diff --git a/internal/admin/repository/eventsourcing/eventstore/org.go b/internal/admin/repository/eventsourcing/eventstore/org.go index 5082532e9c..b2f639e321 100644 --- a/internal/admin/repository/eventsourcing/eventstore/org.go +++ b/internal/admin/repository/eventsourcing/eventstore/org.go @@ -29,12 +29,12 @@ func (repo *OrgRepo) SetUpOrg(ctx context.Context, setUp *admin_model.SetupOrg) return nil, err } - user, userAggregate, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, org.AggregateID) + user, userAggregates, err := repo.UserEventstore.PrepareCreateUser(ctx, setUp.User, org.AggregateID) if err != nil { return nil, err } - aggregates = append(aggregates, userAggregate) + aggregates = append(aggregates, userAggregates...) setupModel := &Setup{Org: org, User: user} member := org_model.NewOrgMemberWithRoles(org.AggregateID, user.AggregateID, "ORG_ADMIN") //TODO: role as const diff --git a/internal/auth/repository/eventsourcing/handler/user.go b/internal/auth/repository/eventsourcing/handler/user.go index 3177653e11..aca0ab265e 100644 --- a/internal/auth/repository/eventsourcing/handler/user.go +++ b/internal/auth/repository/eventsourcing/handler/user.go @@ -60,7 +60,7 @@ func (p *User) Process(event *models.Event) (err error) { return err } err = user.AppendEvent(event) - case es_model.UserDeleted: + case es_model.UserRemoved: err = p.view.DeleteUser(event.AggregateID, event.Sequence) default: return p.view.ProcessedUserSequence(event.Sequence) diff --git a/internal/eventstore/eventstore.go b/internal/eventstore/eventstore.go index 63e1e542e7..0a93955cf8 100644 --- a/internal/eventstore/eventstore.go +++ b/internal/eventstore/eventstore.go @@ -41,7 +41,6 @@ func (es *eventstore) PushAggregates(ctx context.Context, aggregates ...*models. if err != nil { return err } - return nil } diff --git a/internal/management/repository/eventsourcing/handler/user.go b/internal/management/repository/eventsourcing/handler/user.go index 7805e41748..2de362be71 100644 --- a/internal/management/repository/eventsourcing/handler/user.go +++ b/internal/management/repository/eventsourcing/handler/user.go @@ -60,7 +60,7 @@ func (p *User) Process(event *models.Event) (err error) { return err } err = user.AppendEvent(event) - case es_model.UserDeleted: + case es_model.UserRemoved: err = p.view.DeleteUser(event.AggregateID, event.Sequence) default: return p.view.ProcessedUserSequence(event.Sequence) diff --git a/internal/notification/repository/eventsourcing/handler/notify_user.go b/internal/notification/repository/eventsourcing/handler/notify_user.go index 97715064ca..b99de4efd3 100644 --- a/internal/notification/repository/eventsourcing/handler/notify_user.go +++ b/internal/notification/repository/eventsourcing/handler/notify_user.go @@ -52,7 +52,7 @@ func (p *NotifyUser) Process(event *models.Event) (err error) { return err } err = user.AppendEvent(event) - case es_model.UserDeleted: + case es_model.UserRemoved: err = p.view.DeleteNotifyUser(event.AggregateID, event.Sequence) default: return p.view.ProcessedNotifyUserSequence(event.Sequence) diff --git a/internal/org/model/types.go b/internal/org/model/types.go index 15c2c7f7c7..7b9caf8798 100644 --- a/internal/org/model/types.go +++ b/internal/org/model/types.go @@ -11,6 +11,7 @@ const ( OrgChanged models.EventType = "org.changed" OrgDeactivated models.EventType = "org.deactivated" OrgReactivated models.EventType = "org.reactivated" + OrgRemoved models.EventType = "org.removed" OrgNameReserved models.EventType = "org.name.reserved" OrgNameReleased models.EventType = "org.name.released" diff --git a/internal/org/repository/eventsourcing/org_member.go b/internal/org/repository/eventsourcing/org_member.go index c0baba71ac..106ca3ff2f 100644 --- a/internal/org/repository/eventsourcing/org_member.go +++ b/internal/org/repository/eventsourcing/org_member.go @@ -20,7 +20,7 @@ func orgMemberAddedAggregate(ctx context.Context, aggCreator *es_models.Aggregat } validationQuery := es_models.NewSearchQuery(). - AggregateTypeFilter("org", "user"). + AggregateTypeFilter(org_model.OrgAggregate, usr_model.UserAggregate). AggregateIDsFilter(member.AggregateID, member.UserID) validation := addMemberValidation(aggregate, member) diff --git a/internal/project/model/project.go b/internal/project/model/project.go index dd2f7b4a4e..136c09890d 100644 --- a/internal/project/model/project.go +++ b/internal/project/model/project.go @@ -20,6 +20,7 @@ type ProjectState int32 const ( PROJECTSTATE_ACTIVE ProjectState = iota PROJECTSTATE_INACTIVE + PROJECTSTATE_REMOVED ) func NewProject(id string) *Project { diff --git a/internal/project/repository/eventsourcing/model/project.go b/internal/project/repository/eventsourcing/model/project.go index f1ff689147..56b60198fe 100644 --- a/internal/project/repository/eventsourcing/model/project.go +++ b/internal/project/repository/eventsourcing/model/project.go @@ -88,6 +88,8 @@ func (p *Project) AppendEvent(event *es_models.Event) error { return p.appendDeactivatedEvent() case ProjectReactivated: return p.appendReactivatedEvent() + case ProjectRemoved: + return p.appendRemovedEvent() case ProjectMemberAdded: return p.appendAddMemberEvent(event) case ProjectMemberChanged: @@ -150,6 +152,11 @@ func (p *Project) appendReactivatedEvent() error { return nil } +func (p *Project) appendRemovedEvent() error { + p.State = int32(model.PROJECTSTATE_REMOVED) + return nil +} + func (p *Project) setData(event *es_models.Event) error { if err := json.Unmarshal(event.Data, p); err != nil { logging.Log("EVEN-lo9sr").WithError(err).Error("could not unmarshal event data") diff --git a/internal/project/repository/eventsourcing/model/project_grant.go b/internal/project/repository/eventsourcing/model/project_grant.go index 84956397cf..4f5c61d6e3 100644 --- a/internal/project/repository/eventsourcing/model/project_grant.go +++ b/internal/project/repository/eventsourcing/model/project_grant.go @@ -31,6 +31,15 @@ func GetProjectGrant(grants []*ProjectGrant, id string) (int, *ProjectGrant) { return -1, nil } +func GetProjectGrantByResourceOwner(grants []*ProjectGrant, resourceOwner string) (int, *ProjectGrant) { + for i, g := range grants { + if g.ResourceOwner == resourceOwner { + return i, g + } + } + return -1, nil +} + func (g *ProjectGrant) Changes(changed *ProjectGrant) map[string]interface{} { changes := make(map[string]interface{}, 1) changes["grantId"] = g.GrantID diff --git a/internal/project/repository/eventsourcing/model/types.go b/internal/project/repository/eventsourcing/model/types.go index 0dc8e60aab..787cc23264 100644 --- a/internal/project/repository/eventsourcing/model/types.go +++ b/internal/project/repository/eventsourcing/model/types.go @@ -9,6 +9,7 @@ const ( ProjectChanged models.EventType = "project.changed" ProjectDeactivated models.EventType = "project.deactivated" ProjectReactivated models.EventType = "project.reactivated" + ProjectRemoved models.EventType = "project.removed" ProjectMemberAdded models.EventType = "project.member.added" ProjectMemberChanged models.EventType = "project.member.changed" diff --git a/internal/user/repository/eventsourcing/eventstore.go b/internal/user/repository/eventsourcing/eventstore.go index 7545724149..2201e743fb 100644 --- a/internal/user/repository/eventsourcing/eventstore.go +++ b/internal/user/repository/eventsourcing/eventstore.go @@ -90,12 +90,11 @@ func (es *UserEventstore) UserByID(ctx context.Context, id string) (*usr_model.U return model.UserToModel(user), nil } -func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*model.User, *es_models.Aggregate, error) { +func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*model.User, []*es_models.Aggregate, error) { user.SetEmailAsUsername() if !user.IsValid() { return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9dk45", "User is invalid") } - //TODO: Check Uniqueness id, err := es.idGenerator.NextID() if err != nil { return nil, nil, err @@ -119,18 +118,18 @@ func (es *UserEventstore) PrepareCreateUser(ctx context.Context, user *usr_model repoInitCode := model.InitCodeFromModel(user.InitCode) repoPhoneCode := model.PhoneCodeFromModel(user.PhoneCode) - createAggregate, err := UserCreateAggregate(ctx, es.AggregateCreator(), repoUser, repoInitCode, repoPhoneCode, resourceOwner) + createAggregates, err := UserCreateAggregate(ctx, es.AggregateCreator(), repoUser, repoInitCode, repoPhoneCode, resourceOwner) - return repoUser, createAggregate, err + return repoUser, createAggregates, err } func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User) (*usr_model.User, error) { - repoUser, aggregate, err := es.PrepareCreateUser(ctx, user, "") + repoUser, aggregates, err := es.PrepareCreateUser(ctx, user, "") if err != nil { return nil, err } - err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoUser.AppendEvents, aggregate) + err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoUser.AppendEvents, aggregates...) if err != nil { return nil, err } @@ -139,12 +138,11 @@ func (es *UserEventstore) CreateUser(ctx context.Context, user *usr_model.User) return model.UserToModel(repoUser), nil } -func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*model.User, *es_models.Aggregate, error) { +func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*model.User, []*es_models.Aggregate, error) { user.SetEmailAsUsername() if !user.IsValid() || user.Password == nil || user.SecretString == "" { return nil, nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-9dk45", "user is invalid") } - //TODO: Check Uniqueness id, err := es.idGenerator.NextID() if err != nil { return nil, nil, err @@ -163,17 +161,17 @@ func (es *UserEventstore) PrepareRegisterUser(ctx context.Context, user *usr_mod repoUser := model.UserFromModel(user) repoEmailCode := model.EmailCodeFromModel(user.EmailCode) - aggregate, err := UserRegisterAggregate(ctx, es.AggregateCreator(), repoUser, resourceOwner, repoEmailCode) - return repoUser, aggregate, err + aggregates, err := UserRegisterAggregate(ctx, es.AggregateCreator(), repoUser, resourceOwner, repoEmailCode) + return repoUser, aggregates, err } func (es *UserEventstore) RegisterUser(ctx context.Context, user *usr_model.User, resourceOwner string) (*usr_model.User, error) { - repoUser, createAggregate, err := es.PrepareRegisterUser(ctx, user, resourceOwner) + repoUser, createAggregates, err := es.PrepareRegisterUser(ctx, user, resourceOwner) if err != nil { return nil, err } - err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoUser.AppendEvents, createAggregate) + err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoUser.AppendEvents, createAggregates...) if err != nil { return nil, err } @@ -550,8 +548,11 @@ func (es *UserEventstore) ChangeEmail(ctx context.Context, email *usr_model.Emai repoNew := model.EmailFromModel(email) repoEmailCode := model.EmailCodeFromModel(emailCode) - updateAggregate := EmailChangeAggregate(es.AggregateCreator(), repoExisting, repoNew, repoEmailCode) - err = es_sdk.Push(ctx, es.PushAggregates, repoExisting.AppendEvents, updateAggregate) + updateAggregates, err := EmailChangeAggregate(ctx, es.AggregateCreator(), repoExisting, repoNew, repoEmailCode) + if err != nil { + return nil, err + } + err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoExisting.AppendEvents, updateAggregates...) if err != nil { return nil, err } diff --git a/internal/user/repository/eventsourcing/model/types.go b/internal/user/repository/eventsourcing/model/types.go index 1ba79757d8..f2cbe799b0 100644 --- a/internal/user/repository/eventsourcing/model/types.go +++ b/internal/user/repository/eventsourcing/model/types.go @@ -21,7 +21,7 @@ const ( UserUnlocked models.EventType = "user.unlocked" UserDeactivated models.EventType = "user.deactivated" UserReactivated models.EventType = "user.reactivated" - UserDeleted models.EventType = "user.deleted" + UserRemoved models.EventType = "user.removed" UserPasswordChanged models.EventType = "user.password.changed" UserPasswordCodeAdded models.EventType = "user.password.code.added" diff --git a/internal/user/repository/eventsourcing/user.go b/internal/user/repository/eventsourcing/user.go index 461d2998b5..97d8870f49 100644 --- a/internal/user/repository/eventsourcing/user.go +++ b/internal/user/repository/eventsourcing/user.go @@ -2,7 +2,6 @@ package eventsourcing import ( "context" - "github.com/caos/zitadel/internal/errors" es_models "github.com/caos/zitadel/internal/eventstore/models" es_sdk "github.com/caos/zitadel/internal/eventstore/sdk" @@ -23,6 +22,22 @@ func UserQuery(latestSequence uint64) *es_models.SearchQuery { LatestSequenceFilter(latestSequence) } +func UserUserNameUniqueQuery(userName string) *es_models.SearchQuery { + return es_models.NewSearchQuery(). + AggregateTypeFilter(model.UserUserNameAggregate). + AggregateIDFilter(userName). + OrderDesc(). + SetLimit(1) +} + +func UserEmailUniqueQuery(email string) *es_models.SearchQuery { + return es_models.NewSearchQuery(). + AggregateTypeFilter(model.UserEmailAggregate). + AggregateIDFilter(email). + OrderDesc(). + SetLimit(1) +} + func UserAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User) (*es_models.Aggregate, error) { if user == nil { return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "existing user should not be nil") @@ -38,11 +53,12 @@ func UserAggregateOverwriteContext(ctx context.Context, aggCreator *es_models.Ag return aggCreator.NewAggregate(ctx, user.AggregateID, model.UserAggregate, model.UserVersion, user.Sequence, es_models.OverwriteResourceOwner(resourceOwnerID), es_models.OverwriteEditorUser(userID)) } -func UserCreateAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, initCode *model.InitUserCode, phoneCode *model.PhoneCode, resourceOwner string) (agg *es_models.Aggregate, err error) { +func UserCreateAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, initCode *model.InitUserCode, phoneCode *model.PhoneCode, resourceOwner string) (_ []*es_models.Aggregate, err error) { if user == nil { return nil, errors.ThrowPreconditionFailed(nil, "EVENT-duxk2", "user should not be nil") } + var agg *es_models.Aggregate if resourceOwner != "" { agg, err = UserAggregateOverwriteContext(ctx, aggCreator, user, user.AggregateID, resourceOwner) } else { @@ -80,10 +96,18 @@ func UserCreateAggregate(ctx context.Context, aggCreator *es_models.AggregateCre return nil, err } } - return agg, err + uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner) + if err != nil { + return nil, err + } + return []*es_models.Aggregate{ + agg, + uniqueAggregates[0], + uniqueAggregates[1], + }, nil } -func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string, emailCode *model.EmailCode) (*es_models.Aggregate, error) { +func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string, emailCode *model.EmailCode) ([]*es_models.Aggregate, error) { if user == nil || resourceOwner == "" || emailCode == nil { return nil, errors.ThrowPreconditionFailed(nil, "EVENT-duxk2", "user, resourceowner, emailcode should not be nothing") } @@ -97,7 +121,82 @@ func UserRegisterAggregate(ctx context.Context, aggCreator *es_models.AggregateC if err != nil { return nil, err } - return agg.AppendEvent(model.UserEmailCodeAdded, emailCode) + agg, err = agg.AppendEvent(model.UserEmailCodeAdded, emailCode) + if err != nil { + return nil, err + } + uniqueAggregates, err := getUniqueUserAggregates(ctx, aggCreator, user, resourceOwner) + if err != nil { + return nil, err + } + return []*es_models.Aggregate{ + agg, + uniqueAggregates[0], + uniqueAggregates[1], + }, nil +} + +func getUniqueUserAggregates(ctx context.Context, aggCreator *es_models.AggregateCreator, user *model.User, resourceOwner string) ([]*es_models.Aggregate, error) { + userNameAggregate, err := reservedUniqueUserNameAggregate(ctx, aggCreator, resourceOwner, user.UserName) + if err != nil { + return nil, err + } + + emailAggregate, err := reservedUniqueEmailAggregate(ctx, aggCreator, resourceOwner, user.EmailAddress) + if err != nil { + return nil, err + } + return []*es_models.Aggregate{ + userNameAggregate, + emailAggregate, + }, nil +} +func reservedUniqueUserNameAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, userName string) (*es_models.Aggregate, error) { + aggregate, err := aggCreator.NewAggregate(ctx, userName, model.UserUserNameAggregate, model.UserVersion, 0) + if resourceOwner != "" { + aggregate, err = aggCreator.NewAggregate(ctx, userName, model.UserUserNameAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner)) + } + if err != nil { + return nil, err + } + aggregate, err = aggregate.AppendEvent(model.UserUserNameReserved, nil) + if err != nil { + return nil, err + } + + return aggregate.SetPrecondition(UserUserNameUniqueQuery(userName), isEventValidation(aggregate, model.UserUserNameReserved)), nil +} + +func reservedUniqueEmailAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, email string) (aggregate *es_models.Aggregate, err error) { + aggregate, err = aggCreator.NewAggregate(ctx, email, model.UserEmailAggregate, model.UserVersion, 0) + if resourceOwner != "" { + aggregate, err = aggCreator.NewAggregate(ctx, email, model.UserEmailAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner)) + } + if err != nil { + return nil, err + } + aggregate, err = aggregate.AppendEvent(model.UserEmailReserved, nil) + if err != nil { + return nil, err + } + + return aggregate.SetPrecondition(UserEmailUniqueQuery(email), isEventValidation(aggregate, model.UserEmailReserved)), nil +} + +func releasedUniqueEmailAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, resourceOwner, email string) (aggregate *es_models.Aggregate, err error) { + aggregate, err = aggCreator.NewAggregate(ctx, email, model.UserEmailAggregate, model.UserVersion, 0) + if resourceOwner != "" { + aggregate, err = aggCreator.NewAggregate(ctx, email, model.UserEmailAggregate, model.UserVersion, 0, es_models.OverwriteResourceOwner(resourceOwner)) + } + if err != nil { + return nil, err + } + aggregate, err = aggregate.AppendEvent(model.UserEmailReleased, nil) + if err != nil { + return nil, err + } + + return aggregate.SetPrecondition(UserEmailUniqueQuery(email), isEventValidation(aggregate, model.UserEmailReleased)), nil } func UserDeactivateAggregate(aggCreator *es_models.AggregateCreator, user *model.User) func(ctx context.Context) (*es_models.Aggregate, error) { @@ -231,38 +330,54 @@ func ProfileChangeAggregate(aggCreator *es_models.AggregateCreator, existing *mo } } -func EmailChangeAggregate(aggCreator *es_models.AggregateCreator, existing *model.User, email *model.Email, code *model.EmailCode) func(ctx context.Context) (*es_models.Aggregate, error) { - return func(ctx context.Context) (*es_models.Aggregate, error) { - if email == nil { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dki8s", "email should not be nil") - } - if (!email.IsEmailVerified && code == nil) || (email.IsEmailVerified && code != nil) { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-id934", "email has to be verified or code must be sent") - } - agg, err := UserAggregate(ctx, aggCreator, existing) - if err != nil { - return nil, err - } - changes := existing.Email.Changes(email) - if len(changes) == 0 { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-s90pw", "no changes found") - } - agg, err = agg.AppendEvent(model.UserEmailChanged, changes) - if err != nil { - return nil, err - } - if existing.Email == nil { - existing.Email = new(model.Email) - } - if email.IsEmailVerified { - return agg.AppendEvent(model.UserEmailVerified, code) - } - if code != nil { - return agg.AppendEvent(model.UserEmailCodeAdded, code) - } - return agg, nil +func EmailChangeAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.User, email *model.Email, code *model.EmailCode) ([]*es_models.Aggregate, error) { + if email == nil { + return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dki8s", "email should not be nil") } + if (!email.IsEmailVerified && code == nil) || (email.IsEmailVerified && code != nil) { + return nil, errors.ThrowPreconditionFailed(nil, "EVENT-id934", "email has to be verified or code must be sent") + } + changes := existing.Email.Changes(email) + if len(changes) == 0 { + return nil, errors.ThrowPreconditionFailed(nil, "EVENT-s90pw", "no changes found") + } + aggregates := make([]*es_models.Aggregate, 0, 4) + reserveEmailAggregate, err := reservedUniqueEmailAggregate(ctx, aggCreator, "", email.EmailAddress) + if err != nil { + return nil, err + } + aggregates = append(aggregates, reserveEmailAggregate) + releaseEmailAggregate, err := releasedUniqueEmailAggregate(ctx, aggCreator, "", existing.EmailAddress) + if err != nil { + return nil, err + } + aggregates = append(aggregates, releaseEmailAggregate) + agg, err := UserAggregate(ctx, aggCreator, existing) + if err != nil { + return nil, err + } + agg, err = agg.AppendEvent(model.UserEmailChanged, changes) + if err != nil { + return nil, err + } + if existing.Email == nil { + existing.Email = new(model.Email) + } + if email.IsEmailVerified { + agg, err = agg.AppendEvent(model.UserEmailVerified, code) + if err != nil { + return nil, err + } + } + if code != nil { + agg, err = agg.AppendEvent(model.UserEmailCodeAdded, code) + if err != nil { + return nil, err + } + } + return append(aggregates, agg), nil } + func EmailVerifiedAggregate(aggCreator *es_models.AggregateCreator, existing *model.User) func(ctx context.Context) (*es_models.Aggregate, error) { return func(ctx context.Context) (*es_models.Aggregate, error) { agg, err := UserAggregate(ctx, aggCreator, existing) @@ -449,3 +564,17 @@ func SignOutAggregate(aggCreator *es_models.AggregateCreator, existing *model.Us return agg.AppendEvent(model.SignedOut, map[string]interface{}{"agentID": agentID}) } } + +func isEventValidation(aggregate *es_models.Aggregate, eventType es_models.EventType) func(...*es_models.Event) error { + return func(events ...*es_models.Event) error { + if len(events) == 0 { + aggregate.PreviousSequence = 0 + return nil + } + if events[0].Type == eventType { + return errors.ThrowPreconditionFailedf(nil, "EVENT-eJQqe", "user is already %v", eventType) + } + aggregate.PreviousSequence = events[0].Sequence + return nil + } +} diff --git a/internal/user/repository/eventsourcing/user_test.go b/internal/user/repository/eventsourcing/user_test.go index 798e373ace..a7369b744c 100644 --- a/internal/user/repository/eventsourcing/user_test.go +++ b/internal/user/repository/eventsourcing/user_test.go @@ -108,11 +108,12 @@ func TestUserCreateAggregate(t *testing.T) { aggCreator *models.AggregateCreator } type res struct { - eventLen int - eventTypes []models.EventType - checkData []bool - wantErr bool - errFunc func(err error) bool + eventLen int + eventTypes []models.EventType + aggregatesLen int + checkData []bool + wantErr bool + errFunc func(err error) bool } tests := []struct { name string @@ -125,13 +126,15 @@ func TestUserCreateAggregate(t *testing.T) { ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, aggCreator: models.NewAggregateCreator("Test"), }, res: res{ - eventLen: 1, - eventTypes: []models.EventType{model.UserAdded}, - checkData: []bool{true}, + eventLen: 1, + eventTypes: []models.EventType{model.UserAdded}, + checkData: []bool{true}, + aggregatesLen: 3, }, }, { @@ -152,14 +155,16 @@ func TestUserCreateAggregate(t *testing.T) { ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, initCode: &model.InitUserCode{}, aggCreator: models.NewAggregateCreator("Test"), }, res: res{ - eventLen: 2, - eventTypes: []models.EventType{model.UserAdded, model.InitializedUserCodeAdded}, - checkData: []bool{true, true}, + eventLen: 2, + eventTypes: []models.EventType{model.UserAdded, model.InitializedUserCodeAdded}, + checkData: []bool{true, true}, + aggregatesLen: 3, }, }, { @@ -168,14 +173,16 @@ func TestUserCreateAggregate(t *testing.T) { ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, phoneCode: &model.PhoneCode{}, aggCreator: models.NewAggregateCreator("Test"), }, res: res{ - eventLen: 2, - eventTypes: []models.EventType{model.UserAdded, model.UserPhoneCodeAdded}, - checkData: []bool{true, true}, + eventLen: 2, + eventTypes: []models.EventType{model.UserAdded, model.UserPhoneCodeAdded}, + checkData: []bool{true, true}, + aggregatesLen: 3, }, }, { @@ -189,9 +196,10 @@ func TestUserCreateAggregate(t *testing.T) { aggCreator: models.NewAggregateCreator("Test"), }, res: res{ - eventLen: 2, - eventTypes: []models.EventType{model.UserAdded, model.UserEmailVerified}, - checkData: []bool{true, false}, + eventLen: 2, + eventTypes: []models.EventType{model.UserAdded, model.UserEmailVerified}, + checkData: []bool{true, false}, + aggregatesLen: 3, }, }, { @@ -200,32 +208,38 @@ func TestUserCreateAggregate(t *testing.T) { ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, Phone: &model.Phone{PhoneNumber: "PhoneNumber", IsPhoneVerified: true}, }, aggCreator: models.NewAggregateCreator("Test"), }, res: res{ - eventLen: 2, - eventTypes: []models.EventType{model.UserAdded, model.UserPhoneVerified}, - checkData: []bool{true, false}, + eventLen: 2, + eventTypes: []models.EventType{model.UserAdded, model.UserPhoneVerified}, + checkData: []bool{true, false}, + aggregatesLen: 3, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - agg, err := UserCreateAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.new, tt.args.initCode, tt.args.phoneCode, "") + aggregates, err := UserCreateAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.new, tt.args.initCode, tt.args.phoneCode, "") - if !tt.res.wantErr && len(agg.Events) != tt.res.eventLen { - t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events)) + if !tt.res.wantErr && len(aggregates) != tt.res.aggregatesLen { + t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.aggregatesLen, len(aggregates)) + } + + if !tt.res.wantErr && len(aggregates[0].Events) != tt.res.eventLen { + t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[0].Events)) } for i := 0; i < tt.res.eventLen; i++ { - if !tt.res.wantErr && agg.Events[i].Type != tt.res.eventTypes[i] { - t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String()) + if !tt.res.wantErr && aggregates[0].Events[i].Type != tt.res.eventTypes[i] { + t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], aggregates[0].Events[i].Type.String()) } - if !tt.res.wantErr && tt.res.checkData[i] && agg.Events[i].Data == nil { + if !tt.res.wantErr && tt.res.checkData[i] && aggregates[0].Events[i].Data == nil { t.Errorf("should have data in event") } - if !tt.res.wantErr && !tt.res.checkData[i] && agg.Events[i].Data != nil { + if !tt.res.wantErr && !tt.res.checkData[i] && aggregates[0].Events[i].Data != nil { t.Errorf("should not have data in event") } } @@ -257,9 +271,10 @@ func TestUserRegisterAggregate(t *testing.T) { { name: "user register aggregate ok", args: args{ - ctx: auth.NewMockContext("", ""), + ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, emailCode: &model.EmailCode{}, resourceOwner: "newResourceowner", @@ -290,6 +305,7 @@ func TestUserRegisterAggregate(t *testing.T) { resourceOwner: "newResourceowner", new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, aggCreator: models.NewAggregateCreator("Test"), }, @@ -303,6 +319,7 @@ func TestUserRegisterAggregate(t *testing.T) { ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, resourceOwner: "newResourceowner", emailCode: &model.EmailCode{}, @@ -319,6 +336,7 @@ func TestUserRegisterAggregate(t *testing.T) { ctx: auth.NewMockContext("orgID", "userID"), new: &model.User{ObjectRoot: models.ObjectRoot{AggregateID: "ID"}, Profile: &model.Profile{UserName: "UserName"}, + Email: &model.Email{EmailAddress: "EmailAddress"}, }, emailCode: &model.EmailCode{}, aggCreator: models.NewAggregateCreator("Test"), @@ -330,16 +348,16 @@ func TestUserRegisterAggregate(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - agg, err := UserRegisterAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.new, tt.args.resourceOwner, tt.args.emailCode) + aggregates, err := UserRegisterAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.new, tt.args.resourceOwner, tt.args.emailCode) - if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen { - t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events)) + if tt.res.errFunc == nil && len(aggregates[0].Events) != tt.res.eventLen { + t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[0].Events)) } for i := 0; i < tt.res.eventLen; i++ { - if tt.res.errFunc == nil && agg.Events[i].Type != tt.res.eventTypes[i] { - t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String()) + if tt.res.errFunc == nil && aggregates[0].Events[i].Type != tt.res.eventTypes[i] { + t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], aggregates[0].Events[i].Type.String()) } - if tt.res.errFunc == nil && agg.Events[i].Data == nil { + if tt.res.errFunc == nil && aggregates[0].Events[i].Data == nil { t.Errorf("should have data in event") } } @@ -1075,16 +1093,16 @@ func TestChangeEmailAggregate(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - agg, err := EmailChangeAggregate(tt.args.aggCreator, tt.args.existing, tt.args.email, tt.args.code)(tt.args.ctx) + aggregates, err := EmailChangeAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existing, tt.args.email, tt.args.code) - if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen { - t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events)) + if tt.res.errFunc == nil && len(aggregates[2].Events) != tt.res.eventLen { + t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[1].Events)) } for i := 0; i < tt.res.eventLen; i++ { - if tt.res.errFunc == nil && agg.Events[i].Type != tt.res.eventTypes[i] { - t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String()) + if tt.res.errFunc == nil && aggregates[2].Events[i].Type != tt.res.eventTypes[i] { + t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], aggregates[1].Events[i].Type.String()) } - if tt.res.errFunc == nil && agg.Events[i].Data == nil { + if tt.res.errFunc == nil && aggregates[2].Events[i].Data == nil { t.Errorf("should have data in event") } } diff --git a/internal/usergrant/repository/eventsourcing/eventstore.go b/internal/usergrant/repository/eventsourcing/eventstore.go index 7f62a3df14..376d00c7b6 100644 --- a/internal/usergrant/repository/eventsourcing/eventstore.go +++ b/internal/usergrant/repository/eventsourcing/eventstore.go @@ -59,7 +59,6 @@ func (es *UserGrantEventStore) AddUserGrant(ctx context.Context, grant *grant_mo if grant == nil || !grant.IsValid() { return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-sdiw3", "User grant invalid") } - //TODO: Check Uniqueness id, err := es.idGenerator.NextID() if err != nil { return nil, err @@ -68,8 +67,11 @@ func (es *UserGrantEventStore) AddUserGrant(ctx context.Context, grant *grant_mo repoGrant := model.UserGrantFromModel(grant) - addAggregate := UserGrantAddedAggregate(es.Eventstore.AggregateCreator(), repoGrant) - err = es_sdk.Push(ctx, es.PushAggregates, repoGrant.AppendEvents, addAggregate) + addAggregates, err := UserGrantAddedAggregate(ctx, es.Eventstore.AggregateCreator(), repoGrant) + if err != nil { + return nil, err + } + err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoGrant.AppendEvents, addAggregates...) if err != nil { return nil, err } @@ -103,8 +105,11 @@ func (es *UserGrantEventStore) RemoveUserGrant(ctx context.Context, grantID stri } repoExisting := model.UserGrantFromModel(existing) repoGrant := &model.UserGrant{ObjectRoot: models.ObjectRoot{AggregateID: grantID}} - projectAggregate := UserGrantRemovedAggregate(es.Eventstore.AggregateCreator(), repoExisting, repoGrant) - err = es_sdk.Push(ctx, es.PushAggregates, repoExisting.AppendEvents, projectAggregate) + projectAggregates, err := UserGrantRemovedAggregate(ctx, es.Eventstore.AggregateCreator(), repoExisting, repoGrant) + if err != nil { + return err + } + err = es_sdk.PushAggregates(ctx, es.PushAggregates, repoExisting.AppendEvents, projectAggregates...) if err != nil { return err } diff --git a/internal/usergrant/repository/eventsourcing/model/types.go b/internal/usergrant/repository/eventsourcing/model/types.go index 6d2374cd52..685c01c20a 100644 --- a/internal/usergrant/repository/eventsourcing/model/types.go +++ b/internal/usergrant/repository/eventsourcing/model/types.go @@ -4,11 +4,13 @@ import "github.com/caos/zitadel/internal/eventstore/models" const ( UserGrantAggregate models.AggregateType = "usergrant" - UserGrantUniqueAggregate models.AggregateType = "usergrant-unique" + UserGrantUniqueAggregate models.AggregateType = "usergrant.unique" UserGrantAdded models.EventType = "user.grant.added" UserGrantChanged models.EventType = "user.grant.changed" UserGrantRemoved models.EventType = "user.grant.removed" UserGrantDeactivated models.EventType = "user.grant.deactivated" UserGrantReactivated models.EventType = "user.grant.reactivated" + UserGrantReserved models.EventType = "user.grant.reserved" + UserGrantReleased models.EventType = "user.grant.released" ) diff --git a/internal/usergrant/repository/eventsourcing/user_grant.go b/internal/usergrant/repository/eventsourcing/user_grant.go index fc7aa132da..15ae30a684 100644 --- a/internal/usergrant/repository/eventsourcing/user_grant.go +++ b/internal/usergrant/repository/eventsourcing/user_grant.go @@ -2,8 +2,13 @@ package eventsourcing import ( "context" + "github.com/caos/zitadel/internal/api/auth" "github.com/caos/zitadel/internal/errors" es_models "github.com/caos/zitadel/internal/eventstore/models" + org_model "github.com/caos/zitadel/internal/org/model" + proj_model "github.com/caos/zitadel/internal/project/model" + proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model" + usr_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model" "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model" ) @@ -21,6 +26,15 @@ func UserGrantQuery(latestSequence uint64) *es_models.SearchQuery { LatestSequenceFilter(latestSequence) } +func UserGrantUniqueQuery(resourceOwner, projectID, userID string) *es_models.SearchQuery { + grantID := resourceOwner + projectID + userID + return es_models.NewSearchQuery(). + AggregateTypeFilter(model.UserGrantUniqueAggregate). + AggregateIDFilter(grantID). + OrderDesc(). + SetLimit(1) +} + func UserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) (*es_models.Aggregate, error) { if grant == nil { return nil, errors.ThrowPreconditionFailed(nil, "EVENT-dis83", "existing grant should not be nil") @@ -28,14 +42,57 @@ func UserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCrea return aggCreator.NewAggregate(ctx, grant.AggregateID, model.UserGrantAggregate, model.UserGrantVersion, grant.Sequence) } -func UserGrantAddedAggregate(aggCreator *es_models.AggregateCreator, grant *model.UserGrant) func(ctx context.Context) (*es_models.Aggregate, error) { - return func(ctx context.Context) (*es_models.Aggregate, error) { - agg, err := UserGrantAggregate(ctx, aggCreator, grant) - if err != nil { - return nil, err - } - return agg.AppendEvent(model.UserGrantAdded, grant) +func UserGrantAddedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) ([]*es_models.Aggregate, error) { + agg, err := UserGrantAggregate(ctx, aggCreator, grant) + if err != nil { + return nil, err } + validationQuery := es_models.NewSearchQuery(). + AggregateTypeFilter(usr_model.UserAggregate, org_model.OrgAggregate, proj_es_model.ProjectAggregate). + AggregateIDsFilter(grant.UserID, auth.GetCtxData(ctx).OrgID, grant.ProjectID) + + validation := addUserGrantValidation(auth.GetCtxData(ctx).OrgID, grant) + agg, err = agg.SetPrecondition(validationQuery, validation).AppendEvent(model.UserGrantAdded, grant) + if err != nil { + return nil, err + } + + uniqueAggregate, err := reservedUniqueUserGrantAggregate(ctx, aggCreator, grant) + if err != nil { + return nil, err + } + return []*es_models.Aggregate{ + agg, + uniqueAggregate, + }, nil +} + +func reservedUniqueUserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) (*es_models.Aggregate, error) { + grantID := auth.GetCtxData(ctx).OrgID + grant.ProjectID + grant.UserID + aggregate, err := aggCreator.NewAggregate(ctx, grantID, model.UserGrantUniqueAggregate, model.UserGrantVersion, 0) + if err != nil { + return nil, err + } + aggregate, err = aggregate.AppendEvent(model.UserGrantReserved, nil) + if err != nil { + return nil, err + } + + return aggregate.SetPrecondition(UserGrantUniqueQuery(auth.GetCtxData(ctx).OrgID, grant.ProjectID, grant.UserID), isEventValidation(aggregate, model.UserGrantReserved)), nil +} + +func releasedUniqueUserGrantAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, grant *model.UserGrant) (aggregate *es_models.Aggregate, err error) { + grantID := grant.ResourceOwner + grant.ProjectID + grant.UserID + aggregate, err = aggCreator.NewAggregate(ctx, grantID, model.UserGrantUniqueAggregate, model.UserGrantVersion, 0) + if err != nil { + return nil, err + } + aggregate, err = aggregate.AppendEvent(model.UserGrantReleased, nil) + if err != nil { + return nil, err + } + + return aggregate.SetPrecondition(UserGrantUniqueQuery(grant.ResourceOwner, grant.ProjectID, grant.UserID), isEventValidation(aggregate, model.UserGrantReleased)), nil } func UserGrantChangedAggregate(aggCreator *es_models.AggregateCreator, existing *model.UserGrant, grant *model.UserGrant) func(ctx context.Context) (*es_models.Aggregate, error) { @@ -78,15 +135,109 @@ func UserGrantReactivatedAggregate(aggCreator *es_models.AggregateCreator, exist } } -func UserGrantRemovedAggregate(aggCreator *es_models.AggregateCreator, existing *model.UserGrant, grant *model.UserGrant) func(ctx context.Context) (*es_models.Aggregate, error) { - return func(ctx context.Context) (*es_models.Aggregate, error) { - if grant == nil { - return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo21s", "grant should not be nil") +func UserGrantRemovedAggregate(ctx context.Context, aggCreator *es_models.AggregateCreator, existing *model.UserGrant, grant *model.UserGrant) ([]*es_models.Aggregate, error) { + if grant == nil { + return nil, errors.ThrowPreconditionFailed(nil, "EVENT-lo21s", "grant should not be nil") + } + agg, err := UserGrantAggregate(ctx, aggCreator, existing) + if err != nil { + return nil, err + } + agg, err = agg.AppendEvent(model.UserGrantRemoved, nil) + if err != nil { + return nil, err + } + uniqueAggregate, err := releasedUniqueUserGrantAggregate(ctx, aggCreator, existing) + if err != nil { + return nil, err + } + return []*es_models.Aggregate{ + agg, + uniqueAggregate, + }, nil +} + +func isEventValidation(aggregate *es_models.Aggregate, eventType es_models.EventType) func(...*es_models.Event) error { + return func(events ...*es_models.Event) error { + if len(events) == 0 { + aggregate.PreviousSequence = 0 + return nil } - agg, err := UserGrantAggregate(ctx, aggCreator, existing) - if err != nil { - return nil, err + if events[0].Type == eventType { + return errors.ThrowPreconditionFailedf(nil, "EVENT-eJQqe", "user_grant is already %v", eventType) } - return agg.AppendEvent(model.UserGrantRemoved, nil) + aggregate.PreviousSequence = events[0].Sequence + return nil } } + +func addUserGrantValidation(resourceOwner string, grant *model.UserGrant) func(...*es_models.Event) error { + return func(events ...*es_models.Event) error { + existsOrg := false + existsUser := false + project := new(proj_es_model.Project) + for _, event := range events { + switch event.AggregateType { + case usr_model.UserAggregate: + switch event.Type { + case usr_model.UserAdded, usr_model.UserRegistered: + existsUser = true + case usr_model.UserRemoved: + existsUser = false + } + case org_model.OrgAggregate: + switch event.Type { + case org_model.OrgAdded: + existsOrg = true + case org_model.OrgRemoved: + existsOrg = false + } + case proj_es_model.ProjectAggregate: + project.AppendEvent(event) + } + } + if existsOrg && existsUser && checkProjectConditions(resourceOwner, grant, project) { + return nil + } + return errors.ThrowPreconditionFailed(nil, "EVENT-3OfIm", "conditions not met") + } +} + +func checkProjectConditions(resourceOwner string, grant *model.UserGrant, project *proj_es_model.Project) bool { + if project.State == int32(proj_model.PROJECTSTATE_REMOVED) { + return false + } + if resourceOwner == project.ResourceOwner { + return checkIfProjectHasRoles(grant.RoleKeys, project.Roles) + } + + if _, projectGrant := proj_es_model.GetProjectGrantByResourceOwner(project.Grants, resourceOwner); projectGrant != nil { + return checkIfProjectGrantHasRoles(grant.RoleKeys, projectGrant.RoleKeys) + } + return false +} + +func checkIfProjectHasRoles(roles []string, existing []*proj_es_model.ProjectRole) bool { + for _, roleKey := range roles { + if _, role := proj_es_model.GetProjectRole(existing, roleKey); role == nil { + return false + } + } + return true +} + +func checkIfProjectGrantHasRoles(roles []string, existing []string) bool { + roleExists := false + for _, roleKey := range roles { + for _, existingRoleKey := range existing { + if roleKey == existingRoleKey { + roleExists = true + continue + } + } + if !roleExists { + return false + } + } + return true +} diff --git a/internal/usergrant/repository/eventsourcing/user_grant_test.go b/internal/usergrant/repository/eventsourcing/user_grant_test.go index 0cc0a2d38a..cb9202326c 100644 --- a/internal/usergrant/repository/eventsourcing/user_grant_test.go +++ b/internal/usergrant/repository/eventsourcing/user_grant_test.go @@ -51,15 +51,15 @@ func TestUserGrantAddedAggregate(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - agg, err := UserGrantAddedAggregate(tt.args.aggCreator, tt.args.grant)(tt.args.ctx) + aggregates, err := UserGrantAddedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.grant) - if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen { - t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events)) + if tt.res.errFunc == nil && len(aggregates[0].Events) != tt.res.eventLen { + t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[0].Events)) } - if tt.res.errFunc == nil && agg.Events[0].Type != tt.res.eventType { - t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventType, agg.Events[0].Type.String()) + if tt.res.errFunc == nil && aggregates[0].Events[0].Type != tt.res.eventType { + t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventType, aggregates[0].Events[0].Type.String()) } - if tt.res.errFunc == nil && agg.Events[0].Data == nil { + if tt.res.errFunc == nil && aggregates[0].Events[0].Data == nil { t.Errorf("should have data in event") } if tt.res.errFunc != nil && !tt.res.errFunc(err) { @@ -230,14 +230,14 @@ func TestUserGrantRemovedAggregate(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - agg, err := UserGrantRemovedAggregate(tt.args.aggCreator, tt.args.existing, tt.args.new)(tt.args.ctx) + aggregates, err := UserGrantRemovedAggregate(tt.args.ctx, tt.args.aggCreator, tt.args.existing, tt.args.new) - if tt.res.errFunc == nil && len(agg.Events) != tt.res.eventLen { - t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(agg.Events)) + if tt.res.errFunc == nil && len(aggregates[0].Events) != tt.res.eventLen { + t.Errorf("got wrong event len: expected: %v, actual: %v ", tt.res.eventLen, len(aggregates[0].Events)) } for i := 0; i < tt.res.eventLen; i++ { - if tt.res.errFunc == nil && agg.Events[i].Type != tt.res.eventTypes[i] { - t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], agg.Events[i].Type.String()) + if tt.res.errFunc == nil && aggregates[0].Events[i].Type != tt.res.eventTypes[i] { + t.Errorf("got wrong event type: expected: %v, actual: %v ", tt.res.eventTypes[i], aggregates[0].Events[i].Type.String()) } }