fix: restrict languages in console (#6964)

* feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * fix(console): switch back to saved language * feat(API): get allowed languages * fix(console): only make allowed languages selectable * warn when editing not allowed languages * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * allow unsupported preferred languages * lint * load languages for tests * cleanup * lint * cleanup * get allowed only on admin * cleanup * reduce flakiness on very limited postgres * simplify langSvc * refactor according to suggestions in pr * lint * set first allowed language as default * selectionchange for language in msg texts * initialize login texts * init message texts * lint --------- Co-authored-by: peintnermax <max@caos.ch>
2025-08-11 18:07:31 +00:00 · 2023-12-07 09:43:23 +01:00
parent f09fbf8709
commit 8c85318fbd
46 changed files with 479 additions and 312 deletions
--- a/proto/zitadel/admin.proto
+++ b/proto/zitadel/admin.proto
@@ -230,7 +230,7 @@ service AdminService {
        };

        option (zitadel.v1.auth_option) = {
-            permission: "iam.read";
+            permission: "authenticated";
        };

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
@@ -240,6 +240,22 @@ service AdminService {
        };
    }

+    rpc GetAllowedLanguages(GetAllowedLanguagesRequest) returns (GetAllowedLanguagesResponse) {
+        option (google.api.http) = {
+            get: "/languages/allowed";
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "authenticated";
+        };
+
+        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
+            summary: "Allowed Languages";
+            description: "If the languages are restricted, only those are returned. Else, all supported languages are returned."
+            tags: "Restrictions";
+        };
+    }
+
    rpc SetDefaultLanguage(SetDefaultLanguageRequest) returns (SetDefaultLanguageResponse) {
        option (google.api.http) = {
            put: "/languages/default/{language}";
@@ -3868,6 +3884,17 @@ message GetSupportedLanguagesResponse {
    ];
 }

+//This is an empty request
+message GetAllowedLanguagesRequest {}
+
+message GetAllowedLanguagesResponse {
+    repeated string languages = 1 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "[\"en\", \"de\", \"it\"]"
+        }
+    ];
+}
+
 message SetDefaultLanguageRequest {
    string language = 1 [
        (validate.rules).string = {min_len: 1, max_len: 10},
--- a/proto/zitadel/auth.proto
+++ b/proto/zitadel/auth.proto
@@ -143,10 +143,10 @@ service AuthService {

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
            summary: "Supported Languages";
-            description: "The supported/default languages of the system will be returned by the language abbreviation."
+            description: "Use GetSupportedLanguages on the admin service instead."
+            deprecated: true;
            tags: "General";
        };
-
    }

    rpc GetMyUser(GetMyUserRequest) returns (GetMyUserResponse) {
@@ -996,7 +996,6 @@ message HealthzResponse {}
 //This is an empty request
 message GetSupportedLanguagesRequest {}

-//This is an empty response
 message GetSupportedLanguagesResponse {
    repeated string languages = 1 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -268,7 +268,8 @@ service ManagementService {

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
            summary: "Supported Languages";
-            description: "The supported/default languages of the system will be returned by the language abbreviation."
+            description: "Use GetSupportedLanguages on the admin service instead."
+            deprecated: true;
            tags: "General";
            responses: {
                key: "200"