chore: move the go code into a subfolder

2025-08-12 03:37:34 +00:00 · 2025-08-05 15:20:32 -07:00
parent 4ad22ba456
commit cd2921de26
2978 changed files with 373 additions and 300 deletions
--- a/apps/api/internal/command/project_grant_member.go
+++ b/apps/api/internal/command/project_grant_member.go
@@ -0,0 +1,205 @@
+package command
+
+import (
+	"context"
+	"slices"
+
+	"github.com/zitadel/zitadel/internal/api/authz"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/repository/project"
+	"github.com/zitadel/zitadel/internal/telemetry/tracing"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+type AddProjectGrantMember struct {
+	ResourceOwner string
+	UserID        string
+	GrantID       string
+	ProjectID     string
+	Roles         []string
+}
+
+func (i *AddProjectGrantMember) IsValid(zitadelRoles []authz.RoleMapping) error {
+	if i.ProjectID == "" || i.GrantID == "" || i.UserID == "" || len(i.Roles) == 0 {
+		return zerrors.ThrowInvalidArgument(nil, "PROJECT-8fi7G", "Errors.Project.Grant.Member.Invalid")
+	}
+	if len(domain.CheckForInvalidRoles(i.Roles, domain.ProjectGrantRolePrefix, zitadelRoles)) > 0 {
+		return zerrors.ThrowInvalidArgument(nil, "PROJECT-m9gKK", "Errors.Project.Grant.Member.Invalid")
+	}
+	return nil
+}
+
+func (c *Commands) AddProjectGrantMember(ctx context.Context, member *AddProjectGrantMember) (_ *domain.ObjectDetails, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	if err := member.IsValid(c.zitadelRoles); err != nil {
+		return nil, err
+	}
+	_, err = c.checkUserExists(ctx, member.UserID, "")
+	if err != nil {
+		return nil, err
+	}
+	grantedOrgID, projectGrantResourceOwner, err := c.checkProjectGrantExists(ctx, member.GrantID, "", member.ProjectID, "")
+	if err != nil {
+		return nil, err
+	}
+	if member.ResourceOwner == "" {
+		member.ResourceOwner = projectGrantResourceOwner
+	}
+	addedMember, err := c.projectGrantMemberWriteModelByID(ctx, member.ProjectID, member.UserID, member.GrantID, member.ResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	// TODO: change e2e tests to use correct resourceowner, wrong resource owner is corrected through aggregate
+	// error if provided resourceowner is not equal to the resourceowner of the project grant
+	//if projectGrantResourceOwner != addedMember.ResourceOwner {
+	//	return nil, zerrors.ThrowPreconditionFailed(nil, "PROJECT-0l10S9OmZV", "Errors.Project.Grant.Invalid")
+	//}
+	if addedMember.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "PROJECT-37fug", "Errors.AlreadyExists")
+	}
+	if err := c.checkPermissionUpdateProjectGrantMember(ctx, grantedOrgID, addedMember.GrantID); err != nil {
+		return nil, err
+	}
+
+	pushedEvents, err := c.eventstore.Push(
+		ctx,
+		project.NewProjectGrantMemberAddedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &addedMember.WriteModel),
+			member.UserID,
+			member.GrantID,
+			member.Roles...,
+		))
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(addedMember, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+
+	return writeModelToObjectDetails(&addedMember.WriteModel), nil
+}
+
+type ChangeProjectGrantMember struct {
+	UserID    string
+	GrantID   string
+	ProjectID string
+	Roles     []string
+}
+
+func (i *ChangeProjectGrantMember) IsValid(zitadelRoles []authz.RoleMapping) error {
+	if i.ProjectID == "" || i.GrantID == "" || i.UserID == "" || len(i.Roles) == 0 {
+		return zerrors.ThrowInvalidArgument(nil, "PROJECT-109fs", "Errors.Project.Grant.Member.Invalid")
+	}
+	if len(domain.CheckForInvalidRoles(i.Roles, domain.ProjectGrantRolePrefix, zitadelRoles)) > 0 {
+		return zerrors.ThrowInvalidArgument(nil, "PROJECT-m0sDf", "Errors.Project.Grant.Member.Invalid")
+	}
+	return nil
+}
+
+// ChangeProjectGrantMember updates an existing member
+func (c *Commands) ChangeProjectGrantMember(ctx context.Context, member *ChangeProjectGrantMember) (*domain.ObjectDetails, error) {
+	if err := member.IsValid(c.zitadelRoles); err != nil {
+		return nil, err
+	}
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, member.GrantID, "", member.ProjectID, "")
+	if err != nil {
+		return nil, err
+	}
+	existingMember, err := c.projectGrantMemberWriteModelByID(ctx, member.ProjectID, member.UserID, member.GrantID, existingGrant.ResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	if !existingMember.State.Exists() {
+		return nil, zerrors.ThrowNotFound(nil, "PROJECT-37fug", "Errors.NotFound")
+	}
+
+	if err := c.checkPermissionUpdateProjectGrantMember(ctx, existingGrant.GrantedOrgID, existingMember.GrantID); err != nil {
+		return nil, err
+	}
+	if slices.Compare(existingMember.Roles, member.Roles) == 0 {
+		return writeModelToObjectDetails(&existingMember.WriteModel), nil
+	}
+
+	pushedEvents, err := c.eventstore.Push(
+		ctx,
+		project.NewProjectGrantMemberChangedEvent(ctx,
+			ProjectAggregateFromWriteModelWithCTX(ctx, &existingMember.WriteModel),
+			member.UserID,
+			member.GrantID,
+			member.Roles...,
+		))
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(existingMember, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+
+	return writeModelToObjectDetails(&existingMember.WriteModel), nil
+}
+
+func (c *Commands) RemoveProjectGrantMember(ctx context.Context, projectID, userID, grantID string) (*domain.ObjectDetails, error) {
+	if projectID == "" || userID == "" || grantID == "" {
+		return nil, zerrors.ThrowInvalidArgument(nil, "PROJECT-66mHd", "Errors.Project.Member.Invalid")
+	}
+	existingGrant, err := c.projectGrantWriteModelByID(ctx, grantID, "", projectID, "")
+	if err != nil {
+		return nil, err
+	}
+	existingMember, err := c.projectGrantMemberWriteModelByID(ctx, projectID, userID, grantID, existingGrant.ResourceOwner)
+	if err != nil {
+		return nil, err
+	}
+	if !existingMember.State.Exists() {
+		return writeModelToObjectDetails(&existingMember.WriteModel), nil
+	}
+	if err := c.checkPermissionDeleteProjectGrantMember(ctx, existingGrant.GrantedOrgID, existingMember.GrantID); err != nil {
+		return nil, err
+	}
+
+	removeEvent := c.removeProjectGrantMember(ctx,
+		ProjectAggregateFromWriteModelWithCTX(ctx, &existingMember.WriteModel),
+		userID,
+		grantID,
+		false,
+	)
+	pushedEvents, err := c.eventstore.Push(ctx, removeEvent)
+	if err != nil {
+		return nil, err
+	}
+	err = AppendAndReduce(existingMember, pushedEvents...)
+	if err != nil {
+		return nil, err
+	}
+	return writeModelToObjectDetails(&existingMember.WriteModel), nil
+}
+
+func (c *Commands) removeProjectGrantMember(ctx context.Context, projectAgg *eventstore.Aggregate, userID, grantID string, cascade bool) eventstore.Command {
+	if cascade {
+		return project.NewProjectGrantMemberCascadeRemovedEvent(
+			ctx,
+			projectAgg,
+			userID,
+			grantID)
+	} else {
+		return project.NewProjectGrantMemberRemovedEvent(ctx, projectAgg, userID, grantID)
+	}
+}
+
+func (c *Commands) projectGrantMemberWriteModelByID(ctx context.Context, projectID, userID, grantID, resourceOwner string) (member *ProjectGrantMemberWriteModel, err error) {
+	ctx, span := tracing.NewSpan(ctx)
+	defer func() { span.EndWithError(err) }()
+
+	writeModel := NewProjectGrantMemberWriteModel(projectID, userID, grantID, resourceOwner)
+	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
+	if err != nil {
+		return nil, err
+	}
+
+	return writeModel, nil
+}