mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 01:27:32 +00:00
feat(queries): user grants (#2838)
* refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * fix(query): member queries and user avatar column * member cols * fix(queries): membership stmt * fix user test * fix user test * fix(projections): add user grant projection * fix(user_grant): handle state changes * add state to migration * fix(management): use query for user grant requests * merge eventstore-naming into user-grant-projection * feat(queries): user grants * fix(migrations): version * fix(api): user query for user grants * fix(query): event mappers for usergrant aggregate * fix(projection): correct aggregate for user grants * fix(queries): user grant roles as list contains * cleanup reducers * fix avater_key to avatar_key * tests * cleanup * cleanup * add resourceowner query * fix: user grant project name search query Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
This commit is contained in:
Silvan
@@ -10,13 +10,10 @@ import (
|
||||
change_grpc "github.com/caos/zitadel/internal/api/grpc/change"
|
||||
idp_grpc "github.com/caos/zitadel/internal/api/grpc/idp"
|
||||
"github.com/caos/zitadel/internal/api/grpc/metadata"
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
|
||||
"github.com/caos/zitadel/internal/api/grpc/user"
|
||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
|
||||
@@ -257,21 +254,27 @@ func (s *Server) UnlockUser(ctx context.Context, req *mgmt_pb.UnlockUserRequest)
|
||||
}
|
||||
|
||||
func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest) (*mgmt_pb.RemoveUserResponse, error) {
|
||||
grants, err := s.usergrant.UserGrantsByUserID(ctx, req.Id)
|
||||
userGrantUserQuery, err := query.NewUserGrantUserIDSearchQuery(req.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userQuery, err := query.NewMembershipUserIDQuery(req.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
|
||||
Queries: []query.SearchQuery{userQuery},
|
||||
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
||||
Queries: []query.SearchQuery{userGrantUserQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, memberships.Memberships, userGrantsToIDs(grants)...)
|
||||
membershipsUserQuery, err := query.NewMembershipUserIDQuery(req.Id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
memberships, err := s.query.Memberships(ctx, &query.MembershipSearchQuery{
|
||||
Queries: []query.SearchQuery{membershipsUserQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
objectDetails, err := s.command.RemoveUser(ctx, req.Id, authz.GetCtxData(ctx).OrgID, memberships.Memberships, userGrantsToIDs(grants.UserGrants)...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -280,7 +283,7 @@ func (s *Server) RemoveUser(ctx context.Context, req *mgmt_pb.RemoveUserRequest)
|
||||
}, nil
|
||||
}
|
||||
|
||||
func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
|
||||
func userGrantsToIDs(userGrants []*query.UserGrant) []string {
|
||||
converted := make([]string, len(userGrants))
|
||||
for i, grant := range userGrants {
|
||||
converted[i] = grant.ID
|
||||
@@ -435,7 +438,7 @@ func (s *Server) RemoveHumanAvatar(ctx context.Context, req *mgmt_pb.RemoveHuman
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.RemoveHumanAvatarResponse{
|
||||
Details: object.DomainToChangeDetailsPb(objectDetails),
|
||||
Details: obj_grpc.DomainToChangeDetailsPb(objectDetails),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -505,7 +508,7 @@ func (s *Server) ListHumanPasswordless(ctx context.Context, req *mgmt_pb.ListHum
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListHumanPasswordlessResponse{
|
||||
Result: user.WebAuthNTokensViewToPb(tokens),
|
||||
Result: user_grpc.WebAuthNTokensViewToPb(tokens),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -516,7 +519,7 @@ func (s *Server) AddPasswordlessRegistration(ctx context.Context, req *mgmt_pb.A
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.AddPasswordlessRegistrationResponse{
|
||||
Details: object.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
|
||||
Details: obj_grpc.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
|
||||
Link: initCode.Link(s.systemDefaults.Notifications.Endpoints.PasswordlessRegistration),
|
||||
Expiration: durationpb.New(initCode.Expiration),
|
||||
}, nil
|
||||
@@ -529,7 +532,7 @@ func (s *Server) SendPasswordlessRegistration(ctx context.Context, req *mgmt_pb.
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.SendPasswordlessRegistrationResponse{
|
||||
Details: object.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
|
||||
Details: obj_grpc.AddToDetailsPb(initCode.Sequence, initCode.ChangeDate, initCode.ResourceOwner),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -606,7 +609,7 @@ func (s *Server) AddMachineKey(ctx context.Context, req *mgmt_pb.AddMachineKeyRe
|
||||
return &mgmt_pb.AddMachineKeyResponse{
|
||||
KeyId: key.KeyID,
|
||||
KeyDetails: keyDetails,
|
||||
Details: object.AddToDetailsPb(
|
||||
Details: obj_grpc.AddToDetailsPb(
|
||||
key.Sequence,
|
||||
key.ChangeDate,
|
||||
key.ResourceOwner,
|
||||
|
||||
Reference in New Issue
Block a user