feat: get my project permission (#245)

2025-02-28 22:47:23 +00:00 · 2020-06-19 15:33:54 +02:00 · 2020-06-19 15:33:54 +02:00 · d89087cbe0
commit d89087cbe0
parent 710652ef24
8 changed files with 3711 additions and 2774 deletions
--- a/internal/auth/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/auth/repository/eventsourcing/eventstore/user_grant.go
@ -81,6 +81,19 @@ func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]st
 	return permissions.Permissions, nil
 }

+func (repo *UserGrantRepo) SearchMyProjectPermissions(ctx context.Context) ([]string, error) {
+	ctxData := auth.GetCtxData(ctx)
+	usergrant, err := repo.View.UserGrantByIDs(ctxData.OrgID, ctxData.ProjectID, ctxData.UserID)
+	if err != nil {
+		return nil, err
+	}
+	permissions := make([]string, len(usergrant.RoleKeys))
+	for i, role := range usergrant.RoleKeys {
+		permissions[i] = role
+	}
+	return permissions, nil
+}
+
 func (repo *UserGrantRepo) SearchAdminOrgs(request *grant_model.UserGrantSearchRequest) (*grant_model.ProjectOrgSearchResponse, error) {
 	searchRequest := &org_model.OrgSearchRequest{}
 	if len(request.Queries) > 0 {
--- a/internal/auth/repository/user_grant.go
+++ b/internal/auth/repository/user_grant.go
@ -9,4 +9,5 @@ type UserGrantRepository interface {
 	SearchMyUserGrants(ctx context.Context, request *model.UserGrantSearchRequest) (*model.UserGrantSearchResponse, error)
 	SearchMyProjectOrgs(ctx context.Context, request *model.UserGrantSearchRequest) (*model.ProjectOrgSearchResponse, error)
 	SearchMyZitadelPermissions(ctx context.Context) ([]string, error)
+	SearchMyProjectPermissions(ctx context.Context) ([]string, error)
 }
--- a/pkg/auth/api/grpc/auth.pb.authoptions.go
+++ b/pkg/auth/api/grpc/auth.pb.authoptions.go
@ -124,6 +124,11 @@ var AuthService_AuthMethods = utils_auth.MethodMapping{
 		Permission: "authenticated",
 		CheckParam: "",
 	},
+
+	"/caos.zitadel.auth.api.v1.AuthService/GetMyProjectPermissions": utils_auth.Option{
+		Permission: "authenticated",
+		CheckParam: "",
+	},
 }

 func AuthService_Authorization_Interceptor(verifier utils_auth.TokenVerifier, authConf *utils_auth.Config) grpc.UnaryServerInterceptor {
--- a/pkg/auth/api/grpc/auth.pb.go
+++ b/pkg/auth/api/grpc/auth.pb.go
--- a/pkg/auth/api/grpc/auth.pb.gw.go
+++ b/pkg/auth/api/grpc/auth.pb.gw.go
--- a/pkg/auth/api/grpc/auth.swagger.json
+++ b/pkg/auth/api/grpc/auth.swagger.json
@ -79,6 +79,22 @@
        ]
      }
    },
+    "/permissions/me": {
+      "get": {
+        "operationId": "GetMyProjectPermissions",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1MyPermissions"
+            }
+          }
+        },
+        "tags": [
+          "AuthService"
+        ]
+      }
+    },
    "/permissions/zitadel/me": {
      "get": {
        "summary": "Permission",
@ -536,7 +552,7 @@
          "200": {
            "description": "A successful response.",
            "schema": {
-              "type": "object"
+              "$ref": "#/definitions/protobufStruct"
            }
          }
        },
@ -547,6 +563,19 @@
    }
  },
  "definitions": {
+    "protobufListValue": {
+      "type": "object",
+      "properties": {
+        "values": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/protobufValue"
+          },
+          "description": "Repeated field of dynamically typed values."
+        }
+      },
+      "description": "`ListValue` is a wrapper around a repeated field of values.\n\nThe JSON representation for `ListValue` is JSON array."
+    },
    "protobufNullValue": {
      "type": "string",
      "enum": [
@ -555,6 +584,51 @@
      "default": "NULL_VALUE",
      "description": "`NullValue` is a singleton enumeration to represent the null value for the\n`Value` type union.\n\n The JSON representation for `NullValue` is JSON `null`.\n\n - NULL_VALUE: Null value."
    },
+    "protobufStruct": {
+      "type": "object",
+      "properties": {
+        "fields": {
+          "type": "object",
+          "additionalProperties": {
+            "$ref": "#/definitions/protobufValue"
+          },
+          "description": "Unordered map of dynamically typed values."
+        }
+      },
+      "description": "`Struct` represents a structured data value, consisting of fields\nwhich map to dynamically typed values. In some languages, `Struct`\nmight be supported by a native representation. For example, in\nscripting languages like JS a struct is represented as an\nobject. The details of that representation are described together\nwith the proto support for the language.\n\nThe JSON representation for `Struct` is JSON object."
+    },
+    "protobufValue": {
+      "type": "object",
+      "properties": {
+        "null_value": {
+          "$ref": "#/definitions/protobufNullValue",
+          "description": "Represents a null value."
+        },
+        "number_value": {
+          "type": "number",
+          "format": "double",
+          "description": "Represents a double value."
+        },
+        "string_value": {
+          "type": "string",
+          "description": "Represents a string value."
+        },
+        "bool_value": {
+          "type": "boolean",
+          "format": "boolean",
+          "description": "Represents a boolean value."
+        },
+        "struct_value": {
+          "$ref": "#/definitions/protobufStruct",
+          "description": "Represents a structured value."
+        },
+        "list_value": {
+          "$ref": "#/definitions/protobufListValue",
+          "description": "Represents a repeated `Value`."
+        }
+      },
+      "description": "`Value` represents a dynamically typed value which can be either\nnull, a number, a string, a boolean, a recursive struct value, or a\nlist of values. A producer of value is expected to set one of that\nvariants, absence of any variant indicates an error.\n\nThe JSON representation for `Value` is JSON value."
+    },
    "v1Gender": {
      "type": "string",
      "enum": [
--- a/pkg/auth/api/grpc/user_grant.go
+++ b/pkg/auth/api/grpc/user_grant.go
@ -28,3 +28,11 @@ func (s *Server) GetMyZitadelPermissions(ctx context.Context, _ *empty.Empty) (*
 	}
 	return &MyPermissions{Permissions: perms}, nil
 }
+
+func (s *Server) GetMyProjectPermissions(ctx context.Context, _ *empty.Empty) (*MyPermissions, error) {
+	perms, err := s.repo.SearchMyProjectPermissions(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return &MyPermissions{Permissions: perms}, nil
+}
--- a/pkg/auth/api/proto/auth.proto
+++ b/pkg/auth/api/proto/auth.proto
@ -284,6 +284,16 @@ service AuthService {
      permission: "authenticated"
    };
  }
+
+  rpc GetMyProjectPermissions(google.protobuf.Empty) returns (MyPermissions) {
+    option (google.api.http) = {
+      get: "/permissions/me"
+    };
+
+    option (caos.zitadel.utils.v1.auth_option) = {
+      permission: "authenticated"
+    };
+  }
 }

 message UserSessionViews {