fix(console): display granted org name in authorizations and show user information (#7116)

* fix: add granted org info to user grants query response * fix: show user info, tests and add columns to user grant * fix: add check for org membership * fix: typo in find logic --------- Co-authored-by: Max Peintner <max@caos.ch>
2025-01-07 23:17:41 +00:00 · 2024-01-24 11:36:04 +01:00 · 2024-01-24 11:36:04 +01:00 · d590da7c7d
commit d590da7c7d
parent 94b3799690
20 changed files with 208 additions and 19 deletions
--- a/console/src/app/modules/user-grants/user-grants.component.html
+++ b/console/src/app/modules/user-grants/user-grants.component.html
@ -109,7 +109,7 @@
      <ng-container matColumnDef="org">
        <th mat-header-cell *matHeaderCellDef>{{ 'PROJECT.GRANT.ORG' | translate }}</th>
        <td mat-cell *matCellDef="let grant">
-          {{ grant.orgName }}
+          {{ grant.grantedOrgName }}
        </td>
      </ng-container>
@ -169,7 +169,7 @@
              <i class="las la-trash"></i>
            </button>
-            <button menuActions mat-menu-item [routerLink]="['/users', grant.userId]">
+            <button menuActions mat-menu-item (click)="showUser(grant)">
              {{ 'ACTIONS.TABLE.SHOWUSER' | translate: { value: grant.displayName } }}
            </button>
          </cnsl-table-actions>
--- a/console/src/app/modules/user-grants/user-grants.component.ts
+++ b/console/src/app/modules/user-grants/user-grants.component.ts
@ -8,7 +8,7 @@ import { tap } from 'rxjs/operators';
 import { enterAnimations } from 'src/app/animations';
 import { UserGrant as AuthUserGrant } from 'src/app/proto/generated/zitadel/auth_pb';
 import { Role } from 'src/app/proto/generated/zitadel/project_pb';
-import { Type, UserGrant as MgmtUserGrant, UserGrantQuery } from 'src/app/proto/generated/zitadel/user_pb';
+import { Type, UserGrant as MgmtUserGrant, UserGrantQuery, UserGrant } from 'src/app/proto/generated/zitadel/user_pb';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
 import { ManagementService } from 'src/app/services/mgmt.service';
 import { ToastService } from 'src/app/services/toast.service';
@ -18,6 +18,7 @@ import { PageEvent, PaginatorComponent } from '../paginator/paginator.component'
 import { UserGrantRoleDialogComponent } from '../user-grant-role-dialog/user-grant-role-dialog.component';
 import { WarnDialogComponent } from '../warn-dialog/warn-dialog.component';
 import { UserGrantContext, UserGrantsDataSource } from './user-grants-datasource';
 import { Org, OrgState } from 'src/app/proto/generated/zitadel/org_pb';
 export enum UserGrantListSearchKey {
  DISPLAY_NAME,
@ -68,6 +69,7 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
  @Input() public type: Type | undefined = undefined;
  public filterOpen: boolean = false;
  public myOrgs: Array<Org.AsObject> = [];
  constructor(
    private authService: GrpcAuthService,
    private userService: ManagementService,
@ -115,6 +117,9 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
    }
    this.loadGrantsPage(this.type);
    this.authService.listMyProjectOrgs(undefined, 0).then((orgs) => {
      this.myOrgs = orgs.resultList;
    });
  }
  public ngAfterViewInit(): void {
@ -300,4 +305,21 @@ export class UserGrantsComponent implements OnInit, AfterViewInit {
      this.loadGrantsPage(this.type);
    }
  }
  public showUser(grant: UserGrant.AsObject) {
    const org: Org.AsObject = {
      id: grant.grantedOrgId,
      name: grant.grantedOrgName,
      state: OrgState.ORG_STATE_ACTIVE,
      primaryDomain: grant.grantedOrgDomain,
    };
    // Check if user has permissions for that org before changing active org
    if (this.myOrgs.find((org) => org.id === grant.grantedOrgId)) {
      this.authService.setActiveOrg(org);
      this.router.navigate(['/users', grant.userId]);
    } else {
      this.toast.showInfo('GRANTS.TOAST.CANTSHOWINFO', true);
    }
  }
 }
--- a/console/src/assets/i18n/bg.json
+++ b/console/src/assets/i18n/bg.json
@ -2227,7 +2227,8 @@
    "TOAST": {
      "UPDATED": "Упълномощаването е актуализирано.",
      "REMOVED": "Упълномощаването е премахнато",
-      "BULKREMOVED": "Разрешенията са премахнати."
+      "BULKREMOVED": "Разрешенията са премахнати.",
      "CANTSHOWINFO": "Не можете да посетите профила на този потребител, тъй като не сте член на организацията, към която принадлежи този потребител"
    },
    "DIALOG": {
      "DELETE_TITLE": "Изтриване на разрешението",
--- a/console/src/assets/i18n/cs.json
+++ b/console/src/assets/i18n/cs.json
@ -2246,7 +2246,8 @@
    "TOAST": {
      "UPDATED": "Autorizace aktualizována.",
      "REMOVED": "Autorizace odebrána",
-      "BULKREMOVED": "Autorizace odebrány."
+      "BULKREMOVED": "Autorizace odebrány.",
      "CANTSHOWINFO": "Nemůžete navštívit profil tohoto uživatele, protože nejste členem organizace, do které tento uživatel patří"
    },
    "DIALOG": {
      "DELETE_TITLE": "Smazat autorizaci",
--- a/console/src/assets/i18n/de.json
+++ b/console/src/assets/i18n/de.json
@ -2236,7 +2236,8 @@
    "TOAST": {
      "UPDATED": "Berechtigung geändert.",
      "REMOVED": "Berechtigung entfernt.",
-      "BULKREMOVED": "Berechtigungen entfernt."
+      "BULKREMOVED": "Berechtigungen entfernt.",
      "CANTSHOWINFO": "Sie können das Profil dieses Benutzers nicht besuchen, da Sie kein Mitglied der Organisation sind, zu der dieser Benutzer gehört"
    },
    "DIALOG": {
      "DELETE_TITLE": "Authorisierung löschen",
--- a/console/src/assets/i18n/en.json
+++ b/console/src/assets/i18n/en.json
@ -2255,7 +2255,8 @@
    "TOAST": {
      "UPDATED": "Authorization updated.",
      "REMOVED": "Authorization removed",
-      "BULKREMOVED": "Authorizations removed."
+      "BULKREMOVED": "Authorizations removed.",
      "CANTSHOWINFO": "You cannot visit this user's profile as you are not a member of the organization where this user belongs to"
    },
    "DIALOG": {
      "DELETE_TITLE": "Delete authorization",
--- a/console/src/assets/i18n/es.json
+++ b/console/src/assets/i18n/es.json
@ -2234,7 +2234,8 @@
    "TOAST": {
      "UPDATED": "Autorización actualizada.",
      "REMOVED": "Autorización eliminada",
-      "BULKREMOVED": "Autorizaciones eliminadas."
+      "BULKREMOVED": "Autorizaciones eliminadas.",
      "CANTSHOWINFO": "No puedes visitar el perfil de este usuario porque no eres miembro de la organización a la que pertenece este usuario."
    },
    "DIALOG": {
      "DELETE_TITLE": "Borrar autorización",
--- a/console/src/assets/i18n/fr.json
+++ b/console/src/assets/i18n/fr.json
@ -2237,7 +2237,8 @@
    "TOAST": {
      "UPDATED": "Autorisation mise à jour.",
      "REMOVED": "Autorisation supprimée",
-      "BULKREMOVED": "Autorisations supprimées."
+      "BULKREMOVED": "Autorisations supprimées.",
      "CANTSHOWINFO": "Vous ne pouvez pas visiter le profil de cet utilisateur car vous n'êtes pas membre de l'organisation à laquelle appartient cet utilisateur."
    },
    "DIALOG": {
      "DELETE_TITLE": "Supprimer une autorisation",
--- a/console/src/assets/i18n/it.json
+++ b/console/src/assets/i18n/it.json
@ -2237,7 +2237,8 @@
    "TOAST": {
      "UPDATED": "Autorizzazione aggiornata.",
      "REMOVED": "Autorizzazione rimossa con successo.",
-      "BULKREMOVED": "Autorizzazioni rimossi con successo."
+      "BULKREMOVED": "Autorizzazioni rimossi con successo.",
      "CANTSHOWINFO": "Non puoi visitare il profilo di questo utente poiché non sei un membro dell'organizzazione a cui appartiene questo utente"
    },
    "DIALOG": {
      "DELETE_TITLE": "Elima autorizzazione",
--- a/console/src/assets/i18n/ja.json
+++ b/console/src/assets/i18n/ja.json
@ -2228,7 +2228,8 @@
    "TOAST": {
      "UPDATED": "認可が更新されました。",
      "REMOVED": "認可が削除されました",
-      "BULKREMOVED": "認可が削除されました。"
+      "BULKREMOVED": "認可が削除されました。",
      "CANTSHOWINFO": "このユーザーが所属する組織のメンバーではないため、このユーザーのプロフィールにアクセスできません"
    },
    "DIALOG": {
      "DELETE_TITLE": "認可の削除",
--- a/console/src/assets/i18n/mk.json
+++ b/console/src/assets/i18n/mk.json
@ -2234,7 +2234,8 @@
    "TOAST": {
      "UPDATED": "Овластувањето е ажурирано.",
      "REMOVED": "Овластувањето е отстрането",
-      "BULKREMOVED": "Овластувањата се отстранети."
+      "BULKREMOVED": "Овластувањата се отстранети.",
      "CANTSHOWINFO": "Не можете да го посетите профилот на овој корисник бидејќи не сте член на организацијата каде што припаѓа овој корисник"
    },
    "DIALOG": {
      "DELETE_TITLE": "Избриши овластување",
--- a/console/src/assets/i18n/nl.json
+++ b/console/src/assets/i18n/nl.json
@ -2255,7 +2255,8 @@
    "TOAST": {
      "UPDATED": "Autorisatie bijgewerkt.",
      "REMOVED": "Autorisatie verwijderd",
-      "BULKREMOVED": "Autorisaties verwijderd."
+      "BULKREMOVED": "Autorisaties verwijderd.",
      "CANTSHOWINFO": "U kunt het profiel van deze gebruiker niet bezoeken omdat u geen lid bent van de organisatie waartoe deze gebruiker behoort"
    },
    "DIALOG": {
      "DELETE_TITLE": "Verwijder autorisatie",
--- a/console/src/assets/i18n/pl.json
+++ b/console/src/assets/i18n/pl.json
@ -2237,7 +2237,8 @@
    "TOAST": {
      "UPDATED": "Autoryzacja zaktualizowana.",
      "REMOVED": "Autoryzacja usunięta",
-      "BULKREMOVED": "Autoryzacje usunięte."
+      "BULKREMOVED": "Autoryzacje usunięte.",
      "CANTSHOWINFO": "Nie możesz odwiedzić profilu tego użytkownika, ponieważ nie jesteś członkiem organizacji, do której należy ten użytkownik"
    },
    "DIALOG": {
      "DELETE_TITLE": "Usuń autoryzację",
--- a/console/src/assets/i18n/pt.json
+++ b/console/src/assets/i18n/pt.json
@ -2232,7 +2232,8 @@
    "TOAST": {
      "UPDATED": "Autorização atualizada.",
      "REMOVED": "Autorização removida",
-      "BULKREMOVED": "Autorizações removidas."
+      "BULKREMOVED": "Autorizações removidas.",
      "CANTSHOWINFO": "Você não pode visitar o perfil deste usuário porque não é membro da organização à qual esse usuário pertence"
    },
    "DIALOG": {
      "DELETE_TITLE": "Excluir autorização",
--- a/console/src/assets/i18n/ru.json
+++ b/console/src/assets/i18n/ru.json
@ -2226,7 +2226,8 @@
    "TOAST": {
      "UPDATED": "Авторизация обновлена.",
      "REMOVED": "Авторизация удалена",
-      "BULKREMOVED": "Авторизации удалены."
+      "BULKREMOVED": "Авторизации удалены.",
      "CANTSHOWINFO": "Вы не можете посетить профиль этого пользователя, поскольку вы не являетесь членом организации, к которой принадлежит этот пользователь."
    },
    "DIALOG": {
      "DELETE_TITLE": "Удалить авторизацию",
--- a/console/src/assets/i18n/zh.json
+++ b/console/src/assets/i18n/zh.json
@ -2236,7 +2236,8 @@
    "TOAST": {
      "UPDATED": "授权已更新。",
      "REMOVED": "已移除授权。",
-      "BULKREMOVED": "已移除授权。"
+      "BULKREMOVED": "已移除授权。",
      "CANTSHOWINFO": "您无法访问该用户的个人资料，因为您不是该用户所属组织的成员"
    },
    "DIALOG": {
      "DELETE_TITLE": "删除授权",
--- a/internal/api/grpc/user/user_grant.go
+++ b/internal/api/grpc/user/user_grant.go
@ -39,6 +39,9 @@ func UserGrantToPb(assetPrefix string, grant *query.UserGrant) *user_pb.UserGran
 		AvatarUrl:          domain.AvatarURL(assetPrefix, grant.UserResourceOwner, grant.AvatarURL),
 		PreferredLoginName: grant.PreferredLoginName,
 		UserType:           TypeToPb(grant.UserType),
 		GrantedOrgId:       grant.GrantedOrgID,
 		GrantedOrgName:     grant.GrantedOrgName,
 		GrantedOrgDomain:   grant.GrantedOrgDomain,
 		Details: object.ToViewDetailsPb(
 			grant.Sequence,
 			grant.CreationDate,
--- a/internal/query/user_grant.go
+++ b/internal/query/user_grant.go
@ -48,6 +48,10 @@ type UserGrant struct {
 	ProjectID   string `json:"project_id,omitempty"`
 	ProjectName string `json:"project_name,omitempty"`
 	GrantedOrgID     string `json:"granted_org_id,omitempty"`
 	GrantedOrgName   string `json:"granted_org_name,omitempty"`
 	GrantedOrgDomain string `json:"granted_org_domain,omitempty"`
 }
 type UserGrants struct {
@ -209,6 +213,23 @@ var (
 		name:  projection.UserGrantState,
 		table: userGrantTable,
 	}
 	GrantedOrgsTable = table{
 		name:          projection.OrgProjectionTable,
 		alias:         "granted_orgs",
 		instanceIDCol: projection.OrgColumnInstanceID,
 	}
 	GrantedOrgColumnId = Column{
 		name:  projection.OrgColumnID,
 		table: GrantedOrgsTable,
 	}
 	GrantedOrgColumnName = Column{
 		name:  projection.OrgColumnName,
 		table: GrantedOrgsTable,
 	}
 	GrantedOrgColumnDomain = Column{
 		name:  projection.OrgColumnDomain,
 		table: GrantedOrgsTable,
 	}
 )
 func (q *Queries) UserGrant(ctx context.Context, shouldTriggerBulk bool, queries ...SearchQuery) (grant *UserGrant, err error) {
@ -301,12 +322,17 @@ func prepareUserGrantQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu
 			UserGrantProjectID.identifier(),
 			ProjectColumnName.identifier(),
 			GrantedOrgColumnId.identifier(),
 			GrantedOrgColumnName.identifier(),
 			GrantedOrgColumnDomain.identifier(),
 		).
 			From(userGrantTable.identifier()).
 			LeftJoin(join(UserIDCol, UserGrantUserID)).
 			LeftJoin(join(HumanUserIDCol, UserGrantUserID)).
 			LeftJoin(join(OrgColumnID, UserGrantResourceOwner)).
 			LeftJoin(join(ProjectColumnID, UserGrantProjectID)).
 			LeftJoin(join(GrantedOrgColumnId, UserResourceOwnerCol)).
 			LeftJoin(join(LoginNameUserIDCol, UserGrantUserID) + db.Timetravel(call.Took(ctx))).
 			Where(
 				sq.Eq{LoginNameIsPrimaryCol.identifier(): true},
@ -329,6 +355,10 @@ func prepareUserGrantQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu
 				orgDomain sql.NullString
 				projectName sql.NullString
 				grantedOrgID     sql.NullString
 				grantedOrgName   sql.NullString
 				grantedOrgDomain sql.NullString
 			)
 			err := row.Scan(
@ -357,6 +387,10 @@ func prepareUserGrantQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu
 				&g.ProjectID,
 				&projectName,
 				&grantedOrgID,
 				&grantedOrgName,
 				&grantedOrgDomain,
 			)
 			if err != nil {
 				if errors.Is(err, sql.ErrNoRows) {
@ -377,7 +411,9 @@ func prepareUserGrantQuery(ctx context.Context, db prepareDatabase) (sq.SelectBu
 			g.OrgName = orgName.String
 			g.OrgPrimaryDomain = orgDomain.String
 			g.ProjectName = projectName.String
-
+			g.GrantedOrgID = grantedOrgID.String
 			g.GrantedOrgName = grantedOrgName.String
 			g.GrantedOrgDomain = grantedOrgDomain.String
 			return g, nil
 		}
 }
@ -410,6 +446,10 @@ func prepareUserGrantsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 			UserGrantProjectID.identifier(),
 			ProjectColumnName.identifier(),
 			GrantedOrgColumnId.identifier(),
 			GrantedOrgColumnName.identifier(),
 			GrantedOrgColumnDomain.identifier(),
 			countColumn.identifier(),
 		).
 			From(userGrantTable.identifier()).
@ -417,6 +457,7 @@ func prepareUserGrantsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 			LeftJoin(join(HumanUserIDCol, UserGrantUserID)).
 			LeftJoin(join(OrgColumnID, UserGrantResourceOwner)).
 			LeftJoin(join(ProjectColumnID, UserGrantProjectID)).
 			LeftJoin(join(GrantedOrgColumnId, UserResourceOwnerCol)).
 			LeftJoin(join(LoginNameUserIDCol, UserGrantUserID) + db.Timetravel(call.Took(ctx))).
 			Where(
 				sq.Eq{LoginNameIsPrimaryCol.identifier(): true},
@ -441,6 +482,10 @@ func prepareUserGrantsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 					orgName   sql.NullString
 					orgDomain sql.NullString
 					grantedOrgID     sql.NullString
 					grantedOrgName   sql.NullString
 					grantedOrgDomain sql.NullString
 					projectName sql.NullString
 				)
@ -471,6 +516,10 @@ func prepareUserGrantsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 					&g.ProjectID,
 					&projectName,
 					&grantedOrgID,
 					&grantedOrgName,
 					&grantedOrgDomain,
 					&count,
 				)
 				if err != nil {
@ -489,6 +538,9 @@ func prepareUserGrantsQuery(ctx context.Context, db prepareDatabase) (sq.SelectB
 				g.OrgName = orgName.String
 				g.OrgPrimaryDomain = orgDomain.String
 				g.ProjectName = projectName.String
 				g.GrantedOrgID = grantedOrgID.String
 				g.GrantedOrgName = grantedOrgName.String
 				g.GrantedOrgDomain = grantedOrgDomain.String
 				userGrants = append(userGrants, g)
 			}
--- a/internal/query/user_grant_test.go
+++ b/internal/query/user_grant_test.go
@ -37,11 +37,15 @@ var (
 			", projections.orgs1.primary_domain" +
 			", projections.user_grants4.project_id" +
 			", projections.projects4.name" +
 			", granted_orgs.id" +
 			", granted_orgs.name" +
 			", granted_orgs.primary_domain" +
 			" FROM projections.user_grants4" +
 			" LEFT JOIN projections.users10 ON projections.user_grants4.user_id = projections.users10.id AND projections.user_grants4.instance_id = projections.users10.instance_id" +
 			" LEFT JOIN projections.users10_humans ON projections.user_grants4.user_id = projections.users10_humans.user_id AND projections.user_grants4.instance_id = projections.users10_humans.instance_id" +
 			" LEFT JOIN projections.orgs1 ON projections.user_grants4.resource_owner = projections.orgs1.id AND projections.user_grants4.instance_id = projections.orgs1.instance_id" +
 			" LEFT JOIN projections.projects4 ON projections.user_grants4.project_id = projections.projects4.id AND projections.user_grants4.instance_id = projections.projects4.instance_id" +
 			" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users10.resource_owner = granted_orgs.id AND projections.users10.instance_id = granted_orgs.instance_id" +
 			" LEFT JOIN projections.login_names3 ON projections.user_grants4.user_id = projections.login_names3.user_id AND projections.user_grants4.instance_id = projections.login_names3.instance_id" +
 			` AS OF SYSTEM TIME '-1 ms' ` +
 			" WHERE projections.login_names3.is_primary = $1")
@ -67,7 +71,10 @@ var (
 		"name",           //org name
 		"primary_domain",
 		"project_id",
-		"name", //project name
+		"name",           // project name
 		"id",             // granted org id
 		"name",           // granted org name
 		"primary_domain", // granted org domain
 	}
 	userGrantsStmt = regexp.QuoteMeta(
 		"SELECT projections.user_grants4.id" +
@ -92,12 +99,16 @@ var (
 			", projections.orgs1.primary_domain" +
 			", projections.user_grants4.project_id" +
 			", projections.projects4.name" +
 			", granted_orgs.id" +
 			", granted_orgs.name" +
 			", granted_orgs.primary_domain" +
 			", COUNT(*) OVER ()" +
 			" FROM projections.user_grants4" +
 			" LEFT JOIN projections.users10 ON projections.user_grants4.user_id = projections.users10.id AND projections.user_grants4.instance_id = projections.users10.instance_id" +
 			" LEFT JOIN projections.users10_humans ON projections.user_grants4.user_id = projections.users10_humans.user_id AND projections.user_grants4.instance_id = projections.users10_humans.instance_id" +
 			" LEFT JOIN projections.orgs1 ON projections.user_grants4.resource_owner = projections.orgs1.id AND projections.user_grants4.instance_id = projections.orgs1.instance_id" +
 			" LEFT JOIN projections.projects4 ON projections.user_grants4.project_id = projections.projects4.id AND projections.user_grants4.instance_id = projections.projects4.instance_id" +
 			" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users10.resource_owner = granted_orgs.id AND projections.users10.instance_id = granted_orgs.instance_id" +
 			" LEFT JOIN projections.login_names3 ON projections.user_grants4.user_id = projections.login_names3.user_id AND projections.user_grants4.instance_id = projections.login_names3.instance_id" +
 			` AS OF SYSTEM TIME '-1 ms' ` +
 			" WHERE projections.login_names3.is_primary = $1")
@ -166,6 +177,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						"primary-domain",
 						"project-id",
 						"project-name",
 						"granted-org-id",
 						"granted-org-name",
 						"granted-org-domain",
 					},
 				),
 			},
@ -192,6 +206,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 				OrgPrimaryDomain:   "primary-domain",
 				ProjectID:          "project-id",
 				ProjectName:        "project-name",
 				GrantedOrgID:       "granted-org-id",
 				GrantedOrgName:     "granted-org-name",
 				GrantedOrgDomain:   "granted-org-domain",
 			},
 		},
 		{
@ -224,6 +241,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						"primary-domain",
 						"project-id",
 						"project-name",
 						"granted-org-id",
 						"granted-org-name",
 						"granted-org-domain",
 					},
 				),
 			},
@ -250,6 +270,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 				OrgPrimaryDomain:   "primary-domain",
 				ProjectID:          "project-id",
 				ProjectName:        "project-name",
 				GrantedOrgID:       "granted-org-id",
 				GrantedOrgName:     "granted-org-name",
 				GrantedOrgDomain:   "granted-org-domain",
 			},
 		},
 		{
@ -282,6 +305,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						nil,
 						"project-id",
 						"project-name",
 						"granted-org-id",
 						"granted-org-name",
 						"granted-org-domain",
 					},
 				),
 			},
@ -308,6 +334,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 				OrgPrimaryDomain:   "",
 				ProjectID:          "project-id",
 				ProjectName:        "project-name",
 				GrantedOrgID:       "granted-org-id",
 				GrantedOrgName:     "granted-org-name",
 				GrantedOrgDomain:   "granted-org-domain",
 			},
 		},
 		{
@ -340,6 +369,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						"primary-domain",
 						"project-id",
 						nil,
 						"granted-org-id",
 						"granted-org-name",
 						"granted-org-domain",
 					},
 				),
 			},
@ -366,6 +398,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 				OrgPrimaryDomain:   "primary-domain",
 				ProjectID:          "project-id",
 				ProjectName:        "",
 				GrantedOrgID:       "granted-org-id",
 				GrantedOrgName:     "granted-org-name",
 				GrantedOrgDomain:   "granted-org-domain",
 			},
 		},
 		{
@ -398,6 +433,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						"primary-domain",
 						"project-id",
 						"project-name",
 						"granted-org-id",
 						"granted-org-name",
 						"granted-org-domain",
 					},
 				),
 			},
@ -424,6 +462,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 				OrgPrimaryDomain:   "primary-domain",
 				ProjectID:          "project-id",
 				ProjectName:        "project-name",
 				GrantedOrgID:       "granted-org-id",
 				GrantedOrgName:     "granted-org-name",
 				GrantedOrgDomain:   "granted-org-domain",
 			},
 		},
 		{
@ -486,6 +527,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							"primary-domain",
 							"project-id",
 							"project-name",
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 					},
 				),
@ -518,6 +562,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "primary-domain",
 						ProjectID:          "project-id",
 						ProjectName:        "project-name",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 				},
 			},
@ -553,6 +600,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							"primary-domain",
 							"project-id",
 							"project-name",
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 					},
 				),
@ -585,6 +635,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "primary-domain",
 						ProjectID:          "project-id",
 						ProjectName:        "project-name",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 				},
 			},
@ -620,6 +673,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							nil,
 							"project-id",
 							"project-name",
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 					},
 				),
@ -652,6 +708,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "",
 						ProjectID:          "project-id",
 						ProjectName:        "project-name",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 				},
 			},
@ -687,6 +746,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							"primary-domain",
 							"project-id",
 							nil,
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 					},
 				),
@ -719,6 +781,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "primary-domain",
 						ProjectID:          "project-id",
 						ProjectName:        "",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 				},
 			},
@ -754,6 +819,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							"primary-domain",
 							"project-id",
 							"project-name",
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 					},
 				),
@ -786,6 +854,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "primary-domain",
 						ProjectID:          "project-id",
 						ProjectName:        "project-name",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 				},
 			},
@ -821,6 +892,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							"primary-domain",
 							"project-id",
 							"project-name",
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 						{
 							"id",
@ -845,6 +919,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 							"primary-domain",
 							"project-id",
 							"project-name",
 							"granted-org-id",
 							"granted-org-name",
 							"granted-org-domain",
 						},
 					},
 				),
@ -877,6 +954,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "primary-domain",
 						ProjectID:          "project-id",
 						ProjectName:        "project-name",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 					{
 						ID:                 "id",
@ -901,6 +981,9 @@ func Test_UserGrantPrepares(t *testing.T) {
 						OrgPrimaryDomain:   "primary-domain",
 						ProjectID:          "project-id",
 						ProjectName:        "project-name",
 						GrantedOrgID:       "granted-org-id",
 						GrantedOrgName:     "granted-org-name",
 						GrantedOrgDomain:   "granted-org-domain",
 					},
 				},
 			},
--- a/proto/zitadel/user.proto
+++ b/proto/zitadel/user.proto
@ -786,6 +786,21 @@ message UserGrant {
            description: "type of the user (human / machine)"
        }
    ];
    string granted_org_id = 20 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"69629023906488334\""
        }
    ];
    string granted_org_name = 21 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"ZITADEL\"";
        }
    ];
    string granted_org_domain = 22 [
        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
            example: "\"zitadel.cloud\"";
        }
    ];
 }
 enum UserGrantState {