feat(queries): user grants (#2838)

* refactor(domain): add user type * fix(projections): start with login names * fix(login_policy): correct handling of user domain claimed event * fix(projections): add members * refactor: simplify member projections * add migration for members * add metadata to member projections * refactor: login name projection * fix: set correct suffixes on login name projections * test(projections): login name reduces * fix: correct cols in reduce member * test(projections): org, iam, project members * member additional cols and conds as opt, add project grant members * fix(migration): members * fix(migration): correct database name * migration version * migs * better naming for member cond and col * split project and project grant members * prepare member columns * feat(queries): membership query * test(queries): membership prepare * fix(queries): multiple projections for latest sequence * fix(api): use query for membership queries in auth and management * feat: org member queries * fix(api): use query for iam member calls * fix(queries): org members * fix(queries): project members * fix(queries): project grant members * fix(query): member queries and user avatar column * member cols * fix(queries): membership stmt * fix user test * fix user test * fix(projections): add user grant projection * fix(user_grant): handle state changes * add state to migration * fix(management): use query for user grant requests * merge eventstore-naming into user-grant-projection * feat(queries): user grants * fix(migrations): version * fix(api): user query for user grants * fix(query): event mappers for usergrant aggregate * fix(projection): correct aggregate for user grants * fix(queries): user grant roles as list contains * cleanup reducers * fix avater_key to avatar_key * tests * cleanup * cleanup * add resourceowner query * fix: user grant project name search query Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-08-11 21:07:31 +00:00 · 2022-01-14 10:45:50 +01:00
parent a63a995269
commit c542cab4f8
29 changed files with 1546 additions and 816 deletions
--- a/internal/api/grpc/user/user_grant.go
+++ b/internal/api/grpc/user/user_grant.go
@@ -1,38 +1,42 @@
 package user

 import (
+	"context"
+	"errors"
+
+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/domain"
-	usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
+	"github.com/caos/zitadel/internal/query"
 	user_pb "github.com/caos/zitadel/pkg/grpc/user"
 )

-func UserGrantsToPb(grants []*usr_grant_model.UserGrantView) []*user_pb.UserGrant {
+func UserGrantsToPb(assetPrefix string, grants []*query.UserGrant) []*user_pb.UserGrant {
 	u := make([]*user_pb.UserGrant, len(grants))
 	for i, grant := range grants {
-		u[i] = UserGrantToPb(grant)
+		u[i] = UserGrantToPb(assetPrefix, grant)
 	}
 	return u
 }

-func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant {
+func UserGrantToPb(assetPrefix string, grant *query.UserGrant) *user_pb.UserGrant {
 	return &user_pb.UserGrant{
 		Id:             grant.ID,
 		UserId:         grant.UserID,
-		State:          ModelUserGrantStateToPb(grant.State),
-		RoleKeys:       grant.RoleKeys,
-		UserName:       grant.UserName,
+		State:          user_pb.UserGrantState_USER_GRANT_STATE_ACTIVE,
+		RoleKeys:       grant.Roles,
+		ProjectId:      grant.ProjectID,
+		OrgId:          grant.ResourceOwner,
+		ProjectGrantId: grant.GrantID,
+		UserName:       grant.Username,
 		FirstName:      grant.FirstName,
 		LastName:       grant.LastName,
 		Email:          grant.Email,
 		DisplayName:    grant.DisplayName,
-		OrgId:          grant.ResourceOwner,
 		OrgDomain:      grant.OrgPrimaryDomain,
 		OrgName:        grant.OrgName,
-		ProjectId:      grant.ProjectID,
 		ProjectName:    grant.ProjectName,
-		ProjectGrantId: grant.GrantID,
-		AvatarUrl:      grant.AvatarURL,
+		AvatarUrl:      domain.AvatarURL(assetPrefix, grant.UserResourceOwner, grant.AvatarURL),
 		Details: object.ToViewDetailsPb(
 			grant.Sequence,
 			grant.CreationDate,
@@ -42,15 +46,18 @@ func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant {
 	}
 }

-func UserGrantQueriesToModel(queries []*user_pb.UserGrantQuery) []*usr_grant_model.UserGrantSearchQuery {
-	q := make([]*usr_grant_model.UserGrantSearchQuery, len(queries))
+func UserGrantQueriesToQuery(ctx context.Context, queries []*user_pb.UserGrantQuery) (q []query.SearchQuery, err error) {
+	q = make([]query.SearchQuery, len(queries))
 	for i, query := range queries {
-		q[i] = UserGrantQueryToModel(query)
+		q[i], err = UserGrantQueryToQuery(ctx, query)
+		if err != nil {
+			return nil, err
+		}
 	}
-	return q
+	return q, nil
 }

-func UserGrantQueryToModel(query *user_pb.UserGrantQuery) *usr_grant_model.UserGrantSearchQuery {
+func UserGrantQueryToQuery(ctx context.Context, query *user_pb.UserGrantQuery) (query.SearchQuery, error) {
 	switch q := query.Query.(type) {
 	case *user_pb.UserGrantQuery_DisplayNameQuery:
 		return UserGrantDisplayNameQueryToModel(q.DisplayNameQuery)
@@ -77,112 +84,77 @@ func UserGrantQueryToModel(query *user_pb.UserGrantQuery) *usr_grant_model.UserG
 	case *user_pb.UserGrantQuery_UserNameQuery:
 		return UserGrantUserNameQueryToModel(q.UserNameQuery)
 	case *user_pb.UserGrantQuery_WithGrantedQuery:
-		return UserGrantWithGrantedQueryToModel(q.WithGrantedQuery)
+		return UserGrantWithGrantedQueryToModel(ctx, q.WithGrantedQuery)
+	case *user_pb.UserGrantQuery_UserTypeQuery:
+		return UserGrantUserTypeQueryToModel(q.UserTypeQuery)
 	default:
-		return nil
+		return nil, errors.New("invalid query")
 	}
 }

-func UserGrantDisplayNameQueryToModel(q *user_pb.UserGrantDisplayNameQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyDisplayName,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.DisplayName,
-	}
+func UserGrantDisplayNameQueryToModel(q *user_pb.UserGrantDisplayNameQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantDisplayNameQuery(q.DisplayName, object.TextMethodToQuery(q.Method))
 }

-func UserGrantEmailQueryToModel(q *user_pb.UserGrantEmailQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyEmail,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.Email,
-	}
+func UserGrantEmailQueryToModel(q *user_pb.UserGrantEmailQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantEmailQuery(q.Email, object.TextMethodToQuery(q.Method))
 }

-func UserGrantFirstNameQueryToModel(q *user_pb.UserGrantFirstNameQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyFirstName,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.FirstName,
-	}
+func UserGrantFirstNameQueryToModel(q *user_pb.UserGrantFirstNameQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantFirstNameQuery(q.FirstName, object.TextMethodToQuery(q.Method))
 }

-func UserGrantLastNameQueryToModel(q *user_pb.UserGrantLastNameQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyLastName,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.LastName,
-	}
+func UserGrantLastNameQueryToModel(q *user_pb.UserGrantLastNameQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantLastNameQuery(q.LastName, object.TextMethodToQuery(q.Method))
 }

-func UserGrantOrgDomainQueryToModel(q *user_pb.UserGrantOrgDomainQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyOrgDomain,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.OrgDomain,
-	}
+func UserGrantOrgDomainQueryToModel(q *user_pb.UserGrantOrgDomainQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantDomainQuery(q.OrgDomain, object.TextMethodToQuery(q.Method))
 }

-func UserGrantOrgNameQueryToModel(q *user_pb.UserGrantOrgNameQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyOrgName,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.OrgName,
-	}
+func UserGrantOrgNameQueryToModel(q *user_pb.UserGrantOrgNameQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantOrgNameQuery(q.OrgName, object.TextMethodToQuery(q.Method))
 }

-func UserGrantProjectIDQueryToModel(q *user_pb.UserGrantProjectIDQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyProjectID,
-		Method: domain.SearchMethodEquals,
-		Value:  q.ProjectId,
-	}
+func UserGrantProjectIDQueryToModel(q *user_pb.UserGrantProjectIDQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantProjectIDSearchQuery(q.ProjectId)
 }

-func UserGrantProjectGrantIDQueryToModel(q *user_pb.UserGrantProjectGrantIDQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyGrantID,
-		Method: domain.SearchMethodEquals,
-		Value:  q.ProjectGrantId,
-	}
+func UserGrantProjectGrantIDQueryToModel(q *user_pb.UserGrantProjectGrantIDQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantGrantIDSearchQuery(q.ProjectGrantId)
 }

-func UserGrantProjectNameQueryToModel(q *user_pb.UserGrantProjectNameQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyProjectName,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.ProjectName,
-	}
+func UserGrantProjectNameQueryToModel(q *user_pb.UserGrantProjectNameQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantProjectNameQuery(q.ProjectName, object.TextMethodToQuery(q.Method))
 }

-func UserGrantRoleKeyQueryToModel(q *user_pb.UserGrantRoleKeyQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyRoleKey,
-		Method: domain.SearchMethodListContains,
-		Value:  q.RoleKey,
-	}
+func UserGrantRoleKeyQueryToModel(q *user_pb.UserGrantRoleKeyQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantRoleQuery(q.RoleKey)
 }

-func UserGrantUserIDQueryToModel(q *user_pb.UserGrantUserIDQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyUserID,
-		Method: domain.SearchMethodEquals,
-		Value:  q.UserId,
-	}
+func UserGrantUserIDQueryToModel(q *user_pb.UserGrantUserIDQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantUserIDSearchQuery(q.UserId)
 }

-func UserGrantUserNameQueryToModel(q *user_pb.UserGrantUserNameQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyUserName,
-		Method: object.TextMethodToModel(q.Method),
-		Value:  q.UserName,
-	}
+func UserGrantUserNameQueryToModel(q *user_pb.UserGrantUserNameQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantUsernameQuery(q.UserName, object.TextMethodToQuery(q.Method))
 }

-func UserGrantWithGrantedQueryToModel(q *user_pb.UserGrantWithGrantedQuery) *usr_grant_model.UserGrantSearchQuery {
-	return &usr_grant_model.UserGrantSearchQuery{
-		Key:    usr_grant_model.UserGrantSearchKeyWithGranted,
-		Method: domain.SearchMethodEquals,
-		Value:  q.WithGranted,
+func UserGrantWithGrantedQueryToModel(ctx context.Context, q *user_pb.UserGrantWithGrantedQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantWithGrantedQuery(authz.GetCtxData(ctx).OrgID)
+}
+
+func UserGrantUserTypeQueryToModel(q *user_pb.UserGrantUserTypeQuery) (query.SearchQuery, error) {
+	return query.NewUserGrantUserTypeQuery(grantTypeToDomain(q.Type))
+}
+
+func grantTypeToDomain(typ user_pb.Type) domain.UserType {
+	switch typ {
+	case user_pb.Type_TYPE_HUMAN:
+		return domain.UserTypeHuman
+	case user_pb.Type_TYPE_MACHINE:
+		return domain.UserTypeMachine
+	default:
+		return domain.UserTypeUnspecified
 	}
 }