feat: remove user (#812)

* feat: remove user

* feat: handle delete state on user by id

* feat: handle delete state on project by id

internal/management/repository/eventsourcing/eventstore/project.go

@@ -62,7 +62,9 @@ func (repo *ProjectRepo) ProjectByID(ctx context.Context, id string) (*proj_mode
 			return model.ProjectToModel(&viewProject), nil
 		}
 	}
-
+	if viewProject.State == int32(proj_model.ProjectStateRemoved) {
+		return nil, caos_errs.ThrowNotFound(nil, "EVENT-3Mo0s", "Errors.Project.NotFound")
+	}
 	return model.ProjectToModel(project), nil
 }
 

internal/management/repository/eventsourcing/eventstore/user.go

@@ -2,6 +2,10 @@ package eventstore
 
 import (
 	"context"
+	es_int "github.com/caos/zitadel/internal/eventstore"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
+	es_sdk "github.com/caos/zitadel/internal/eventstore/sdk"
+	usr_grant_event "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing"
 
 	"github.com/caos/logging"
 	"github.com/caos/zitadel/internal/api/authz"
@@ -19,12 +23,14 @@ import (
 )
 
 type UserRepo struct {
-	SearchLimit    uint64
-	UserEvents     *usr_event.UserEventstore
-	PolicyEvents   *policy_event.PolicyEventstore
-	OrgEvents      *org_event.OrgEventstore
-	View           *view.View
-	SystemDefaults systemdefaults.SystemDefaults
+	es_int.Eventstore
+	SearchLimit     uint64
+	UserEvents      *usr_event.UserEventstore
+	PolicyEvents    *policy_event.PolicyEventstore
+	OrgEvents       *org_event.OrgEventstore
+	UserGrantEvents *usr_grant_event.UserGrantEventStore
+	View            *view.View
+	SystemDefaults  systemdefaults.SystemDefaults
 }
 
 func (repo *UserRepo) UserByID(ctx context.Context, id string) (*usr_model.UserView, error) {
@@ -49,6 +55,9 @@ func (repo *UserRepo) UserByID(ctx context.Context, id string) (*usr_model.UserV
 			return model.UserToModel(user), nil
 		}
 	}
+	if userCopy.State == int32(usr_model.UserStateDeleted) {
+		return nil, caos_errs.ThrowNotFound(nil, "EVENT-4Fm9s", "Errors.User.NotFound")
+	}
 	return model.UserToModel(&userCopy), nil
 }
 
@@ -96,6 +105,36 @@ func (repo *UserRepo) UnlockUser(ctx context.Context, id string) (*usr_model.Use
 	return repo.UserEvents.UnlockUser(ctx, id)
 }
 
+func (repo *UserRepo) RemoveUser(ctx context.Context, id string) error {
+	aggregates := make([]*es_models.Aggregate, 0)
+	orgPolicy, err := repo.OrgEvents.GetOrgIAMPolicy(ctx, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return err
+	}
+	user, agg, err := repo.UserEvents.PrepareRemoveUser(ctx, id, orgPolicy)
+	if err != nil {
+		return err
+	}
+	aggregates = append(aggregates, agg...)
+
+	// remove user_grants
+	usergrants, err := repo.View.UserGrantsByUserID(id)
+	if err != nil {
+		return err
+	}
+	for _, grant := range usergrants {
+		_, aggs, err := repo.UserGrantEvents.PrepareRemoveUserGrant(ctx, grant.ID, true)
+		if err != nil {
+			return err
+		}
+		for _, agg := range aggs {
+			aggregates = append(aggregates, agg)
+		}
+	}
+
+	return es_sdk.PushAggregates(ctx, repo.Eventstore.PushAggregates, user.AppendEvents, aggregates...)
+}
+
 func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSearchRequest) (*usr_model.UserSearchResponse, error) {
 	request.EnsureLimit(repo.SearchLimit)
 	sequence, sequenceErr := repo.View.GetLatestUserSequence()
@@ -107,7 +146,7 @@ func (repo *UserRepo) SearchUsers(ctx context.Context, request *usr_model.UserSe
 	result := &usr_model.UserSearchResponse{
 		Offset:      request.Offset,
 		Limit:       request.Limit,
-		TotalResult: uint64(count),
+		TotalResult: count,
 		Result:      model.UsersToModel(users),
 	}
 	if sequenceErr == nil {

internal/management/repository/eventsourcing/handler/org_member.go

@@ -104,6 +104,8 @@ func (m *OrgMember) processUser(event *models.Event) (err error) {
 			m.fillUserData(member, user)
 		}
 		return m.view.PutOrgMembers(members, event.Sequence)
+	case usr_es_model.UserRemoved:
+		return m.view.DeleteOrgMembersByUserID(event.AggregateID, event.Sequence)
 	default:
 		return m.view.ProcessedOrgMemberSequence(event.Sequence)
 	}

internal/management/repository/eventsourcing/handler/user.go

@@ -106,7 +106,7 @@ func (u *User) ProcessUser(event *models.Event) (err error) {
 		}
 		err = u.fillLoginNames(user)
 	case es_model.UserRemoved:
-		err = u.view.DeleteUser(event.AggregateID, event.Sequence)
+		return u.view.DeleteUser(event.AggregateID, event.Sequence)
 	default:
 		return u.view.ProcessedUserSequence(event.Sequence)
 	}

internal/management/repository/eventsourcing/handler/user_external_idps.go

@@ -69,6 +69,8 @@ func (m *ExternalIDP) processUser(event *models.Event) (err error) {
 			return err
 		}
 		return m.view.DeleteExternalIDP(externalIDP.ExternalUserID, externalIDP.IDPConfigID, event.Sequence)
+	case model.UserRemoved:
+		return m.view.DeleteExternalIDPsByUserID(event.AggregateID, event.Sequence)
 	default:
 		return m.view.ProcessedExternalIDPSequence(event.Sequence)
 	}

internal/management/repository/eventsourcing/handler/user_membership.go

@@ -7,6 +7,7 @@ import (
 	org_event "github.com/caos/zitadel/internal/org/repository/eventsourcing"
 	proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
 	proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
+	"github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
 
 	"github.com/caos/logging"
 
@@ -38,7 +39,7 @@ func (m *UserMembership) EventQuery() (*models.SearchQuery, error) {
 		return nil, err
 	}
 	return es_models.NewSearchQuery().
-		AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate).
+		AggregateTypeFilter(iam_es_model.IAMAggregate, org_es_model.OrgAggregate, proj_es_model.ProjectAggregate, model.UserAggregate).
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
@@ -50,6 +51,8 @@ func (m *UserMembership) Reduce(event *models.Event) (err error) {
 		err = m.processOrg(event)
 	case proj_es_model.ProjectAggregate:
 		err = m.processProject(event)
+	case model.UserAggregate:
+		err = m.processUser(event)
 	}
 	return err
 }
@@ -198,6 +201,15 @@ func (m *UserMembership) updateProjectDisplayName(event *models.Event) error {
 	return m.view.BulkPutUserMemberships(memberships, event.Sequence)
 }
 
+func (m *UserMembership) processUser(event *models.Event) (err error) {
+	switch event.Type {
+	case model.UserRemoved:
+		return m.view.DeleteUserMembershipsByUserID(event.AggregateID, event.Sequence)
+	default:
+		return m.view.ProcessedUserMembershipSequence(event.Sequence)
+	}
+}
+
 func (m *UserMembership) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-Ms3fj", "id", event.AggregateID).WithError(err).Warn("something went wrong in orgmember handler")
 	return spooler.HandleError(event, err, m.view.GetLatestUserMembershipFailedEvent, m.view.ProcessedUserMembershipFailedEvent, m.view.ProcessedUserMembershipSequence, m.errorCountUntilSkip)

internal/management/repository/eventsourcing/repository.go

@@ -96,7 +96,7 @@ func Start(conf Config, systemDefaults sd.SystemDefaults, roles []string) (*EsRe
 		spooler:       spool,
 		OrgRepository: eventstore.OrgRepository{conf.SearchLimit, org, user, view, roles, systemDefaults},
 		ProjectRepo:   eventstore.ProjectRepo{es, conf.SearchLimit, project, usergrant, user, iam, view, roles, systemDefaults.IamID},
-		UserRepo:      eventstore.UserRepo{conf.SearchLimit, user, policy, org, view, systemDefaults},
+		UserRepo:      eventstore.UserRepo{es, conf.SearchLimit, user, policy, org, usergrant, view, systemDefaults},
 		UserGrantRepo: eventstore.UserGrantRepo{conf.SearchLimit, usergrant, view},
 		PolicyRepo:    eventstore.PolicyRepo{policy},
 		IAMRepository: eventstore.IAMRepository{iam},

internal/management/repository/eventsourcing/view/external_idps.go

@@ -56,6 +56,13 @@ func (v *View) DeleteExternalIDP(externalUserID, idpConfigID string, eventSequen
 	return v.ProcessedExternalIDPSequence(eventSequence)
 }
 
+func (v *View) DeleteExternalIDPsByUserID(userID string, eventSequence uint64) error {
+	err := view.DeleteExternalIDPsByUserID(v.Db, externalIDPTable, userID)
+	if err != nil {
+		return err
+	}
+	return v.ProcessedExternalIDPSequence(eventSequence)
+}
 func (v *View) GetLatestExternalIDPSequence() (*global_view.CurrentSequence, error) {
 	return v.latestSequence(externalIDPTable)
 }

internal/management/repository/eventsourcing/view/org_member.go

@@ -47,6 +47,14 @@ func (v *View) DeleteOrgMember(orgID, userID string, eventSequence uint64) error
 	return v.ProcessedOrgMemberSequence(eventSequence)
 }
 
+func (v *View) DeleteOrgMembersByUserID(userID string, eventSequence uint64) error {
+	err := view.DeleteOrgMembersByUserID(v.Db, orgMemberTable, userID)
+	if err != nil {
+		return nil
+	}
+	return v.ProcessedOrgMemberSequence(eventSequence)
+}
+
 func (v *View) GetLatestOrgMemberSequence() (*repository.CurrentSequence, error) {
 	return v.latestSequence(orgMemberTable)
 }

internal/management/repository/eventsourcing/view/user_membership.go

@@ -47,6 +47,14 @@ func (v *View) DeleteUserMembership(userID, aggregateID, objectID string, member
 	return v.ProcessedUserMembershipSequence(eventSequence)
 }
 
+func (v *View) DeleteUserMembershipsByUserID(userID string, eventSequence uint64) error {
+	err := view.DeleteUserMembershipsByUserID(v.Db, userMembershipTable, userID)
+	if err != nil {
+		return nil
+	}
+	return v.ProcessedUserMembershipSequence(eventSequence)
+}
+
 func (v *View) GetLatestUserMembershipSequence() (*repository.CurrentSequence, error) {
 	return v.latestSequence(userMembershipTable)
 }