feat: Privacy policy (#1957)

* feat: command side privacy policy

* feat: add privacy policy to api

* feat: add privacy policy query side

* fix: add privacy policy to mgmt api

* fix: add privacy policy to auth and base data

* feat: use privacyPolicy in login gui

* feat: use privacyPolicy in login gui

* feat: test org fatures

* feat: typos

* feat: tos in register

internal/admin/repository/eventsourcing/eventstore/iam.go

@@ -372,6 +372,33 @@ func (repo *IAMRepository) GetDefaultMessageText(ctx context.Context, textType,
 	return iam_es_model.MessageTextViewToModel(text), err
 }
 
+func (repo *IAMRepository) GetDefaultPrivacyPolicy(ctx context.Context) (*iam_model.PrivacyPolicyView, error) {
+	policy, viewErr := repo.View.PrivacyPolicyByAggregateID(repo.SystemDefaults.IamID)
+	if viewErr != nil && !caos_errs.IsNotFound(viewErr) {
+		return nil, viewErr
+	}
+	if caos_errs.IsNotFound(viewErr) {
+		policy = new(iam_es_model.PrivacyPolicyView)
+	}
+	events, esErr := repo.getIAMEvents(ctx, policy.Sequence)
+	if caos_errs.IsNotFound(viewErr) && len(events) == 0 {
+		return nil, caos_errs.ThrowNotFound(nil, "EVENT-84Nfs", "Errors.IAM.PrivacyPolicy.NotFound")
+	}
+	if esErr != nil {
+		logging.Log("EVENT-0p3Fs").WithError(esErr).Debug("error retrieving new events")
+		return iam_es_model.PrivacyViewToModel(policy), nil
+	}
+	policyCopy := *policy
+	for _, event := range events {
+		if err := policyCopy.AppendEvent(event); err != nil {
+			return iam_es_model.PrivacyViewToModel(policy), nil
+		}
+	}
+	result := iam_es_model.PrivacyViewToModel(policy)
+	result.Default = true
+	return result, nil
+}
+
 func (repo *IAMRepository) getIAMEvents(ctx context.Context, sequence uint64) ([]*models.Event, error) {
 	query, err := iam_view.IAMByIDQuery(domain.IAMID, sequence)
 	if err != nil {

internal/admin/repository/eventsourcing/handler/handler.go

@@ -66,6 +66,8 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
 			handler{view, bulkLimit, configs.cycleDuration("MessageText"), errorCount, es}),
 		newFeatures(
 			handler{view, bulkLimit, configs.cycleDuration("Features"), errorCount, es}),
+		newPrivacyPolicy(
+			handler{view, bulkLimit, configs.cycleDuration("PrivacyPolicy"), errorCount, es}),
 	}
 	if static != nil {
 		handlers = append(handlers, newStyling(

internal/admin/repository/eventsourcing/handler/privacy_policy.go

@@ -0,0 +1,106 @@
+package handler
+
+import (
+	"github.com/caos/logging"
+	"github.com/caos/zitadel/internal/eventstore/v1"
+	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
+
+	es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/eventstore/v1/query"
+	"github.com/caos/zitadel/internal/eventstore/v1/spooler"
+	iam_model "github.com/caos/zitadel/internal/iam/repository/view/model"
+	"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
+)
+
+const (
+	privacyPolicyTable = "adminapi.privacy_policies"
+)
+
+type PrivacyPolicy struct {
+	handler
+	subscription *v1.Subscription
+}
+
+func newPrivacyPolicy(handler handler) *PrivacyPolicy {
+	h := &PrivacyPolicy{
+		handler: handler,
+	}
+
+	h.subscribe()
+
+	return h
+}
+
+func (p *PrivacyPolicy) subscribe() {
+	p.subscription = p.es.Subscribe(p.AggregateTypes()...)
+	go func() {
+		for event := range p.subscription.Events {
+			query.ReduceEvent(p, event)
+		}
+	}()
+}
+
+func (p *PrivacyPolicy) ViewModel() string {
+	return privacyPolicyTable
+}
+
+func (p *PrivacyPolicy) AggregateTypes() []es_models.AggregateType {
+	return []es_models.AggregateType{model.OrgAggregate, iam_es_model.IAMAggregate}
+}
+
+func (p *PrivacyPolicy) CurrentSequence() (uint64, error) {
+	sequence, err := p.view.GetLatestPrivacyPolicySequence()
+	if err != nil {
+		return 0, err
+	}
+	return sequence.CurrentSequence, nil
+}
+
+func (p *PrivacyPolicy) EventQuery() (*es_models.SearchQuery, error) {
+	sequence, err := p.view.GetLatestPrivacyPolicySequence()
+	if err != nil {
+		return nil, err
+	}
+	return es_models.NewSearchQuery().
+		AggregateTypeFilter(p.AggregateTypes()...).
+		LatestSequenceFilter(sequence.CurrentSequence), nil
+}
+
+func (p *PrivacyPolicy) Reduce(event *es_models.Event) (err error) {
+	switch event.AggregateType {
+	case model.OrgAggregate, iam_es_model.IAMAggregate:
+		err = p.processPrivacyPolicy(event)
+	}
+	return err
+}
+
+func (p *PrivacyPolicy) processPrivacyPolicy(event *es_models.Event) (err error) {
+	policy := new(iam_model.PrivacyPolicyView)
+	switch event.Type {
+	case iam_es_model.PrivacyPolicyAdded, model.PrivacyPolicyAdded:
+		err = policy.AppendEvent(event)
+	case iam_es_model.PrivacyPolicyChanged, model.PrivacyPolicyChanged:
+		policy, err = p.view.PrivacyPolicyByAggregateID(event.AggregateID)
+		if err != nil {
+			return err
+		}
+		err = policy.AppendEvent(event)
+	case model.PrivacyPolicyRemoved:
+		return p.view.DeletePrivacyPolicy(event.AggregateID, event)
+	default:
+		return p.view.ProcessedPrivacyPolicySequence(event)
+	}
+	if err != nil {
+		return err
+	}
+	return p.view.PutPrivacyPolicy(policy, event)
+}
+
+func (p *PrivacyPolicy) OnError(event *es_models.Event, err error) error {
+	logging.LogWithFields("SPOOL-4N8sw", "id", event.AggregateID).WithError(err).Warn("something went wrong in privacy policy handler")
+	return spooler.HandleError(event, err, p.view.GetLatestPrivacyPolicyFailedEvent, p.view.ProcessedPrivacyPolicyFailedEvent, p.view.ProcessedPrivacyPolicySequence, p.errorCountUntilSkip)
+}
+
+func (p *PrivacyPolicy) OnSuccess() error {
+	return spooler.HandleSuccess(p.view.UpdatePrivacyPolicySpoolerRunTimestamp)
+}

internal/admin/repository/eventsourcing/view/privacy_policy.go

@@ -0,0 +1,53 @@
+package view
+
+import (
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/iam/repository/view"
+	"github.com/caos/zitadel/internal/iam/repository/view/model"
+	global_view "github.com/caos/zitadel/internal/view/repository"
+)
+
+const (
+	privacyPolicyTable = "adminapi.privacy_policies"
+)
+
+func (v *View) PrivacyPolicyByAggregateID(aggregateID string) (*model.PrivacyPolicyView, error) {
+	return view.GetPrivacyPolicyByAggregateID(v.Db, privacyPolicyTable, aggregateID)
+}
+
+func (v *View) PutPrivacyPolicy(policy *model.PrivacyPolicyView, event *models.Event) error {
+	err := view.PutPrivacyPolicy(v.Db, privacyPolicyTable, policy)
+	if err != nil {
+		return err
+	}
+	return v.ProcessedPrivacyPolicySequence(event)
+}
+
+func (v *View) DeletePrivacyPolicy(aggregateID string, event *models.Event) error {
+	err := view.DeletePrivacyPolicy(v.Db, privacyPolicyTable, aggregateID)
+	if err != nil && !errors.IsNotFound(err) {
+		return err
+	}
+	return v.ProcessedPrivacyPolicySequence(event)
+}
+
+func (v *View) GetLatestPrivacyPolicySequence() (*global_view.CurrentSequence, error) {
+	return v.latestSequence(privacyPolicyTable)
+}
+
+func (v *View) ProcessedPrivacyPolicySequence(event *models.Event) error {
+	return v.saveCurrentSequence(privacyPolicyTable, event)
+}
+
+func (v *View) UpdatePrivacyPolicySpoolerRunTimestamp() error {
+	return v.updateSpoolerRunSequence(privacyPolicyTable)
+}
+
+func (v *View) GetLatestPrivacyPolicyFailedEvent(sequence uint64) (*global_view.FailedEvent, error) {
+	return v.latestFailedEvent(privacyPolicyTable, sequence)
+}
+
+func (v *View) ProcessedPrivacyPolicyFailedEvent(failedEvent *global_view.FailedEvent) error {
+	return v.saveFailedEvent(failedEvent)
+}

internal/admin/repository/iam.go

@@ -37,5 +37,7 @@ type IAMRepository interface {
 
 	GetDefaultPasswordLockoutPolicy(ctx context.Context) (*iam_model.PasswordLockoutPolicyView, error)
 
+	GetDefaultPrivacyPolicy(ctx context.Context) (*iam_model.PrivacyPolicyView, error)
+
 	GetDefaultOrgIAMPolicy(ctx context.Context) (*iam_model.OrgIAMPolicyView, error)
 }