if !deletionDate.IsZero() {
|
||||
assert.WithinRange(t, actualResp.GetRemovalDate().AsTime(), creationDate, deletionDate)
|
||||
} else {
|
||||
assert.WithinRange(t, actualResp.GetRemovalDate().AsTime(), creationDate, time.Now().UTC())
|
||||
}
|
||||
} else {
|
||||
assert.Nil(t, actualResp.RemovalDate)
|
||||
}
|
||||
}
|
||||
1013
internal/api/grpc/project/v2beta/integration/project_test.go
Normal file
1013
internal/api/grpc/project/v2beta/integration/project_test.go
Normal file
File diff suppressed because it is too large
Load Diff
1738
internal/api/grpc/project/v2beta/integration/query_test.go
Normal file
1738
internal/api/grpc/project/v2beta/integration/query_test.go
Normal file
File diff suppressed because it is too large
Load Diff
63
internal/api/grpc/project/v2beta/integration/server_test.go
Normal file
63
internal/api/grpc/project/v2beta/integration/server_test.go
Normal file
@@ -0,0 +1,63 @@
|
||||
//go:build integration
|
||||
|
||||
package project_test
|
||||
|
||||
import (
|
||||
"context"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/muhlemmer/gu"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/integration"
|
||||
"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
|
||||
)
|
||||
|
||||
var (
|
||||
CTX context.Context
|
||||
instance *integration.Instance
|
||||
instancePermissionV2 *integration.Instance
|
||||
)
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
os.Exit(func() int {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
|
||||
defer cancel()
|
||||
CTX = ctx
|
||||
instance = integration.NewInstance(ctx)
|
||||
instancePermissionV2 = integration.NewInstance(CTX)
|
||||
return m.Run()
|
||||
}())
|
||||
}
|
||||
|
||||
func ensureFeaturePermissionV2Enabled(t *testing.T, instance *integration.Instance) {
|
||||
ctx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
|
||||
Inheritance: true,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
if f.PermissionCheckV2.GetEnabled() {
|
||||
return
|
||||
}
|
||||
_, err = instance.Client.FeatureV2.SetInstanceFeatures(ctx, &feature.SetInstanceFeaturesRequest{
|
||||
PermissionCheckV2: gu.Ptr(true),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, 5*time.Minute)
|
||||
require.EventuallyWithT(t,
|
||||
func(ttt *assert.CollectT) {
|
||||
f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
|
||||
Inheritance: true,
|
||||
})
|
||||
assert.NoError(ttt, err)
|
||||
if f.PermissionCheckV2.GetEnabled() {
|
||||
return
|
||||
}
|
||||
},
|
||||
retryDuration,
|
||||
tick,
|
||||
"timed out waiting for ensuring instance feature")
|
||||
}
|
||||
161
internal/api/grpc/project/v2beta/project.go
Normal file
161
internal/api/grpc/project/v2beta/project.go
Normal file
@@ -0,0 +1,161 @@
|
||||
package project
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/muhlemmer/gu"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
func (s *Server) CreateProject(ctx context.Context, req *project_pb.CreateProjectRequest) (*project_pb.CreateProjectResponse, error) {
|
||||
add := projectCreateToCommand(req)
|
||||
project, err := s.command.AddProject(ctx, add)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var creationDate *timestamppb.Timestamp
|
||||
if !project.EventDate.IsZero() {
|
||||
creationDate = timestamppb.New(project.EventDate)
|
||||
}
|
||||
return &project_pb.CreateProjectResponse{
|
||||
Id: add.AggregateID,
|
||||
CreationDate: creationDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectCreateToCommand(req *project_pb.CreateProjectRequest) *command.AddProject {
|
||||
var aggregateID string
|
||||
if req.Id != nil {
|
||||
aggregateID = *req.Id
|
||||
}
|
||||
return &command.AddProject{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
ResourceOwner: req.OrganizationId,
|
||||
AggregateID: aggregateID,
|
||||
},
|
||||
Name: req.Name,
|
||||
ProjectRoleAssertion: req.ProjectRoleAssertion,
|
||||
ProjectRoleCheck: req.AuthorizationRequired,
|
||||
HasProjectCheck: req.ProjectAccessRequired,
|
||||
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
|
||||
}
|
||||
}
|
||||
|
||||
func privateLabelingSettingToDomain(setting project_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {
|
||||
switch setting {
|
||||
case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:
|
||||
return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
|
||||
case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:
|
||||
return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
|
||||
case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED:
|
||||
return domain.PrivateLabelingSettingUnspecified
|
||||
default:
|
||||
return domain.PrivateLabelingSettingUnspecified
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) UpdateProject(ctx context.Context, req *project_pb.UpdateProjectRequest) (*project_pb.UpdateProjectResponse, error) {
|
||||
project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !project.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(project.EventDate)
|
||||
}
|
||||
return &project_pb.UpdateProjectResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectUpdateToCommand(req *project_pb.UpdateProjectRequest) *command.ChangeProject {
|
||||
var labeling *domain.PrivateLabelingSetting
|
||||
if req.PrivateLabelingSetting != nil {
|
||||
labeling = gu.Ptr(privateLabelingSettingToDomain(*req.PrivateLabelingSetting))
|
||||
}
|
||||
return &command.ChangeProject{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.Id,
|
||||
},
|
||||
Name: req.Name,
|
||||
ProjectRoleAssertion: req.ProjectRoleAssertion,
|
||||
ProjectRoleCheck: req.ProjectRoleCheck,
|
||||
HasProjectCheck: req.HasProjectCheck,
|
||||
PrivateLabelingSetting: labeling,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) DeleteProject(ctx context.Context, req *project_pb.DeleteProjectRequest) (*project_pb.DeleteProjectResponse, error) {
|
||||
userGrantIDs, err := s.userGrantsFromProject(ctx, req.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
deletedAt, err := s.command.DeleteProject(ctx, req.Id, "", userGrantIDs...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var deletionDate *timestamppb.Timestamp
|
||||
if !deletedAt.IsZero() {
|
||||
deletionDate = timestamppb.New(deletedAt)
|
||||
}
|
||||
return &project_pb.DeleteProjectResponse{
|
||||
DeletionDate: deletionDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([]string, error) {
|
||||
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
||||
Queries: []query.SearchQuery{projectQuery},
|
||||
}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return userGrantsToIDs(userGrants.UserGrants), nil
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateProject(ctx context.Context, req *project_pb.DeactivateProjectRequest) (*project_pb.DeactivateProjectResponse, error) {
|
||||
details, err := s.command.DeactivateProject(ctx, req.Id, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.DeactivateProjectResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) ActivateProject(ctx context.Context, req *project_pb.ActivateProjectRequest) (*project_pb.ActivateProjectResponse, error) {
|
||||
details, err := s.command.ReactivateProject(ctx, req.Id, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.ActivateProjectResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func userGrantsToIDs(userGrants []*query.UserGrant) []string {
|
||||
converted := make([]string, len(userGrants))
|
||||
for i, grant := range userGrants {
|
||||
converted[i] = grant.ID
|
||||
}
|
||||
return converted
|
||||
}
|
||||
126
internal/api/grpc/project/v2beta/project_grant.go
Normal file
126
internal/api/grpc/project/v2beta/project_grant.go
Normal file
@@ -0,0 +1,126 @@
|
||||
package project
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
func (s *Server) CreateProjectGrant(ctx context.Context, req *project_pb.CreateProjectGrantRequest) (*project_pb.CreateProjectGrantResponse, error) {
|
||||
add := projectGrantCreateToCommand(req)
|
||||
project, err := s.command.AddProjectGrant(ctx, add)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var creationDate *timestamppb.Timestamp
|
||||
if !project.EventDate.IsZero() {
|
||||
creationDate = timestamppb.New(project.EventDate)
|
||||
}
|
||||
return &project_pb.CreateProjectGrantResponse{
|
||||
CreationDate: creationDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectGrantCreateToCommand(req *project_pb.CreateProjectGrantRequest) *command.AddProjectGrant {
|
||||
return &command.AddProjectGrant{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
GrantID: req.GrantedOrganizationId,
|
||||
GrantedOrgID: req.GrantedOrganizationId,
|
||||
RoleKeys: req.RoleKeys,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) UpdateProjectGrant(ctx context.Context, req *project_pb.UpdateProjectGrantRequest) (*project_pb.UpdateProjectGrantResponse, error) {
|
||||
project, err := s.command.ChangeProjectGrant(ctx, projectGrantUpdateToCommand(req))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !project.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(project.EventDate)
|
||||
}
|
||||
return &project_pb.UpdateProjectGrantResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *command.ChangeProjectGrant {
|
||||
return &command.ChangeProjectGrant{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
GrantID: req.GrantedOrganizationId,
|
||||
RoleKeys: req.RoleKeys,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.DeactivateProjectGrantRequest) (*project_pb.DeactivateProjectGrantResponse, error) {
|
||||
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.DeactivateProjectGrantResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.ActivateProjectGrantRequest) (*project_pb.ActivateProjectGrantResponse, error) {
|
||||
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.ActivateProjectGrantResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteProjectGrantRequest) (*project_pb.DeleteProjectGrantResponse, error) {
|
||||
userGrantIDs, err := s.userGrantsFromProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "", userGrantIDs...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var deletionDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
deletionDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.DeleteProjectGrantResponse{
|
||||
DeletionDate: deletionDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) userGrantsFromProjectGrant(ctx context.Context, projectID, grantedOrganizationID string) ([]string, error) {
|
||||
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grantQuery, err := query.NewUserGrantGrantIDSearchQuery(grantedOrganizationID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
||||
Queries: []query.SearchQuery{projectQuery, grantQuery},
|
||||
}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return userGrantsToIDs(userGrants.UserGrants), nil
|
||||
}
|
||||
132
internal/api/grpc/project/v2beta/project_role.go
Normal file
132
internal/api/grpc/project/v2beta/project_role.go
Normal file
@@ -0,0 +1,132 @@
|
||||
package project
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
func (s *Server) AddProjectRole(ctx context.Context, req *project_pb.AddProjectRoleRequest) (*project_pb.AddProjectRoleResponse, error) {
|
||||
role, err := s.command.AddProjectRole(ctx, addProjectRoleRequestToCommand(req))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var creationDate *timestamppb.Timestamp
|
||||
if !role.EventDate.IsZero() {
|
||||
creationDate = timestamppb.New(role.EventDate)
|
||||
}
|
||||
return &project_pb.AddProjectRoleResponse{
|
||||
CreationDate: creationDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func addProjectRoleRequestToCommand(req *project_pb.AddProjectRoleRequest) *command.AddProjectRole {
|
||||
group := ""
|
||||
if req.Group != nil {
|
||||
group = *req.Group
|
||||
}
|
||||
|
||||
return &command.AddProjectRole{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
Key: req.RoleKey,
|
||||
DisplayName: req.DisplayName,
|
||||
Group: group,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) UpdateProjectRole(ctx context.Context, req *project_pb.UpdateProjectRoleRequest) (*project_pb.UpdateProjectRoleResponse, error) {
|
||||
role, err := s.command.ChangeProjectRole(ctx, updateProjectRoleRequestToCommand(req))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !role.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(role.EventDate)
|
||||
}
|
||||
return &project_pb.UpdateProjectRoleResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func updateProjectRoleRequestToCommand(req *project_pb.UpdateProjectRoleRequest) *command.ChangeProjectRole {
|
||||
displayName := ""
|
||||
if req.DisplayName != nil {
|
||||
displayName = *req.DisplayName
|
||||
}
|
||||
group := ""
|
||||
if req.Group != nil {
|
||||
group = *req.Group
|
||||
}
|
||||
|
||||
return &command.ChangeProjectRole{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
Key: req.RoleKey,
|
||||
DisplayName: displayName,
|
||||
Group: group,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) RemoveProjectRole(ctx context.Context, req *project_pb.RemoveProjectRoleRequest) (*project_pb.RemoveProjectRoleResponse, error) {
|
||||
userGrantIDs, err := s.userGrantsFromProjectAndRole(ctx, req.ProjectId, req.RoleKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
projectGrantIDs, err := s.projectGrantsFromProjectAndRole(ctx, req.ProjectId, req.RoleKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveProjectRole(ctx, req.ProjectId, req.RoleKey, "", projectGrantIDs, userGrantIDs...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var deletionDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
deletionDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.RemoveProjectRoleResponse{
|
||||
RemovalDate: deletionDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) userGrantsFromProjectAndRole(ctx context.Context, projectID, roleKey string) ([]string, error) {
|
||||
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rolesQuery, err := query.NewUserGrantRoleQuery(roleKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
||||
Queries: []query.SearchQuery{projectQuery, rolesQuery},
|
||||
}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return userGrantsToIDs(userGrants.UserGrants), nil
|
||||
}
|
||||
|
||||
func (s *Server) projectGrantsFromProjectAndRole(ctx context.Context, projectID, roleKey string) ([]string, error) {
|
||||
projectGrants, err := s.query.SearchProjectGrantsByProjectIDAndRoleKey(ctx, projectID, roleKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return projectGrantsToIDs(projectGrants), nil
|
||||
}
|
||||
|
||||
func projectGrantsToIDs(projectGrants *query.ProjectGrants) []string {
|
||||
converted := make([]string, len(projectGrants.ProjectGrants))
|
||||
for i, grant := range projectGrants.ProjectGrants {
|
||||
converted[i] = grant.GrantID
|
||||
}
|
||||
return converted
|
||||
}
|
||||
427
internal/api/grpc/project/v2beta/query.go
Normal file
427
internal/api/grpc/project/v2beta/query.go
Normal file
@@ -0,0 +1,427 @@
|
||||
package project
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
filter "github.com/zitadel/zitadel/internal/api/grpc/filter/v2beta"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
"github.com/zitadel/zitadel/internal/zerrors"
|
||||
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
func (s *Server) GetProject(ctx context.Context, req *project_pb.GetProjectRequest) (*project_pb.GetProjectResponse, error) {
|
||||
project, err := s.query.GetProjectByIDWithPermission(ctx, true, req.Id, s.checkPermission)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &project_pb.GetProjectResponse{
|
||||
Project: projectToPb(project),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) ListProjects(ctx context.Context, req *project_pb.ListProjectsRequest) (*project_pb.ListProjectsResponse, error) {
|
||||
queries, err := s.listProjectRequestToModel(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp, err := s.query.SearchGrantedProjects(ctx, queries, s.checkPermission)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &project_pb.ListProjectsResponse{
|
||||
Projects: grantedProjectsToPb(resp.GrantedProjects),
|
||||
Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) listProjectRequestToModel(req *project_pb.ListProjectsRequest) (*query.ProjectAndGrantedProjectSearchQueries, error) {
|
||||
offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries, err := projectFiltersToQuery(req.Filters)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.ProjectAndGrantedProjectSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
SortingColumn: grantedProjectFieldNameToSortingColumn(req.SortingColumn),
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func grantedProjectFieldNameToSortingColumn(field *project_pb.ProjectFieldName) query.Column {
|
||||
if field == nil {
|
||||
return query.GrantedProjectColumnCreationDate
|
||||
}
|
||||
switch *field {
|
||||
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_CREATION_DATE:
|
||||
return query.GrantedProjectColumnCreationDate
|
||||
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_ID:
|
||||
return query.GrantedProjectColumnID
|
||||
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_NAME:
|
||||
return query.GrantedProjectColumnName
|
||||
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_CHANGE_DATE:
|
||||
return query.GrantedProjectColumnChangeDate
|
||||
case project_pb.ProjectFieldName_PROJECT_FIELD_NAME_UNSPECIFIED:
|
||||
return query.GrantedProjectColumnCreationDate
|
||||
default:
|
||||
return query.GrantedProjectColumnCreationDate
|
||||
}
|
||||
}
|
||||
|
||||
func projectFiltersToQuery(queries []*project_pb.ProjectSearchFilter) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, len(queries))
|
||||
for i, qry := range queries {
|
||||
q[i], err = projectFilterToModel(qry)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func projectFilterToModel(filter *project_pb.ProjectSearchFilter) (query.SearchQuery, error) {
|
||||
switch q := filter.Filter.(type) {
|
||||
case *project_pb.ProjectSearchFilter_ProjectNameFilter:
|
||||
return projectNameFilterToQuery(q.ProjectNameFilter)
|
||||
case *project_pb.ProjectSearchFilter_InProjectIdsFilter:
|
||||
return projectInIDsFilterToQuery(q.InProjectIdsFilter)
|
||||
case *project_pb.ProjectSearchFilter_ProjectResourceOwnerFilter:
|
||||
return projectResourceOwnerFilterToQuery(q.ProjectResourceOwnerFilter)
|
||||
case *project_pb.ProjectSearchFilter_ProjectOrganizationIdFilter:
|
||||
return projectOrganizationIDFilterToQuery(q.ProjectOrganizationIdFilter)
|
||||
case *project_pb.ProjectSearchFilter_ProjectGrantResourceOwnerFilter:
|
||||
return projectGrantResourceOwnerFilterToQuery(q.ProjectGrantResourceOwnerFilter)
|
||||
default:
|
||||
return nil, zerrors.ThrowInvalidArgument(nil, "ORG-vR9nC", "List.Query.Invalid")
|
||||
}
|
||||
}
|
||||
|
||||
func projectNameFilterToQuery(q *project_pb.ProjectNameFilter) (query.SearchQuery, error) {
|
||||
return query.NewGrantedProjectNameSearchQuery(filter.TextMethodPbToQuery(q.Method), q.GetProjectName())
|
||||
}
|
||||
|
||||
func projectInIDsFilterToQuery(q *project_pb.InProjectIDsFilter) (query.SearchQuery, error) {
|
||||
return query.NewGrantedProjectIDSearchQuery(q.ProjectIds)
|
||||
}
|
||||
|
||||
func projectResourceOwnerFilterToQuery(q *project_pb.ProjectResourceOwnerFilter) (query.SearchQuery, error) {
|
||||
return query.NewGrantedProjectResourceOwnerSearchQuery(q.ProjectResourceOwner)
|
||||
}
|
||||
|
||||
func projectOrganizationIDFilterToQuery(q *project_pb.ProjectOrganizationIDFilter) (query.SearchQuery, error) {
|
||||
return query.NewGrantedProjectOrganizationIDSearchQuery(q.ProjectOrganizationId)
|
||||
}
|
||||
|
||||
func projectGrantResourceOwnerFilterToQuery(q *project_pb.ProjectGrantResourceOwnerFilter) (query.SearchQuery, error) {
|
||||
return query.NewGrantedProjectGrantResourceOwnerSearchQuery(q.ProjectGrantResourceOwner)
|
||||
}
|
||||
|
||||
func grantedProjectsToPb(projects []*query.GrantedProject) []*project_pb.Project {
|
||||
o := make([]*project_pb.Project, len(projects))
|
||||
for i, org := range projects {
|
||||
o[i] = grantedProjectToPb(org)
|
||||
}
|
||||
return o
|
||||
}
|
||||
|
||||
func projectToPb(project *query.Project) *project_pb.Project {
|
||||
return &project_pb.Project{
|
||||
Id: project.ID,
|
||||
OrganizationId: project.ResourceOwner,
|
||||
CreationDate: timestamppb.New(project.CreationDate),
|
||||
ChangeDate: timestamppb.New(project.ChangeDate),
|
||||
State: projectStateToPb(project.State),
|
||||
Name: project.Name,
|
||||
PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
|
||||
ProjectAccessRequired: project.HasProjectCheck,
|
||||
ProjectRoleAssertion: project.ProjectRoleAssertion,
|
||||
AuthorizationRequired: project.ProjectRoleCheck,
|
||||
}
|
||||
}
|
||||
|
||||
func grantedProjectToPb(project *query.GrantedProject) *project_pb.Project {
|
||||
var grantedOrganizationID, grantedOrganizationName *string
|
||||
if project.GrantedOrgID != "" {
|
||||
grantedOrganizationID = &project.GrantedOrgID
|
||||
}
|
||||
if project.OrgName != "" {
|
||||
grantedOrganizationName = &project.OrgName
|
||||
}
|
||||
|
||||
return &project_pb.Project{
|
||||
Id: project.ProjectID,
|
||||
OrganizationId: project.ResourceOwner,
|
||||
CreationDate: timestamppb.New(project.CreationDate),
|
||||
ChangeDate: timestamppb.New(project.ChangeDate),
|
||||
State: projectStateToPb(project.ProjectState),
|
||||
Name: project.ProjectName,
|
||||
PrivateLabelingSetting: privateLabelingSettingToPb(project.PrivateLabelingSetting),
|
||||
ProjectAccessRequired: project.HasProjectCheck,
|
||||
ProjectRoleAssertion: project.ProjectRoleAssertion,
|
||||
AuthorizationRequired: project.ProjectRoleCheck,
|
||||
GrantedOrganizationId: grantedOrganizationID,
|
||||
GrantedOrganizationName: grantedOrganizationName,
|
||||
GrantedState: grantedProjectStateToPb(project.ProjectGrantState),
|
||||
}
|
||||
}
|
||||
|
||||
func projectStateToPb(state domain.ProjectState) project_pb.ProjectState {
|
||||
switch state {
|
||||
case domain.ProjectStateActive:
|
||||
return project_pb.ProjectState_PROJECT_STATE_ACTIVE
|
||||
case domain.ProjectStateInactive:
|
||||
return project_pb.ProjectState_PROJECT_STATE_INACTIVE
|
||||
case domain.ProjectStateUnspecified, domain.ProjectStateRemoved:
|
||||
return project_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
|
||||
default:
|
||||
return project_pb.ProjectState_PROJECT_STATE_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
func grantedProjectStateToPb(state domain.ProjectGrantState) project_pb.GrantedProjectState {
|
||||
switch state {
|
||||
case domain.ProjectGrantStateActive:
|
||||
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_ACTIVE
|
||||
case domain.ProjectGrantStateInactive:
|
||||
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_INACTIVE
|
||||
case domain.ProjectGrantStateUnspecified, domain.ProjectGrantStateRemoved:
|
||||
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_UNSPECIFIED
|
||||
default:
|
||||
return project_pb.GrantedProjectState_GRANTED_PROJECT_STATE_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
|
||||
func privateLabelingSettingToPb(setting domain.PrivateLabelingSetting) project_pb.PrivateLabelingSetting {
|
||||
switch setting {
|
||||
case domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy:
|
||||
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY
|
||||
case domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy:
|
||||
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY
|
||||
case domain.PrivateLabelingSettingUnspecified:
|
||||
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
|
||||
default:
|
||||
return project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) ListProjectGrants(ctx context.Context, req *project_pb.ListProjectGrantsRequest) (*project_pb.ListProjectGrantsResponse, error) {
|
||||
queries, err := s.listProjectGrantsRequestToModel(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp, err := s.query.SearchProjectGrants(ctx, queries, s.checkPermission)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &project_pb.ListProjectGrantsResponse{
|
||||
ProjectGrants: projectGrantsToPb(resp.ProjectGrants),
|
||||
Pagination: filter.QueryToPaginationPb(queries.SearchRequest, resp.SearchResponse),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) listProjectGrantsRequestToModel(req *project_pb.ListProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) {
|
||||
offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries, err := projectGrantFiltersToModel(req.Filters)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.ProjectGrantSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
SortingColumn: projectGrantFieldNameToSortingColumn(req.SortingColumn),
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectGrantFieldNameToSortingColumn(field *project_pb.ProjectGrantFieldName) query.Column {
|
||||
if field == nil {
|
||||
return query.ProjectGrantColumnCreationDate
|
||||
}
|
||||
switch *field {
|
||||
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_PROJECT_ID:
|
||||
return query.ProjectGrantColumnProjectID
|
||||
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_CREATION_DATE:
|
||||
return query.ProjectGrantColumnCreationDate
|
||||
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_CHANGE_DATE:
|
||||
return query.ProjectGrantColumnChangeDate
|
||||
case project_pb.ProjectGrantFieldName_PROJECT_GRANT_FIELD_NAME_UNSPECIFIED:
|
||||
return query.ProjectGrantColumnCreationDate
|
||||
default:
|
||||
return query.ProjectGrantColumnCreationDate
|
||||
}
|
||||
}
|
||||
|
||||
func projectGrantFiltersToModel(queries []*project_pb.ProjectGrantSearchFilter) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, len(queries))
|
||||
for i, qry := range queries {
|
||||
q[i], err = projectGrantFilterToModel(qry)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func projectGrantFilterToModel(filter *project_pb.ProjectGrantSearchFilter) (query.SearchQuery, error) {
|
||||
switch q := filter.Filter.(type) {
|
||||
case *project_pb.ProjectGrantSearchFilter_ProjectNameFilter:
|
||||
return projectNameFilterToQuery(q.ProjectNameFilter)
|
||||
case *project_pb.ProjectGrantSearchFilter_RoleKeyFilter:
|
||||
return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyFilter.Key)
|
||||
case *project_pb.ProjectGrantSearchFilter_InProjectIdsFilter:
|
||||
return query.NewProjectGrantProjectIDsSearchQuery(q.InProjectIdsFilter.ProjectIds)
|
||||
case *project_pb.ProjectGrantSearchFilter_ProjectResourceOwnerFilter:
|
||||
return query.NewProjectGrantResourceOwnerSearchQuery(q.ProjectResourceOwnerFilter.ProjectResourceOwner)
|
||||
case *project_pb.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter:
|
||||
return query.NewProjectGrantGrantedOrgIDSearchQuery(q.ProjectGrantResourceOwnerFilter.ProjectGrantResourceOwner)
|
||||
default:
|
||||
return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
|
||||
}
|
||||
}
|
||||
|
||||
func projectGrantsToPb(projects []*query.ProjectGrant) []*project_pb.ProjectGrant {
|
||||
p := make([]*project_pb.ProjectGrant, len(projects))
|
||||
for i, project := range projects {
|
||||
p[i] = projectGrantToPb(project)
|
||||
}
|
||||
return p
|
||||
}
|
||||
|
||||
func projectGrantToPb(project *query.ProjectGrant) *project_pb.ProjectGrant {
|
||||
return &project_pb.ProjectGrant{
|
||||
OrganizationId: project.ResourceOwner,
|
||||
CreationDate: timestamppb.New(project.CreationDate),
|
||||
ChangeDate: timestamppb.New(project.ChangeDate),
|
||||
GrantedOrganizationId: project.GrantedOrgID,
|
||||
GrantedOrganizationName: project.OrgName,
|
||||
GrantedRoleKeys: project.GrantedRoleKeys,
|
||||
ProjectId: project.ProjectID,
|
||||
ProjectName: project.ProjectName,
|
||||
State: projectGrantStateToPb(project.State),
|
||||
}
|
||||
}
|
||||
|
||||
func projectGrantStateToPb(state domain.ProjectGrantState) project_pb.ProjectGrantState {
|
||||
switch state {
|
||||
case domain.ProjectGrantStateActive:
|
||||
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_ACTIVE
|
||||
case domain.ProjectGrantStateInactive:
|
||||
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_INACTIVE
|
||||
case domain.ProjectGrantStateUnspecified, domain.ProjectGrantStateRemoved:
|
||||
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
|
||||
default:
|
||||
return project_pb.ProjectGrantState_PROJECT_GRANT_STATE_UNSPECIFIED
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) ListProjectRoles(ctx context.Context, req *project_pb.ListProjectRolesRequest) (*project_pb.ListProjectRolesResponse, error) {
|
||||
queries, err := s.listProjectRolesRequestToModel(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
err = queries.AppendProjectIDQuery(req.ProjectId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
roles, err := s.query.SearchProjectRoles(ctx, true, queries, s.checkPermission)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &project_pb.ListProjectRolesResponse{
|
||||
ProjectRoles: roleViewsToPb(roles.ProjectRoles),
|
||||
Pagination: filter.QueryToPaginationPb(queries.SearchRequest, roles.SearchResponse),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) listProjectRolesRequestToModel(req *project_pb.ListProjectRolesRequest) (*query.ProjectRoleSearchQueries, error) {
|
||||
offset, limit, asc, err := filter.PaginationPbToQuery(s.systemDefaults, req.Pagination)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries, err := roleQueriesToModel(req.Filters)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.ProjectRoleSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
SortingColumn: projectRoleFieldNameToSortingColumn(req.SortingColumn),
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectRoleFieldNameToSortingColumn(field *project_pb.ProjectRoleFieldName) query.Column {
|
||||
if field == nil {
|
||||
return query.ProjectRoleColumnCreationDate
|
||||
}
|
||||
switch *field {
|
||||
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_KEY:
|
||||
return query.ProjectRoleColumnKey
|
||||
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_CREATION_DATE:
|
||||
return query.ProjectRoleColumnCreationDate
|
||||
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_CHANGE_DATE:
|
||||
return query.ProjectRoleColumnChangeDate
|
||||
case project_pb.ProjectRoleFieldName_PROJECT_ROLE_FIELD_NAME_UNSPECIFIED:
|
||||
return query.ProjectRoleColumnCreationDate
|
||||
default:
|
||||
return query.ProjectRoleColumnCreationDate
|
||||
}
|
||||
}
|
||||
|
||||
func roleQueriesToModel(queries []*project_pb.ProjectRoleSearchFilter) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, len(queries))
|
||||
for i, query := range queries {
|
||||
q[i], err = roleQueryToModel(query)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
return q, nil
|
||||
}
|
||||
|
||||
func roleQueryToModel(apiQuery *project_pb.ProjectRoleSearchFilter) (query.SearchQuery, error) {
|
||||
switch q := apiQuery.Filter.(type) {
|
||||
case *project_pb.ProjectRoleSearchFilter_RoleKeyFilter:
|
||||
return query.NewProjectRoleKeySearchQuery(filter.TextMethodPbToQuery(q.RoleKeyFilter.Method), q.RoleKeyFilter.Key)
|
||||
case *project_pb.ProjectRoleSearchFilter_DisplayNameFilter:
|
||||
return query.NewProjectRoleDisplayNameSearchQuery(filter.TextMethodPbToQuery(q.DisplayNameFilter.Method), q.DisplayNameFilter.DisplayName)
|
||||
default:
|
||||
return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-fms0e", "List.Query.Invalid")
|
||||
}
|
||||
}
|
||||
|
||||
func roleViewsToPb(roles []*query.ProjectRole) []*project_pb.ProjectRole {
|
||||
o := make([]*project_pb.ProjectRole, len(roles))
|
||||
for i, org := range roles {
|
||||
o[i] = roleViewToPb(org)
|
||||
}
|
||||
return o
|
||||
}
|
||||
|
||||
func roleViewToPb(role *query.ProjectRole) *project_pb.ProjectRole {
|
||||
return &project_pb.ProjectRole{
|
||||
ProjectId: role.ProjectID,
|
||||
Key: role.Key,
|
||||
CreationDate: timestamppb.New(role.CreationDate),
|
||||
ChangeDate: timestamppb.New(role.ChangeDate),
|
||||
DisplayName: role.DisplayName,
|
||||
Group: role.Group,
|
||||
}
|
||||
}
|
||||
60
internal/api/grpc/project/v2beta/server.go
Normal file
60
internal/api/grpc/project/v2beta/server.go
Normal file
@@ -0,0 +1,60 @@
|
||||
package project
|
||||
|
||||
import (
|
||||
"google.golang.org/grpc"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/grpc/server"
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/config/systemdefaults"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
project "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
var _ project.ProjectServiceServer = (*Server)(nil)
|
||||
|
||||
type Server struct {
|
||||
project.UnimplementedProjectServiceServer
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
command *command.Commands
|
||||
query *query.Queries
|
||||
|
||||
checkPermission domain.PermissionCheck
|
||||
}
|
||||
|
||||
type Config struct{}
|
||||
|
||||
func CreateServer(
|
||||
systemDefaults systemdefaults.SystemDefaults,
|
||||
command *command.Commands,
|
||||
query *query.Queries,
|
||||
checkPermission domain.PermissionCheck,
|
||||
) *Server {
|
||||
return &Server{
|
||||
systemDefaults: systemDefaults,
|
||||
command: command,
|
||||
query: query,
|
||||
checkPermission: checkPermission,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) RegisterServer(grpcServer *grpc.Server) {
|
||||
project.RegisterProjectServiceServer(grpcServer, s)
|
||||
}
|
||||
|
||||
func (s *Server) AppName() string {
|
||||
return project.ProjectService_ServiceDesc.ServiceName
|
||||
}
|
||||
|
||||
func (s *Server) MethodPrefix() string {
|
||||
return project.ProjectService_ServiceDesc.ServiceName
|
||||
}
|
||||
|
||||
func (s *Server) AuthMethods() authz.MethodMapping {
|
||||
return project.ProjectService_AuthMethods
|
||||
}
|
||||
|
||||
func (s *Server) RegisterGateway() server.RegisterGatewayFunc {
|
||||
return project.RegisterProjectServiceHandler
|
||||
}
|
||||
Reference in New Issue
Block a user