mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 04:17:32 +00:00
fix: move activity log to queries and remove old code (#3096)
* move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse
This commit is contained in:
Livio Amstutz
@@ -17,7 +17,7 @@ import (
|
||||
http_util "github.com/caos/zitadel/internal/api/http"
|
||||
"github.com/caos/zitadel/internal/api/oidc"
|
||||
auth_es "github.com/caos/zitadel/internal/auth/repository/eventsourcing"
|
||||
authz_es "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
||||
authz_repo "github.com/caos/zitadel/internal/authz/repository"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
@@ -29,8 +29,9 @@ import (
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
GRPC grpc_util.Config
|
||||
OIDC oidc.OPHandlerConfig
|
||||
GRPC grpc_util.Config
|
||||
OIDC oidc.OPHandlerConfig
|
||||
Domain string
|
||||
}
|
||||
|
||||
type API struct {
|
||||
@@ -58,16 +59,16 @@ type admin interface {
|
||||
GetSpoolerDiv(database, viewName string) int64
|
||||
}
|
||||
|
||||
func Create(config Config, authZ authz.Config, q *query.Queries, authZRepo *authz_es.EsRepository, authRepo *auth_es.EsRepository, adminRepo *admin_es.EsRepository, sd systemdefaults.SystemDefaults) *API {
|
||||
func Create(config Config, authZ authz.Config, q *query.Queries, authZRepo authz_repo.Repository, authRepo *auth_es.EsRepository, adminRepo *admin_es.EsRepository, sd systemdefaults.SystemDefaults) *API {
|
||||
api := &API{
|
||||
serverPort: config.GRPC.ServerPort,
|
||||
}
|
||||
|
||||
repo := struct {
|
||||
authz_es.EsRepository
|
||||
authz_repo.Repository
|
||||
query.Queries
|
||||
}{
|
||||
*authZRepo,
|
||||
authZRepo,
|
||||
*q,
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/command"
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/id"
|
||||
"github.com/caos/zitadel/internal/management/repository"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/internal/static"
|
||||
)
|
||||
@@ -28,7 +27,6 @@ type Handler struct {
|
||||
commands *command.Commands
|
||||
authInterceptor *http_mw.AuthInterceptor
|
||||
idGenerator id.Generator
|
||||
orgRepo repository.OrgRepository
|
||||
query *query.Queries
|
||||
}
|
||||
|
||||
@@ -74,7 +72,6 @@ func NewHandler(
|
||||
authConfig authz.Config,
|
||||
idGenerator id.Generator,
|
||||
storage static.Storage,
|
||||
orgRepo repository.OrgRepository,
|
||||
queries *query.Queries,
|
||||
) http.Handler {
|
||||
h := &Handler{
|
||||
@@ -83,7 +80,6 @@ func NewHandler(
|
||||
authInterceptor: http_mw.AuthorizationInterceptor(verifier, authConfig),
|
||||
idGenerator: idGenerator,
|
||||
storage: storage,
|
||||
orgRepo: orgRepo,
|
||||
query: queries,
|
||||
}
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) ListIAMMemberRoles(ctx context.Context, req *admin_pb.ListIAMMemberRolesRequest) (*admin_pb.ListIAMMemberRolesResponse, error) {
|
||||
roles := s.iam.GetIAMMemberRoles()
|
||||
roles := s.query.GetIAMMemberRoles()
|
||||
return &admin_pb.ListIAMMemberRolesResponse{
|
||||
Roles: roles,
|
||||
Details: object.ToListDetails(uint64(len(roles)), 0, time.Now()),
|
||||
|
||||
@@ -8,7 +8,7 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetSupportedLanguages(ctx context.Context, req *admin_pb.GetSupportedLanguagesRequest) (*admin_pb.GetSupportedLanguagesResponse, error) {
|
||||
langs, err := s.iam.Languages(ctx)
|
||||
langs, err := s.query.Languages(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -22,7 +22,6 @@ type Server struct {
|
||||
admin.UnimplementedAdminServiceServer
|
||||
command *command.Commands
|
||||
query *query.Queries
|
||||
iam repository.IAMRepository
|
||||
administrator repository.AdministratorRepository
|
||||
iamDomain string
|
||||
assetsAPIDomain string
|
||||
@@ -36,7 +35,6 @@ func CreateServer(command *command.Commands, query *query.Queries, repo reposito
|
||||
return &Server{
|
||||
command: command,
|
||||
query: query,
|
||||
iam: repo,
|
||||
administrator: repo,
|
||||
iamDomain: iamDomain,
|
||||
assetsAPIDomain: assetsAPIDomain,
|
||||
|
||||
@@ -3,28 +3,43 @@ package auth
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
|
||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
||||
)
|
||||
|
||||
func (s *Server) ListMyZitadelPermissions(ctx context.Context, _ *auth_pb.ListMyZitadelPermissionsRequest) (*auth_pb.ListMyZitadelPermissionsResponse, error) {
|
||||
perms, err := s.repo.SearchMyZitadelPermissions(ctx)
|
||||
perms, err := s.query.MyZitadelPermissions(ctx, authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.ListMyZitadelPermissionsResponse{
|
||||
Result: perms,
|
||||
Result: perms.Permissions,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func (s *Server) ListMyProjectPermissions(ctx context.Context, _ *auth_pb.ListMyProjectPermissionsRequest) (*auth_pb.ListMyProjectPermissionsResponse, error) {
|
||||
perms, err := s.repo.SearchMyProjectPermissions(ctx)
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
userGrantOrgID, err := query.NewUserGrantResourceOwnerSearchQuery(ctxData.OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrantProjectID, err := query.NewUserGrantProjectIDSearchQuery(ctxData.ProjectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrant, err := s.query.UserGrant(ctx, userGrantOrgID, userGrantProjectID, userGrantUserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.ListMyProjectPermissionsResponse{
|
||||
Result: perms,
|
||||
Result: userGrant.Roles,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
||||
)
|
||||
|
||||
@@ -26,7 +25,12 @@ func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*a
|
||||
|
||||
func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserRequest) (*auth_pb.RemoveMyUserResponse, error) {
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
grants, err := s.repo.SearchMyUserGrants(ctx, &grant_model.UserGrantSearchRequest{Queries: []*grant_model.UserGrantSearchQuery{}})
|
||||
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID}}
|
||||
grants, err := s.query.UserGrants(ctx, queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -41,7 +45,7 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, memberships.Memberships, userGrantsToIDs(grants.Result)...)
|
||||
details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, memberships.Memberships, userGrantsToIDs(grants.UserGrants)...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -51,17 +55,17 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
|
||||
}
|
||||
|
||||
func (s *Server) ListMyUserChanges(ctx context.Context, req *auth_pb.ListMyUserChangesRequest) (*auth_pb.ListMyUserChangesResponse, error) {
|
||||
sequence, limit, asc := change.ChangeQueryToModel(req.Query)
|
||||
sequence, limit, asc := change.ChangeQueryToQuery(req.Query)
|
||||
features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).ResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
changes, err := s.repo.MyUserChanges(ctx, sequence, limit, asc, features.AuditLogRetention)
|
||||
changes, err := s.query.UserChanges(ctx, authz.GetCtxData(ctx).UserID, sequence, limit, asc, features.AuditLogRetention)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.ListMyUserChangesResponse{
|
||||
Result: change.UserChangesToPb(changes.Changes),
|
||||
Result: change.ChangesToPb(changes.Changes, s.assetsAPIDomain),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -124,14 +128,18 @@ func ctxToObjectRoot(ctx context.Context) models.ObjectRoot {
|
||||
}
|
||||
|
||||
func (s *Server) ListMyUserGrants(ctx context.Context, req *auth_pb.ListMyUserGrantsRequest) (*auth_pb.ListMyUserGrantsResponse, error) {
|
||||
res, err := s.repo.SearchMyUserGrants(ctx, ListMyUserGrantsRequestToModel(req))
|
||||
queries, err := ListMyUserGrantsRequestToQuery(ctx, req)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.query.UserGrants(ctx, queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &auth_pb.ListMyUserGrantsResponse{
|
||||
Result: UserGrantsToPb(res.Result),
|
||||
Result: UserGrantsToPb(res.UserGrants),
|
||||
Details: obj_grpc.ToListDetails(
|
||||
res.TotalResult,
|
||||
res.Count,
|
||||
res.Sequence,
|
||||
res.Timestamp,
|
||||
),
|
||||
@@ -152,13 +160,21 @@ func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProje
|
||||
|
||||
//client of user is not in project of ZITADEL
|
||||
if ctxData.ProjectID != iam.IAMProjectID {
|
||||
grants, err := s.repo.UserGrantsByProjectAndUserID(ctxData.ProjectID, ctxData.UserID)
|
||||
userGrantProjectID, err := query.NewUserGrantProjectIDSearchQuery(ctxData.ProjectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantProjectID, userGrantUserID}})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ids := make([]string, 0, len(grants))
|
||||
for _, grant := range grants {
|
||||
ids := make([]string, 0, len(grants.UserGrants))
|
||||
for _, grant := range grants.UserGrants {
|
||||
ids = appendIfNotExists(ids, grant.ResourceOwner)
|
||||
}
|
||||
|
||||
@@ -276,7 +292,7 @@ func MemberTypeToDomain(m *query.Membership) (_ domain.MemberType, displayName,
|
||||
return domain.MemberTypeUnspecified, "", "", ""
|
||||
}
|
||||
|
||||
func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
|
||||
func userGrantsToIDs(userGrants []*query.UserGrant) []string {
|
||||
converted := make([]string, len(userGrants))
|
||||
for i, grant := range userGrants {
|
||||
converted[i] = grant.ID
|
||||
|
||||
@@ -1,21 +1,33 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||
"github.com/caos/zitadel/internal/usergrant/model"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
||||
)
|
||||
|
||||
func ListMyUserGrantsRequestToModel(req *auth_pb.ListMyUserGrantsRequest) *model.UserGrantSearchRequest {
|
||||
func ListMyUserGrantsRequestToQuery(ctx context.Context, req *auth_pb.ListMyUserGrantsRequest) (*query.UserGrantsQueries, error) {
|
||||
offset, limit, asc := object.ListQueryToModel(req.Query)
|
||||
return &model.UserGrantSearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &query.UserGrantsQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: offset,
|
||||
Limit: limit,
|
||||
Asc: asc,
|
||||
},
|
||||
Queries: []query.SearchQuery{
|
||||
userGrantUserID,
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
|
||||
func UserGrantsToPb(grants []*model.UserGrantView) []*auth_pb.UserGrant {
|
||||
func UserGrantsToPb(grants []*query.UserGrant) []*auth_pb.UserGrant {
|
||||
userGrants := make([]*auth_pb.UserGrant, len(grants))
|
||||
for i, grant := range grants {
|
||||
userGrants[i] = UserGrantToPb(grant)
|
||||
@@ -23,13 +35,13 @@ func UserGrantsToPb(grants []*model.UserGrantView) []*auth_pb.UserGrant {
|
||||
return userGrants
|
||||
}
|
||||
|
||||
func UserGrantToPb(grant *model.UserGrantView) *auth_pb.UserGrant {
|
||||
func UserGrantToPb(grant *query.UserGrant) *auth_pb.UserGrant {
|
||||
return &auth_pb.UserGrant{
|
||||
GrantId: grant.ID,
|
||||
OrgId: grant.ResourceOwner,
|
||||
OrgName: grant.OrgName,
|
||||
ProjectId: grant.ProjectID,
|
||||
UserId: grant.UserID,
|
||||
Roles: grant.RoleKeys,
|
||||
Roles: grant.Roles,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,100 +1,39 @@
|
||||
package change
|
||||
|
||||
import (
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
proj_model "github.com/caos/zitadel/internal/project/model"
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
change_pb "github.com/caos/zitadel/pkg/grpc/change"
|
||||
"github.com/caos/zitadel/pkg/grpc/message"
|
||||
)
|
||||
|
||||
func ChangeQueryToModel(query *change_pb.ChangeQuery) (sequence uint64, limit uint64, asc bool) {
|
||||
func ChangeQueryToQuery(query *change_pb.ChangeQuery) (sequence uint64, limit uint64, asc bool) {
|
||||
if query == nil {
|
||||
return 0, 0, false
|
||||
}
|
||||
return query.Sequence, uint64(query.Limit), query.Asc
|
||||
}
|
||||
|
||||
func UserChangesToPb(changes []*user_model.UserChange) []*change_pb.Change {
|
||||
func ChangesToPb(changes []*query.Change, assetAPIPrefix string) []*change_pb.Change {
|
||||
c := make([]*change_pb.Change, len(changes))
|
||||
for i, change := range changes {
|
||||
c[i] = UserChangeToPb(change)
|
||||
c[i] = ChangeToPb(change, assetAPIPrefix)
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func UserChangeToPb(change *user_model.UserChange) *change_pb.Change {
|
||||
func ChangeToPb(change *query.Change, assetAPIPrefix string) *change_pb.Change {
|
||||
return &change_pb.Change{
|
||||
ChangeDate: change.ChangeDate,
|
||||
EventType: message.NewLocalizedEventType(change.EventType),
|
||||
Sequence: change.Sequence,
|
||||
EditorId: change.ModifierID,
|
||||
EditorDisplayName: change.ModifierName,
|
||||
EditorPreferredLoginName: change.ModifierLoginName,
|
||||
EditorAvatarUrl: change.ModifierAvatarURL,
|
||||
// ResourceOwnerId: change.,TODO: resource owner not returned
|
||||
}
|
||||
}
|
||||
|
||||
func OrgChangesToPb(changes []*org_model.OrgChange) []*change_pb.Change {
|
||||
c := make([]*change_pb.Change, len(changes))
|
||||
for i, change := range changes {
|
||||
c[i] = OrgChangeToPb(change)
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func OrgChangeToPb(change *org_model.OrgChange) *change_pb.Change {
|
||||
return &change_pb.Change{
|
||||
ChangeDate: change.ChangeDate,
|
||||
ChangeDate: timestamppb.New(change.ChangeDate),
|
||||
EventType: message.NewLocalizedEventType(change.EventType),
|
||||
Sequence: change.Sequence,
|
||||
EditorId: change.ModifierId,
|
||||
EditorDisplayName: change.ModifierName,
|
||||
EditorPreferredLoginName: change.ModifierLoginName,
|
||||
EditorAvatarUrl: change.ModifierAvatarURL,
|
||||
// ResourceOwnerId: change.,TODO: resource owner not returned
|
||||
}
|
||||
}
|
||||
|
||||
func ProjectChangesToPb(changes []*proj_model.ProjectChange) []*change_pb.Change {
|
||||
c := make([]*change_pb.Change, len(changes))
|
||||
for i, change := range changes {
|
||||
c[i] = ProjectChangeToPb(change)
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func ProjectChangeToPb(change *proj_model.ProjectChange) *change_pb.Change {
|
||||
return &change_pb.Change{
|
||||
ChangeDate: change.ChangeDate,
|
||||
EventType: message.NewLocalizedEventType(change.EventType),
|
||||
Sequence: change.Sequence,
|
||||
EditorId: change.ModifierId,
|
||||
EditorDisplayName: change.ModifierName,
|
||||
EditorPreferredLoginName: change.ModifierLoginName,
|
||||
EditorAvatarUrl: change.ModifierAvatarURL,
|
||||
// ResourceOwnerId: change.,TODO: resource owner not returned
|
||||
}
|
||||
}
|
||||
|
||||
func AppChangesToPb(changes []*proj_model.ApplicationChange) []*change_pb.Change {
|
||||
c := make([]*change_pb.Change, len(changes))
|
||||
for i, change := range changes {
|
||||
c[i] = AppChangeToPb(change)
|
||||
}
|
||||
return c
|
||||
}
|
||||
|
||||
func AppChangeToPb(change *proj_model.ApplicationChange) *change_pb.Change {
|
||||
return &change_pb.Change{
|
||||
ChangeDate: change.ChangeDate,
|
||||
EventType: message.NewLocalizedEventType(change.EventType),
|
||||
Sequence: change.Sequence,
|
||||
EditorId: change.ModifierId,
|
||||
EditorDisplayName: change.ModifierName,
|
||||
EditorPreferredLoginName: change.ModifierLoginName,
|
||||
EditorAvatarUrl: change.ModifierAvatarURL,
|
||||
// ResourceOwnerId: change.,TODO: resource owner not returned
|
||||
EditorAvatarUrl: domain.AvatarURL(assetAPIPrefix, change.ModifierResourceOwner, change.ModifierAvatarKey),
|
||||
ResourceOwnerId: change.ResourceOwner,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -33,17 +33,17 @@ func (s *Server) GetOrgByDomainGlobal(ctx context.Context, req *mgmt_pb.GetOrgBy
|
||||
}
|
||||
|
||||
func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChangesRequest) (*mgmt_pb.ListOrgChangesResponse, error) {
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
|
||||
features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
response, err := s.org.OrgChanges(ctx, authz.GetCtxData(ctx).OrgID, sequence, limit, asc, features.AuditLogRetention)
|
||||
response, err := s.query.OrgChanges(ctx, authz.GetCtxData(ctx).OrgID, sequence, limit, asc, features.AuditLogRetention)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListOrgChangesResponse{
|
||||
Result: change_grpc.OrgChangesToPb(response.Changes),
|
||||
Result: change_grpc.ChangesToPb(response.Changes, s.assetAPIPrefix),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -211,7 +211,7 @@ func (s *Server) ListOrgMemberRoles(ctx context.Context, req *mgmt_pb.ListOrgMem
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
roles := s.org.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
|
||||
roles := s.query.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
|
||||
return &mgmt_pb.ListOrgMemberRolesResponse{
|
||||
Result: roles,
|
||||
}, nil
|
||||
|
||||
@@ -110,17 +110,17 @@ func (s *Server) ListGrantedProjectRoles(ctx context.Context, req *mgmt_pb.ListG
|
||||
}
|
||||
|
||||
func (s *Server) ListProjectChanges(ctx context.Context, req *mgmt_pb.ListProjectChangesRequest) (*mgmt_pb.ListProjectChangesResponse, error) {
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
|
||||
features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.project.ProjectChanges(ctx, req.ProjectId, sequence, limit, asc, features.AuditLogRetention)
|
||||
res, err := s.query.ProjectChanges(ctx, req.ProjectId, sequence, limit, asc, features.AuditLogRetention)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListProjectChangesResponse{
|
||||
Result: change_grpc.ProjectChangesToPb(res.Changes),
|
||||
Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -289,7 +289,7 @@ func (s *Server) RemoveProjectRole(ctx context.Context, req *mgmt_pb.RemoveProje
|
||||
}
|
||||
|
||||
func (s *Server) ListProjectMemberRoles(ctx context.Context, _ *mgmt_pb.ListProjectMemberRolesRequest) (*mgmt_pb.ListProjectMemberRolesResponse, error) {
|
||||
roles, err := s.project.GetProjectMemberRoles(ctx)
|
||||
roles, err := s.query.GetProjectMemberRoles(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -42,17 +42,17 @@ func (s *Server) ListApps(ctx context.Context, req *mgmt_pb.ListAppsRequest) (*m
|
||||
}
|
||||
|
||||
func (s *Server) ListAppChanges(ctx context.Context, req *mgmt_pb.ListAppChangesRequest) (*mgmt_pb.ListAppChangesResponse, error) {
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
|
||||
features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.project.ApplicationChanges(ctx, req.ProjectId, req.AppId, sequence, limit, asc, features.AuditLogRetention)
|
||||
res, err := s.query.ApplicationChanges(ctx, req.ProjectId, req.AppId, sequence, limit, asc, features.AuditLogRetention)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListAppChangesResponse{
|
||||
Result: change_grpc.AppChangesToPb(res.Changes),
|
||||
Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix),
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -160,7 +160,7 @@ func (s *Server) RemoveProjectGrant(ctx context.Context, req *mgmt_pb.RemoveProj
|
||||
}
|
||||
|
||||
func (s *Server) ListProjectGrantMemberRoles(ctx context.Context, req *mgmt_pb.ListProjectGrantMemberRolesRequest) (*mgmt_pb.ListProjectGrantMemberRolesResponse, error) {
|
||||
roles := s.project.GetProjectGrantMemberRoles()
|
||||
roles := s.query.GetProjectGrantMemberRoles()
|
||||
return &mgmt_pb.ListProjectGrantMemberRolesResponse{
|
||||
Result: roles,
|
||||
Details: object_grpc.ToListDetails(uint64(len(roles)), 0, time.Now()),
|
||||
|
||||
@@ -7,8 +7,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/api/grpc/server"
|
||||
"github.com/caos/zitadel/internal/command"
|
||||
"github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/management/repository"
|
||||
"github.com/caos/zitadel/internal/management/repository/eventsourcing"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/pkg/grpc/management"
|
||||
)
|
||||
@@ -23,24 +21,14 @@ type Server struct {
|
||||
management.UnimplementedManagementServiceServer
|
||||
command *command.Commands
|
||||
query *query.Queries
|
||||
project repository.ProjectRepository
|
||||
org repository.OrgRepository
|
||||
user repository.UserRepository
|
||||
systemDefaults systemdefaults.SystemDefaults
|
||||
assetAPIPrefix string
|
||||
}
|
||||
|
||||
type Config struct {
|
||||
Repository eventsourcing.Config
|
||||
}
|
||||
|
||||
func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository, sd systemdefaults.SystemDefaults, assetAPIPrefix string) *Server {
|
||||
func CreateServer(command *command.Commands, query *query.Queries, sd systemdefaults.SystemDefaults, assetAPIPrefix string) *Server {
|
||||
return &Server{
|
||||
command: command,
|
||||
query: query,
|
||||
project: repo,
|
||||
org: repo,
|
||||
user: repo,
|
||||
systemDefaults: sd,
|
||||
assetAPIPrefix: assetAPIPrefix,
|
||||
}
|
||||
|
||||
@@ -70,17 +70,17 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (
|
||||
}
|
||||
|
||||
func (s *Server) ListUserChanges(ctx context.Context, req *mgmt_pb.ListUserChangesRequest) (*mgmt_pb.ListUserChangesResponse, error) {
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
|
||||
sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
|
||||
features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
res, err := s.user.UserChanges(ctx, req.UserId, sequence, limit, asc, features.AuditLogRetention)
|
||||
res, err := s.query.UserChanges(ctx, req.UserId, sequence, limit, asc, features.AuditLogRetention)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &mgmt_pb.ListUserChangesResponse{
|
||||
Result: change_grpc.UserChangesToPb(res.Changes),
|
||||
Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix),
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -11,11 +11,15 @@ import (
|
||||
)
|
||||
|
||||
func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrantByIDRequest) (*mgmt_pb.GetUserGrantByIDResponse, error) {
|
||||
idQuery, err := query.NewUserGrantGrantIDSearchQuery(req.GrantId)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ownerQuery, err := query.NewUserGrantResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grant, err := s.query.UserGrantByID(ctx, req.GrantId, ownerQuery)
|
||||
grant, err := s.query.UserGrant(ctx, idQuery, ownerQuery)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -17,7 +17,6 @@ import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -108,7 +107,14 @@ func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secr
|
||||
UserID: oidcCtx,
|
||||
OrgID: oidcCtx,
|
||||
})
|
||||
return o.repo.AuthorizeClientIDSecret(ctx, id, secret)
|
||||
app, err := o.query.AppByClientID(ctx, id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app.OIDCConfig != nil {
|
||||
return o.command.VerifyOIDCClientSecret(ctx, app.ProjectID, app.ID, secret)
|
||||
}
|
||||
return o.command.VerifyAPIClientSecret(ctx, app.ProjectID, app.ID, secret)
|
||||
}
|
||||
|
||||
func (o *OPStorage) SetUserinfoFromToken(ctx context.Context, userInfo oidc.UserInfoSetter, tokenID, subject, origin string) (err error) {
|
||||
@@ -293,13 +299,23 @@ func (o *OPStorage) assertRoles(ctx context.Context, userID, applicationID strin
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grants, err := o.repo.UserGrantsByProjectAndUserID(projectID, userID)
|
||||
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userIDQuery, err := query.NewUserGrantUserIDSearchQuery(userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
grants, err := o.query.UserGrants(ctx, &query.UserGrantsQueries{
|
||||
Queries: []query.SearchQuery{projectQuery, userIDQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
projectRoles := make(map[string]map[string]string)
|
||||
for _, requestedRole := range requestedRoles {
|
||||
for _, grant := range grants {
|
||||
for _, grant := range grants.UserGrants {
|
||||
checkGrantedRoles(projectRoles, grant, requestedRole)
|
||||
}
|
||||
}
|
||||
@@ -335,8 +351,8 @@ func (o *OPStorage) assertUserResourceOwner(ctx context.Context, userID string)
|
||||
}, nil
|
||||
}
|
||||
|
||||
func checkGrantedRoles(roles map[string]map[string]string, grant *grant_model.UserGrantView, requestedRole string) {
|
||||
for _, grantedRole := range grant.RoleKeys {
|
||||
func checkGrantedRoles(roles map[string]map[string]string, grant *query.UserGrant, requestedRole string) {
|
||||
for _, grantedRole := range grant.Roles {
|
||||
if requestedRole == grantedRole {
|
||||
appendRole(roles, grantedRole, grant.ResourceOwner, grant.OrgPrimaryDomain)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user