feat: Privacy policy (#1957)

* feat: command side privacy policy

* feat: add privacy policy to api

* feat: add privacy policy query side

* fix: add privacy policy to mgmt api

* fix: add privacy policy to auth and base data

* feat: use privacyPolicy in login gui

* feat: use privacyPolicy in login gui

* feat: test org fatures

* feat: typos

* feat: tos in register

internal/repository/features/features.go

@@ -36,6 +36,7 @@ type FeaturesSetEvent struct {
 	LabelPolicyWatermark     *bool                 `json:"labelPolicyWatermark,omitempty"`
 	CustomDomain             *bool                 `json:"customDomain,omitempty"`
 	CustomText               *bool                 `json:"customText,omitempty"`
+	PrivacyPolicy            *bool                 `json:"privacyPolicy,omitempty"`
 }
 
 func (e *FeaturesSetEvent) Data() interface{} {
@@ -159,6 +160,13 @@ func ChangeCustomText(customText bool) func(event *FeaturesSetEvent) {
 		e.CustomText = &customText
 	}
 }
+
+func ChangePrivacyPolicy(privacyPolicy bool) func(event *FeaturesSetEvent) {
+	return func(e *FeaturesSetEvent) {
+		e.PrivacyPolicy = &privacyPolicy
+	}
+}
+
 func FeaturesSetEventMapper(event *repository.Event) (eventstore.EventReader, error) {
 	e := &FeaturesSetEvent{
 		BaseEvent: *eventstore.BaseEventFromRepo(event),

internal/repository/iam/eventstore.go

@@ -34,6 +34,8 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(PasswordComplexityPolicyChangedEventType, PasswordComplexityPolicyChangedEventMapper).
 		RegisterFilterEventMapper(PasswordLockoutPolicyAddedEventType, PasswordLockoutPolicyAddedEventMapper).
 		RegisterFilterEventMapper(PasswordLockoutPolicyChangedEventType, PasswordLockoutPolicyChangedEventMapper).
+		RegisterFilterEventMapper(PrivacyPolicyAddedEventType, PrivacyPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PrivacyPolicyChangedEventType, PrivacyPolicyChangedEventMapper).
 		RegisterFilterEventMapper(MemberAddedEventType, MemberAddedEventMapper).
 		RegisterFilterEventMapper(MemberChangedEventType, MemberChangedEventMapper).
 		RegisterFilterEventMapper(MemberRemovedEventType, MemberRemovedEventMapper).

internal/repository/iam/policy_privacy.go

@@ -0,0 +1,75 @@
+package iam
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+const (
+	PrivacyPolicyAddedEventType   = iamEventTypePrefix + policy.PrivacyPolicyAddedEventType
+	PrivacyPolicyChangedEventType = iamEventTypePrefix + policy.PrivacyPolicyChangedEventType
+)
+
+type PrivacyPolicyAddedEvent struct {
+	policy.PrivacyPolicyAddedEvent
+}
+
+func NewPrivacyPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	tosLink,
+	privacyLink string,
+) *PrivacyPolicyAddedEvent {
+	return &PrivacyPolicyAddedEvent{
+		PrivacyPolicyAddedEvent: *policy.NewPrivacyPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PrivacyPolicyAddedEventType),
+			tosLink,
+			privacyLink),
+	}
+}
+
+func PrivacyPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PrivacyPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PrivacyPolicyAddedEvent{PrivacyPolicyAddedEvent: *e.(*policy.PrivacyPolicyAddedEvent)}, nil
+}
+
+type PrivacyPolicyChangedEvent struct {
+	policy.PrivacyPolicyChangedEvent
+}
+
+func NewPrivacyPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.PrivacyPolicyChanges,
+) (*PrivacyPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewPrivacyPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PrivacyPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &PrivacyPolicyChangedEvent{PrivacyPolicyChangedEvent: *changedEvent}, nil
+}
+
+func PrivacyPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PrivacyPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PrivacyPolicyChangedEvent{PrivacyPolicyChangedEvent: *e.(*policy.PrivacyPolicyChangedEvent)}, nil
+}

internal/repository/org/eventstore.go

@@ -56,6 +56,9 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(PasswordLockoutPolicyAddedEventType, PasswordLockoutPolicyAddedEventMapper).
 		RegisterFilterEventMapper(PasswordLockoutPolicyChangedEventType, PasswordLockoutPolicyChangedEventMapper).
 		RegisterFilterEventMapper(PasswordLockoutPolicyRemovedEventType, PasswordLockoutPolicyRemovedEventMapper).
+		RegisterFilterEventMapper(PrivacyPolicyAddedEventType, PrivacyPolicyAddedEventMapper).
+		RegisterFilterEventMapper(PrivacyPolicyChangedEventType, PrivacyPolicyChangedEventMapper).
+		RegisterFilterEventMapper(PrivacyPolicyRemovedEventType, PrivacyPolicyRemovedEventMapper).
 		RegisterFilterEventMapper(MailTemplateAddedEventType, MailTemplateAddedEventMapper).
 		RegisterFilterEventMapper(MailTemplateChangedEventType, MailTemplateChangedEventMapper).
 		RegisterFilterEventMapper(MailTemplateRemovedEventType, MailTemplateRemovedEventMapper).

internal/repository/org/policy_privacy.go

@@ -0,0 +1,103 @@
+package org
+
+import (
+	"context"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/eventstore/repository"
+	"github.com/caos/zitadel/internal/repository/policy"
+)
+
+var (
+	PrivacyPolicyAddedEventType   = orgEventTypePrefix + policy.PrivacyPolicyAddedEventType
+	PrivacyPolicyChangedEventType = orgEventTypePrefix + policy.PrivacyPolicyChangedEventType
+	PrivacyPolicyRemovedEventType = orgEventTypePrefix + policy.PrivacyPolicyRemovedEventType
+)
+
+type PrivacyPolicyAddedEvent struct {
+	policy.PrivacyPolicyAddedEvent
+}
+
+func NewPrivacyPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	tosLink,
+	privacyLink string,
+) *PrivacyPolicyAddedEvent {
+	return &PrivacyPolicyAddedEvent{
+		PrivacyPolicyAddedEvent: *policy.NewPrivacyPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PrivacyPolicyAddedEventType),
+			tosLink,
+			privacyLink),
+	}
+}
+
+func PrivacyPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PrivacyPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PrivacyPolicyAddedEvent{PrivacyPolicyAddedEvent: *e.(*policy.PrivacyPolicyAddedEvent)}, nil
+}
+
+type PrivacyPolicyChangedEvent struct {
+	policy.PrivacyPolicyChangedEvent
+}
+
+func NewPrivacyPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.PrivacyPolicyChanges,
+) (*PrivacyPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewPrivacyPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			PrivacyPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &PrivacyPolicyChangedEvent{PrivacyPolicyChangedEvent: *changedEvent}, nil
+}
+
+func PrivacyPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PrivacyPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PrivacyPolicyChangedEvent{PrivacyPolicyChangedEvent: *e.(*policy.PrivacyPolicyChangedEvent)}, nil
+}
+
+type PrivacyPolicyRemovedEvent struct {
+	policy.PrivacyPolicyRemovedEvent
+}
+
+func NewPrivacyPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *PrivacyPolicyRemovedEvent {
+	return &PrivacyPolicyRemovedEvent{
+		PrivacyPolicyRemovedEvent: *policy.NewPrivacyPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				PrivacyPolicyRemovedEventType),
+		),
+	}
+}
+
+func PrivacyPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e, err := policy.PrivacyPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &PrivacyPolicyRemovedEvent{PrivacyPolicyRemovedEvent: *e.(*policy.PrivacyPolicyRemovedEvent)}, nil
+}

internal/repository/policy/policy_privacy.go

@@ -0,0 +1,136 @@
+package policy
+
+import (
+	"encoding/json"
+	"github.com/caos/zitadel/internal/eventstore"
+
+	"github.com/caos/zitadel/internal/errors"
+	"github.com/caos/zitadel/internal/eventstore/repository"
+)
+
+const (
+	PrivacyPolicyAddedEventType   = "policy.privacy.added"
+	PrivacyPolicyChangedEventType = "policy.privacy.changed"
+	PrivacyPolicyRemovedEventType = "policy.privacy.removed"
+)
+
+type PrivacyPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	TOSLink     string `json:"tosLink,omitempty"`
+	PrivacyLink string `json:"privacyLink,omitempty"`
+}
+
+func (e *PrivacyPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PrivacyPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPrivacyPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	tosLink,
+	privacyLink string,
+) *PrivacyPolicyAddedEvent {
+	return &PrivacyPolicyAddedEvent{
+		BaseEvent:   *base,
+		TOSLink:     tosLink,
+		PrivacyLink: privacyLink,
+	}
+}
+
+func PrivacyPolicyAddedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PrivacyPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-2k0fs", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PrivacyPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	TOSLink     *string `json:"tosLink,omitempty"`
+	PrivacyLink *string `json:"privacyLink,omitempty"`
+}
+
+func (e *PrivacyPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *PrivacyPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPrivacyPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []PrivacyPolicyChanges,
+) (*PrivacyPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-PPo0s", "Errors.NoChangesFound")
+	}
+	changeEvent := &PrivacyPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type PrivacyPolicyChanges func(*PrivacyPolicyChangedEvent)
+
+func ChangeTOSLink(tosLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.TOSLink = &tosLink
+	}
+}
+
+func ChangePrivacyLink(privacyLink string) func(*PrivacyPolicyChangedEvent) {
+	return func(e *PrivacyPolicyChangedEvent) {
+		e.PrivacyLink = &privacyLink
+	}
+}
+
+func PrivacyPolicyChangedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	e := &PrivacyPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-22nf9", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type PrivacyPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *PrivacyPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *PrivacyPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewPrivacyPolicyRemovedEvent(base *eventstore.BaseEvent) *PrivacyPolicyRemovedEvent {
+	return &PrivacyPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func PrivacyPolicyRemovedEventMapper(event *repository.Event) (eventstore.EventReader, error) {
+	return &PrivacyPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}