TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-02-28 20:27:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: my usermemberships (#1290)

Browse Source 
* fix: my usermemberships

* frontend

Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
Fabi 2021-02-16 10:08:44 +01:00 committed by GitHub
parent 33534ab006
commit 8ec4a74d76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 250 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
console/src/app/pages/users/user-detail/auth-user-detail/auth-user-detail.component.html
View File

@ -77,7 +77,7 @@
</div> </div>
</div> </div>
<ng-template appHasRole [appHasRole]="['user.membership.read']"> <ng-template appHasRole [appHasRole]="['user.membership.read']">
<app-memberships [user]="user"></app-memberships> <app-memberships [auth]="true" [user]="user"></app-memberships>
</ng-template> </ng-template>
<app-changes class="changes" [refresh]="refreshChanges$" [changeType]="ChangeType.MYUSER" [id]="user.id"> <app-changes class="changes" [refresh]="refreshChanges$" [changeType]="ChangeType.MYUSER" [id]="user.id">

19
console/src/app/pages/users/user-detail/memberships/memberships.component.ts
View File

@ -3,8 +3,10 @@ import { Component, Input, OnInit } from '@angular/core';
import { MatDialog } from '@angular/material/dialog'; import { MatDialog } from '@angular/material/dialog';
import { Router } from '@angular/router'; import { Router } from '@angular/router';
import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component'; import { CreationType, MemberCreateDialogComponent } from 'src/app/modules/add-member-dialog/member-create-dialog.component';
import { AuthServiceClient } from 'src/app/proto/generated/auth_grpc_web_pb';
import { MemberType, UserMembershipSearchResponse, UserView } from 'src/app/proto/generated/management_pb'; import { MemberType, UserMembershipSearchResponse, UserView } from 'src/app/proto/generated/management_pb';
import { AdminService } from 'src/app/services/admin.service'; import { AdminService } from 'src/app/services/admin.service';
import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
import { ManagementService } from 'src/app/services/mgmt.service'; import { ManagementService } from 'src/app/services/mgmt.service';
import { ToastService } from 'src/app/services/toast.service'; import { ToastService } from 'src/app/services/toast.service';
@ -33,12 +35,14 @@ export class MembershipsComponent implements OnInit {
public loading: boolean = false; public loading: boolean = false;
public memberships!: UserMembershipSearchResponse.AsObject; public memberships!: UserMembershipSearchResponse.AsObject;
@Input() public auth: boolean = false;
@Input() public user!: UserView.AsObject; @Input() public user!: UserView.AsObject;
@Input() public disabled: boolean = false; @Input() public disabled: boolean = false;
public MemberType: any = MemberType; public MemberType: any = MemberType;
constructor( constructor(
private authService: GrpcAuthService,
private mgmtService: ManagementService, private mgmtService: ManagementService,
private adminService: AdminService, private adminService: AdminService,
private dialog: MatDialog, private dialog: MatDialog,
@ -51,10 +55,17 @@ export class MembershipsComponent implements OnInit {
} }
public async loadManager(userId: string): Promise<void> { public async loadManager(userId: string): Promise<void> {
this.mgmtService.SearchUserMemberships(userId, 100, 0, []).then(response => { if (this.auth) {
this.memberships = response.toObject(); this.authService.SearchUserMemberships(100, 0, []).then(response => {
this.loading = false; this.memberships = response.toObject();
}); this.loading = false;
});
} else {
this.mgmtService.SearchUserMemberships(userId, 100, 0, []).then(response => {
this.memberships = response.toObject();
this.loading = false;
});
}
} }
public navigateToObject(): void { public navigateToObject(): void {

13
console/src/app/services/grpc-auth.service.ts
View File

@ -26,6 +26,9 @@ import {
UpdateUserProfileRequest, UpdateUserProfileRequest,
UserAddress, UserAddress,
UserEmail, UserEmail,
UserMembershipSearchQuery,
UserMembershipSearchRequest,
UserMembershipSearchResponse,
UserPhone, UserPhone,
UserProfile, UserProfile,
UserProfileView, UserProfileView,
@ -241,6 +244,16 @@ export class GrpcAuthService {
); );
} }
public SearchUserMemberships(limit: number, offset: number, queryList?: UserMembershipSearchQuery[]): Promise<UserMembershipSearchResponse> {
const req = new UserMembershipSearchRequest();
req.setLimit(limit);
req.setOffset(offset);
if (queryList) {
req.setQueriesList(queryList);
}
return this.grpcService.auth.searchMyUserMemberships(req);
}
public GetMyUserEmail(): Promise<UserEmail> { public GetMyUserEmail(): Promise<UserEmail> {
return this.grpcService.auth.getMyUserEmail( return this.grpcService.auth.getMyUserEmail(
new Empty(), new Empty(),

12
internal/api/grpc/auth/user.go
View File

@ -2,7 +2,7 @@ package auth
import ( import (
"context" "context"
"github.com/caos/zitadel/internal/api/authz"
"github.com/golang/protobuf/ptypes/empty" "github.com/golang/protobuf/ptypes/empty"
"github.com/caos/zitadel/pkg/grpc/auth" "github.com/caos/zitadel/pkg/grpc/auth"
@ -212,3 +212,13 @@ func (s *Server) GetMyUserChanges(ctx context.Context, request *auth.ChangesRequ
} }
return userChangesToResponse(changes, request.GetSequenceOffset(), request.GetLimit()), nil return userChangesToResponse(changes, request.GetSequenceOffset(), request.GetLimit()), nil
} }
func (s *Server) SearchMyUserMemberships(ctx context.Context, in *auth.UserMembershipSearchRequest) (*auth.UserMembershipSearchResponse, error) {
request := userMembershipSearchRequestsToModel(in)
request.AppendUserIDQuery(authz.GetCtxData(ctx).UserID)
response, err := s.repo.SearchMyUserMemberships(ctx, request)
if err != nil {
return nil, err
}
return userMembershipSearchResponseFromModel(response), nil
}

91
internal/api/grpc/auth/user_converter.go
View File

@ -3,7 +3,6 @@ package auth
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes"
"golang.org/x/text/language" "golang.org/x/text/language"
@ -452,3 +451,93 @@ func webAuthNTokenFromModel(token *usr_model.WebAuthNToken) *auth.WebAuthNToken
State: mfaStateFromModel(token.State), State: mfaStateFromModel(token.State),
} }
} }
func userMembershipSearchResponseFromModel(response *usr_model.UserMembershipSearchResponse) *auth.UserMembershipSearchResponse {
timestamp, err := ptypes.TimestampProto(response.Timestamp)
logging.Log("GRPC-Hs8jd").OnError(err).Debug("unable to parse timestamp")
return &auth.UserMembershipSearchResponse{
Offset: response.Offset,
Limit: response.Limit,
TotalResult: response.TotalResult,
Result: userMembershipViewsFromModel(response.Result),
ProcessedSequence: response.Sequence,
ViewTimestamp: timestamp,
}
}
func userMembershipViewsFromModel(memberships []*usr_model.UserMembershipView) []*auth.UserMembershipView {
converted := make([]*auth.UserMembershipView, len(memberships))
for i, membership := range memberships {
converted[i] = userMembershipViewFromModel(membership)
}
return converted
}
func userMembershipViewFromModel(membership *usr_model.UserMembershipView) *auth.UserMembershipView {
creationDate, err := ptypes.TimestampProto(membership.CreationDate)
logging.Log("GRPC-Msnu8").OnError(err).Debug("unable to parse timestamp")
changeDate, err := ptypes.TimestampProto(membership.ChangeDate)
logging.Log("GRPC-Slco9").OnError(err).Debug("unable to parse timestamp")
return &auth.UserMembershipView{
UserId: membership.UserID,
AggregateId: membership.AggregateID,
ObjectId: membership.ObjectID,
MemberType: memberTypeFromModel(membership.MemberType),
DisplayName: membership.DisplayName,
Roles: membership.Roles,
CreationDate: creationDate,
ChangeDate: changeDate,
Sequence: membership.Sequence,
ResourceOwner: membership.ResourceOwner,
}
}
func userMembershipSearchRequestsToModel(request *auth.UserMembershipSearchRequest) *usr_model.UserMembershipSearchRequest {
return &usr_model.UserMembershipSearchRequest{
Offset: request.Offset,
Limit: request.Limit,
Queries: userMembershipSearchQueriesToModel(request.Queries),
}
}
func userMembershipSearchQueriesToModel(queries []*auth.UserMembershipSearchQuery) []*usr_model.UserMembershipSearchQuery {
converted := make([]*usr_model.UserMembershipSearchQuery, len(queries))
for i, q := range queries {
converted[i] = userMembershipSearchQueryToModel(q)
}
return converted
}
func userMembershipSearchQueryToModel(query *auth.UserMembershipSearchQuery) *usr_model.UserMembershipSearchQuery {
return &usr_model.UserMembershipSearchQuery{
Key: userMembershipSearchKeyToModel(query.Key),
Method: searchMethodToModel(query.Method),
Value: query.Value,
}
}
func userMembershipSearchKeyToModel(key auth.UserMembershipSearchKey) usr_model.UserMembershipSearchKey {
switch key {
case auth.UserMembershipSearchKey_USERMEMBERSHIPSEARCHKEY_TYPE:
return usr_model.UserMembershipSearchKeyMemberType
case auth.UserMembershipSearchKey_USERMEMBERSHIPSEARCHKEY_OBJECT_ID:
return usr_model.UserMembershipSearchKeyObjectID
default:
return usr_model.UserMembershipSearchKeyUnspecified
}
}
func memberTypeFromModel(memberType usr_model.MemberType) auth.MemberType {
switch memberType {
case usr_model.MemberTypeOrganisation:
return auth.MemberType_MEMBERTYPE_ORGANISATION
case usr_model.MemberTypeProject:
return auth.MemberType_MEMBERTYPE_PROJECT
case usr_model.MemberTypeProjectGrant:
return auth.MemberType_MEMBERTYPE_PROJECT_GRANT
default:
return auth.MemberType_MEMBERTYPE_UNSPECIFIED
}
}

2
internal/api/grpc/auth/user_human_converter.go
View File

@ -3,7 +3,7 @@ package auth
import ( import (
"github.com/caos/logging" "github.com/caos/logging"
usr_model "github.com/caos/zitadel/internal/user/model" usr_model "github.com/caos/zitadel/internal/user/model"
auth "github.com/caos/zitadel/pkg/grpc/auth" "github.com/caos/zitadel/pkg/grpc/auth"
"github.com/golang/protobuf/ptypes" "github.com/golang/protobuf/ptypes"
) )

65
internal/auth/repository/eventsourcing/eventstore/user_grant.go
View File

@ -2,7 +2,6 @@ package eventstore
import ( import (
"context" "context"
"github.com/caos/logging" "github.com/caos/logging"
"github.com/caos/zitadel/internal/api/authz" "github.com/caos/zitadel/internal/api/authz"
@ -94,7 +93,43 @@ func membershipsToOrgResp(memberships []*user_view_model.UserMembershipView, cou
} }
} }
func (repo *UserGrantRepo) SearchMyUserMemberships(ctx context.Context, request *user_model.UserMembershipSearchRequest) (*user_model.UserMembershipSearchResponse, error) {
request.EnsureLimit(repo.SearchLimit)
sequence, sequenceErr := repo.View.GetLatestUserMembershipSequence()
logging.Log("EVENT-Dn7sf").OnError(sequenceErr).Warn("could not read latest user sequence")
memberships, count, err := repo.View.SearchUserMemberships(request)
if err != nil {
return nil, err
}
result := &user_model.UserMembershipSearchResponse{
Offset: request.Offset,
Limit: request.Limit,
TotalResult: count,
Result: user_view_model.UserMembershipsToModel(memberships),
}
if sequenceErr == nil {
result.Sequence = sequence.CurrentSequence
result.Timestamp = sequence.LastSuccessfulSpoolerRun
}
return result, nil
}
func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]string, error) { func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]string, error) {
memberships, err := repo.searchUserMemberships(ctx)
if err != nil {
return nil, err
}
permissions := &grant_model.Permissions{Permissions: []string{}}
for _, membership := range memberships {
for _, role := range membership.Roles {
permissions = repo.mapRoleToPermission(permissions, membership, role)
}
}
return permissions.Permissions, nil
}
func (repo *UserGrantRepo) searchUserMemberships(ctx context.Context) ([]*user_view_model.UserMembershipView, error) {
ctxData := authz.GetCtxData(ctx) ctxData := authz.GetCtxData(ctx)
orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{ orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
Queries: []*user_model.UserMembershipSearchQuery{ Queries: []*user_model.UserMembershipSearchQuery{
@ -131,16 +166,9 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
return nil, err return nil, err
} }
if orgCount == 0 && iamCount == 0 { if orgCount == 0 && iamCount == 0 {
return []string{}, nil return []*user_view_model.UserMembershipView{}, nil
} }
orgMemberships = append(orgMemberships, iamMemberships...) return append(orgMemberships, iamMemberships...), nil
permissions := &grant_model.Permissions{Permissions: []string{}}
for _, membership := range orgMemberships {
for _, role := range membership.Roles {
permissions = repo.mapRoleToPermission(permissions, membership, role)
}
}
return permissions.Permissions, nil
} }
func (repo *UserGrantRepo) SearchMyProjectPermissions(ctx context.Context) ([]string, error) { func (repo *UserGrantRepo) SearchMyProjectPermissions(ctx context.Context) ([]string, error) {
@ -275,3 +303,20 @@ func containsOrg(orgs []*grant_model.Org, resourceOwner string) bool {
} }
return false return false
} }
func userMembershipToMembership(membership *user_view_model.UserMembershipView) *authz.Membership {
return &authz.Membership{
MemberType: authz.MemberType(membership.MemberType),
AggregateID: membership.AggregateID,
ObjectID: membership.ObjectID,
Roles: membership.Roles,
}
}
func userMembershipsToMemberships(memberships []*user_view_model.UserMembershipView) []*authz.Membership {
result := make([]*authz.Membership, len(memberships))
for i, m := range memberships {
result[i] = userMembershipToMembership(m)
}
return result
}

2
internal/auth/repository/user.go
View File

@ -89,4 +89,6 @@ type myUserRepo interface {
ChangeMyUsername(ctx context.Context, username string) error ChangeMyUsername(ctx context.Context, username string) error
MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool) (*model.UserChanges, error) MyUserChanges(ctx context.Context, lastSequence uint64, limit uint64, sortAscending bool) (*model.UserChanges, error)
SearchMyUserMemberships(ctx context.Context, request *model.UserMembershipSearchRequest) (*model.UserMembershipSearchResponse, error)
} }

2
internal/management/repository/eventsourcing/eventstore/permissions.go
View File

@ -5,5 +5,5 @@ const (
orgMemberReadPerm = "org.member.read" orgMemberReadPerm = "org.member.read"
iamMemberReadPerm = "iam.member.read" iamMemberReadPerm = "iam.member.read"
projectMemberReadPerm = "project.member.read" projectMemberReadPerm = "project.member.read"
projectGrantMemberReadPerm = "project.member.read" projectGrantMemberReadPerm = "project.grant.member.read"
) )

61
pkg/grpc/auth/proto/auth.proto
View File

@ -418,6 +418,17 @@ service AuthService {
permission: "authenticated" permission: "authenticated"
}; };
} }
rpc SearchMyUserMemberships(UserMembershipSearchRequest) returns (UserMembershipSearchResponse) {
option (google.api.http) = {
post: "/users/me/memberships/_search"
body: "*"
};
option (caos.zitadel.utils.v1.auth_option) = {
permission: "authenticated"
};
}
} }
message UserSessionViews { message UserSessionViews {
@ -856,4 +867,52 @@ message ExternalIDPView {
string external_user_display_name = 5; string external_user_display_name = 5;
google.protobuf.Timestamp creation_date = 6; google.protobuf.Timestamp creation_date = 6;
google.protobuf.Timestamp change_date = 7; google.protobuf.Timestamp change_date = 7;
} }
message UserMembershipSearchResponse {
uint64 offset = 1;
uint64 limit = 2;
uint64 total_result = 3;
repeated UserMembershipView result = 4;
uint64 processed_sequence = 5;
google.protobuf.Timestamp view_timestamp = 6;
}
message UserMembershipSearchRequest {
uint64 offset = 1;
uint64 limit = 2;
repeated UserMembershipSearchQuery queries = 3;
}
message UserMembershipSearchQuery {
UserMembershipSearchKey key = 1 [(validate.rules).enum = {not_in: [0]}];
SearchMethod method = 2 [(validate.rules).enum = {in: [0]}];
string value = 3;
}
enum UserMembershipSearchKey {
USERMEMBERSHIPSEARCHKEY_UNSPECIFIED = 0;
USERMEMBERSHIPSEARCHKEY_TYPE = 1;
USERMEMBERSHIPSEARCHKEY_OBJECT_ID = 2;
}
message UserMembershipView {
string user_id = 1;
MemberType member_type = 2;
string aggregate_id = 3;
string object_id = 4;
repeated string roles = 5;
string display_name = 6;
google.protobuf.Timestamp creation_date = 7;
google.protobuf.Timestamp change_date = 8;
uint64 sequence = 9;
string resource_owner = 10;
}
enum MemberType {
MEMBERTYPE_UNSPECIFIED = 0;
MEMBERTYPE_ORGANISATION = 1;
MEMBERTYPE_PROJECT = 2;
MEMBERTYPE_PROJECT_GRANT = 3;
}

1
pkg/grpc/management/proto/management.proto
View File

@ -778,6 +778,7 @@ service ManagementService {
option (caos.zitadel.utils.v1.auth_option) = { option (caos.zitadel.utils.v1.auth_option) = {
permission: "project.read" permission: "project.read"
check_field_name: "Id"
}; };
} }