feat: project roles (#843)

* fix logging * token verification * feat: assert roles * feat: add project role assertion on project and token type on app * id and access token role assertion * add project role check * user grant required step in login * update library * fix merge * fix merge * fix merge * update oidc library * fix tests * add tests for GrantRequiredStep * add missing field ProjectRoleCheck on project view model * fix project create * fix project create
2025-08-12 07:57:32 +00:00 · 2020-10-16 07:49:38 +02:00
parent f5a7a0a09f
commit a321d850ae
57 changed files with 10894 additions and 18297 deletions
--- a/internal/api/grpc/management/project_converter.go
+++ b/internal/api/grpc/management/project_converter.go
@@ -22,12 +22,14 @@ func projectFromModel(project *proj_model.Project) *management.Project {
 	logging.Log("GRPC-di7rw").OnError(err).Debug("unable to parse timestamp")

 	return &management.Project{
-		Id:           project.AggregateID,
-		State:        projectStateFromModel(project.State),
-		CreationDate: creationDate,
-		ChangeDate:   changeDate,
-		Name:         project.Name,
-		Sequence:     project.Sequence,
+		Id:                   project.AggregateID,
+		State:                projectStateFromModel(project.State),
+		CreationDate:         creationDate,
+		ChangeDate:           changeDate,
+		Name:                 project.Name,
+		Sequence:             project.Sequence,
+		ProjectRoleAssertion: project.ProjectRoleAssertion,
+		ProjectRoleCheck:     project.ProjectRoleCheck,
 	}
 }

@@ -60,13 +62,15 @@ func projectViewFromModel(project *proj_model.ProjectView) *management.ProjectVi
 	logging.Log("GRPC-sope3").OnError(err).Debug("unable to parse timestamp")

 	return &management.ProjectView{
-		ProjectId:     project.ProjectID,
-		State:         projectStateFromModel(project.State),
-		CreationDate:  creationDate,
-		ChangeDate:    changeDate,
-		Name:          project.Name,
-		Sequence:      project.Sequence,
-		ResourceOwner: project.ResourceOwner,
+		ProjectId:            project.ProjectID,
+		State:                projectStateFromModel(project.State),
+		CreationDate:         creationDate,
+		ChangeDate:           changeDate,
+		Name:                 project.Name,
+		Sequence:             project.Sequence,
+		ResourceOwner:        project.ResourceOwner,
+		ProjectRoleAssertion: project.ProjectRoleAssertion,
+		ProjectRoleCheck:     project.ProjectRoleCheck,
 	}
 }

@@ -117,12 +121,22 @@ func projectStateFromModel(state proj_model.ProjectState) management.ProjectStat
 	}
 }

+func projectCreateToModel(project *management.ProjectCreateRequest) *proj_model.Project {
+	return &proj_model.Project{
+		Name:                 project.Name,
+		ProjectRoleAssertion: project.ProjectRoleAssertion,
+		ProjectRoleCheck:     project.ProjectRoleCheck,
+	}
+}
+
 func projectUpdateToModel(project *management.ProjectUpdateRequest) *proj_model.Project {
 	return &proj_model.Project{
 		ObjectRoot: models.ObjectRoot{
 			AggregateID: project.Id,
 		},
-		Name: project.Name,
+		Name:                 project.Name,
+		ProjectRoleAssertion: project.ProjectRoleAssertion,
+		ProjectRoleCheck:     project.ProjectRoleCheck,
 	}
 }