feat: protos refactoring

* start with user

* user first try done in all services

* user, org, idp for discussion

* remove unused stuff

* bla

* dockerbuild

* rename search, get multiple to list...

* add annotation

* update proto dependencies

* update proto dependencies

* change proto imports

* replace all old imports

* fix go out

* remove unused lines

* correct protoc flags

* grpc and openapi flags

* go out source path relative

* -p

* remove dead code

* sourcepath relative

* ls

* is onenapi the problem?

* hobla

* authoption output

* wrong field name

* gopf

* correct option, add correct flags

* small improvments

* SIMPLYFY

* relative path

* gopf bin ich en tubel

* correct path

* default policies in admin

* grpc generation in one file

* remove non ascii

* metadata on manipulations

* correct auth_option import

* fixes

* larry

* idp provider to idp

* fix generate

* admin and auth nearly done

* admin and auth nearly done

* gen

* healthz

* imports

* deleted too much imports

* fix org

* add import

* imports

* import

* naming

* auth_opt

* gopf

* management

* imports

* _TYPE_UNSPECIFIED

* improts

* auth opts

* management policies

* imports

* passwordlessType to MFAType

* auth_opt

* add user grant calls

* add missing messages

* result

* fix option

* improvements

* ids

* fix http

* imports

* fixes

* fields

* body

* add fields

* remove wrong member query

* fix request response

* fixes

* add copy files

* variable versions

* generate all files

* improvements

* add dependencies

* factors

* user session

* oidc information, iam

* remove unused file

* changes

* enums

* dockerfile

* fix build

* remove unused folder

* update readme for build

* move old server impl

* add event type to change

* some changes

* start admin

* remove wrong field

* admin only list calls missing

* fix proto numbers

* surprisingly it compiles

* service ts changes

* admin mgmt

* mgmt

* auth manipulation and gets done, lists missing

* validations and some field changes

* validations

* enum validations

* remove todo

* move proto files to proto/zitadel

* change proto path in dockerfile

* it compiles!

* add validate import

* remove duplicate import

* fix protos

* fix import

* tests

* cleanup

* remove unimplemented methods

* iam member multiple queries

* all auth and admin calls

* add initial password on crate human

* message names

* management user server

* machine done

* fix: todos (#1346)

* fix: pub sub in new eventstore

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix: todos

* fix tests

* fix: search method domain

* admin service, user import type typescript

* admin changes

* admin changes

* fix: search method domain

* more user grpc and begin org, fix configs

* fix: return object details

* org grpc

* remove creation date add details

* app

* fix: return object details

* fix: return object details

* mgmt service, project members

* app

* fix: convert policies

* project, members, granted projects, searches

* fix: convert usergrants

* fix: convert usergrants

* auth user detail, user detail, mfa, second factor, auth

* fix: convert usergrants

* mfa, memberships, password, owned proj detail

* fix: convert usergrants

* project grant

* missing details

* changes, userview

* idp table, keys

* org list and user table filter

* unify rest paths (#1381)

* unify rest paths

* post for all searches,
mfa to multi_factor,
secondfactor to second_factor

* remove v1

* fix tests

* rename api client key to app key

* machine keys, age policy

* user list, machine keys, changes

* fix: org states

* add default flag to policy

* second factor to type

* idp id

* app type

* unify ListQuery, ListDetails, ObjectDetails field names

* user grants, apps, memberships

* fix type params

* metadata to detail, linke idps

* api create, membership, app detail, create

* idp, app, policy

* queries, multi -> auth factors and missing fields

* update converters

* provider to user, remove old mgmt refs

* temp remove authfactor dialog, build finish

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com>

internal/api/grpc/user/converter.go

@@ -0,0 +1,215 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/user/model"
+	usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
+	user_pb "github.com/caos/zitadel/pkg/grpc/user"
+)
+
+func UsersToPb(users []*model.UserView) []*user_pb.User {
+	u := make([]*user_pb.User, len(users))
+	for i, user := range users {
+		u[i] = UserToPb(user)
+	}
+	return u
+}
+func UserToPb(user *model.UserView) *user_pb.User {
+	return &user_pb.User{
+		Id:                 user.ID,
+		State:              ModelUserStateToPb(user.State),
+		UserName:           user.UserName,
+		LoginNames:         user.LoginNames,
+		PreferredLoginName: user.PreferredLoginName,
+		Details: object.ToDetailsPb(
+			user.Sequence,
+			user.ChangeDate,
+			user.ResourceOwner,
+		),
+	}
+}
+
+func ProfileToPb(profile *model.Profile) *user_pb.Profile {
+	return &user_pb.Profile{
+		FirstName:         profile.FirstName,
+		LastName:          profile.LastName,
+		NickName:          profile.NickName,
+		DisplayName:       profile.DisplayName,
+		PreferredLanguage: profile.PreferredLanguage.String(),
+		Gender:            GenderToPb(profile.Gender),
+	}
+}
+
+func EmailToPb(email *model.Email) *user_pb.Email {
+	return &user_pb.Email{
+		Email:           email.EmailAddress,
+		IsEmailVerified: email.IsEmailVerified,
+	}
+}
+
+func PhoneToPb(phone *model.Phone) *user_pb.Phone {
+	return &user_pb.Phone{
+		Phone:           phone.PhoneNumber,
+		IsPhoneVerified: phone.IsPhoneVerified,
+	}
+}
+
+func ModelEmailToPb(email *model.Email) *user_pb.Email {
+	return &user_pb.Email{
+		Email:           email.EmailAddress,
+		IsEmailVerified: email.IsEmailVerified,
+	}
+}
+
+func ModelPhoneToPb(phone *model.Phone) *user_pb.Phone {
+	return &user_pb.Phone{
+		Phone:           phone.PhoneNumber,
+		IsPhoneVerified: phone.IsPhoneVerified,
+	}
+}
+
+func ModelAddressToPb(address *model.Address) *user_pb.Address {
+	return &user_pb.Address{
+		Country:       address.Country,
+		Locality:      address.Locality,
+		PostalCode:    address.PostalCode,
+		Region:        address.Region,
+		StreetAddress: address.StreetAddress,
+	}
+}
+
+func GenderToDomain(gender user_pb.Gender) domain.Gender {
+	switch gender {
+	case user_pb.Gender_GENDER_DIVERSE:
+		return domain.GenderDiverse
+	case user_pb.Gender_GENDER_MALE:
+		return domain.GenderMale
+	case user_pb.Gender_GENDER_FEMALE:
+		return domain.GenderFemale
+	default:
+		return -1
+	}
+}
+
+func ModelUserStateToPb(state model.UserState) user_pb.UserState {
+	switch state {
+	case model.UserStateActive:
+		return user_pb.UserState_USER_STATE_ACTIVE
+	case model.UserStateInactive:
+		return user_pb.UserState_USER_STATE_INACTIVE
+	case model.UserStateDeleted:
+		return user_pb.UserState_USER_STATE_DELETED
+	case model.UserStateInitial:
+		return user_pb.UserState_USER_STATE_INITIAL
+	case model.UserStateLocked:
+		return user_pb.UserState_USER_STATE_LOCKED
+	case model.UserStateSuspend:
+		return user_pb.UserState_USER_STATE_SUSPEND
+	default:
+		return user_pb.UserState_USER_STATE_UNSPECIFIED
+	}
+}
+
+func ModelUserGrantStateToPb(state usr_grant_model.UserGrantState) user_pb.UserGrantState {
+	switch state {
+	case usr_grant_model.UserGrantStateActive:
+		return user_pb.UserGrantState_USER_GRANT_STATE_ACTIVE
+	case usr_grant_model.UserGrantStateInactive:
+		return user_pb.UserGrantState_USER_GRANT_STATE_INACTIVE
+	default:
+		return user_pb.UserGrantState_USER_GRANT_STATE_UNSPECIFIED
+	}
+}
+
+func GenderToPb(gender model.Gender) user_pb.Gender {
+	switch gender {
+	case model.GenderDiverse:
+		return user_pb.Gender_GENDER_DIVERSE
+	case model.GenderFemale:
+		return user_pb.Gender_GENDER_FEMALE
+	case model.GenderMale:
+		return user_pb.Gender_GENDER_MALE
+	default:
+		return user_pb.Gender_GENDER_UNSPECIFIED
+	}
+}
+
+func AuthFactorsToPb(mfas []*model.MultiFactor) []*user_pb.AuthFactor {
+	factors := make([]*user_pb.AuthFactor, len(mfas))
+	for i, mfa := range mfas {
+		factors[i] = AuthFactorToPb(mfa)
+	}
+	return factors
+}
+
+func AuthFactorToPb(mfa *model.MultiFactor) *user_pb.AuthFactor {
+	factor := &user_pb.AuthFactor{
+		State: MFAStateToPb(mfa.State),
+	}
+	switch mfa.Type {
+	case model.MFATypeOTP:
+		factor.Type = &user_pb.AuthFactor_Otp{
+			Otp: &user_pb.AuthFactorOTP{},
+		}
+	case model.MFATypeU2F:
+		factor.Type = &user_pb.AuthFactor_U2F{
+			U2F: &user_pb.AuthFactorU2F{
+				Id:   mfa.ID,
+				Name: mfa.Attribute,
+			},
+		}
+	}
+	return factor
+}
+
+func MFAStateToPb(state model.MFAState) user_pb.AuthFactorState {
+	switch state {
+	case model.MFAStateNotReady:
+		return user_pb.AuthFactorState_AUTH_FACTOR_STATE_NOT_READY
+	case model.MFAStateReady:
+		return user_pb.AuthFactorState_AUTH_FACTOR_STATE_READY
+	default:
+		return user_pb.AuthFactorState_AUTH_FACTOR_STATE_UNSPECIFIED
+	}
+}
+
+func WebAuthNTokensViewToPb(tokens []*model.WebAuthNView) []*user_pb.WebAuthNToken {
+	t := make([]*user_pb.WebAuthNToken, len(tokens))
+	for i, token := range tokens {
+		t[i] = WebAuthNTokenViewToPb(token)
+	}
+	return t
+}
+
+func WebAuthNTokenViewToPb(token *model.WebAuthNView) *user_pb.WebAuthNToken {
+	return &user_pb.WebAuthNToken{
+		Id:    token.TokenID,
+		State: MFAStateToPb(token.State),
+		Name:  token.Name,
+	}
+}
+
+func WebAuthNTokenToWebAuthNKeyPb(token *domain.WebAuthNToken) *user_pb.WebAuthNKey {
+	return &user_pb.WebAuthNKey{
+		Id:        string(token.KeyID), //TODO: ask if it's the correct id?
+		PublicKey: token.PublicKey,
+	}
+}
+
+func ExternalIDPViewsToExternalIDPs(externalIDPs []*model.ExternalIDPView) []*domain.ExternalIDP {
+	idps := make([]*domain.ExternalIDP, len(externalIDPs))
+	for i, idp := range externalIDPs {
+		idps[i] = &domain.ExternalIDP{
+			ObjectRoot: models.ObjectRoot{
+				AggregateID:   idp.UserID,
+				ResourceOwner: idp.ResourceOwner,
+			},
+			IDPConfigID:    idp.IDPConfigID,
+			ExternalUserID: idp.ExternalUserID,
+			DisplayName:    idp.UserDisplayName,
+		}
+	}
+	return idps
+}

internal/api/grpc/user/membership.go

@@ -0,0 +1,137 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/errors"
+	user_model "github.com/caos/zitadel/internal/user/model"
+	user_pb "github.com/caos/zitadel/pkg/grpc/user"
+)
+
+func MembershipQueriesToModel(queries []*user_pb.MembershipQuery) (_ []*user_model.UserMembershipSearchQuery, err error) {
+	q := make([]*user_model.UserMembershipSearchQuery, 0)
+	for _, query := range queries {
+		qs, err := MembershipQueryToModel(query)
+		if err != nil {
+			return nil, err
+		}
+		q = append(q, qs...)
+	}
+	return q, nil
+}
+
+func MembershipQueryToModel(query *user_pb.MembershipQuery) ([]*user_model.UserMembershipSearchQuery, error) {
+	switch q := query.Query.(type) {
+	case *user_pb.MembershipQuery_OrgQuery:
+		return MembershipOrgQueryToModel(q.OrgQuery), nil
+	case *user_pb.MembershipQuery_ProjectQuery:
+		return MembershipProjectQueryToModel(q.ProjectQuery), nil
+	case *user_pb.MembershipQuery_ProjectGrantQuery:
+		return MembershipProjectGrantQueryToModel(q.ProjectGrantQuery), nil
+	case *user_pb.MembershipQuery_IamQuery:
+		return MembershipIAMQueryToModel(q.IamQuery), nil
+	default:
+		return nil, errors.ThrowInvalidArgument(nil, "USER-dsg3z", "List.Query.Invalid")
+	}
+}
+
+func MembershipIAMQueryToModel(q *user_pb.MembershipIAMQuery) []*user_model.UserMembershipSearchQuery {
+	return []*user_model.UserMembershipSearchQuery{
+		{
+			Key:    user_model.UserMembershipSearchKeyMemberType,
+			Method: domain.SearchMethodEquals,
+			Value:  user_model.MemberTypeIam,
+		},
+		//TODO: q.IAM?
+	}
+}
+
+func MembershipOrgQueryToModel(q *user_pb.MembershipOrgQuery) []*user_model.UserMembershipSearchQuery {
+	return []*user_model.UserMembershipSearchQuery{
+		{
+			Key:    user_model.UserMembershipSearchKeyMemberType,
+			Method: domain.SearchMethodEquals,
+			Value:  user_model.MemberTypeOrganisation,
+		},
+		{
+			Key:    user_model.UserMembershipSearchKeyObjectID,
+			Method: domain.SearchMethodEquals,
+			Value:  q.OrgId,
+		},
+	}
+}
+
+func MembershipProjectQueryToModel(q *user_pb.MembershipProjectQuery) []*user_model.UserMembershipSearchQuery {
+	return []*user_model.UserMembershipSearchQuery{
+		{
+			Key:    user_model.UserMembershipSearchKeyMemberType,
+			Method: domain.SearchMethodEquals,
+			Value:  user_model.MemberTypeProject,
+		},
+		{
+			Key:    user_model.UserMembershipSearchKeyObjectID,
+			Method: domain.SearchMethodEquals,
+			Value:  q.ProjectId,
+		},
+	}
+}
+
+func MembershipProjectGrantQueryToModel(q *user_pb.MembershipProjectGrantQuery) []*user_model.UserMembershipSearchQuery {
+	return []*user_model.UserMembershipSearchQuery{
+		{
+			Key:    user_model.UserMembershipSearchKeyMemberType,
+			Method: domain.SearchMethodEquals,
+			Value:  user_model.MemberTypeProjectGrant,
+		},
+		{
+			Key:    user_model.UserMembershipSearchKeyObjectID,
+			Method: domain.SearchMethodEquals,
+			Value:  q.ProjectGrantId,
+		},
+	}
+}
+
+func MembershipsToMembershipsPb(memberships []*user_model.UserMembershipView) []*user_pb.Membership {
+	converted := make([]*user_pb.Membership, len(memberships))
+	for i, membership := range memberships {
+		converted[i] = MembershipToMembershipPb(membership)
+	}
+	return converted
+}
+
+func MembershipToMembershipPb(membership *user_model.UserMembershipView) *user_pb.Membership {
+	return &user_pb.Membership{
+		UserId:      membership.UserID,
+		Type:        memberTypeToPb(membership),
+		DisplayName: membership.DisplayName,
+		Roles:       membership.Roles,
+		Details: object.ToDetailsPb(
+			membership.Sequence,
+			membership.ChangeDate,
+			membership.ResourceOwner,
+		),
+	}
+}
+
+func memberTypeToPb(membership *user_model.UserMembershipView) user_pb.MembershipType {
+	switch membership.MemberType {
+	case user_model.MemberTypeOrganisation:
+		return &user_pb.Membership_OrgId{
+			OrgId: membership.AggregateID,
+		}
+	case user_model.MemberTypeProject:
+		return &user_pb.Membership_ProjectId{
+			ProjectId: membership.AggregateID,
+		}
+	case user_model.MemberTypeProjectGrant:
+		return &user_pb.Membership_ProjectGrantId{
+			ProjectGrantId: membership.ObjectID,
+		}
+	case user_model.MemberTypeIam:
+		return &user_pb.Membership_Iam{
+			Iam: true, //TODO: ?
+		}
+	default:
+		return nil //TODO: ?
+	}
+}

internal/api/grpc/user/query.go

@@ -0,0 +1,113 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	user_model "github.com/caos/zitadel/internal/user/model"
+	user_pb "github.com/caos/zitadel/pkg/grpc/user"
+)
+
+func UserQueriesToModel(queries []*user_pb.SearchQuery) []*user_model.UserSearchQuery {
+	q := make([]*user_model.UserSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i] = UserQueryToModel(query)
+	}
+	return q
+}
+
+func UserQueryToModel(query *user_pb.SearchQuery) *user_model.UserSearchQuery {
+	switch q := query.Query.(type) {
+	case *user_pb.SearchQuery_UserNameQuery:
+		return UserNameQueryToModel(q.UserNameQuery)
+	case *user_pb.SearchQuery_FirstNameQuery:
+		return FirstNameQueryToModel(q.FirstNameQuery)
+	case *user_pb.SearchQuery_LastNameQuery:
+		return LastNameQueryToModel(q.LastNameQuery)
+	case *user_pb.SearchQuery_NickNameQuery:
+		return NickNameQueryToModel(q.NickNameQuery)
+	case *user_pb.SearchQuery_DisplayNameQuery:
+		return DisplayNameQueryToModel(q.DisplayNameQuery)
+	case *user_pb.SearchQuery_EmailQuery:
+		return EmailQueryToModel(q.EmailQuery)
+	case *user_pb.SearchQuery_StateQuery:
+		return StateQueryToModel(q.StateQuery)
+	case *user_pb.SearchQuery_TypeQuery:
+		return TypeQueryToModel(q.TypeQuery)
+	case *user_pb.SearchQuery_ResourceOwner:
+		return ResourceOwnerQueryToModel(q.ResourceOwner)
+	default:
+		return nil
+	}
+}
+
+func UserNameQueryToModel(q *user_pb.UserNameQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyUserName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.UserName,
+	}
+}
+
+func FirstNameQueryToModel(q *user_pb.FirstNameQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyFirstName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.FirstName,
+	}
+}
+
+func LastNameQueryToModel(q *user_pb.LastNameQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyLastName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.LastName,
+	}
+}
+
+func NickNameQueryToModel(q *user_pb.NickNameQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyNickName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.NickName,
+	}
+}
+
+func DisplayNameQueryToModel(q *user_pb.DisplayNameQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyDisplayName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.DisplayName,
+	}
+}
+
+func EmailQueryToModel(q *user_pb.EmailQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyEmail,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.EmailAddress,
+	}
+}
+
+func StateQueryToModel(q *user_pb.StateQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyState,
+		Method: domain.SearchMethodEquals,
+		Value:  q.State,
+	}
+}
+
+func TypeQueryToModel(q *user_pb.TypeQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyType,
+		Method: domain.SearchMethodEquals,
+		Value:  q.Type,
+	}
+}
+
+func ResourceOwnerQueryToModel(q *user_pb.ResourceOwnerQuery) *user_model.UserSearchQuery {
+	return &user_model.UserSearchQuery{
+		Key:    user_model.UserSearchKeyResourceOwner,
+		Method: domain.SearchMethodEquals,
+		Value:  q.OrgID,
+	}
+}

internal/api/grpc/user/session.go

@@ -0,0 +1,44 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	auth_req_model "github.com/caos/zitadel/internal/auth_request/model"
+	user_model "github.com/caos/zitadel/internal/user/model"
+	"github.com/caos/zitadel/pkg/grpc/user"
+)
+
+func UserSessionsToPb(sessions []*user_model.UserSessionView) []*user.Session {
+	s := make([]*user.Session, len(sessions))
+	for i, session := range sessions {
+		s[i] = UserSessionToPb(session)
+	}
+	return s
+}
+
+func UserSessionToPb(session *user_model.UserSessionView) *user.Session {
+	return &user.Session{
+		// SessionId: session.,//TOOD: not return from be
+		AgentId:     session.UserAgentID,
+		UserId:      session.UserID,
+		UserName:    session.UserName,
+		LoginName:   session.LoginName,
+		DisplayName: session.DisplayName,
+		AuthState:   SessionStateToPb(session.State),
+		Details: object.ToDetailsPb(
+			session.Sequence,
+			session.ChangeDate,
+			session.ResourceOwner,
+		),
+	}
+}
+
+func SessionStateToPb(state auth_req_model.UserSessionState) user.SessionState {
+	switch state {
+	case auth_req_model.UserSessionStateActive:
+		return user.SessionState_SESSION_STATE_ACTIVE
+	case auth_req_model.UserSessionStateTerminated:
+		return user.SessionState_SESSION_STATE_TERMINATED
+	default:
+		return user.SessionState_SESSION_STATE_UNSPECIFIED
+	}
+}

internal/api/grpc/user/user_grant.go

@@ -0,0 +1,185 @@
+package user
+
+import (
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	usr_grant_model "github.com/caos/zitadel/internal/usergrant/model"
+	user_pb "github.com/caos/zitadel/pkg/grpc/user"
+)
+
+func UserGrantsToPb(grants []*usr_grant_model.UserGrantView) []*user_pb.UserGrant {
+	u := make([]*user_pb.UserGrant, len(grants))
+	for i, grant := range grants {
+		u[i] = UserGrantToPb(grant)
+	}
+	return u
+}
+
+func UserGrantToPb(grant *usr_grant_model.UserGrantView) *user_pb.UserGrant {
+	return &user_pb.UserGrant{
+		GrantId:     grant.ID,
+		UserId:      grant.UserID,
+		State:       ModelUserGrantStateToPb(grant.State),
+		RoleKeys:    grant.RoleKeys,
+		UserName:    grant.UserName,
+		FirstName:   grant.FirstName,
+		LastName:    grant.LastName,
+		Email:       grant.Email,
+		DisplayName: grant.DisplayName,
+		OrgId:       grant.ResourceOwner,
+		OrgDomain:   grant.OrgPrimaryDomain,
+		OrgName:     grant.OrgName,
+		ProjectId:   grant.ProjectID,
+		ProjectName: grant.ProjectName,
+		Details: object.ToDetailsPb(
+			grant.Sequence,
+			grant.ChangeDate,
+			grant.ResourceOwner,
+		),
+	}
+}
+
+func UserGrantQueriesToModel(queries []*user_pb.UserGrantQuery) []*usr_grant_model.UserGrantSearchQuery {
+	q := make([]*usr_grant_model.UserGrantSearchQuery, len(queries))
+	for i, query := range queries {
+		q[i] = UserGrantQueryToModel(query)
+	}
+	return q
+}
+
+func UserGrantQueryToModel(query *user_pb.UserGrantQuery) *usr_grant_model.UserGrantSearchQuery {
+	switch q := query.Query.(type) {
+	case *user_pb.UserGrantQuery_DisplayNameQuery:
+		return UserGrantDisplayNameQueryToModel(q.DisplayNameQuery)
+	case *user_pb.UserGrantQuery_EmailQuery:
+		return UserGrantEmailQueryToModel(q.EmailQuery)
+	case *user_pb.UserGrantQuery_FirstNameQuery:
+		return UserGrantFirstNameQueryToModel(q.FirstNameQuery)
+	case *user_pb.UserGrantQuery_LastNameQuery:
+		return UserGrantLastNameQueryToModel(q.LastNameQuery)
+	case *user_pb.UserGrantQuery_OrgDomainQuery:
+		return UserGrantOrgDomainQueryToModel(q.OrgDomainQuery)
+	case *user_pb.UserGrantQuery_OrgNameQuery:
+		return UserGrantOrgNameQueryToModel(q.OrgNameQuery)
+	case *user_pb.UserGrantQuery_ProjectGrantIdQuery:
+		return UserGrantProjectGrantIDQueryToModel(q.ProjectGrantIdQuery)
+	case *user_pb.UserGrantQuery_ProjectIdQuery:
+		return UserGrantProjectIDQueryToModel(q.ProjectIdQuery)
+	case *user_pb.UserGrantQuery_ProjectNameQuery:
+		return UserGrantProjectNameQueryToModel(q.ProjectNameQuery)
+	case *user_pb.UserGrantQuery_RoleKeyQuery:
+		return UserGrantRoleKeyQueryToModel(q.RoleKeyQuery)
+	case *user_pb.UserGrantQuery_UserIdQuery:
+		return UserGrantUserIDQueryToModel(q.UserIdQuery)
+	case *user_pb.UserGrantQuery_UserNameQuery:
+		return UserGrantUserNameQueryToModel(q.UserNameQuery)
+	case *user_pb.UserGrantQuery_WithGrantedQuery:
+		return UserGrantWithGrantedQueryToModel(q.WithGrantedQuery)
+	default:
+		return nil
+	}
+}
+
+func UserGrantDisplayNameQueryToModel(q *user_pb.UserGrantDisplayNameQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyDisplayName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.DisplayName,
+	}
+}
+
+func UserGrantEmailQueryToModel(q *user_pb.UserGrantEmailQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyEmail,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.Email,
+	}
+}
+
+func UserGrantFirstNameQueryToModel(q *user_pb.UserGrantFirstNameQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyFirstName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.FirstName,
+	}
+}
+
+func UserGrantLastNameQueryToModel(q *user_pb.UserGrantLastNameQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyLastName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.LastName,
+	}
+}
+
+func UserGrantOrgDomainQueryToModel(q *user_pb.UserGrantOrgDomainQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyOrgDomain,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.OrgDomain,
+	}
+}
+
+func UserGrantOrgNameQueryToModel(q *user_pb.UserGrantOrgNameQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyOrgName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.OrgName,
+	}
+}
+
+func UserGrantProjectIDQueryToModel(q *user_pb.UserGrantProjectIDQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyProjectID,
+		Method: domain.SearchMethodEquals,
+		Value:  q.ProjectId,
+	}
+}
+
+func UserGrantProjectGrantIDQueryToModel(q *user_pb.UserGrantProjectGrantIDQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyGrantID,
+		Method: domain.SearchMethodEquals,
+		Value:  q.ProjectGrantId,
+	}
+}
+
+func UserGrantProjectNameQueryToModel(q *user_pb.UserGrantProjectNameQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyProjectName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.ProjectName,
+	}
+}
+
+func UserGrantRoleKeyQueryToModel(q *user_pb.UserGrantRoleKeyQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyRoleKey,
+		Method: domain.SearchMethodListContains,
+		Value:  q.RoleKey,
+	}
+}
+
+func UserGrantUserIDQueryToModel(q *user_pb.UserGrantUserIDQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyUserID,
+		Method: domain.SearchMethodEquals,
+		Value:  q.UserId,
+	}
+}
+
+func UserGrantUserNameQueryToModel(q *user_pb.UserGrantUserNameQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyUserName,
+		Method: object.TextMethodToModel(q.Method),
+		Value:  q.UserName,
+	}
+}
+
+func UserGrantWithGrantedQueryToModel(q *user_pb.UserGrantWithGrantedQuery) *usr_grant_model.UserGrantSearchQuery {
+	return &usr_grant_model.UserGrantSearchQuery{
+		Key:    usr_grant_model.UserGrantSearchKeyWithGranted,
+		Method: domain.SearchMethodEquals,
+		Value:  q.WithGranted,
+	}
+}