fix: internal grant view (#239)

* fix: internal grant view

* feat: add orgiam policy in management

* fix: roleSuffix

internal/auth/repository/eventsourcing/handler/user_grant.go

@@ -150,11 +150,11 @@ func (u *UserGrant) processProject(event *models.Event) (err error) {
 	case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged, proj_es_model.ProjectMemberRemoved:
 		member := new(proj_es_model.ProjectMember)
 		member.SetData(event)
-		return u.processMember(event, "PROJECT", true, member.UserID, member.Roles)
+		return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles)
 	case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged, proj_es_model.ProjectGrantMemberRemoved:
 		member := new(proj_es_model.ProjectGrantMember)
 		member.SetData(event)
-		return u.processMember(event, "PROJECT_GRANT", true, member.UserID, member.Roles)
+		return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
 	default:
 		return u.view.ProcessedUserGrantSequence(event.Sequence)
 	}
@@ -166,7 +166,7 @@ func (u *UserGrant) processOrg(event *models.Event) (err error) {
 	case org_es_model.OrgMemberAdded, org_es_model.OrgMemberChanged, org_es_model.OrgMemberRemoved:
 		member := new(org_es_model.OrgMember)
 		member.SetData(event)
-		return u.processMember(event, "ORG", false, member.UserID, member.Roles)
+		return u.processMember(event, "ORG", "", member.UserID, member.Roles)
 	default:
 		return u.view.ProcessedUserGrantSequence(event.Sequence)
 	}
@@ -200,7 +200,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
 		} else {
 			newRoles := member.Roles
 			if grant.RoleKeys != nil {
-				grant.RoleKeys = mergeExistingRoles(rolePrefix, grant.RoleKeys, newRoles)
+				grant.RoleKeys = mergeExistingRoles(rolePrefix, "", grant.RoleKeys, newRoles)
 			} else {
 				grant.RoleKeys = newRoles
 			}
@@ -221,7 +221,7 @@ func (u *UserGrant) processIamMember(event *models.Event, rolePrefix string, suf
 	}
 }
 
-func (u *UserGrant) processMember(event *models.Event, rolePrefix string, suffix bool, userID string, roleKeys []string) error {
+func (u *UserGrant) processMember(event *models.Event, rolePrefix, roleSuffix string, userID string, roleKeys []string) error {
 	switch event.Type {
 	case org_es_model.OrgMemberAdded, proj_es_model.ProjectMemberAdded, proj_es_model.ProjectGrantMemberAdded,
 		org_es_model.OrgMemberChanged, proj_es_model.ProjectMemberChanged, proj_es_model.ProjectGrantMemberChanged:
@@ -230,7 +230,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix string, suffix
 		if err != nil && !errors.IsNotFound(err) {
 			return err
 		}
-		if suffix {
+		if roleSuffix != "" {
 			roleKeys = suffixRoles(event.AggregateID, roleKeys)
 		}
 		if errors.IsNotFound(err) {
@@ -246,7 +246,7 @@ func (u *UserGrant) processMember(event *models.Event, rolePrefix string, suffix
 		} else {
 			newRoles := roleKeys
 			if grant.RoleKeys != nil {
-				grant.RoleKeys = mergeExistingRoles(rolePrefix, grant.RoleKeys, newRoles)
+				grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, newRoles)
 			} else {
 				grant.RoleKeys = newRoles
 			}
@@ -276,11 +276,15 @@ func suffixRoles(suffix string, roles []string) []string {
 	return suffixedRoles
 }
 
-func mergeExistingRoles(rolePrefix string, existingRoles, newRoles []string) []string {
+func mergeExistingRoles(rolePrefix, suffix string, existingRoles, newRoles []string) []string {
 	mergedRoles := make([]string, 0)
 	for _, existing := range existingRoles {
 		if !strings.HasPrefix(existing, rolePrefix) {
 			mergedRoles = append(mergedRoles, existing)
+			continue
+		}
+		if suffix != "" && !strings.HasSuffix(existing, suffix) {
+			mergedRoles = append(mergedRoles, existing)
 		}
 	}
 	return append(mergedRoles, newRoles...)