fix: uniqueness (#1710)

* fix: uniqueconstraint to lower * feat: change org * feat: org change test * feat: change org * fix: tests * fix: handle domain claims correctly * feat: update org Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-08-12 03:37:34 +00:00 · 2021-05-04 11:09:24 +02:00
parent 667cc30291
commit 87c1dfa3aa
28 changed files with 607 additions and 50 deletions
--- a/internal/api/grpc/admin/org.go
+++ b/internal/api/grpc/admin/org.go
@@ -2,7 +2,10 @@ package admin

 import (
 	"context"
+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	usr_model "github.com/caos/zitadel/internal/user/model"

 	org_grpc "github.com/caos/zitadel/internal/api/grpc/org"
 	admin_pb "github.com/caos/zitadel/pkg/grpc/admin"
@@ -34,10 +37,14 @@ func (s *Server) ListOrgs(ctx context.Context, req *admin_pb.ListOrgsRequest) (*
 }

 func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*admin_pb.SetUpOrgResponse, error) {
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Org.Name, s.iamDomain))
+	if err != nil {
+		return nil, err
+	}
 	human := setUpOrgHumanToDomain(req.User.(*admin_pb.SetUpOrgRequest_Human_).Human) //TODO: handle machine
 	org := setUpOrgOrgToDomain(req.Org)

-	objectDetails, err := s.command.SetUpOrg(ctx, org, human)
+	objectDetails, err := s.command.SetUpOrg(ctx, org, human, userIDs)
 	if err != nil {
 		return nil, err
 	}
@@ -45,3 +52,28 @@ func (s *Server) SetUpOrg(ctx context.Context, req *admin_pb.SetUpOrgRequest) (*
 		Details: object.DomainToAddDetailsPb(objectDetails),
 	}, nil
 }
+
+func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain string) ([]string, error) {
+	users, err := s.users.SearchUsers(ctx, &usr_model.UserSearchRequest{
+		Queries: []*usr_model.UserSearchQuery{
+			{
+				Key:    usr_model.UserSearchKeyPreferredLoginName,
+				Method: domain.SearchMethodEndsWithIgnoreCase,
+				Value:  orgDomain,
+			},
+			{
+				Key:    usr_model.UserSearchKeyResourceOwner,
+				Method: domain.SearchMethodNotEquals,
+				Value:  authz.GetCtxData(ctx).OrgID,
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	userIDs := make([]string, len(users.Result))
+	for i, user := range users.Result {
+		userIDs[i] = user.ID
+	}
+	return userIDs, nil
+}
--- a/internal/api/grpc/admin/server.go
+++ b/internal/api/grpc/admin/server.go
@@ -27,13 +27,15 @@ type Server struct {
 	administrator repository.AdministratorRepository
 	repo          repository.Repository
 	features      repository.FeaturesRepository
+	users         repository.UserRepository
+	iamDomain     string
 }

 type Config struct {
 	Repository eventsourcing.Config
 }

-func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository) *Server {
+func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository, iamDomain string) *Server {
 	return &Server{
 		command:       command,
 		query:         query,
@@ -42,6 +44,8 @@ func CreateServer(command *command.Commands, query *query.Queries, repo reposito
 		administrator: repo,
 		repo:          repo,
 		features:      repo,
+		users:         repo,
+		iamDomain:     iamDomain,
 	}
 }

--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -12,6 +12,7 @@ import (
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	org_model "github.com/caos/zitadel/internal/org/model"
+	usr_model "github.com/caos/zitadel/internal/user/model"
 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )

@@ -47,8 +48,12 @@ func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChanges
 }

 func (s *Server) AddOrg(ctx context.Context, req *mgmt_pb.AddOrgRequest) (*mgmt_pb.AddOrgResponse, error) {
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, domain.NewIAMDomainName(req.Name, s.systemDefaults.Domain))
+	if err != nil {
+		return nil, err
+	}
 	ctxData := authz.GetCtxData(ctx)
-	org, err := s.command.AddOrg(ctx, req.Name, ctxData.UserID, ctxData.ResourceOwner)
+	org, err := s.command.AddOrg(ctx, req.Name, ctxData.UserID, ctxData.ResourceOwner, userIDs)
 	if err != nil {
 		return nil, err
 	}
@@ -62,6 +67,21 @@ func (s *Server) AddOrg(ctx context.Context, req *mgmt_pb.AddOrgRequest) (*mgmt_
 	}, err
 }

+func (s *Server) UpdateOrg(ctx context.Context, req *mgmt_pb.UpdateOrgRequest) (*mgmt_pb.UpdateOrgResponse, error) {
+	ctxData := authz.GetCtxData(ctx)
+	org, err := s.command.ChangeOrg(ctx, ctxData.ResourceOwner, req.Name)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.UpdateOrgResponse{
+		Details: object.AddToDetailsPb(
+			org.Sequence,
+			org.EventDate,
+			org.ResourceOwner,
+		),
+	}, err
+}
+
 func (s *Server) DeactivateOrg(ctx context.Context, req *mgmt_pb.DeactivateOrgRequest) (*mgmt_pb.DeactivateOrgResponse, error) {
 	objectDetails, err := s.command.DeactivateOrg(ctx, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
@@ -112,7 +132,7 @@ func (s *Server) ListOrgDomains(ctx context.Context, req *mgmt_pb.ListOrgDomains
 }

 func (s *Server) AddOrgDomain(ctx context.Context, req *mgmt_pb.AddOrgDomainRequest) (*mgmt_pb.AddOrgDomainResponse, error) {
-	domain, err := s.command.AddOrgDomain(ctx, AddOrgDomainRequestToDomain(ctx, req))
+	domain, err := s.command.AddOrgDomain(ctx, AddOrgDomainRequestToDomain(ctx, req), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -157,7 +177,11 @@ func GenerateOrgDomainValidationRequestToDomain(ctx context.Context, req *mgmt_p
 }

 func (s *Server) ValidateOrgDomain(ctx context.Context, req *mgmt_pb.ValidateOrgDomainRequest) (*mgmt_pb.ValidateOrgDomainResponse, error) {
-	details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, req))
+	userIDs, err := s.getClaimedUserIDsOfOrgDomain(ctx, req.Domain)
+	if err != nil {
+		return nil, err
+	}
+	details, err := s.command.ValidateOrgDomain(ctx, ValidateOrgDomainRequestToDomain(ctx, req), userIDs)
 	if err != nil {
 		return nil, err
 	}
@@ -251,3 +275,28 @@ func (s *Server) RemoveOrgMember(ctx context.Context, req *mgmt_pb.RemoveOrgMemb
 		Details: object.DomainToChangeDetailsPb(details),
 	}, nil
 }
+
+func (s *Server) getClaimedUserIDsOfOrgDomain(ctx context.Context, orgDomain string) ([]string, error) {
+	users, err := s.user.SearchUsers(ctx, &usr_model.UserSearchRequest{
+		Queries: []*usr_model.UserSearchQuery{
+			{
+				Key:    usr_model.UserSearchKeyPreferredLoginName,
+				Method: domain.SearchMethodEndsWithIgnoreCase,
+				Value:  orgDomain,
+			},
+			{
+				Key:    usr_model.UserSearchKeyResourceOwner,
+				Method: domain.SearchMethodNotEquals,
+				Value:  authz.GetCtxData(ctx).OrgID,
+			},
+		},
+	}, false)
+	if err != nil {
+		return nil, err
+	}
+	userIDs := make([]string, len(users.Result))
+	for i, user := range users.Result {
+		userIDs[i] = user.ID
+	}
+	return userIDs, nil
+}
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -37,7 +37,7 @@ func (s *Server) GetUserByLoginNameGlobal(ctx context.Context, req *mgmt_pb.GetU

 func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (*mgmt_pb.ListUsersResponse, error) {
 	r := ListUsersRequestToModel(ctx, req)
-	res, err := s.user.SearchUsers(ctx, r)
+	res, err := s.user.SearchUsers(ctx, r, true)
 	if err != nil {
 		return nil, err
 	}