diff --git a/docs/docs/apis/proto/admin.md b/docs/docs/apis/proto/admin.md
index 7f2e0355eb..294e11705f 100644
--- a/docs/docs/apis/proto/admin.md
+++ b/docs/docs/apis/proto/admin.md
@@ -1433,7 +1433,7 @@ This is an empty response
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.OrgIAMPolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.OrgIAMPolicy | |
diff --git a/docs/docs/apis/proto/management.md b/docs/docs/apis/proto/management.md
index 88f2026164..1f6f9659c2 100644
--- a/docs/docs/apis/proto/management.md
+++ b/docs/docs/apis/proto/management.md
@@ -1379,6 +1379,19 @@ Limit should always be set, there is a default limit set by the service
POST: /projects/{project_id}/grants/_search
+### ListAllProjectGrants
+
+> **rpc** ListAllProjectGrants([ListAllProjectGrantsRequest](#listallprojectgrantsrequest))
+[ListAllProjectGrantsResponse](#listallprojectgrantsresponse)
+
+Returns all project grants matching the query, (ProjectGrant = Grant another organisation for my project)
+Limit should always be set, there is a default limit set by the service
+
+
+
+ POST: /projectgrants/_search
+
+
### AddProjectGrant
> **rpc** AddProjectGrant([AddProjectGrantRequest](#addprojectgrantrequest))
@@ -4545,7 +4558,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.LabelPolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.LabelPolicy | |
@@ -4563,7 +4576,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.LockoutPolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.LockoutPolicy | |
@@ -4581,7 +4594,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.LoginPolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.LoginPolicy | |
@@ -4718,7 +4731,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.PasswordAgePolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.PasswordAgePolicy | |
@@ -4736,7 +4749,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.PasswordComplexityPolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.PasswordComplexityPolicy | |
@@ -4754,7 +4767,7 @@ This is an empty request
| Field | Type | Description | Validation |
| ----- | ---- | ----------- | ----------- |
| policy | zitadel.policy.v1.LabelPolicy | - | |
-| is_default | bool | - | |
+| is_default | bool | deprecated: is_default is also defined in zitadel.policy.v1.LabelPolicy | |
@@ -5084,6 +5097,30 @@ This is an empty response
+### ListAllProjectGrantsRequest
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| query | zitadel.v1.ListQuery | list limitations and ordering | |
+| queries | repeated zitadel.project.v1.AllProjectGrantQuery | criterias the client is looking for | |
+
+
+
+
+### ListAllProjectGrantsResponse
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| details | zitadel.v1.ListDetails | - | |
+| result | repeated zitadel.project.v1.GrantedProject | - | |
+
+
+
+
### ListAppChangesRequest
diff --git a/docs/docs/apis/proto/project.md b/docs/docs/apis/proto/project.md
index 0468a98b43..c5d89e0729 100644
--- a/docs/docs/apis/proto/project.md
+++ b/docs/docs/apis/proto/project.md
@@ -9,6 +9,20 @@ title: zitadel/project.proto
## Messages
+### AllProjectGrantQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.project_name_query | GrantProjectNameQuery | - | |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.role_key_query | GrantRoleKeyQuery | - | |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.project_id_query | ProjectIDQuery | - | |
+| [**oneof**](https://developers.google.com/protocol-buffers/docs/proto3#oneof) query.granted_org_id_query | GrantedOrgIDQuery | - | |
+
+
+
+
### GrantProjectNameQuery
@@ -33,6 +47,17 @@ title: zitadel/project.proto
+### GrantedOrgIDQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| granted_org_id | string | - | string.max_len: 200
|
+
+
+
+
### GrantedProject
@@ -83,6 +108,17 @@ title: zitadel/project.proto
+### ProjectIDQuery
+
+
+
+| Field | Type | Description | Validation |
+| ----- | ---- | ----------- | ----------- |
+| project_id | string | - | string.max_len: 200
|
+
+
+
+
### ProjectNameQuery
diff --git a/internal/api/grpc/management/project_grant.go b/internal/api/grpc/management/project_grant.go
index 49aa30e914..07c28feb31 100644
--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@@ -41,6 +41,27 @@ func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProject
}, nil
}
+func (s *Server) ListAllProjectGrants(ctx context.Context, req *mgmt_pb.ListAllProjectGrantsRequest) (*mgmt_pb.ListAllProjectGrantsResponse, error) {
+ queries, err := listAllProjectGrantsRequestToModel(req)
+ if err != nil {
+ return nil, err
+ }
+ queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
+ queries.AppendPermissionQueries(authz.GetRequestPermissionsFromCtx(ctx))
+ grants, err := s.query.SearchProjectGrants(ctx, queries)
+ if err != nil {
+ return nil, err
+ }
+ return &mgmt_pb.ListAllProjectGrantsResponse{
+ Result: proj_grpc.GrantedProjectViewsToPb(grants.ProjectGrants),
+ Details: object_grpc.ToListDetails(
+ grants.Count,
+ grants.Sequence,
+ grants.Timestamp,
+ ),
+ }, nil
+}
+
func (s *Server) AddProjectGrant(ctx context.Context, req *mgmt_pb.AddProjectGrantRequest) (*mgmt_pb.AddProjectGrantResponse, error) {
grant, err := s.command.AddProjectGrant(ctx, AddProjectGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
if err != nil {
diff --git a/internal/api/grpc/management/project_grant_converter.go b/internal/api/grpc/management/project_grant_converter.go
index cbc69cf8b2..6dfae0ec11 100644
--- a/internal/api/grpc/management/project_grant_converter.go
+++ b/internal/api/grpc/management/project_grant_converter.go
@@ -56,7 +56,48 @@ func ProjectGrantQueryToModel(apiQuery *proj_pb.ProjectGrantQuery) (query.Search
return nil, errors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
}
}
+func listAllProjectGrantsRequestToModel(req *mgmt_pb.ListAllProjectGrantsRequest) (*query.ProjectGrantSearchQueries, error) {
+ offset, limit, asc := object.ListQueryToModel(req.Query)
+ queries, err := AllProjectGrantQueriesToModel(req)
+ if err != nil {
+ return nil, err
+ }
+ return &query.ProjectGrantSearchQueries{
+ SearchRequest: query.SearchRequest{
+ Offset: offset,
+ Limit: limit,
+ Asc: asc,
+ },
+ Queries: queries,
+ }, nil
+}
+func AllProjectGrantQueriesToModel(req *mgmt_pb.ListAllProjectGrantsRequest) (_ []query.SearchQuery, err error) {
+ queries := make([]query.SearchQuery, 0, len(req.Queries))
+ for _, query := range req.Queries {
+ q, err := AllProjectGrantQueryToModel(query)
+ if err != nil {
+ return nil, err
+ }
+ queries = append(queries, q)
+ }
+ return queries, nil
+}
+
+func AllProjectGrantQueryToModel(apiQuery *proj_pb.AllProjectGrantQuery) (query.SearchQuery, error) {
+ switch q := apiQuery.Query.(type) {
+ case *proj_pb.AllProjectGrantQuery_ProjectNameQuery:
+ return query.NewProjectGrantProjectNameSearchQuery(object.TextMethodToQuery(q.ProjectNameQuery.Method), q.ProjectNameQuery.Name)
+ case *proj_pb.AllProjectGrantQuery_RoleKeyQuery:
+ return query.NewProjectGrantRoleKeySearchQuery(q.RoleKeyQuery.RoleKey)
+ case *proj_pb.AllProjectGrantQuery_ProjectIdQuery:
+ return query.NewProjectGrantProjectIDSearchQuery(q.ProjectIdQuery.ProjectId)
+ case *proj_pb.AllProjectGrantQuery_GrantedOrgIdQuery:
+ return query.NewProjectGrantGrantedOrgIDSearchQuery(q.GrantedOrgIdQuery.GrantedOrgId)
+ default:
+ return nil, errors.ThrowInvalidArgument(nil, "PROJECT-M099f", "List.Query.Invalid")
+ }
+}
func AddProjectGrantRequestToDomain(req *mgmt_pb.AddProjectGrantRequest) *domain.ProjectGrant {
return &domain.ProjectGrant{
ObjectRoot: models.ObjectRoot{
diff --git a/proto/zitadel/management.proto b/proto/zitadel/management.proto
index 794cb2d7ed..18f0553eab 100644
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -1437,6 +1437,19 @@ service ManagementService {
};
}
+ // Returns all project grants matching the query, (ProjectGrant = Grant another organisation for my project)
+ // Limit should always be set, there is a default limit set by the service
+ rpc ListAllProjectGrants(ListAllProjectGrantsRequest) returns (ListAllProjectGrantsResponse) {
+ option (google.api.http) = {
+ post: "/projectgrants/_search"
+ body: "*"
+ };
+
+ option (zitadel.v1.auth_option) = {
+ permission: "project.grant.read"
+ };
+ }
+
// Add a new project grant (ProjectGrant = Grant another organisation for my project)
// Project Grant will be listed in granted project of the other organisation
rpc AddProjectGrant(AddProjectGrantRequest) returns (AddProjectGrantResponse) {
@@ -4027,6 +4040,18 @@ message ListProjectGrantsResponse {
repeated zitadel.project.v1.GrantedProject result = 2;
}
+message ListAllProjectGrantsRequest {
+ //list limitations and ordering
+ zitadel.v1.ListQuery query = 1;
+ //criterias the client is looking for
+ repeated zitadel.project.v1.AllProjectGrantQuery queries = 2;
+}
+
+message ListAllProjectGrantsResponse {
+ zitadel.v1.ListDetails details = 1;
+ repeated zitadel.project.v1.GrantedProject result = 2;
+}
+
message AddProjectGrantRequest {
string project_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}];
string granted_org_id = 2 [(validate.rules).string = {min_len: 1, max_len: 200}];
diff --git a/proto/zitadel/project.proto b/proto/zitadel/project.proto
index fbf4ee2d62..f5d357f39a 100644
--- a/proto/zitadel/project.proto
+++ b/proto/zitadel/project.proto
@@ -204,6 +204,17 @@ message ProjectGrantQuery {
}
}
+message AllProjectGrantQuery {
+ oneof query {
+ option (validate.required) = true;
+
+ GrantProjectNameQuery project_name_query = 1;
+ GrantRoleKeyQuery role_key_query = 2;
+ ProjectIDQuery project_id_query = 3;
+ GrantedOrgIDQuery granted_org_id_query = 4;
+ }
+}
+
message GrantProjectNameQuery {
string name = 1 [
(validate.rules).string = {max_len: 200},
@@ -232,4 +243,22 @@ message GrantRoleKeyQuery {
description: "defines which text equality method is used"
}
];
+}
+
+message ProjectIDQuery {
+ string project_id = 1 [
+ (validate.rules).string = {max_len: 200},
+ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+ example: "\"69629023906488334\""
+ }
+ ];
+}
+
+message GrantedOrgIDQuery {
+ string granted_org_id = 1 [
+ (validate.rules).string = {max_len: 200},
+ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+ example: "\"69629023906488334\""
+ }
+ ];
}
\ No newline at end of file