TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-13 10:57:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

align

Browse Source
This commit is contained in:
Elio Bischof
2025-05-27 10:58:40 +02:00
parent dbe00ee2a6
commit 81a128a498
2 changed files with 46 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
proto/zitadel/authorizations/v2beta/authorization.proto
View File

@@ -10,24 +10,46 @@ option go_package = "github.com/zitadel/zitadel/pkg/grpc/authorizations/v2beta;a
message Authorization { message Authorization {
// ID is the unique identifier of the authorization. // ID is the unique identifier of the authorization.
string id = 1; string id = 1 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629012906488334\"";
}
];
// The unique identifier of the organization the authorization belongs to.
string organization_id = 2 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"69629012906488334\"";
}
];
// CreationDate is the timestamp when the authorization was created. // CreationDate is the timestamp when the authorization was created.
google.protobuf.Timestamp creation_date = 2; google.protobuf.Timestamp creation_date = 3 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2024-12-18T07:50:47.492Z\"";
}
];
// ChangeDate is the timestamp when the authorization was last updated. // ChangeDate is the timestamp when the authorization was last updated.
// In case the authorization was not updated, this field is equal to the creation date. // In case the authorization was not updated, this field is equal to the creation date.
google.protobuf.Timestamp change_date = 3; google.protobuf.Timestamp change_date = 4 [
(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"2025-01-23T10:34:18.051Z\"";
}
];
// State is the current state of the authorization. // State is the current state of the authorization.
State state = 4; State state = 5;
User user = 5; User user = 6;
// Grant contains the project or project grant the user was granted the authorization for. // The granted organization ID is returned If the user is authorized to a project that was granted by another organization.
oneof grant { optional string granted_organization_id = 7 [
// Project represents the project the user was granted the authorization for. (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
Project project = 6; example: "\"69629023906488334\""
// ProjectGrant represents the project grant the user was granted the authorization for. }
ProjectGrant project_grant = 7; ];
} // The granted organization name is returned If the user is authorized to a project that was granted by another organization.
Organization organization = 8; optional string granted_organization_name = 8 [
// Roles contains the roles the user was granted for the project or project grant. (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
example: "\"Some Organization\""
}
];
// Roles contains the roles the user was granted for the project.
repeated Role roles = 9; repeated Role roles = 9;
} }
@@ -51,37 +73,10 @@ message User {
// AvatarURL is the URL to the user's public avatar image. // AvatarURL is the URL to the user's public avatar image.
string avatar_url = 4; string avatar_url = 4;
// The organization the user belong to. // The organization the user belong to.
// This must not correspond to the organization the authorization was granted for. // This does not have to correspond with the authorizations organization.
string organization_id = 5; string organization_id = 5;
} }
message Project {
// ID is the unique identifier of the project the user was granted the authorization for.
string id = 1;
// Name is the name of the project the user was granted the authorization for.
string name = 2;
// OrganizationID is the ID of the organization the project belongs to.
string organization_id = 3;
}
message ProjectGrant {
// ID is the unique identifier of the project grant the user was granted the authorization for.
string id = 1;
// ProjectID is the ID of the project the project grant belongs to.
string project_id = 2;
// ProjectName is the name of the project the project grant belongs to.
string project_name = 3;
// OrganizationID is the ID of the organization the project grant belongs to.
string organization_id = 4;
}
message Organization {
// ID is the unique identifier of the organization the user was granted the authorization for.
string id = 1;
// Name is the name of the organization the user was granted the authorization for.
string name = 2;
}
message Role { message Role {
// Key is the unique identifier of the role. // Key is the unique identifier of the role.
string key = 1; string key = 1;
@@ -119,18 +114,10 @@ message AuthorizationQuery {
ProjectGrantIDQuery project_grant_id = 11; ProjectGrantIDQuery project_grant_id = 11;
// Search for authorizations by the ID of the organization the authorization was granted for. // Search for authorizations by the ID of the organization the authorization was granted for.
// This can either be the organization the project or the project grant is part of. // This can either be the organization the project or the project grant is part of.
OrganizationIDQuery organization_id = 12; OrganizationIDQuery granted_organization_id = 12;
OrganizationNameQuery organization_name = 13; OrganizationNameQuery granted_organization_name = 13;
// Search for authorizations by the key of the role the user was granted. // Search for authorizations by the key of the role the user was granted.
RoleKeyQuery role_key = 14; RoleKeyQuery role_key = 14;
// Combine multiple authorization queries with an AND operation.
AndQuery and = 15;
// Combine multiple authorization queries with an OR operation.
// For example, to search for authorizations of multiple OrganizationIDs.
OrQuery or = 16;
// Negate an authorization query.
NotQuery not = 17;
} }
} }

24
proto/zitadel/authorizations/v2beta/authorization_service.proto
View File

@@ -12,7 +12,7 @@ option go_package = "github.com/zitadel/zitadel/pkg/grpc/authorizations/v2beta;a
// AuthorizationService provides methods to manage authorizations for users within your projects and applications. // AuthorizationService provides methods to manage authorizations for users within your projects and applications.
// //
// For managing permissions and roles for ZITADEL internal resources, like organizations, projects, // For managing permissions and roles for ZITADEL internal resources, like organizations, projects,
// users, etc., please use the PermissionsService. // users, etc., please use the InternalPermissionsService.
service AuthorizationsService { service AuthorizationsService {
// ListAuthorizations returns all authorizations matching the request and necessary permissions. // ListAuthorizations returns all authorizations matching the request and necessary permissions.
// //
@@ -84,23 +84,13 @@ message CreateAuthorizationRequest {
min_len: 1 min_len: 1
max_len: 200 max_len: 200
}]; }];
// Grant on either the project directly or on a project grant by their IDs. // Project ID is the ID of the project - owned or granted - the user should be authorized for.
oneof grant { string project_id = 2 [(validate.rules).string = {
option (validate.required) = true; min_len: 1
max_len: 200
// Project is the ID of the project the user should be granted the authorization for. }];
string project_id = 2 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
// ProjectGrant is the ID of the project grant the user should be granted the authorization for.
string project_grant_id = 3 [(validate.rules).string = {
min_len: 1
max_len: 200
}];
}
// RoleKeys are the keys of the roles the user should be granted. // RoleKeys are the keys of the roles the user should be granted.
repeated string role_keys = 4 [(validate.rules).repeated = { repeated string role_keys = 3 [(validate.rules).repeated = {
unique: true unique: true
items: { items: {
string: { string: {