feat: permit all features to every instance and organisation (#3566)

2025-08-12 11:27:33 +00:00 · 2022-05-02 11:18:17 +02:00
parent a9f71ba08e
commit 861cf07700
71 changed files with 90 additions and 6589 deletions
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -11,7 +11,6 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/authz/repository/eventsourcing/view"
 	"github.com/zitadel/zitadel/internal/crypto"
-	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	v1 "github.com/zitadel/zitadel/internal/eventstore/v1"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -105,133 +104,6 @@ func (repo *TokenVerifierRepo) ProjectIDAndOriginsByClientID(ctx context.Context
 	return app.ProjectID, app.OIDCConfig.AllowedOrigins, nil
 }

-func (repo *TokenVerifierRepo) CheckOrgFeatures(ctx context.Context, orgID string, requiredFeatures ...string) error {
-	features, err := repo.Query.FeaturesByOrgID(ctx, orgID)
-	if err != nil {
-		return err
-	}
-	return checkFeatures(features, requiredFeatures...)
-}
-
-func checkFeatures(features *query.Features, requiredFeatures ...string) error {
-	for _, requiredFeature := range requiredFeatures {
-		if strings.HasPrefix(requiredFeature, domain.FeatureLoginPolicy) {
-			if err := checkLoginPolicyFeatures(features, requiredFeature); err != nil {
-				return err
-			}
-			continue
-		}
-		if requiredFeature == domain.FeaturePasswordComplexityPolicy {
-			if !features.PasswordComplexityPolicy {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if strings.HasPrefix(requiredFeature, domain.FeatureLabelPolicy) {
-			if err := checkLabelPolicyFeatures(features, requiredFeature); err != nil {
-				return err
-			}
-			continue
-		}
-		if requiredFeature == domain.FeatureCustomDomain {
-			if !features.CustomDomain {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if requiredFeature == domain.FeatureCustomTextMessage {
-			if !features.CustomTextMessage {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if requiredFeature == domain.FeatureCustomTextLogin {
-			if !features.CustomTextLogin {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if requiredFeature == domain.FeaturePrivacyPolicy {
-			if !features.PrivacyPolicy {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if requiredFeature == domain.FeatureLockoutPolicy {
-			if !features.LockoutPolicy {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if requiredFeature == domain.FeatureMetadataUser {
-			if !features.MetadataUser {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		if requiredFeature == domain.FeatureActions {
-			if features.ActionsAllowed == domain.ActionsNotAllowed {
-				return MissingFeatureErr(requiredFeature)
-			}
-			continue
-		}
-		return MissingFeatureErr(requiredFeature)
-	}
-	return nil
-}
-
-func checkLoginPolicyFeatures(features *query.Features, requiredFeature string) error {
-	switch requiredFeature {
-	case domain.FeatureLoginPolicyFactors:
-		if !features.LoginPolicyFactors {
-			return MissingFeatureErr(requiredFeature)
-		}
-	case domain.FeatureLoginPolicyIDP:
-		if !features.LoginPolicyIDP {
-			return MissingFeatureErr(requiredFeature)
-		}
-	case domain.FeatureLoginPolicyPasswordless:
-		if !features.LoginPolicyPasswordless {
-			return MissingFeatureErr(requiredFeature)
-		}
-	case domain.FeatureLoginPolicyRegistration:
-		if !features.LoginPolicyRegistration {
-			return MissingFeatureErr(requiredFeature)
-		}
-	case domain.FeatureLoginPolicyUsernameLogin:
-		if !features.LoginPolicyUsernameLogin {
-			return MissingFeatureErr(requiredFeature)
-		}
-	case domain.FeatureLoginPolicyPasswordReset:
-		if !features.LoginPolicyPasswordReset {
-			return MissingFeatureErr(requiredFeature)
-		}
-	default:
-		if !features.LoginPolicyFactors && !features.LoginPolicyIDP && !features.LoginPolicyPasswordless && !features.LoginPolicyRegistration && !features.LoginPolicyUsernameLogin {
-			return MissingFeatureErr(requiredFeature)
-		}
-	}
-	return nil
-}
-
-func checkLabelPolicyFeatures(features *query.Features, requiredFeature string) error {
-	switch requiredFeature {
-	case domain.FeatureLabelPolicyPrivateLabel:
-		if !features.LabelPolicyPrivateLabel {
-			return MissingFeatureErr(requiredFeature)
-		}
-	case domain.FeatureLabelPolicyWatermark:
-		if !features.LabelPolicyWatermark {
-			return MissingFeatureErr(requiredFeature)
-		}
-	}
-	return nil
-}
-
-func MissingFeatureErr(feature string) error {
-	return caos_errs.ThrowPermissionDeniedf(nil, "AUTH-Dvgsf", "missing feature %v", feature)
-}
-
 func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName string) (clientID, projectID string, err error) {
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()