feat: all project grant search query (#2581)

* feat: all project grant search query * feat: all project grant search query
2025-01-06 12:47:37 +00:00 · 2021-10-27 11:26:01 +02:00 · 2021-10-27 11:26:01 +02:00 · cd65fd8c17
commit cd65fd8c17
parent 802fbf175b
7 changed files with 196 additions and 7 deletions
--- a/docs/docs/apis/proto/admin.md
+++ b/docs/docs/apis/proto/admin.md
@ -1433,7 +1433,7 @@ This is an empty response
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.OrgIAMPolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.OrgIAMPolicy |  |



--- a/docs/docs/apis/proto/management.md
+++ b/docs/docs/apis/proto/management.md
@ -1379,6 +1379,19 @@ Limit should always be set, there is a default limit set by the service
    POST: /projects/{project_id}/grants/_search


+### ListAllProjectGrants
+
+> **rpc** ListAllProjectGrants([ListAllProjectGrantsRequest](#listallprojectgrantsrequest))
+[ListAllProjectGrantsResponse](#listallprojectgrantsresponse)
+
+Returns all project grants matching the query, (ProjectGrant = Grant another organisation for my project)
+Limit should always be set, there is a default limit set by the service
+
+
+
+    POST: /projectgrants/_search
+
+
 ### AddProjectGrant

 > **rpc** AddProjectGrant([AddProjectGrantRequest](#addprojectgrantrequest))
@ -4545,7 +4558,7 @@ This is an empty request
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.LabelPolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.LabelPolicy |  |



@ -4563,7 +4576,7 @@ This is an empty request
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.LockoutPolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.LockoutPolicy |  |



@ -4581,7 +4594,7 @@ This is an empty request
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.LoginPolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.LoginPolicy |  |



@ -4718,7 +4731,7 @@ This is an empty request
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.PasswordAgePolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.PasswordAgePolicy |  |



@ -4736,7 +4749,7 @@ This is an empty request
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.PasswordComplexityPolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.PasswordComplexityPolicy |  |



@ -4754,7 +4767,7 @@ This is an empty request
 | Field | Type | Description | Validation |
 | ----- | ---- | ----------- | ----------- |
 | policy |  zitadel.policy.v1.LabelPolicy | - |  |
-| is_default |  bool | - |  |
+| is_default |  bool | deprecated: is_default is also defined in zitadel.policy.v1.LabelPolicy |  |



@ -5084,6 +5097,30 @@ This is an empty response



+### ListAllProjectGrantsRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| query |  zitadel.v1.ListQuery | list limitations and ordering |  |
+| queries | repeated zitadel.project.v1.AllProjectGrantQuery | criterias the client is looking for |  |
+
+
+
+
+### ListAllProjectGrantsResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details |  zitadel.v1.ListDetails | - |  |
+| result | repeated zitadel.project.v1.GrantedProject | - |  |
+
+
+
+
 ### ListAppChangesRequest


--- a/docs/docs/apis/proto/project.md
+++ b/docs/docs/apis/proto/project.md
@ -9,6 +9,20 @@ title: zitadel/project.proto
 ## Messages


+### AllProjectGrantQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.project_name_query |  GrantProjectNameQuery | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.role_key_query |  GrantRoleKeyQuery | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.project_id_query |  ProjectIDQuery | - |  |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.granted_org_id_query |  GrantedOrgIDQuery | - |  |
+
+
+
+
 ### GrantProjectNameQuery


@ -33,6 +47,17 @@ title: zitadel/project.proto



+### GrantedOrgIDQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| granted_org_id |  string | - | string.max_len: 200<br />  |
+
+
+
+
 ### GrantedProject


@ -83,6 +108,17 @@ title: zitadel/project.proto



+### ProjectIDQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| project_id |  string | - | string.max_len: 200<br />  |
+
+
+
+
 ### ProjectNameQuery


--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@ -41,6 +41,27 @@ func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProject
 	}, nil
 }

+func (s *Server) ListAllProjectGrants(ctx context.Context, req *mgmt_pb.ListAllProjectGrantsRequest) (*mgmt_pb.ListAllProjectGrantsResponse, error) {
+	queries, err := listAllProjectGrantsRequestToModel(req)
+	if err != nil {
+		return nil, err
+	}
+	queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+	queries.AppendPermissionQueries(authz.GetRequestPermissionsFromCtx(ctx))
+	grants, err := s.query.SearchProjectGrants(ctx, queries)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.ListAllProjectGrantsResponse{
+		Result: proj_grpc.GrantedProjectViewsToPb(grants.ProjectGrants),
+		Details: object_grpc.ToListDetails(
+			grants.Count,
+			grants.Sequence,
+			grants.Timestamp,
+		),
+	}, nil
+}
+
 func (s *Server) AddProjectGrant(ctx context.Context, req *mgmt_pb.AddProjectGrantRequest) (*mgmt_pb.AddProjectGrantResponse, error) {
 	grant, err := s.command.AddProjectGrant(ctx, AddProjectGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
 	if err != nil {
--- a/internal/api/grpc/management/project_grant_converter.go
+++ b/internal/api/grpc/management/project_grant_converter.go
@ -56,7 +56,48 @@ func ProjectGrantQueryToModel(apiQuery *proj_pb.ProjectGrantQuery) (query.Search
 		return nil, errors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
 	}
 }
+func listAllProjectGrantsRequestToModel(req *mgmt_pb.ListAllProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) {
+	offset, limit, asc := object.ListQueryToModel(req.Query)
+	queries, err := AllProjectGrantQueriesToModel(req)
+	if err != nil {
+		return nil, err
+	}
+	return &query.ProjectGrantSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		Queries: queries,
+	}, nil
+}

+func AllProjectGrantQueriesToModel(req *mgmt_pb.ListAllProjectGrantsRequest) (_ []query.SearchQuery, err error) {
+	queries := make([]query.SearchQuery, 0, len(req.Queries))
+	for _, query := range req.Queries {
+		q, err := AllProjectGrantQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+		queries = append(queries, q)
+	}
+	return queries, nil
+}
+
+func AllProjectGrantQueryToModel(apiQuery *proj_pb.AllProjectGrantQuery) (query.SearchQuery, error) {
+	switch q := apiQuery.Query.(type) {
+	case *proj_pb.AllProjectGrantQuery_ProjectNameQuery:
+		return query.NewProjectGrantProjectNameSearchQuery(object.TextMethodToQuery(q.ProjectNameQuery.Method), q.ProjectNameQuery.Name)
+	case *proj_pb.AllProjectGrantQuery_RoleKeyQuery:
+		return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyQuery.RoleKey)
+	case *proj_pb.AllProjectGrantQuery_ProjectIdQuery:
+		return query.NewProjectGrantProjectIDSearchQuery(q.ProjectIdQuery.ProjectId)
+	case *proj_pb.AllProjectGrantQuery_GrantedOrgIdQuery:
+		return query.NewProjectGrantGrantedOrgIDSearchQuery(q.GrantedOrgIdQuery.GrantedOrgId)
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
+	}
+}
 func AddProjectGrantRequestToDomain(req *mgmt_pb.AddProjectGrantRequest) *domain.ProjectGrant {
 	return &domain.ProjectGrant{
 		ObjectRoot: models.ObjectRoot{
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@ -1437,6 +1437,19 @@ service ManagementService {
        };
    }

+    // Returns all project grants matching the query, (ProjectGrant = Grant another organisation for my project)
+    // Limit should always be set, there is a default limit set by the service
+    rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
+        option (google.api.http) = {
+            post: "/projectgrants/_search"
+            body: "*"
+        };
+
+        option (zitadel.v1.auth_option) = {
+            permission: "project.grant.read"
+        };
+    }
+
    // Add a new project grant (ProjectGrant = Grant another organisation for my project)
    // Project Grant will be listed in granted project of the other organisation
    rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
@ -4027,6 +4040,18 @@ message ListProjectGrantsResponse {
    repeated zitadel.project.v1.GrantedProject result = 2;
 }

+message ListAllProjectGrantsRequest {
+    //list limitations and ordering
+    zitadel.v1.ListQuery query = 1;
+    //criterias the client is looking for
+    repeated zitadel.project.v1.AllProjectGrantQuery queries = 2;
+}
+
+message ListAllProjectGrantsResponse {
+    zitadel.v1.ListDetails details = 1;
+    repeated zitadel.project.v1.GrantedProject result = 2;
+}
+
 message AddProjectGrantRequest {
    string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
    string granted_org_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
--- a/proto/zitadel/project.proto
+++ b/proto/zitadel/project.proto
@ -204,6 +204,17 @@ message ProjectGrantQuery {
    }
 }

+message AllProjectGrantQuery {
+    oneof query {
+        option (validate.required) = true;
+
+        GrantProjectNameQuery project_name_query = 1;
+        GrantRoleKeyQuery role_key_query = 2;
+        ProjectIDQuery project_id_query = 3;
+        GrantedOrgIDQuery granted_org_id_query = 4;
+    }
+}
+
 message GrantProjectNameQuery {
    string name = 1 [
        (validate.rules).string = {max_len: 200},
@ -232,4 +243,22 @@ message GrantRoleKeyQuery {
            description: "defines which text equality method is used"
        }
    ];
+}
+
+message ProjectIDQuery {
+    string project_id = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\""
+        }
+    ];
+}
+
+message GrantedOrgIDQuery {
+    string granted_org_id = 1 [
+        (validate.rules).string = {max_len: 200},
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+            example: "\"69629023906488334\""
+        }
+    ];
 }