fix: use query side for requests (#2818)

* refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * refactor: remove unsued methods in repo-interfaces * start * fix(query): membership * fix(auth): list my project orgs * fix(query): member queries and user avatar column * refactor(auth): MyProjectOrgs * fix(queries): member and membership stmts * fix user test * fix(management): use query for project (-grant) members * fix(admin): use query for member calls * fix(api): add domain to org mapping * remove old idp * membership * refactor: remove old files * idp * refactor: use query for idps and idp user links * refactor(eventstore): rename EventPusher to Command, EventReader to Event, PushEvents to Push and FilterEvents to Filter * gloabl org check for org roles Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-08-12 05:07:31 +00:00 · 2022-01-13 08:58:14 +01:00
parent 3d14653a08
commit b8bec25129
63 changed files with 307 additions and 4926 deletions
--- a/internal/api/grpc/management/iam.go
+++ b/internal/api/grpc/management/iam.go
@@ -7,7 +7,7 @@ import (
 )

 func (s *Server) GetIAM(ctx context.Context, req *mgmt_pb.GetIAMRequest) (*mgmt_pb.GetIAMResponse, error) {
-	iam, err := s.project.GetIAMByID(ctx)
+	iam, err := s.query.IAMByID(ctx, s.systemDefaults.IamID)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/idp.go
+++ b/internal/api/grpc/management/idp.go
@@ -6,6 +6,7 @@ import (
 	"github.com/caos/zitadel/internal/api/authz"
 	idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
 	object_pb "github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/query"
 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )

@@ -18,11 +19,11 @@ func (s *Server) GetOrgIDPByID(ctx context.Context, req *mgmt_pb.GetOrgIDPByIDRe
 }

 func (s *Server) ListOrgIDPs(ctx context.Context, req *mgmt_pb.ListOrgIDPsRequest) (*mgmt_pb.ListOrgIDPsResponse, error) {
-	queries, err := listIDPsToModel(req)
+	queries, err := listIDPsToModel(ctx, req)
 	if err != nil {
 		return nil, err
 	}
-	resp, err := s.query.SearchIDPs(ctx, authz.GetCtxData(ctx).OrgID, queries)
+	resp, err := s.query.IDPs(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
@@ -83,11 +84,17 @@ func (s *Server) RemoveOrgIDP(ctx context.Context, req *mgmt_pb.RemoveOrgIDPRequ
 	if err != nil {
 		return nil, err
 	}
-	externalIDPs, err := s.user.ExternalIDPsByIDPConfigID(ctx, req.IdpId)
+	idpQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(req.IdpId)
 	if err != nil {
 		return nil, err
 	}
-	_, err = s.command.RemoveIDPConfig(ctx, req.IdpId, authz.GetCtxData(ctx).OrgID, idp != nil, externalIDPViewsToDomain(externalIDPs)...)
+	userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
+		Queries: []query.SearchQuery{idpQuery},
+	})
+	if err != nil {
+		return nil, err
+	}
+	_, err = s.command.RemoveIDPConfig(ctx, req.IdpId, authz.GetCtxData(ctx).OrgID, idp != nil, userLinksToDomain(userLinks.Links)...)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/idp_converter.go
+++ b/internal/api/grpc/management/idp_converter.go
@@ -1,6 +1,9 @@
 package management

 import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
 	idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/domain"
@@ -8,7 +11,6 @@ import (
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	iam_model "github.com/caos/zitadel/internal/iam/model"
 	"github.com/caos/zitadel/internal/query"
-	user_model "github.com/caos/zitadel/internal/user/model"
 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )

@@ -83,12 +85,21 @@ func updateJWTConfigToDomain(req *mgmt_pb.UpdateOrgIDPJWTConfigRequest) *domain.
 	}
 }

-func listIDPsToModel(req *mgmt_pb.ListOrgIDPsRequest) (queries *query.IDPSearchQueries, err error) {
+func listIDPsToModel(ctx context.Context, req *mgmt_pb.ListOrgIDPsRequest) (queries *query.IDPSearchQueries, err error) {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
 	q, err := idpQueriesToModel(req.Queries)
 	if err != nil {
 		return nil, err
 	}
+	iamQuery, err := query.NewIDPIDSearchQuery(domain.IAMID)
+	if err != nil {
+		return nil, err
+	}
+	resourceOwnerQuery, err := query.NewIDPResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	q = append(q, resourceOwnerQuery, iamQuery)
 	return &query.IDPSearchQueries{
 		SearchRequest: query.SearchRequest{
 			Offset:        offset,
@@ -148,18 +159,18 @@ func idpConfigTypeToDomain(idpType iam_model.IDPProviderType) domain.IdentityPro
 	}
 }

-func externalIDPViewsToDomain(idps []*user_model.ExternalIDPView) []*domain.UserIDPLink {
-	externalIDPs := make([]*domain.UserIDPLink, len(idps))
+func userLinksToDomain(idps []*query.IDPUserLink) []*domain.UserIDPLink {
+	links := make([]*domain.UserIDPLink, len(idps))
 	for i, idp := range idps {
-		externalIDPs[i] = &domain.UserIDPLink{
+		links[i] = &domain.UserIDPLink{
 			ObjectRoot: models.ObjectRoot{
 				AggregateID:   idp.UserID,
 				ResourceOwner: idp.ResourceOwner,
 			},
-			IDPConfigID:    idp.IDPConfigID,
-			ExternalUserID: idp.ExternalUserID,
-			DisplayName:    idp.UserDisplayName,
+			IDPConfigID:    idp.IDPID,
+			ExternalUserID: idp.ProvidedUserID,
+			DisplayName:    idp.ProvidedUsername,
 		}
 	}
-	return externalIDPs
+	return links
 }
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -208,7 +208,11 @@ func (s *Server) SetPrimaryOrgDomain(ctx context.Context, req *mgmt_pb.SetPrimar
 }

 func (s *Server) ListOrgMemberRoles(ctx context.Context, req *mgmt_pb.ListOrgMemberRolesRequest) (*mgmt_pb.ListOrgMemberRolesResponse, error) {
-	roles := s.org.GetOrgMemberRoles()
+	iam, err := s.iam.IAMByID(ctx, domain.IAMID)
+	if err != nil {
+		return nil, err
+	}
+	roles := s.org.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
 	return &mgmt_pb.ListOrgMemberRolesResponse{
 		Result: roles,
 	}, nil
--- a/internal/api/grpc/management/policy_login.go
+++ b/internal/api/grpc/management/policy_login.go
@@ -9,6 +9,7 @@ import (
 	policy_grpc "github.com/caos/zitadel/internal/api/grpc/policy"
 	"github.com/caos/zitadel/internal/api/grpc/user"
 	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/query"

 	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
 )
@@ -93,11 +94,17 @@ func (s *Server) AddIDPToLoginPolicy(ctx context.Context, req *mgmt_pb.AddIDPToL
 }

 func (s *Server) RemoveIDPFromLoginPolicy(ctx context.Context, req *mgmt_pb.RemoveIDPFromLoginPolicyRequest) (*mgmt_pb.RemoveIDPFromLoginPolicyResponse, error) {
-	externalIDPs, err := s.user.ExternalIDPsByIDPConfigID(ctx, req.IdpId)
+	idpQuery, err := query.NewIDPUserLinkIDPIDSearchQuery(req.IdpId)
 	if err != nil {
 		return nil, err
 	}
-	objectDetails, err := s.command.RemoveIDPProviderFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(externalIDPs)...)
+	userLinks, err := s.query.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{
+		Queries: []query.SearchQuery{idpQuery},
+	})
+	if err != nil {
+		return nil, err
+	}
+	objectDetails, err := s.command.RemoveIDPProviderFromLoginPolicy(ctx, authz.GetCtxData(ctx).OrgID, &domain.IDPProvider{IDPConfigID: req.IdpId}, user.ExternalIDPViewsToExternalIDPs(userLinks.Links)...)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -261,11 +261,17 @@ func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest)
 	if err != nil {
 		return nil, err
 	}
-	membersShips, err := s.user.UserMembershipsByUserID(ctx, req.Id)
+	userQuery, err := query.NewMembershipUserIDQuery(req.Id)
 	if err != nil {
 		return nil, err
 	}
-	objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, UserMembershipViewsToDomain(membersShips), userGrantsToIDs(grants)...)
+	memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
+		Queries: []query.SearchQuery{userQuery},
+	})
+	if err != nil {
+		return nil, err
+	}
+	objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, memberships.Memberships, userGrantsToIDs(grants)...)
 	if err != nil {
 		return nil, err
 	}