feat: restrict languages (#6931)

* feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions
2025-08-11 20:57:31 +00:00 · 2023-12-05 12:12:01 +01:00
parent 236930f109
commit dd33538c0a
123 changed files with 4133 additions and 2058 deletions
--- a/internal/query/restrictions.go
+++ b/internal/query/restrictions.go
@@ -7,9 +7,12 @@ import (
 	"time"

 	sq "github.com/Masterminds/squirrel"
+	"golang.org/x/text/language"

 	"github.com/zitadel/zitadel/internal/api/authz"
 	"github.com/zitadel/zitadel/internal/api/call"
+	"github.com/zitadel/zitadel/internal/database"
+	"github.com/zitadel/zitadel/internal/domain"
 	zitade_errors "github.com/zitadel/zitadel/internal/errors"
 	"github.com/zitadel/zitadel/internal/query/projection"
 	"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -44,10 +47,14 @@ var (
 		name:  projection.RestrictionsColumnSequence,
 		table: restrictionsTable,
 	}
-	RestrictionsColumnDisallowPublicOrgRegistrations = Column{
+	RestrictionsColumnDisallowPublicOrgRegistration = Column{
 		name:  projection.RestrictionsColumnDisallowPublicOrgRegistration,
 		table: restrictionsTable,
 	}
+	RestrictionsColumnAllowedLanguages = Column{
+		name:  projection.RestrictionsColumnAllowedLanguages,
+		table: restrictionsTable,
+	}
 )

 type Restrictions struct {
@@ -58,6 +65,7 @@ type Restrictions struct {
 	Sequence      uint64

 	DisallowPublicOrgRegistration bool
+	AllowedLanguages              []language.Tag
 }

 func (q *Queries) GetInstanceRestrictions(ctx context.Context) (restrictions Restrictions, err error) {
@@ -91,18 +99,25 @@ func prepareRestrictionsQuery(ctx context.Context, db prepareDatabase) (sq.Selec
 			RestrictionsColumnChangeDate.identifier(),
 			RestrictionsColumnResourceOwner.identifier(),
 			RestrictionsColumnSequence.identifier(),
-			RestrictionsColumnDisallowPublicOrgRegistrations.identifier(),
+			RestrictionsColumnDisallowPublicOrgRegistration.identifier(),
+			RestrictionsColumnAllowedLanguages.identifier(),
 		).
 			From(restrictionsTable.identifier() + db.Timetravel(call.Took(ctx))).
 			PlaceholderFormat(sq.Dollar),
 		func(row *sql.Row) (restrictions Restrictions, err error) {
-			return restrictions, row.Scan(
+			allowedLanguages := database.TextArray[string](make([]string, 0))
+			disallowPublicOrgRegistration := sql.NullBool{}
+			err = row.Scan(
 				&restrictions.AggregateID,
 				&restrictions.CreationDate,
 				&restrictions.ChangeDate,
 				&restrictions.ResourceOwner,
 				&restrictions.Sequence,
-				&restrictions.DisallowPublicOrgRegistration,
+				&disallowPublicOrgRegistration,
+				&allowedLanguages,
 			)
+			restrictions.DisallowPublicOrgRegistration = disallowPublicOrgRegistration.Bool
+			restrictions.AllowedLanguages = domain.StringsToLanguages(allowedLanguages)
+			return restrictions, err
 		}
 }