fix: Improve search user grants (#988)

* fix(management): search user grants with granted * fix(auth): handle user grant project owner * fix: migration
2025-08-15 03:57:37 +00:00 · 2020-11-19 14:13:07 +01:00
parent a40ec1f25b
commit 93e941a475
11 changed files with 48 additions and 9 deletions
--- a/internal/usergrant/model/user_grant_view.go
+++ b/internal/usergrant/model/user_grant_view.go
@@ -56,6 +56,7 @@ const (
 	UserGrantSearchKeyOrgDomain
 	UserGrantSearchKeyProjectName
 	UserGrantSearchKeyDisplayName
+	UserGrantSearchKeyWithGranted
 )

 type UserGrantSearchQuery struct {
--- a/internal/usergrant/repository/view/model/user_grant.go
+++ b/internal/usergrant/repository/view/model/user_grant.go
@@ -43,6 +43,7 @@ type UserGrantView struct {
 	DisplayName      string         `json:"-" gorm:"column:display_name"`
 	Email            string         `json:"-" gorm:"column:email"`
 	ProjectName      string         `json:"-" gorm:"column:project_name"`
+	ProjectOwner     string         `json:"-" gorm:"column:project_owner"`
 	OrgName          string         `json:"-" gorm:"column:org_name"`
 	OrgPrimaryDomain string         `json:"-" gorm:"column:org_primary_domain"`
 	RoleKeys         pq.StringArray `json:"roleKeys" gorm:"column:role_keys"`
--- a/internal/usergrant/repository/view/model/user_grant_test.go
+++ b/internal/usergrant/repository/view/model/user_grant_test.go
@@ -2,12 +2,13 @@ package model

 import (
 	"encoding/json"
+	"reflect"
+	"testing"
+
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/usergrant/model"
 	es_model "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
 	"github.com/lib/pq"
-	"reflect"
-	"testing"
 )

 func mockUserGrantData(grant *es_model.UserGrant) []byte {
--- a/internal/usergrant/repository/view/user_grant_view.go
+++ b/internal/usergrant/repository/view/user_grant_view.go
@@ -34,13 +34,39 @@ func UserGrantByIDs(db *gorm.DB, table, resourceOwnerID, projectID, userID strin
 }

 func SearchUserGrants(db *gorm.DB, table string, req *grant_model.UserGrantSearchRequest) ([]*model.UserGrantView, uint64, error) {
-	users := make([]*model.UserGrantView, 0)
+	grants := make([]*model.UserGrantView, 0)
+
+	var orgID string
+	var withGranted bool
+
+	for i := len(req.Queries) - 1; i >= 0; i-- {
+		shouldRemove := false
+		if req.Queries[i].Key == grant_model.UserGrantSearchKeyResourceOwner {
+			orgID = req.Queries[i].Value.(string)
+			shouldRemove = true
+		}
+		if req.Queries[i].Key == grant_model.UserGrantSearchKeyWithGranted {
+			withGranted = true
+			shouldRemove = true
+		}
+		if shouldRemove {
+			req.Queries[i] = req.Queries[len(req.Queries)-1]
+			req.Queries[len(req.Queries)-1] = nil
+			req.Queries = req.Queries[:len(req.Queries)-1]
+		}
+	}
+
+	if withGranted {
+		db = db.Where("grant_owner = ? OR project_owner = ?", orgID, orgID)
+	} else {
+		db = db.Where("grant_owner = ?", orgID)
+	}
 	query := repository.PrepareSearchQuery(table, model.UserGrantSearchRequest{Limit: req.Limit, Offset: req.Offset, Queries: req.Queries})
-	count, err := query(db, &users)
+	count, err := query(db, &grants)
 	if err != nil {
 		return nil, 0, err
 	}
-	return users, count, nil
+	return grants, count, nil
 }

 func UserGrantsByUserID(db *gorm.DB, table, userID string) ([]*model.UserGrantView, error) {