fix: move activity log to queries and remove old code (#3096)

* move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse
2025-08-12 01:37:31 +00:00 · 2022-01-26 10:16:33 +01:00
parent 52da2354a3
commit e99b7f4972
100 changed files with 579 additions and 3565 deletions
--- a/internal/api/grpc/admin/iam_member.go
+++ b/internal/api/grpc/admin/iam_member.go
@@ -10,7 +10,7 @@ import (
 )

 func (s *Server) ListIAMMemberRoles(ctx context.Context, req *admin_pb.ListIAMMemberRolesRequest) (*admin_pb.ListIAMMemberRolesResponse, error) {
-	roles := s.iam.GetIAMMemberRoles()
+	roles := s.query.GetIAMMemberRoles()
 	return &admin_pb.ListIAMMemberRolesResponse{
 		Roles:   roles,
 		Details: object.ToListDetails(uint64(len(roles)), 0, time.Now()),
--- a/internal/api/grpc/admin/language.go
+++ b/internal/api/grpc/admin/language.go
@@ -8,7 +8,7 @@ import (
 )

 func (s *Server) GetSupportedLanguages(ctx context.Context, req *admin_pb.GetSupportedLanguagesRequest) (*admin_pb.GetSupportedLanguagesResponse, error) {
-	langs, err := s.iam.Languages(ctx)
+	langs, err := s.query.Languages(ctx)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/admin/server.go
+++ b/internal/api/grpc/admin/server.go
@@ -22,7 +22,6 @@ type Server struct {
 	admin.UnimplementedAdminServiceServer
 	command         *command.Commands
 	query           *query.Queries
-	iam             repository.IAMRepository
 	administrator   repository.AdministratorRepository
 	iamDomain       string
 	assetsAPIDomain string
@@ -36,7 +35,6 @@ func CreateServer(command *command.Commands, query *query.Queries, repo reposito
 	return &Server{
 		command:         command,
 		query:           query,
-		iam:             repo,
 		administrator:   repo,
 		iamDomain:       iamDomain,
 		assetsAPIDomain: assetsAPIDomain,
--- a/internal/api/grpc/auth/permission.go
+++ b/internal/api/grpc/auth/permission.go
@@ -3,28 +3,43 @@ package auth
 import (
 	"context"

+	"github.com/caos/zitadel/internal/api/authz"
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
+	"github.com/caos/zitadel/internal/query"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
 )

 func (s *Server) ListMyZitadelPermissions(ctx context.Context, _ *auth_pb.ListMyZitadelPermissionsRequest) (*auth_pb.ListMyZitadelPermissionsResponse, error) {
-	perms, err := s.repo.SearchMyZitadelPermissions(ctx)
+	perms, err := s.query.MyZitadelPermissions(ctx, authz.GetCtxData(ctx).UserID)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyZitadelPermissionsResponse{
-		Result: perms,
+		Result: perms.Permissions,
 	}, nil
 }

 func (s *Server) ListMyProjectPermissions(ctx context.Context, _ *auth_pb.ListMyProjectPermissionsRequest) (*auth_pb.ListMyProjectPermissionsResponse, error) {
-	perms, err := s.repo.SearchMyProjectPermissions(ctx)
+	ctxData := authz.GetCtxData(ctx)
+	userGrantOrgID, err := query.NewUserGrantResourceOwnerSearchQuery(ctxData.OrgID)
+	if err != nil {
+		return nil, err
+	}
+	userGrantProjectID, err := query.NewUserGrantProjectIDSearchQuery(ctxData.ProjectID)
+	if err != nil {
+		return nil, err
+	}
+	userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(ctxData.UserID)
+	if err != nil {
+		return nil, err
+	}
+	userGrant, err := s.query.UserGrant(ctx, userGrantOrgID, userGrantProjectID, userGrantUserID)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyProjectPermissionsResponse{
-		Result: perms,
+		Result: userGrant.Roles,
 	}, nil
 }

--- a/internal/api/grpc/auth/user.go
+++ b/internal/api/grpc/auth/user.go
@@ -12,7 +12,6 @@ import (
 	"github.com/caos/zitadel/internal/domain"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
 	"github.com/caos/zitadel/internal/query"
-	grant_model "github.com/caos/zitadel/internal/usergrant/model"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
 )

@@ -26,7 +25,12 @@ func (s *Server) GetMyUser(ctx context.Context, _ *auth_pb.GetMyUserRequest) (*a

 func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserRequest) (*auth_pb.RemoveMyUserResponse, error) {
 	ctxData := authz.GetCtxData(ctx)
-	grants, err := s.repo.SearchMyUserGrants(ctx, &grant_model.UserGrantSearchRequest{Queries: []*grant_model.UserGrantSearchQuery{}})
+	userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(ctxData.UserID)
+	if err != nil {
+		return nil, err
+	}
+	queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID}}
+	grants, err := s.query.UserGrants(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
@@ -41,7 +45,7 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, memberships.Memberships, userGrantsToIDs(grants.Result)...)
+	details, err := s.command.RemoveUser(ctx, ctxData.UserID, ctxData.ResourceOwner, memberships.Memberships, userGrantsToIDs(grants.UserGrants)...)
 	if err != nil {
 		return nil, err
 	}
@@ -51,17 +55,17 @@ func (s *Server) RemoveMyUser(ctx context.Context, _ *auth_pb.RemoveMyUserReques
 }

 func (s *Server) ListMyUserChanges(ctx context.Context, req *auth_pb.ListMyUserChangesRequest) (*auth_pb.ListMyUserChangesResponse, error) {
-	sequence, limit, asc := change.ChangeQueryToModel(req.Query)
+	sequence, limit, asc := change.ChangeQueryToQuery(req.Query)
 	features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).ResourceOwner)
 	if err != nil {
 		return nil, err
 	}
-	changes, err := s.repo.MyUserChanges(ctx, sequence, limit, asc, features.AuditLogRetention)
+	changes, err := s.query.UserChanges(ctx, authz.GetCtxData(ctx).UserID, sequence, limit, asc, features.AuditLogRetention)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyUserChangesResponse{
-		Result: change.UserChangesToPb(changes.Changes),
+		Result: change.ChangesToPb(changes.Changes, s.assetsAPIDomain),
 	}, nil
 }

@@ -124,14 +128,18 @@ func ctxToObjectRoot(ctx context.Context) models.ObjectRoot {
 }

 func (s *Server) ListMyUserGrants(ctx context.Context, req *auth_pb.ListMyUserGrantsRequest) (*auth_pb.ListMyUserGrantsResponse, error) {
-	res, err := s.repo.SearchMyUserGrants(ctx, ListMyUserGrantsRequestToModel(req))
+	queries, err := ListMyUserGrantsRequestToQuery(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	res, err := s.query.UserGrants(ctx, queries)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.ListMyUserGrantsResponse{
-		Result: UserGrantsToPb(res.Result),
+		Result: UserGrantsToPb(res.UserGrants),
 		Details: obj_grpc.ToListDetails(
-			res.TotalResult,
+			res.Count,
 			res.Sequence,
 			res.Timestamp,
 		),
@@ -152,13 +160,21 @@ func (s *Server) ListMyProjectOrgs(ctx context.Context, req *auth_pb.ListMyProje

 	//client of user is not in project of ZITADEL
 	if ctxData.ProjectID != iam.IAMProjectID {
-		grants, err := s.repo.UserGrantsByProjectAndUserID(ctxData.ProjectID, ctxData.UserID)
+		userGrantProjectID, err := query.NewUserGrantProjectIDSearchQuery(ctxData.ProjectID)
+		if err != nil {
+			return nil, err
+		}
+		userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(ctxData.UserID)
+		if err != nil {
+			return nil, err
+		}
+		grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantProjectID, userGrantUserID}})
 		if err != nil {
 			return nil, err
 		}

-		ids := make([]string, 0, len(grants))
-		for _, grant := range grants {
+		ids := make([]string, 0, len(grants.UserGrants))
+		for _, grant := range grants.UserGrants {
 			ids = appendIfNotExists(ids, grant.ResourceOwner)
 		}

@@ -276,7 +292,7 @@ func MemberTypeToDomain(m *query.Membership) (_ domain.MemberType, displayName,
 	return domain.MemberTypeUnspecified, "", "", ""
 }

-func userGrantsToIDs(userGrants []*grant_model.UserGrantView) []string {
+func userGrantsToIDs(userGrants []*query.UserGrant) []string {
 	converted := make([]string, len(userGrants))
 	for i, grant := range userGrants {
 		converted[i] = grant.ID
--- a/internal/api/grpc/auth/user_grant.go
+++ b/internal/api/grpc/auth/user_grant.go
@@ -1,21 +1,33 @@
 package auth

 import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/api/grpc/object"
-	"github.com/caos/zitadel/internal/usergrant/model"
+	"github.com/caos/zitadel/internal/query"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
 )

-func ListMyUserGrantsRequestToModel(req *auth_pb.ListMyUserGrantsRequest) *model.UserGrantSearchRequest {
+func ListMyUserGrantsRequestToQuery(ctx context.Context, req *auth_pb.ListMyUserGrantsRequest) (*query.UserGrantsQueries, error) {
 	offset, limit, asc := object.ListQueryToModel(req.Query)
-	return &model.UserGrantSearchRequest{
-		Offset: offset,
-		Limit:  limit,
-		Asc:    asc,
+	userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(authz.GetCtxData(ctx).UserID)
+	if err != nil {
+		return nil, err
 	}
+	return &query.UserGrantsQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		Queries: []query.SearchQuery{
+			userGrantUserID,
+		},
+	}, nil
 }

-func UserGrantsToPb(grants []*model.UserGrantView) []*auth_pb.UserGrant {
+func UserGrantsToPb(grants []*query.UserGrant) []*auth_pb.UserGrant {
 	userGrants := make([]*auth_pb.UserGrant, len(grants))
 	for i, grant := range grants {
 		userGrants[i] = UserGrantToPb(grant)
@@ -23,13 +35,13 @@ func UserGrantsToPb(grants []*model.UserGrantView) []*auth_pb.UserGrant {
 	return userGrants
 }

-func UserGrantToPb(grant *model.UserGrantView) *auth_pb.UserGrant {
+func UserGrantToPb(grant *query.UserGrant) *auth_pb.UserGrant {
 	return &auth_pb.UserGrant{
 		GrantId:   grant.ID,
 		OrgId:     grant.ResourceOwner,
 		OrgName:   grant.OrgName,
 		ProjectId: grant.ProjectID,
 		UserId:    grant.UserID,
-		Roles:     grant.RoleKeys,
+		Roles:     grant.Roles,
 	}
 }
--- a/internal/api/grpc/change/changes.go
+++ b/internal/api/grpc/change/changes.go
@@ -1,100 +1,39 @@
 package change

 import (
-	org_model "github.com/caos/zitadel/internal/org/model"
-	proj_model "github.com/caos/zitadel/internal/project/model"
-	user_model "github.com/caos/zitadel/internal/user/model"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/caos/zitadel/internal/domain"
+
+	"github.com/caos/zitadel/internal/query"
 	change_pb "github.com/caos/zitadel/pkg/grpc/change"
 	"github.com/caos/zitadel/pkg/grpc/message"
 )

-func ChangeQueryToModel(query *change_pb.ChangeQuery) (sequence uint64, limit uint64, asc bool) {
+func ChangeQueryToQuery(query *change_pb.ChangeQuery) (sequence uint64, limit uint64, asc bool) {
 	if query == nil {
 		return 0, 0, false
 	}
 	return query.Sequence, uint64(query.Limit), query.Asc
 }

-func UserChangesToPb(changes []*user_model.UserChange) []*change_pb.Change {
+func ChangesToPb(changes []*query.Change, assetAPIPrefix string) []*change_pb.Change {
 	c := make([]*change_pb.Change, len(changes))
 	for i, change := range changes {
-		c[i] = UserChangeToPb(change)
+		c[i] = ChangeToPb(change, assetAPIPrefix)
 	}
 	return c
 }

-func UserChangeToPb(change *user_model.UserChange) *change_pb.Change {
+func ChangeToPb(change *query.Change, assetAPIPrefix string) *change_pb.Change {
 	return &change_pb.Change{
-		ChangeDate:               change.ChangeDate,
-		EventType:                message.NewLocalizedEventType(change.EventType),
-		Sequence:                 change.Sequence,
-		EditorId:                 change.ModifierID,
-		EditorDisplayName:        change.ModifierName,
-		EditorPreferredLoginName: change.ModifierLoginName,
-		EditorAvatarUrl:          change.ModifierAvatarURL,
-		// ResourceOwnerId: change.,TODO: resource owner not returned
-	}
-}
-
-func OrgChangesToPb(changes []*org_model.OrgChange) []*change_pb.Change {
-	c := make([]*change_pb.Change, len(changes))
-	for i, change := range changes {
-		c[i] = OrgChangeToPb(change)
-	}
-	return c
-}
-
-func OrgChangeToPb(change *org_model.OrgChange) *change_pb.Change {
-	return &change_pb.Change{
-		ChangeDate:               change.ChangeDate,
+		ChangeDate:               timestamppb.New(change.ChangeDate),
 		EventType:                message.NewLocalizedEventType(change.EventType),
 		Sequence:                 change.Sequence,
 		EditorId:                 change.ModifierId,
 		EditorDisplayName:        change.ModifierName,
 		EditorPreferredLoginName: change.ModifierLoginName,
-		EditorAvatarUrl:          change.ModifierAvatarURL,
-		// ResourceOwnerId: change.,TODO: resource owner not returned
-	}
-}
-
-func ProjectChangesToPb(changes []*proj_model.ProjectChange) []*change_pb.Change {
-	c := make([]*change_pb.Change, len(changes))
-	for i, change := range changes {
-		c[i] = ProjectChangeToPb(change)
-	}
-	return c
-}
-
-func ProjectChangeToPb(change *proj_model.ProjectChange) *change_pb.Change {
-	return &change_pb.Change{
-		ChangeDate:               change.ChangeDate,
-		EventType:                message.NewLocalizedEventType(change.EventType),
-		Sequence:                 change.Sequence,
-		EditorId:                 change.ModifierId,
-		EditorDisplayName:        change.ModifierName,
-		EditorPreferredLoginName: change.ModifierLoginName,
-		EditorAvatarUrl:          change.ModifierAvatarURL,
-		// ResourceOwnerId: change.,TODO: resource owner not returned
-	}
-}
-
-func AppChangesToPb(changes []*proj_model.ApplicationChange) []*change_pb.Change {
-	c := make([]*change_pb.Change, len(changes))
-	for i, change := range changes {
-		c[i] = AppChangeToPb(change)
-	}
-	return c
-}
-
-func AppChangeToPb(change *proj_model.ApplicationChange) *change_pb.Change {
-	return &change_pb.Change{
-		ChangeDate:               change.ChangeDate,
-		EventType:                message.NewLocalizedEventType(change.EventType),
-		Sequence:                 change.Sequence,
-		EditorId:                 change.ModifierId,
-		EditorDisplayName:        change.ModifierName,
-		EditorPreferredLoginName: change.ModifierLoginName,
-		EditorAvatarUrl:          change.ModifierAvatarURL,
-		// ResourceOwnerId: change.,TODO: resource owner not returned
+		EditorAvatarUrl:          domain.AvatarURL(assetAPIPrefix, change.ModifierResourceOwner, change.ModifierAvatarKey),
+		ResourceOwnerId:          change.ResourceOwner,
 	}
 }
--- a/internal/api/grpc/management/org.go
+++ b/internal/api/grpc/management/org.go
@@ -33,17 +33,17 @@ func (s *Server) GetOrgByDomainGlobal(ctx context.Context, req *mgmt_pb.GetOrgBy
 }

 func (s *Server) ListOrgChanges(ctx context.Context, req *mgmt_pb.ListOrgChangesRequest) (*mgmt_pb.ListOrgChangesResponse, error) {
-	sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
+	sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
 	features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	response, err := s.org.OrgChanges(ctx, authz.GetCtxData(ctx).OrgID, sequence, limit, asc, features.AuditLogRetention)
+	response, err := s.query.OrgChanges(ctx, authz.GetCtxData(ctx).OrgID, sequence, limit, asc, features.AuditLogRetention)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListOrgChangesResponse{
-		Result: change_grpc.OrgChangesToPb(response.Changes),
+		Result: change_grpc.ChangesToPb(response.Changes, s.assetAPIPrefix),
 	}, nil
 }

@@ -211,7 +211,7 @@ func (s *Server) ListOrgMemberRoles(ctx context.Context, req *mgmt_pb.ListOrgMem
 	if err != nil {
 		return nil, err
 	}
-	roles := s.org.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
+	roles := s.query.GetOrgMemberRoles(authz.GetCtxData(ctx).OrgID == iam.GlobalOrgID)
 	return &mgmt_pb.ListOrgMemberRolesResponse{
 		Result: roles,
 	}, nil
--- a/internal/api/grpc/management/project.go
+++ b/internal/api/grpc/management/project.go
@@ -110,17 +110,17 @@ func (s *Server) ListGrantedProjectRoles(ctx context.Context, req *mgmt_pb.ListG
 }

 func (s *Server) ListProjectChanges(ctx context.Context, req *mgmt_pb.ListProjectChangesRequest) (*mgmt_pb.ListProjectChangesResponse, error) {
-	sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
+	sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
 	features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.project.ProjectChanges(ctx, req.ProjectId, sequence, limit, asc, features.AuditLogRetention)
+	res, err := s.query.ProjectChanges(ctx, req.ProjectId, sequence, limit, asc, features.AuditLogRetention)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListProjectChangesResponse{
-		Result: change_grpc.ProjectChangesToPb(res.Changes),
+		Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix),
 	}, nil
 }

@@ -289,7 +289,7 @@ func (s *Server) RemoveProjectRole(ctx context.Context, req *mgmt_pb.RemoveProje
 }

 func (s *Server) ListProjectMemberRoles(ctx context.Context, _ *mgmt_pb.ListProjectMemberRolesRequest) (*mgmt_pb.ListProjectMemberRolesResponse, error) {
-	roles, err := s.project.GetProjectMemberRoles(ctx)
+	roles, err := s.query.GetProjectMemberRoles(ctx)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/project_application.go
+++ b/internal/api/grpc/management/project_application.go
@@ -42,17 +42,17 @@ func (s *Server) ListApps(ctx context.Context, req *mgmt_pb.ListAppsRequest) (*m
 }

 func (s *Server) ListAppChanges(ctx context.Context, req *mgmt_pb.ListAppChangesRequest) (*mgmt_pb.ListAppChangesResponse, error) {
-	sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
+	sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
 	features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.project.ApplicationChanges(ctx, req.ProjectId, req.AppId, sequence, limit, asc, features.AuditLogRetention)
+	res, err := s.query.ApplicationChanges(ctx, req.ProjectId, req.AppId, sequence, limit, asc, features.AuditLogRetention)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListAppChangesResponse{
-		Result: change_grpc.AppChangesToPb(res.Changes),
+		Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix),
 	}, nil
 }

--- a/internal/api/grpc/management/project_grant.go
+++ b/internal/api/grpc/management/project_grant.go
@@ -160,7 +160,7 @@ func (s *Server) RemoveProjectGrant(ctx context.Context, req *mgmt_pb.RemoveProj
 }

 func (s *Server) ListProjectGrantMemberRoles(ctx context.Context, req *mgmt_pb.ListProjectGrantMemberRolesRequest) (*mgmt_pb.ListProjectGrantMemberRolesResponse, error) {
-	roles := s.project.GetProjectGrantMemberRoles()
+	roles := s.query.GetProjectGrantMemberRoles()
 	return &mgmt_pb.ListProjectGrantMemberRolesResponse{
 		Result:  roles,
 		Details: object_grpc.ToListDetails(uint64(len(roles)), 0, time.Now()),
--- a/internal/api/grpc/management/server.go
+++ b/internal/api/grpc/management/server.go
@@ -7,8 +7,6 @@ import (
 	"github.com/caos/zitadel/internal/api/grpc/server"
 	"github.com/caos/zitadel/internal/command"
 	"github.com/caos/zitadel/internal/config/systemdefaults"
-	"github.com/caos/zitadel/internal/management/repository"
-	"github.com/caos/zitadel/internal/management/repository/eventsourcing"
 	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/pkg/grpc/management"
 )
@@ -23,24 +21,14 @@ type Server struct {
 	management.UnimplementedManagementServiceServer
 	command        *command.Commands
 	query          *query.Queries
-	project        repository.ProjectRepository
-	org            repository.OrgRepository
-	user           repository.UserRepository
 	systemDefaults systemdefaults.SystemDefaults
 	assetAPIPrefix string
 }

-type Config struct {
-	Repository eventsourcing.Config
-}
-
-func CreateServer(command *command.Commands, query *query.Queries, repo repository.Repository, sd systemdefaults.SystemDefaults, assetAPIPrefix string) *Server {
+func CreateServer(command *command.Commands, query *query.Queries, sd systemdefaults.SystemDefaults, assetAPIPrefix string) *Server {
 	return &Server{
 		command:        command,
 		query:          query,
-		project:        repo,
-		org:            repo,
-		user:           repo,
 		systemDefaults: sd,
 		assetAPIPrefix: assetAPIPrefix,
 	}
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -70,17 +70,17 @@ func (s *Server) ListUsers(ctx context.Context, req *mgmt_pb.ListUsersRequest) (
 }

 func (s *Server) ListUserChanges(ctx context.Context, req *mgmt_pb.ListUserChangesRequest) (*mgmt_pb.ListUserChangesResponse, error) {
-	sequence, limit, asc := change_grpc.ChangeQueryToModel(req.Query)
+	sequence, limit, asc := change_grpc.ChangeQueryToQuery(req.Query)
 	features, err := s.query.FeaturesByOrgID(ctx, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	res, err := s.user.UserChanges(ctx, req.UserId, sequence, limit, asc, features.AuditLogRetention)
+	res, err := s.query.UserChanges(ctx, req.UserId, sequence, limit, asc, features.AuditLogRetention)
 	if err != nil {
 		return nil, err
 	}
 	return &mgmt_pb.ListUserChangesResponse{
-		Result: change_grpc.UserChangesToPb(res.Changes),
+		Result: change_grpc.ChangesToPb(res.Changes, s.assetAPIPrefix),
 	}, nil
 }

--- a/internal/api/grpc/management/user_grant.go
+++ b/internal/api/grpc/management/user_grant.go
@@ -11,11 +11,15 @@ import (
 )

 func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrantByIDRequest) (*mgmt_pb.GetUserGrantByIDResponse, error) {
+	idQuery, err := query.NewUserGrantGrantIDSearchQuery(req.GrantId)
+	if err != nil {
+		return nil, err
+	}
 	ownerQuery, err := query.NewUserGrantResourceOwnerSearchQuery(authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}
-	grant, err := s.query.UserGrantByID(ctx, req.GrantId, ownerQuery)
+	grant, err := s.query.UserGrant(ctx, idQuery, ownerQuery)
 	if err != nil {
 		return nil, err
 	}