feat: features (#1427)

* features * features * features * fix json tags * add features handler to auth * mocks for tests * add setup step * fixes * add featurelist to auth api * grandfather state and typos * typo * merge new-eventstore * fix login policy tests * label policy in features * audit log retention
2025-08-12 04:07:31 +00:00 · 2021-03-25 17:26:21 +01:00
parent c9b3839f3d
commit a4763b1e4c
97 changed files with 3335 additions and 109 deletions
--- a/internal/api/authz/authorization.go
+++ b/internal/api/authz/authorization.go
@@ -23,6 +23,13 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID s
 		return nil, err
 	}

+	if requiredAuthOption.Feature != "" {
+		err = CheckOrgFeatures(ctx, verifier, ctxData.OrgID, requiredAuthOption.Feature)
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	if requiredAuthOption.Permission == authenticated {
 		return func(parent context.Context) context.Context {
 			return context.WithValue(parent, dataKey, ctxData)
@@ -49,6 +56,10 @@ func CheckUserAuthorization(ctx context.Context, req interface{}, token, orgID s
 	}, nil
 }

+func CheckOrgFeatures(ctx context.Context, t *TokenVerifier, orgID string, requiredFeatures ...string) error {
+	return t.authZRepo.CheckOrgFeatures(ctx, orgID, requiredFeatures...)
+}
+
 func checkUserPermissions(req interface{}, userPerms []string, authOpt Option) error {
 	if len(userPerms) == 0 {
 		return errors.ThrowPermissionDenied(nil, "AUTH-5mWD2", "No matching permissions found")
--- a/internal/api/authz/config.go
+++ b/internal/api/authz/config.go
@@ -14,6 +14,7 @@ type MethodMapping map[string]Option
 type Option struct {
 	Permission string
 	CheckParam string
+	Feature    string
 }

 func (a *Config) getPermissionsFromRole(role string) []string {
--- a/internal/api/authz/permissions_test.go
+++ b/internal/api/authz/permissions_test.go
@@ -34,6 +34,10 @@ func (v *testVerifier) VerifierClientID(ctx context.Context, appName string) (st
 	return "clientID", nil
 }

+func (v *testVerifier) CheckOrgFeatures(context.Context, string, ...string) error {
+	return nil
+}
+
 func equalStringArray(a, b []string) bool {
 	if len(a) != len(b) {
 		return false
--- a/internal/api/authz/token.go
+++ b/internal/api/authz/token.go
@@ -25,6 +25,7 @@ type authZRepo interface {
 	SearchMyMemberships(ctx context.Context) ([]*Membership, error)
 	ProjectIDAndOriginsByClientID(ctx context.Context, clientID string) (projectID string, origins []string, err error)
 	ExistsOrg(ctx context.Context, orgID string) error
+	CheckOrgFeatures(ctx context.Context, orgID string, requiredFeatures ...string) error
 }

 func Start(authZRepo authZRepo) (v *TokenVerifier) {