mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 07:57:32 +00:00
fix: use query side for requests (#2818)
* refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * refactor: remove unsued methods in repo-interfaces * start * fix(query): membership * fix(auth): list my project orgs * fix(query): member queries and user avatar column * refactor(auth): MyProjectOrgs * fix(queries): member and membership stmts * fix user test * fix(management): use query for project (-grant) members * fix(admin): use query for member calls * fix(api): add domain to org mapping * remove old idp * membership * refactor: remove old files * idp * refactor: use query for idps and idp user links * refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter * gloabl org check for org roles Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Silvan
@@ -2,7 +2,6 @@ package auth
|
||||
|
||||
import (
|
||||
"context"
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/api/grpc/change"
|
||||
@@ -12,7 +11,7 @@ import (
|
||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
||||
)
|
||||
@@ -31,11 +30,18 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
membersShips, err := s.repo.SearchMyUserMemberships(ctx, &user_model.UserMembershipSearchRequest{Queries: []*user_model.UserMembershipSearchQuery{}})
|
||||
|
||||
userQuery, err := query.NewMembershipUserIDQuery(authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, UserMembershipViewsToDomain(membersShips.Result), userGrantsToIDs(grants.Result)...)
|
||||
memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
|
||||
Queries: []query.SearchQuery{userQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, memberships.Memberships, userGrantsToIDs(grants.Result)...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -129,68 +135,141 @@ func (s *Server) ListMyUserGrants(ctx context.Context, req *auth_pb.ListMyUserGr
|
||||
}
|
||||
|
||||
func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProjectOrgsRequest) (*auth_pb.ListMyProjectOrgsResponse, error) {
|
||||
r, err := ListMyProjectOrgsRequestToModel(req)
|
||||
queries, err := ListMyProjectOrgsRequestToQuery(req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.repo.SearchMyProjectOrgs(ctx, r)
|
||||
|
||||
iam, err := s.query.IAMByID(ctx, domain.IAMID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
|
||||
//client of user is not in project of ZITADEL
|
||||
if ctxData.ProjectID != iam.IAMProjectID {
|
||||
grants, err := s.repo.UserGrantsByProjectAndUserID(ctxData.ProjectID, ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ids := make([]string, 0, len(grants))
|
||||
for _, grant := range grants {
|
||||
ids = appendIfNotExists(ids, grant.ResourceOwner)
|
||||
}
|
||||
|
||||
idsQuery, err := query.NewOrgIDsSearchQuery(ids...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries.Queries = append(queries.Queries, idsQuery)
|
||||
} else {
|
||||
memberships, err := s.myOrgsQuery(ctx, ctxData)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if !isIAMAdmin(memberships.Memberships) {
|
||||
ids := make([]string, 0, len(memberships.Memberships))
|
||||
for _, grant := range memberships.Memberships {
|
||||
ids = appendIfNotExists(ids, grant.ResourceOwner)
|
||||
}
|
||||
|
||||
idsQuery, err := query.NewOrgIDsSearchQuery(ids...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries.Queries = append(queries.Queries, idsQuery)
|
||||
}
|
||||
}
|
||||
|
||||
orgs, err := s.query.SearchOrgs(ctx, queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.ListMyProjectOrgsResponse{
|
||||
//TODO: not all details
|
||||
Details: obj_grpc.ToListDetails(res.TotalResult, 0, time.Time{}),
|
||||
Result: org.OrgsToPb(res.Result),
|
||||
Details: obj_grpc.ToListDetails(orgs.Count, orgs.Sequence, orgs.Timestamp),
|
||||
Result: org.OrgsToPb(orgs.Orgs),
|
||||
}, nil
|
||||
}
|
||||
|
||||
func ListMyProjectOrgsRequestToModel(req *auth_pb.ListMyProjectOrgsRequest) (*grant_model.UserGrantSearchRequest, error) {
|
||||
offset, limit, asc := obj_grpc.ListQueryToModel(req.Query)
|
||||
queries, err := org.OrgQueriesToUserGrantModel(req.Queries)
|
||||
func (s *Server) myOrgsQuery(ctx context.Context, ctxData authz.CtxData) (*query.Memberships, error) {
|
||||
userQuery, err := query.NewMembershipUserIDQuery(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &grant_model.UserGrantSearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
return s.query.Memberships(ctx, &query.MembershipSearchQuery{
|
||||
Queries: []query.SearchQuery{userQuery},
|
||||
})
|
||||
}
|
||||
|
||||
func isIAMAdmin(memberships []*query.Membership) bool {
|
||||
for _, m := range memberships {
|
||||
if m.IAM != nil {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func appendIfNotExists(array []string, value string) []string {
|
||||
for _, a := range array {
|
||||
if a == value {
|
||||
return array
|
||||
}
|
||||
}
|
||||
return append(array, value)
|
||||
}
|
||||
|
||||
func ListMyProjectOrgsRequestToQuery(req *auth_pb.ListMyProjectOrgsRequest) (*query.OrgSearchQueries, error) {
|
||||
offset, limit, asc := obj_grpc.ListQueryToModel(req.Query)
|
||||
queries, err := org.OrgQueriesToQuery(req.Queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.OrgSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: queries,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func UserMembershipViewsToDomain(memberships []*user_model.UserMembershipView) []*domain.UserMembership {
|
||||
func membershipToDomain(memberships []*query.Membership) []*domain.UserMembership {
|
||||
result := make([]*domain.UserMembership, len(memberships))
|
||||
for i, membership := range memberships {
|
||||
typ, displayName, aggID, objID := MemberTypeToDomain(membership)
|
||||
result[i] = &domain.UserMembership{
|
||||
UserID: membership.UserID,
|
||||
MemberType: MemberTypeToDomain(membership.MemberType),
|
||||
AggregateID: membership.AggregateID,
|
||||
ObjectID: membership.ObjectID,
|
||||
Roles: membership.Roles,
|
||||
DisplayName: membership.DisplayName,
|
||||
CreationDate: membership.CreationDate,
|
||||
ChangeDate: membership.ChangeDate,
|
||||
ResourceOwner: membership.ResourceOwner,
|
||||
ResourceOwnerName: membership.ResourceOwnerName,
|
||||
Sequence: membership.Sequence,
|
||||
UserID: membership.UserID,
|
||||
MemberType: typ,
|
||||
AggregateID: aggID,
|
||||
ObjectID: objID,
|
||||
Roles: membership.Roles,
|
||||
DisplayName: displayName,
|
||||
CreationDate: membership.CreationDate,
|
||||
ChangeDate: membership.ChangeDate,
|
||||
ResourceOwner: membership.ResourceOwner,
|
||||
//TODO: implement
|
||||
// ResourceOwnerName: membership.ResourceOwnerName,
|
||||
Sequence: membership.Sequence,
|
||||
}
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
func MemberTypeToDomain(mType user_model.MemberType) domain.MemberType {
|
||||
switch mType {
|
||||
case user_model.MemberTypeIam:
|
||||
return domain.MemberTypeIam
|
||||
case user_model.MemberTypeOrganisation:
|
||||
return domain.MemberTypeOrganisation
|
||||
case user_model.MemberTypeProject:
|
||||
return domain.MemberTypeProject
|
||||
case user_model.MemberTypeProjectGrant:
|
||||
return domain.MemberTypeProjectGrant
|
||||
default:
|
||||
return domain.MemberTypeUnspecified
|
||||
func MemberTypeToDomain(m *query.Membership) (_ domain.MemberType, displayName, aggID, objID string) {
|
||||
if m.Org != nil {
|
||||
return domain.MemberTypeOrganisation, m.Org.Name, m.Org.OrgID, ""
|
||||
} else if m.IAM != nil {
|
||||
return domain.MemberTypeIam, m.IAM.Name, m.IAM.IAMID, ""
|
||||
} else if m.Project != nil {
|
||||
return domain.MemberTypeProject, m.Project.Name, m.Project.ProjectID, ""
|
||||
} else if m.ProjectGrant != nil {
|
||||
return domain.MemberTypeProjectGrant, m.ProjectGrant.ProjectName, m.ProjectGrant.ProjectID, m.ProjectGrant.GrantID
|
||||
}
|
||||
return domain.MemberTypeUnspecified, "", "", ""
|
||||
}
|
||||
|
||||
func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
|
||||
|
||||
Reference in New Issue
Block a user