TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 11:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

deprecate user grants

Browse Source
This commit is contained in:
Elio Bischof
2025-05-28 12:02:58 +02:00
parent 204530cb73
commit c662d5efce
2 changed files with 61 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
proto/zitadel/auth.proto
View File

@@ -859,6 +859,11 @@ service AuthService {
};
}
// List My Authorizations / User Grants
//
// Deprecated: [List authorizations](apis/resources/authorization_service_v2/authorization-service-list-authorizations.api.mdx) and pass the user ID filter with your users ID to search for your authorizations on granted and owned projects.
//
// Returns a list of the authorizations/user grants the authenticated user has. User grants consist of an organization, a project and 1-n roles.
rpc ListMyUserGrants(ListMyUserGrantsRequest) returns (ListMyUserGrantsResponse) {
option (google.api.http) = {
post: "/usergrants/me/_search"
@@ -869,9 +874,8 @@ service AuthService {
};
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Authorizations/Grants"
summary: "List My Authorizations/Grants";
description: "Returns a list of the authorizations/user grants the authenticated user has. User grants consist of an organization, a project and 1-n roles."
tags: "User Authorizations/Grants";
deprecated: true;
};
}
@@ -908,6 +912,11 @@ service AuthService {
};
}
// List My Project Roles
//
// Deprecated: [List authorizations](apis/resources/authorization_service_v2/authorization-service-list-authorizations.api.mdx) and pass the user ID filter with your users ID and the project ID filter to search for your authorizations on a granted and an owned project.
//
// Returns a list of roles for the authenticated user and for the requesting project.
rpc ListMyProjectPermissions(ListMyProjectPermissionsRequest) returns (ListMyProjectPermissionsResponse) {
option (google.api.http) = {
post: "/permissions/me/_search"
@@ -919,8 +928,7 @@ service AuthService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Authorizations/Grants"
summary: "List My Project Roles";
description: "Returns a list of roles for the authenticated user and for the requesting project (based on the token)."
deprecated: true;
};
}

62
proto/zitadel/management.proto
View File

@@ -4157,6 +4157,11 @@ service ManagementService {
};
}
// Get User Grant By ID
//
// Deprecated: [Get an authorization](apis/resources/authorization_service_v2/authorization-service-get-authorization.api.mdx) by its ID.
//
// Returns a user grant per ID. A user grant is a role a user has for a specific project and organization.
rpc GetUserGrantByID(GetUserGrantByIDRequest) returns (GetUserGrantByIDResponse) {
option (google.api.http) = {
get: "/users/{user_id}/grants/{grant_id}"
@@ -4168,8 +4173,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "User Grant By ID";
description: "Returns a user grant per ID. A user grant is a role a user has for a specific project and organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -4181,6 +4185,11 @@ service ManagementService {
};
}
// Search User Grants
//
// Deprecated: [List authorizations](apis/resources/authorization_service_v2/authorization-service-list-authorizations.api.mdx) and pass the user ID filter to search for a users grants on owned or granted projects.
//
// Returns a list of user grants that match the search queries. User grants are the roles users have for a specific project and organization.
rpc ListUserGrants(ListUserGrantRequest) returns (ListUserGrantResponse) {
option (google.api.http) = {
post: "/users/grants/_search"
@@ -4193,8 +4202,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "Search User Grants";
description: "Returns a list of user grants that match the search queries. User grants are the roles users have for a specific project and organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -4206,6 +4214,12 @@ service ManagementService {
};
}
// Add User Grant
//
// Deprecated: [Add an authorization](apis/resources/authorization_service_v2/authorization-service-add-authorization.api.mdx) to grant a user access to an owned or granted project.
//
// Add a user grant for a specific user. User grants are the roles users have for a specific project and organization.
rpc AddUserGrant(AddUserGrantRequest) returns (AddUserGrantResponse) {
option (google.api.http) = {
post: "/users/{user_id}/grants"
@@ -4218,8 +4232,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "Add User Grant";
description: "Add a user grant for a specific user. User grants are the roles users have for a specific project and organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -4231,6 +4244,11 @@ service ManagementService {
};
}
// Update User Grant
//
// Deprecated: [Update an authorization](apis/resources/authorization_service_v2/authorization-service-update-authorization.api.mdx) to update a users roles on an owned or granted project.
//
// Update the roles of a user grant. User grants are the roles users have for a specific project and organization.
rpc UpdateUserGrant(UpdateUserGrantRequest) returns (UpdateUserGrantResponse) {
option (google.api.http) = {
put: "/users/{user_id}/grants/{grant_id}"
@@ -4243,8 +4261,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "Update User Grants";
description: "Update the roles of a user grant. User grants are the roles users have for a specific project and organization."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -4256,6 +4273,11 @@ service ManagementService {
};
}
// Deactivate User Grant
//
// Deprecated: [Deactivate an authorization](apis/resources/authorization_service_v2/authorization-service-deactivate-authorization.api.mdx) to disable a users access to an owned or granted project.
//
// Deactivate the user grant. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested. An error will be returned if the user grant is already deactivated.
rpc DeactivateUserGrant(DeactivateUserGrantRequest) returns (DeactivateUserGrantResponse) {
option (google.api.http) = {
post: "/users/{user_id}/grants/{grant_id}/_deactivate"
@@ -4281,6 +4303,11 @@ service ManagementService {
};
}
// Reactivate User Grant
//
// Deprecated: [Activate an authorization](apis/resources/authorization_service_v2/authorization-service-activate-authorization.api.mdx) to enable a users access to an owned or granted project.
//
// Reactivate a deactivated user grant. The user will be able to use the granted project again. An error will be returned if the user grant is not deactivated.
rpc ReactivateUserGrant(ReactivateUserGrantRequest) returns (ReactivateUserGrantResponse) {
option (google.api.http) = {
post: "/users/{user_id}/grants/{grant_id}/_reactivate"
@@ -4293,8 +4320,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "Reactivate User Grant";
description: "Reactivate a deactivated user grant. The user will be able to use the granted project again. An error will be returned if the user grant is not deactivated."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -4306,6 +4332,11 @@ service ManagementService {
};
}
// Remove User Grant
//
// Deprecated: [Delete an authorization](apis/resources/authorization_service_v2/authorization-service-delete-authorization.api.mdx) to remove a users access to an owned or granted project.
//
// Removes the user grant from the user. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested.
rpc RemoveUserGrant(RemoveUserGrantRequest) returns (RemoveUserGrantResponse) {
option (google.api.http) = {
delete: "/users/{user_id}/grants/{grant_id}"
@@ -4317,8 +4348,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "Remove User Grant";
description: "Removes the user grant from the user. The user will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";
@@ -4330,6 +4360,11 @@ service ManagementService {
};
}
// Bulk Remove User Grants
//
// Deprecated: [Delete authorizations one after the other](apis/resources/authorization_service_v2/authorization-service-delete-authorization.api.mdx) to remove access for multiple users on multiple owned or granted projects.
//
// Remove a list of user grants. The users will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested.
rpc BulkRemoveUserGrant(BulkRemoveUserGrantRequest) returns (BulkRemoveUserGrantResponse) {
option (google.api.http) = {
delete: "/user_grants/_bulk"
@@ -4342,8 +4377,7 @@ service ManagementService {
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
tags: "User Grants";
summary: "Bulk Remove User Grants";
description: "Remove a list of user grants. The users will not be able to use the granted project anymore. Also, the roles will not be included in the tokens when requested."
deprecated: true;
parameters: {
headers: {
name: "x-zitadel-orgid";