mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:27:42 +00:00
fix: correct permissions for projects on v2 api (#9973)
# Which Problems Are Solved Permission checks in project v2beta API did not cover projects and granted projects correctly. # How the Problems Are Solved Add permission checks v1 correctly to the list queries, add correct permission checks v2 for projects. # Additional Changes Correct Pre-Checks for project grants that the right resource owner is used. # Additional Context Permission checks v2 for project grants is still outstanding under #9972.
This commit is contained in:
Stefan Benz
@@ -109,7 +109,7 @@ func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProj
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.DeactivateProjectGrantRequest) (*mgmt_pb.DeactivateProjectGrantResponse, error) {
|
||||
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
|
||||
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantId, "", authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -119,7 +119,7 @@ func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.Deacti
|
||||
}
|
||||
|
||||
func (s *Server) ReactivateProjectGrant(ctx context.Context, req *mgmt_pb.ReactivateProjectGrantRequest) (*mgmt_pb.ReactivateProjectGrantResponse, error) {
|
||||
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
|
||||
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantId, "", authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -169,6 +169,12 @@ func TestServer_CreateProjectGrant_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
projectResp := createProject(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), false, false)
|
||||
instance.CreateProjectMembership(t, iamOwnerCtx, projectResp.GetId(), userResp.GetUserId())
|
||||
projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
|
||||
|
||||
type want struct {
|
||||
creationDate bool
|
||||
}
|
||||
@@ -206,6 +212,33 @@ func TestServer_CreateProjectGrant_Permission(t *testing.T) {
|
||||
req: &project.CreateProjectGrantRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project owner, other project",
|
||||
ctx: projectOwnerCtx,
|
||||
prepare: func(request *project.CreateProjectGrantRequest) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
grantedOrgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
request.ProjectId = projectResp.GetId()
|
||||
request.GrantedOrganizationId = grantedOrgResp.GetOrganizationId()
|
||||
},
|
||||
req: &project.CreateProjectGrantRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project owner, ok",
|
||||
ctx: projectOwnerCtx,
|
||||
prepare: func(request *project.CreateProjectGrantRequest) {
|
||||
request.ProjectId = projectResp.GetId()
|
||||
|
||||
grantedOrg := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
request.GrantedOrganizationId = grantedOrg.GetOrganizationId()
|
||||
},
|
||||
req: &project.CreateProjectGrantRequest{},
|
||||
want: want{
|
||||
creationDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "organization owner, other org",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
@@ -405,6 +438,13 @@ func TestServer_UpdateProjectGrant_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
projectID := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false).GetId()
|
||||
instance.CreateProjectGrant(iamOwnerCtx, t, projectID, orgResp.GetOrganizationId())
|
||||
instance.CreateProjectGrantMembership(t, iamOwnerCtx, projectID, orgResp.GetOrganizationId(), userResp.GetUserId())
|
||||
projectGrantOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *project.UpdateProjectGrantRequest
|
||||
@@ -458,6 +498,25 @@ func TestServer_UpdateProjectGrant_Permission(t *testing.T) {
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project grant owner, no permission",
|
||||
prepare: func(request *project.UpdateProjectGrantRequest) {
|
||||
roles := []string{gofakeit.Animal(), gofakeit.Animal(), gofakeit.Animal()}
|
||||
request.ProjectId = projectID
|
||||
request.GrantedOrganizationId = orgResp.GetOrganizationId()
|
||||
|
||||
for _, role := range roles {
|
||||
instance.AddProjectRole(iamOwnerCtx, t, projectID, role, role, "")
|
||||
}
|
||||
|
||||
request.RoleKeys = roles
|
||||
},
|
||||
args: args{
|
||||
ctx: projectGrantOwnerCtx,
|
||||
req: &project.UpdateProjectGrantRequest{},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, other org",
|
||||
prepare: func(request *project.UpdateProjectGrantRequest) {
|
||||
@@ -598,7 +657,7 @@ func TestServer_DeleteProjectGrant(t *testing.T) {
|
||||
ProjectId: "notexisting",
|
||||
GrantedOrganizationId: "notexisting",
|
||||
},
|
||||
wantErr: true,
|
||||
wantDeletionDate: false,
|
||||
},
|
||||
{
|
||||
name: "delete",
|
||||
@@ -650,8 +709,8 @@ func TestServer_DeleteProjectGrant(t *testing.T) {
|
||||
instance.DeleteProjectGrant(iamOwnerCtx, t, projectResp.GetId(), grantedOrg.GetOrganizationId())
|
||||
return creationDate, time.Now().UTC()
|
||||
},
|
||||
req: &project.DeleteProjectGrantRequest{},
|
||||
wantErr: true,
|
||||
req: &project.DeleteProjectGrantRequest{},
|
||||
wantDeletionDate: true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
|
||||
@@ -300,6 +300,12 @@ func TestServer_UpdateProject_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
|
||||
instance.CreateProjectMembership(t, iamOwnerCtx, projectID, userResp.GetUserId())
|
||||
projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
req *project.UpdateProjectRequest
|
||||
@@ -343,6 +349,36 @@ func TestServer_UpdateProject_Permission(t *testing.T) {
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project owner, no permission",
|
||||
prepare: func(request *project.UpdateProjectRequest) {
|
||||
projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
|
||||
request.Id = projectID
|
||||
},
|
||||
args: args{
|
||||
ctx: projectOwnerCtx,
|
||||
req: &project.UpdateProjectRequest{
|
||||
Name: gu.Ptr(gofakeit.AppName()),
|
||||
},
|
||||
},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: " roject owner, ok",
|
||||
prepare: func(request *project.UpdateProjectRequest) {
|
||||
request.Id = projectID
|
||||
},
|
||||
args: args{
|
||||
ctx: projectOwnerCtx,
|
||||
req: &project.UpdateProjectRequest{
|
||||
Name: gu.Ptr(gofakeit.AppName()),
|
||||
},
|
||||
},
|
||||
want: want{
|
||||
change: true,
|
||||
changeDate: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "missing permission, other organization",
|
||||
prepare: func(request *project.UpdateProjectRequest) {
|
||||
@@ -499,6 +535,12 @@ func TestServer_DeleteProject_Permission(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
|
||||
instance.CreateProjectMembership(t, iamOwnerCtx, projectID, userResp.GetUserId())
|
||||
projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
|
||||
|
||||
tests := []struct {
|
||||
name string
|
||||
ctx context.Context
|
||||
@@ -531,6 +573,29 @@ func TestServer_DeleteProject_Permission(t *testing.T) {
|
||||
req: &project.DeleteProjectRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project owner, no permission",
|
||||
ctx: projectOwnerCtx,
|
||||
prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
projectID := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false).GetId()
|
||||
request.Id = projectID
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.DeleteProjectRequest{},
|
||||
wantErr: true,
|
||||
},
|
||||
{
|
||||
name: "project owner, ok",
|
||||
ctx: projectOwnerCtx,
|
||||
prepare: func(request *project.DeleteProjectRequest) (time.Time, time.Time) {
|
||||
creationDate := time.Now().UTC()
|
||||
request.Id = projectID
|
||||
return creationDate, time.Time{}
|
||||
},
|
||||
req: &project.DeleteProjectRequest{},
|
||||
wantDeletionDate: true,
|
||||
},
|
||||
{
|
||||
name: "organization owner, other org",
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
|
||||
@@ -148,6 +148,14 @@ func TestServer_GetProject(t *testing.T) {
|
||||
|
||||
func TestServer_ListProjects(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
projectResp := createProject(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), false, false)
|
||||
instance.CreateProjectMembership(t, iamOwnerCtx, projectResp.GetId(), userResp.GetUserId())
|
||||
grantedProjectResp := createGrantedProject(iamOwnerCtx, instance, t, projectResp)
|
||||
projectOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
dep func(*project.ListProjectsRequest, *project.ListProjectsResponse)
|
||||
@@ -370,6 +378,39 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "list multiple id, limited permissions, project owner",
|
||||
args: args{
|
||||
ctx: projectOwnerCtx,
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
resp1 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, false)
|
||||
resp2 := createProject(iamOwnerCtx, instance, t, orgID, true, false)
|
||||
resp3 := createProject(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), false, true)
|
||||
request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
|
||||
InProjectIdsFilter: &project.InProjectIDsFilter{
|
||||
ProjectIds: []string{resp1.GetId(), resp2.GetId(), resp3.GetId(), projectResp.GetId()},
|
||||
},
|
||||
}
|
||||
response.Projects[0] = grantedProjectResp
|
||||
response.Projects[1] = projectResp
|
||||
},
|
||||
req: &project.ListProjectsRequest{
|
||||
Filters: []*project.ProjectSearchFilter{{}},
|
||||
},
|
||||
},
|
||||
want: &project.ListProjectsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 5,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Projects: []*project.Project{
|
||||
{},
|
||||
{},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "list project and granted projects",
|
||||
args: args{
|
||||
@@ -462,6 +503,51 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "list granted project, project id",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
|
||||
orgName := gofakeit.AppName()
|
||||
projectName := gofakeit.AppName()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, orgName, gofakeit.Email())
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), projectName, true, true)
|
||||
projectGrantResp := instance.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
|
||||
request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
|
||||
InProjectIdsFilter: &project.InProjectIDsFilter{ProjectIds: []string{projectResp.GetId()}},
|
||||
}
|
||||
response.Projects[0] = &project.Project{
|
||||
Id: projectResp.GetId(),
|
||||
Name: projectName,
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
CreationDate: projectGrantResp.GetCreationDate(),
|
||||
ChangeDate: projectGrantResp.GetCreationDate(),
|
||||
State: 1,
|
||||
ProjectRoleAssertion: false,
|
||||
ProjectAccessRequired: true,
|
||||
AuthorizationRequired: true,
|
||||
PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
|
||||
GrantedOrganizationId: gu.Ptr(orgID),
|
||||
GrantedOrganizationName: gu.Ptr(instance.DefaultOrg.GetName()),
|
||||
GrantedState: 1,
|
||||
}
|
||||
},
|
||||
req: &project.ListProjectsRequest{
|
||||
Filters: []*project.ProjectSearchFilter{{}},
|
||||
},
|
||||
},
|
||||
want: &project.ListProjectsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 2,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Projects: []*project.Project{
|
||||
{},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
@@ -791,6 +877,53 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
// TODO: correct when permission check is added for project grants https://github.com/zitadel/zitadel/issues/9972
|
||||
{
|
||||
name: "list granted project, project id",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgID := instancePermissionV2.DefaultOrg.GetId()
|
||||
|
||||
orgName := gofakeit.AppName()
|
||||
projectName := gofakeit.AppName()
|
||||
orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, orgName, gofakeit.Email())
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), projectName, true, true)
|
||||
// projectGrantResp :=
|
||||
instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
|
||||
request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
|
||||
InProjectIdsFilter: &project.InProjectIDsFilter{ProjectIds: []string{projectResp.GetId()}},
|
||||
}
|
||||
/*
|
||||
response.Projects[0] = &project.Project{
|
||||
Id: projectResp.GetId(),
|
||||
Name: projectName,
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
CreationDate: projectGrantResp.GetCreationDate(),
|
||||
ChangeDate: projectGrantResp.GetCreationDate(),
|
||||
State: 1,
|
||||
ProjectRoleAssertion: false,
|
||||
ProjectAccessRequired: true,
|
||||
AuthorizationRequired: true,
|
||||
PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
|
||||
GrantedOrganizationId: gu.Ptr(orgID),
|
||||
GrantedOrganizationName: gu.Ptr(instancePermissionV2.DefaultOrg.GetName()),
|
||||
GrantedState: 1,
|
||||
}
|
||||
*/
|
||||
},
|
||||
req: &project.ListProjectsRequest{
|
||||
Filters: []*project.ProjectSearchFilter{{}},
|
||||
},
|
||||
},
|
||||
want: &project.ListProjectsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Projects: []*project.Project{},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
@@ -865,6 +998,14 @@ func assertPaginationResponse(t *assert.CollectT, expected *filter.PaginationRes
|
||||
|
||||
func TestServer_ListProjectGrants(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
projectResp := createProject(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), false, false)
|
||||
projectGrantResp := createProjectGrant(iamOwnerCtx, instance, t, instance.DefaultOrg.GetId(), projectResp.GetId(), projectResp.GetName())
|
||||
instance.CreateProjectGrantMembership(t, iamOwnerCtx, projectResp.GetId(), projectGrantResp.GetGrantedOrganizationId(), userResp.GetUserId())
|
||||
projectGrantOwnerCtx := integration.WithAuthorizationToken(CTX, patResp.Token)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
dep func(*project.ListProjectGrantsRequest, *project.ListProjectGrantsResponse)
|
||||
@@ -1071,7 +1212,46 @@ func TestServer_ListProjectGrants(t *testing.T) {
|
||||
{},
|
||||
},
|
||||
},
|
||||
}, {
|
||||
},
|
||||
{
|
||||
name: "list multiple id, limited permissions, project grant owner",
|
||||
args: args{
|
||||
ctx: projectGrantOwnerCtx,
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name1 := gofakeit.AppName()
|
||||
name2 := gofakeit.AppName()
|
||||
name3 := gofakeit.AppName()
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
project1Resp := instance.CreateProject(iamOwnerCtx, t, orgID, name1, false, false)
|
||||
project2Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name2, false, false)
|
||||
project3Resp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), name3, false, false)
|
||||
request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
|
||||
InProjectIdsFilter: &project.InProjectIDsFilter{
|
||||
ProjectIds: []string{project1Resp.GetId(), project2Resp.GetId(), project3Resp.GetId(), projectResp.GetId()},
|
||||
},
|
||||
}
|
||||
|
||||
createProjectGrant(iamOwnerCtx, instance, t, orgID, project1Resp.GetId(), name1)
|
||||
createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), project2Resp.GetId(), name2)
|
||||
createProjectGrant(iamOwnerCtx, instance, t, orgResp.GetOrganizationId(), project3Resp.GetId(), name3)
|
||||
response.ProjectGrants[0] = projectGrantResp
|
||||
},
|
||||
req: &project.ListProjectGrantsRequest{
|
||||
Filters: []*project.ProjectGrantSearchFilter{{}},
|
||||
},
|
||||
},
|
||||
want: &project.ListProjectGrantsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 4,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
ProjectGrants: []*project.ProjectGrant{
|
||||
{},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "list single id with role",
|
||||
args: args{
|
||||
ctx: iamOwnerCtx,
|
||||
|
||||
@@ -56,13 +56,13 @@ func projectGrantUpdateToCommand(req *project_pb.UpdateProjectGrantRequest) *com
|
||||
ObjectRoot: models.ObjectRoot{
|
||||
AggregateID: req.ProjectId,
|
||||
},
|
||||
GrantID: req.GrantedOrganizationId,
|
||||
RoleKeys: req.RoleKeys,
|
||||
GrantedOrgID: req.GrantedOrganizationId,
|
||||
RoleKeys: req.RoleKeys,
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.DeactivateProjectGrantRequest) (*project_pb.DeactivateProjectGrantResponse, error) {
|
||||
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
|
||||
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -76,7 +76,7 @@ func (s *Server) DeactivateProjectGrant(ctx context.Context, req *project_pb.Dea
|
||||
}
|
||||
|
||||
func (s *Server) ActivateProjectGrant(ctx context.Context, req *project_pb.ActivateProjectGrantRequest) (*project_pb.ActivateProjectGrantResponse, error) {
|
||||
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "")
|
||||
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -94,7 +94,7 @@ func (s *Server) DeleteProjectGrant(ctx context.Context, req *project_pb.DeleteP
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantedOrganizationId, "", userGrantIDs...)
|
||||
details, err := s.command.DeleteProjectGrant(ctx, req.ProjectId, "", req.GrantedOrganizationId, "", userGrantIDs...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user