mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 00:47:33 +00:00
feat: project v2beta resource API (#9742)
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Stefan Benz
126
internal/api/grpc/project/v2beta/project_grant.go
Normal file
126
internal/api/grpc/project/v2beta/project_grant.go
Normal file
@@ -0,0 +1,126 @@
|
||||
package project
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/zitadel/zitadel/internal/query"
|
||||
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
||||
)
|
||||
|
||||
func (s *Server) CreateProjectGrant(ctx context.Context, req *project_pb.CreateProjectGrantRequest) (*project_pb.CreateProjectGrantResponse, error) {
|
||||
add := projectGrantCreateToCommand(req)
|
||||
project, err := s.command.AddProjectGrant(ctx, add)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var creationDate *timestamppb.Timestamp
|
||||
if !project.EventDate.IsZero() {
|
||||
creationDate = timestamppb.New(project.EventDate)
|
||||
}
|
||||
return &project_pb.CreateProjectGrantResponse{
|
||||
CreationDate: creationDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectGrantCreateToCommand(req *project_pb.CreateProjectGrantRequest) *command.AddProjectGrant {
|
||||
return &command.AddProjectGrant{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
GrantID: req.GrantedOrganizationId,
|
||||
GrantedOrgID: req.GrantedOrganizationId,
|
||||
RoleKeys: req.RoleKeys,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) UpdateProjectGrant(ctx context.Context, req *project_pb.UpdateProjectGrantRequest) (*project_pb.UpdateProjectGrantResponse, error) {
|
||||
project, err := s.command.ChangeProjectGrant(ctx, projectGrantUpdateToCommand(req))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !project.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(project.EventDate)
|
||||
}
|
||||
return &project_pb.UpdateProjectGrantResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *command.ChangeProjectGrant {
|
||||
return &command.ChangeProjectGrant{
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
GrantID: req.GrantedOrganizationId,
|
||||
RoleKeys: req.RoleKeys,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.DeactivateProjectGrantRequest) (*project_pb.DeactivateProjectGrantResponse, error) {
|
||||
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.DeactivateProjectGrantResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.ActivateProjectGrantRequest) (*project_pb.ActivateProjectGrantResponse, error) {
|
||||
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var changeDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
changeDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.ActivateProjectGrantResponse{
|
||||
ChangeDate: changeDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteProjectGrantRequest) (*project_pb.DeleteProjectGrantResponse, error) {
|
||||
userGrantIDs, err := s.userGrantsFromProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "", userGrantIDs...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
var deletionDate *timestamppb.Timestamp
|
||||
if !details.EventDate.IsZero() {
|
||||
deletionDate = timestamppb.New(details.EventDate)
|
||||
}
|
||||
return &project_pb.DeleteProjectGrantResponse{
|
||||
DeletionDate: deletionDate,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) userGrantsFromProjectGrant(ctx context.Context, projectID, grantedOrganizationID string) ([]string, error) {
|
||||
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grantQuery, err := query.NewUserGrantGrantIDSearchQuery(grantedOrganizationID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
||||
Queries: []query.SearchQuery{projectQuery, grantQuery},
|
||||
}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return userGrantsToIDs(userGrants.UserGrants), nil
|
||||
}
|
||||
Reference in New Issue
Block a user