mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:37:32 +00:00
fix: move activity log to queries and remove old code (#3096)
* move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse
This commit is contained in:
Livio Amstutz
@@ -1,9 +0,0 @@
|
||||
package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
)
|
||||
|
||||
type ApplicationRepository interface {
|
||||
AuthorizeClientIDSecret(ctx context.Context, clientID, secret string) error
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
package eventstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/command"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
)
|
||||
|
||||
type ApplicationRepo struct {
|
||||
Commands *command.Commands
|
||||
Query *query.Queries
|
||||
}
|
||||
|
||||
func (a *ApplicationRepo) AuthorizeClientIDSecret(ctx context.Context, clientID, secret string) (err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
|
||||
app, err := a.Query.AppByClientID(ctx, clientID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if app.OIDCConfig != nil {
|
||||
return a.Commands.VerifyOIDCClientSecret(ctx, app.ProjectID, app.ID, secret)
|
||||
}
|
||||
return a.Commands.VerifyAPIClientSecret(ctx, app.ProjectID, app.ID, secret)
|
||||
}
|
||||
@@ -24,7 +24,6 @@ import (
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
grant_view_model "github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
||||
)
|
||||
|
||||
type AuthRequestRepo struct {
|
||||
@@ -104,7 +103,7 @@ type orgViewProvider interface {
|
||||
|
||||
type userGrantProvider interface {
|
||||
ProjectByOIDCClientID(context.Context, string) (*query.Project, error)
|
||||
UserGrantsByProjectAndUserID(string, string) ([]*grant_view_model.UserGrantView, error)
|
||||
UserGrantsByProjectAndUserID(string, string) ([]*query.UserGrant, error)
|
||||
}
|
||||
|
||||
type projectProvider interface {
|
||||
|
||||
@@ -20,7 +20,6 @@ import (
|
||||
user_model "github.com/caos/zitadel/internal/user/model"
|
||||
user_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
grant_view_model "github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
||||
)
|
||||
|
||||
type mockViewNoUserSession struct{}
|
||||
@@ -216,10 +215,10 @@ func (m *mockUserGrants) ProjectByOIDCClientID(ctx context.Context, s string) (*
|
||||
return &query.Project{ProjectRoleCheck: m.roleCheck}, nil
|
||||
}
|
||||
|
||||
func (m *mockUserGrants) UserGrantsByProjectAndUserID(s string, s2 string) ([]*grant_view_model.UserGrantView, error) {
|
||||
var grants []*grant_view_model.UserGrantView
|
||||
func (m *mockUserGrants) UserGrantsByProjectAndUserID(s string, s2 string) ([]*query.UserGrant, error) {
|
||||
var grants []*query.UserGrant
|
||||
if m.userGrants > 0 {
|
||||
grants = make([]*grant_view_model.UserGrantView, m.userGrants)
|
||||
grants = make([]*query.UserGrant, m.userGrants)
|
||||
}
|
||||
return grants, nil
|
||||
}
|
||||
|
||||
@@ -1,322 +0,0 @@
|
||||
package eventstore
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/query"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
|
||||
authz_repo "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
||||
caos_errs "github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/telemetry/tracing"
|
||||
user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
"github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
||||
)
|
||||
|
||||
type UserGrantRepo struct {
|
||||
SearchLimit uint64
|
||||
View *view.View
|
||||
IamID string
|
||||
Auth authz.Config
|
||||
AuthZRepo *authz_repo.EsRepository
|
||||
PrefixAvatarURL string
|
||||
|
||||
Query *query.Queries
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchMyUserGrants(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.UserGrantSearchResponse, error) {
|
||||
err := request.EnsureLimit(repo.SearchLimit)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
sequence, err := repo.View.GetLatestUserGrantSequence()
|
||||
logging.Log("EVENT-Hd7s3").OnError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Warn("could not read latest user grant sequence")
|
||||
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyUserID, Method: domain.SearchMethodEquals, Value: authz.GetCtxData(ctx).UserID})
|
||||
grants, count, err := repo.View.SearchUserGrants(request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
result := &grant_model.UserGrantSearchResponse{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
TotalResult: count,
|
||||
Result: model.UserGrantsToModel(grants, repo.PrefixAvatarURL),
|
||||
}
|
||||
if err == nil {
|
||||
result.Sequence = sequence.CurrentSequence
|
||||
result.Timestamp = sequence.LastSuccessfulSpoolerRun
|
||||
}
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchMyProjectOrgs(ctx context.Context, request *grant_model.UserGrantSearchRequest) (*grant_model.ProjectOrgSearchResponse, error) {
|
||||
err := request.EnsureLimit(repo.SearchLimit)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
if ctxData.ProjectID == "" {
|
||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "APP-7lqva", "Could not get ProjectID")
|
||||
}
|
||||
|
||||
err = repo.AuthZRepo.FillIamProjectID(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if ctxData.ProjectID == repo.AuthZRepo.UserGrantRepo.IamProjectID {
|
||||
isAdmin, err := repo.IsIamAdmin(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if isAdmin {
|
||||
return repo.SearchAdminOrgs(request)
|
||||
}
|
||||
return repo.searchZitadelOrgs(ctxData, request)
|
||||
}
|
||||
request.Queries = append(request.Queries, &grant_model.UserGrantSearchQuery{Key: grant_model.UserGrantSearchKeyProjectID, Method: domain.SearchMethodEquals, Value: ctxData.ProjectID})
|
||||
|
||||
grants, err := repo.SearchMyUserGrants(ctx, request)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(grants.Result) > 0 {
|
||||
return grantRespToOrgResp(grants), nil
|
||||
}
|
||||
return repo.userOrg(ctxData)
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) membershipsToOrgResp(memberships *query.Memberships) *grant_model.ProjectOrgSearchResponse {
|
||||
orgs := make([]*grant_model.Org, 0, len(memberships.Memberships))
|
||||
for _, m := range memberships.Memberships {
|
||||
if !containsOrg(orgs, m.ResourceOwner) {
|
||||
org, err := repo.Query.OrgByID(context.TODO(), m.ResourceOwner)
|
||||
if err != nil {
|
||||
logging.LogWithFields("EVENT-k8Ikl", "owner", m.ResourceOwner).WithError(err).Warn("org not found")
|
||||
orgs = append(orgs, &grant_model.Org{OrgID: m.ResourceOwner})
|
||||
continue
|
||||
}
|
||||
orgs = append(orgs, &grant_model.Org{OrgID: m.ResourceOwner, OrgName: org.Name})
|
||||
}
|
||||
}
|
||||
return &grant_model.ProjectOrgSearchResponse{
|
||||
TotalResult: memberships.Count,
|
||||
Result: orgs,
|
||||
}
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]string, error) {
|
||||
memberships, err := repo.searchUserMemberships(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
permissions := &grant_model.Permissions{Permissions: []string{}}
|
||||
for _, membership := range memberships {
|
||||
for _, role := range membership.Roles {
|
||||
permissions = repo.mapRoleToPermission(permissions, membership, role)
|
||||
}
|
||||
}
|
||||
return permissions.Permissions, nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) searchUserMemberships(ctx context.Context) ([]*query.Membership, error) {
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
userQuery, err := query.NewMembershipUserIDQuery(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ownerQuery, err := query.NewMembershipResourceOwnerQuery(ctxData.OrgID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
orgMemberships, err := repo.Query.Memberships(ctx, &query.MembershipSearchQuery{
|
||||
Queries: []query.SearchQuery{userQuery, ownerQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iamQuery, err := query.NewMembershipIsIAMQuery()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iamMemberships, err := repo.Query.Memberships(ctx, &query.MembershipSearchQuery{
|
||||
Queries: []query.SearchQuery{userQuery, iamQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if orgMemberships.Count == 0 && iamMemberships.Count == 0 {
|
||||
return []*query.Membership{}, nil
|
||||
}
|
||||
return append(orgMemberships.Memberships, iamMemberships.Memberships...), nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchMyProjectPermissions(ctx context.Context) ([]string, error) {
|
||||
ctxData := authz.GetCtxData(ctx)
|
||||
//TODO: blocked until user grants moved to query-pkg
|
||||
usergrant, err := repo.View.UserGrantByIDs(ctxData.OrgID, ctxData.ProjectID, ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
permissions := make([]string, len(usergrant.RoleKeys))
|
||||
for i, role := range usergrant.RoleKeys {
|
||||
permissions[i] = role
|
||||
}
|
||||
return permissions, nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) SearchAdminOrgs(request *grant_model.UserGrantSearchRequest) (*grant_model.ProjectOrgSearchResponse, error) {
|
||||
searchRequest := query.OrgSearchQueries{
|
||||
SearchRequest: query.SearchRequest{
|
||||
SortingColumn: query.OrgColumnName,
|
||||
Asc: true,
|
||||
},
|
||||
}
|
||||
if len(request.Queries) > 0 {
|
||||
for _, q := range request.Queries {
|
||||
if q.Key == grant_model.UserGrantSearchKeyOrgName {
|
||||
nameQuery, err := query.NewOrgNameSearchQuery(query.TextComparisonFromMethod(q.Method), q.Value.(string))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
searchRequest.Queries = append(searchRequest.Queries, nameQuery)
|
||||
}
|
||||
}
|
||||
}
|
||||
orgs, err := repo.Query.SearchOrgs(context.TODO(), &searchRequest)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return orgRespToOrgResp(orgs), nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) IsIamAdmin(ctx context.Context) (bool, error) {
|
||||
//TODO: blocked until user grants moved to query
|
||||
grantSearch := &grant_model.UserGrantSearchRequest{
|
||||
Queries: []*grant_model.UserGrantSearchQuery{
|
||||
{Key: grant_model.UserGrantSearchKeyResourceOwner, Method: domain.SearchMethodEquals, Value: repo.IamID},
|
||||
}}
|
||||
result, err := repo.SearchMyUserGrants(ctx, grantSearch)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
if result.TotalResult == 0 {
|
||||
return false, nil
|
||||
}
|
||||
return true, nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) UserGrantsByProjectAndUserID(projectID, userID string) ([]*grant_model.UserGrantView, error) {
|
||||
grants, err := repo.View.UserGrantsByProjectAndUserID(projectID, userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return model.UserGrantsToModel(grants, repo.PrefixAvatarURL), nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) userOrg(ctxData authz.CtxData) (*grant_model.ProjectOrgSearchResponse, error) {
|
||||
//TODO: blocked until user moved to query pkg
|
||||
user, err := repo.View.UserByID(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
org, err := repo.Query.OrgByID(context.TODO(), user.ResourceOwner)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return &grant_model.ProjectOrgSearchResponse{Result: []*grant_model.Org{{
|
||||
OrgID: org.ID,
|
||||
OrgName: org.Name,
|
||||
}}}, nil
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) searchZitadelOrgs(ctxData authz.CtxData, request *grant_model.UserGrantSearchRequest) (*grant_model.ProjectOrgSearchResponse, error) {
|
||||
userQuery, err := query.NewMembershipUserIDQuery(ctxData.UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
memberships, err := repo.Query.Memberships(context.TODO(), &query.MembershipSearchQuery{
|
||||
SearchRequest: query.SearchRequest{
|
||||
Offset: request.Offset,
|
||||
Limit: request.Limit,
|
||||
Asc: request.Asc,
|
||||
//TODO: sorting column
|
||||
},
|
||||
Queries: []query.SearchQuery{userQuery},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(memberships.Memberships) > 0 {
|
||||
return repo.membershipsToOrgResp(memberships), nil
|
||||
}
|
||||
return repo.userOrg(ctxData)
|
||||
}
|
||||
|
||||
func (repo *UserGrantRepo) mapRoleToPermission(permissions *grant_model.Permissions, membership *query.Membership, role string) *grant_model.Permissions {
|
||||
for _, mapping := range repo.Auth.RolePermissionMappings {
|
||||
if mapping.Role == role {
|
||||
ctxID := ""
|
||||
if membership.Project != nil {
|
||||
ctxID = membership.Project.ProjectID
|
||||
} else if membership.ProjectGrant != nil {
|
||||
ctxID = membership.ProjectGrant.GrantID
|
||||
}
|
||||
permissions.AppendPermissions(ctxID, mapping.Permissions...)
|
||||
}
|
||||
}
|
||||
return permissions
|
||||
}
|
||||
|
||||
func grantRespToOrgResp(grants *grant_model.UserGrantSearchResponse) *grant_model.ProjectOrgSearchResponse {
|
||||
resp := &grant_model.ProjectOrgSearchResponse{
|
||||
TotalResult: grants.TotalResult,
|
||||
}
|
||||
resp.Result = make([]*grant_model.Org, len(grants.Result))
|
||||
for i, g := range grants.Result {
|
||||
resp.Result[i] = &grant_model.Org{OrgID: g.ResourceOwner, OrgName: g.OrgName}
|
||||
}
|
||||
return resp
|
||||
}
|
||||
|
||||
func orgRespToOrgResp(orgs *query.Orgs) *grant_model.ProjectOrgSearchResponse {
|
||||
resp := &grant_model.ProjectOrgSearchResponse{
|
||||
TotalResult: orgs.Count,
|
||||
}
|
||||
resp.Result = make([]*grant_model.Org, len(orgs.Orgs))
|
||||
for i, o := range orgs.Orgs {
|
||||
resp.Result[i] = &grant_model.Org{OrgID: o.ID, OrgName: o.Name}
|
||||
}
|
||||
return resp
|
||||
}
|
||||
|
||||
func containsOrg(orgs []*grant_model.Org, resourceOwner string) bool {
|
||||
for _, org := range orgs {
|
||||
if org.OrgID == resourceOwner {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func userMembershipToMembership(membership *user_view_model.UserMembershipView) *authz.Membership {
|
||||
return &authz.Membership{
|
||||
MemberType: authz.MemberType(membership.MemberType),
|
||||
AggregateID: membership.AggregateID,
|
||||
ObjectID: membership.ObjectID,
|
||||
Roles: membership.Roles,
|
||||
}
|
||||
}
|
||||
|
||||
func userMembershipsToMemberships(memberships []*user_view_model.UserMembershipView) []*authz.Membership {
|
||||
result := make([]*authz.Membership, len(memberships))
|
||||
for i, m := range memberships {
|
||||
result[i] = userMembershipToMembership(m)
|
||||
}
|
||||
return result
|
||||
}
|
||||
@@ -39,9 +39,6 @@ func Register(configs Configs, bulkLimit, errorCount uint64, view *view.View, es
|
||||
handler{view, bulkLimit, configs.cycleDuration("UserSession"), errorCount, es}),
|
||||
newToken(
|
||||
handler{view, bulkLimit, configs.cycleDuration("Token"), errorCount, es}),
|
||||
newUserGrant(
|
||||
handler{view, bulkLimit, configs.cycleDuration("UserGrant"), errorCount, es},
|
||||
systemDefaults.IamID),
|
||||
newIDPConfig(
|
||||
handler{view, bulkLimit, configs.cycleDuration("IDPConfig"), errorCount, es}),
|
||||
newIDPProvider(
|
||||
|
||||
@@ -1,541 +0,0 @@
|
||||
package handler
|
||||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
|
||||
"github.com/caos/logging"
|
||||
|
||||
"github.com/caos/zitadel/internal/domain"
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
es_models "github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/query"
|
||||
es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/spooler"
|
||||
iam_model "github.com/caos/zitadel/internal/iam/model"
|
||||
iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
|
||||
iam_view "github.com/caos/zitadel/internal/iam/repository/view"
|
||||
org_model "github.com/caos/zitadel/internal/org/model"
|
||||
org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
||||
org_view "github.com/caos/zitadel/internal/org/repository/view"
|
||||
proj_model "github.com/caos/zitadel/internal/project/model"
|
||||
proj_es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
|
||||
proj_view "github.com/caos/zitadel/internal/project/repository/view"
|
||||
usr_model "github.com/caos/zitadel/internal/user/model"
|
||||
usr_es_model "github.com/caos/zitadel/internal/user/repository/eventsourcing/model"
|
||||
"github.com/caos/zitadel/internal/user/repository/view"
|
||||
"github.com/caos/zitadel/internal/user/repository/view/model"
|
||||
grant_es_model "github.com/caos/zitadel/internal/usergrant/repository/eventsourcing/model"
|
||||
view_model "github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
||||
)
|
||||
|
||||
const (
|
||||
userGrantTable = "auth.user_grants"
|
||||
)
|
||||
|
||||
type UserGrant struct {
|
||||
handler
|
||||
iamID string
|
||||
iamProjectID string
|
||||
subscription *v1.Subscription
|
||||
}
|
||||
|
||||
func newUserGrant(
|
||||
handler handler,
|
||||
iamID string,
|
||||
) *UserGrant {
|
||||
h := &UserGrant{
|
||||
handler: handler,
|
||||
iamID: iamID,
|
||||
}
|
||||
|
||||
h.subscribe()
|
||||
|
||||
return h
|
||||
}
|
||||
|
||||
func (k *UserGrant) subscribe() {
|
||||
k.subscription = k.es.Subscribe(k.AggregateTypes()...)
|
||||
go func() {
|
||||
for event := range k.subscription.Events {
|
||||
query.ReduceEvent(k, event)
|
||||
}
|
||||
}()
|
||||
}
|
||||
|
||||
func (u *UserGrant) ViewModel() string {
|
||||
return userGrantTable
|
||||
}
|
||||
|
||||
func (u *UserGrant) Subscription() *v1.Subscription {
|
||||
return u.subscription
|
||||
}
|
||||
|
||||
func (_ *UserGrant) AggregateTypes() []es_models.AggregateType {
|
||||
return []es_models.AggregateType{grant_es_model.UserGrantAggregate, iam_es_model.IAMAggregate, org_es_model.OrgAggregate, usr_es_model.UserAggregate, proj_es_model.ProjectAggregate}
|
||||
}
|
||||
|
||||
func (u *UserGrant) CurrentSequence() (uint64, error) {
|
||||
sequence, err := u.view.GetLatestUserGrantSequence()
|
||||
if err != nil {
|
||||
return 0, err
|
||||
}
|
||||
return sequence.CurrentSequence, nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) EventQuery() (*es_models.SearchQuery, error) {
|
||||
if u.iamProjectID == "" {
|
||||
err := u.setIamProjectID()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
sequence, err := u.view.GetLatestUserGrantSequence()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return es_models.NewSearchQuery().
|
||||
AggregateTypeFilter(u.AggregateTypes()...).
|
||||
LatestSequenceFilter(sequence.CurrentSequence), nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) Reduce(event *es_models.Event) (err error) {
|
||||
switch event.AggregateType {
|
||||
case grant_es_model.UserGrantAggregate:
|
||||
err = u.processUserGrant(event)
|
||||
case usr_es_model.UserAggregate:
|
||||
err = u.processUser(event)
|
||||
case proj_es_model.ProjectAggregate:
|
||||
err = u.processProject(event)
|
||||
case iam_es_model.IAMAggregate:
|
||||
err = u.processIAMMember(event, "IAM", false)
|
||||
case org_es_model.OrgAggregate:
|
||||
return u.processOrg(event)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func (u *UserGrant) processUserGrant(event *es_models.Event) (err error) {
|
||||
grant := new(view_model.UserGrantView)
|
||||
switch event.Type {
|
||||
case grant_es_model.UserGrantAdded:
|
||||
err = grant.AppendEvent(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = u.fillData(grant, event.ResourceOwner)
|
||||
case grant_es_model.UserGrantChanged,
|
||||
grant_es_model.UserGrantCascadeChanged,
|
||||
grant_es_model.UserGrantDeactivated,
|
||||
grant_es_model.UserGrantReactivated:
|
||||
grant, err = u.view.UserGrantByID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = grant.AppendEvent(event)
|
||||
case grant_es_model.UserGrantRemoved, grant_es_model.UserGrantCascadeRemoved:
|
||||
return u.view.DeleteUserGrant(event.AggregateID, event)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.view.PutUserGrant(grant, event)
|
||||
}
|
||||
|
||||
func (u *UserGrant) processUser(event *es_models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case usr_es_model.UserProfileChanged,
|
||||
usr_es_model.UserEmailChanged,
|
||||
usr_es_model.HumanProfileChanged,
|
||||
usr_es_model.HumanEmailChanged,
|
||||
usr_es_model.MachineChanged,
|
||||
usr_es_model.HumanAvatarAdded,
|
||||
usr_es_model.HumanAvatarRemoved:
|
||||
grants, err := u.view.UserGrantsByUserID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(grants) == 0 {
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
user, err := u.getUserByID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, grant := range grants {
|
||||
u.fillUserData(grant, user)
|
||||
}
|
||||
return u.view.PutUserGrants(grants, event)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserGrant) processProject(event *es_models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case proj_es_model.ProjectChanged:
|
||||
proj := new(proj_es_model.Project)
|
||||
err := proj.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if proj.Name == "" {
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
grants, err := u.view.UserGrantsByProjectID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, grant := range grants {
|
||||
grant.ProjectName = proj.Name
|
||||
}
|
||||
return u.view.PutUserGrants(grants, event)
|
||||
case proj_es_model.ProjectMemberAdded, proj_es_model.ProjectMemberChanged,
|
||||
proj_es_model.ProjectMemberRemoved, proj_es_model.ProjectMemberCascadeRemoved:
|
||||
member := new(proj_es_model.ProjectMember)
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.processMember(event, "PROJECT", event.AggregateID, member.UserID, member.Roles)
|
||||
case proj_es_model.ProjectGrantMemberAdded, proj_es_model.ProjectGrantMemberChanged,
|
||||
proj_es_model.ProjectGrantMemberRemoved, proj_es_model.ProjectGrantMemberCascadeRemoved:
|
||||
member := new(proj_es_model.ProjectGrantMember)
|
||||
err := member.SetData(event)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.processMember(event, "PROJECT_GRANT", member.GrantID, member.UserID, member.Roles)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserGrant) processOrg(event *es_models.Event) (err error) {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgMemberAdded, org_es_model.OrgMemberChanged,
|
||||
org_es_model.OrgMemberRemoved, org_es_model.OrgMemberCascadeRemoved:
|
||||
member := new(org_es_model.OrgMember)
|
||||
member.SetData(event)
|
||||
return u.processMember(event, "ORG", "", member.UserID, member.Roles)
|
||||
case org_es_model.OrgChanged:
|
||||
grants, err := u.view.UserGrantsByProjectID(event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if len(grants) == 0 {
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
org, err := u.getOrgByID(context.Background(), event.AggregateID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
for _, grant := range grants {
|
||||
u.fillOrgData(grant, org)
|
||||
}
|
||||
return u.view.PutUserGrants(grants, event)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserGrant) processIAMMember(event *es_models.Event, rolePrefix string, suffix bool) error {
|
||||
member := new(iam_es_model.IAMMember)
|
||||
|
||||
switch event.Type {
|
||||
case iam_es_model.IAMMemberAdded, iam_es_model.IAMMemberChanged:
|
||||
member.SetData(event)
|
||||
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
if errors.IsNotFound(err) {
|
||||
grant = &view_model.UserGrantView{
|
||||
ID: u.iamProjectID + member.UserID,
|
||||
ResourceOwner: u.iamID,
|
||||
OrgName: u.iamID,
|
||||
ProjectID: u.iamProjectID,
|
||||
UserID: member.UserID,
|
||||
RoleKeys: member.Roles,
|
||||
CreationDate: event.CreationDate,
|
||||
}
|
||||
if suffix {
|
||||
grant.RoleKeys = suffixRoles(event.AggregateID, grant.RoleKeys)
|
||||
}
|
||||
} else {
|
||||
newRoles := member.Roles
|
||||
if grant.RoleKeys != nil {
|
||||
grant.RoleKeys = mergeExistingRoles(rolePrefix, "", grant.RoleKeys, newRoles)
|
||||
} else {
|
||||
grant.RoleKeys = newRoles
|
||||
}
|
||||
}
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, event)
|
||||
case iam_es_model.IAMMemberRemoved,
|
||||
iam_es_model.IAMMemberCascadeRemoved:
|
||||
member.SetData(event)
|
||||
grant, err := u.view.UserGrantByIDs(u.iamID, u.iamProjectID, member.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return u.view.DeleteUserGrant(grant.ID, event)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserGrant) processMember(event *es_models.Event, rolePrefix, roleSuffix string, userID string, roleKeys []string) error {
|
||||
switch event.Type {
|
||||
case org_es_model.OrgMemberAdded, proj_es_model.ProjectMemberAdded, proj_es_model.ProjectGrantMemberAdded,
|
||||
org_es_model.OrgMemberChanged, proj_es_model.ProjectMemberChanged, proj_es_model.ProjectGrantMemberChanged:
|
||||
|
||||
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
if roleSuffix != "" {
|
||||
roleKeys = suffixRoles(roleSuffix, roleKeys)
|
||||
}
|
||||
if errors.IsNotFound(err) {
|
||||
grant = &view_model.UserGrantView{
|
||||
ID: u.iamProjectID + event.ResourceOwner + userID,
|
||||
ResourceOwner: event.ResourceOwner,
|
||||
ProjectID: u.iamProjectID,
|
||||
UserID: userID,
|
||||
RoleKeys: roleKeys,
|
||||
CreationDate: event.CreationDate,
|
||||
}
|
||||
u.fillData(grant, event.ResourceOwner)
|
||||
} else {
|
||||
newRoles := roleKeys
|
||||
if grant.RoleKeys != nil {
|
||||
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, newRoles)
|
||||
} else {
|
||||
grant.RoleKeys = newRoles
|
||||
}
|
||||
}
|
||||
grant.Sequence = event.Sequence
|
||||
grant.ChangeDate = event.CreationDate
|
||||
return u.view.PutUserGrant(grant, event)
|
||||
case org_es_model.OrgMemberRemoved,
|
||||
org_es_model.OrgMemberCascadeRemoved,
|
||||
proj_es_model.ProjectMemberRemoved,
|
||||
proj_es_model.ProjectMemberCascadeRemoved,
|
||||
proj_es_model.ProjectGrantMemberRemoved,
|
||||
proj_es_model.ProjectGrantMemberCascadeRemoved:
|
||||
|
||||
grant, err := u.view.UserGrantByIDs(event.ResourceOwner, u.iamProjectID, userID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
if errors.IsNotFound(err) {
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
if roleSuffix != "" {
|
||||
roleKeys = suffixRoles(roleSuffix, roleKeys)
|
||||
}
|
||||
if grant.RoleKeys == nil {
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
grant.RoleKeys = mergeExistingRoles(rolePrefix, roleSuffix, grant.RoleKeys, nil)
|
||||
return u.view.PutUserGrant(grant, event)
|
||||
default:
|
||||
return u.view.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
}
|
||||
|
||||
func suffixRoles(suffix string, roles []string) []string {
|
||||
suffixedRoles := make([]string, len(roles))
|
||||
for i := 0; i < len(roles); i++ {
|
||||
suffixedRoles[i] = roles[i] + ":" + suffix
|
||||
}
|
||||
return suffixedRoles
|
||||
}
|
||||
|
||||
func mergeExistingRoles(rolePrefix, suffix string, existingRoles, newRoles []string) []string {
|
||||
mergedRoles := make([]string, 0)
|
||||
for _, existingRole := range existingRoles {
|
||||
if !strings.HasPrefix(existingRole, rolePrefix) {
|
||||
mergedRoles = append(mergedRoles, existingRole)
|
||||
continue
|
||||
}
|
||||
if suffix != "" && !strings.HasSuffix(existingRole, suffix) {
|
||||
mergedRoles = append(mergedRoles, existingRole)
|
||||
}
|
||||
}
|
||||
return append(mergedRoles, newRoles...)
|
||||
}
|
||||
|
||||
func (u *UserGrant) setIamProjectID() error {
|
||||
if u.iamProjectID != "" {
|
||||
return nil
|
||||
}
|
||||
iam, err := u.getIAMByID(context.Background())
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if iam.SetUpDone < domain.StepCount-1 {
|
||||
return errors.ThrowPreconditionFailed(nil, "HANDL-s5DTs", "Setup not done")
|
||||
}
|
||||
u.iamProjectID = iam.IAMProjectID
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) fillData(grant *view_model.UserGrantView, resourceOwner string) (err error) {
|
||||
user, err := u.getUserByID(grant.UserID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.fillUserData(grant, user)
|
||||
project, err := u.getProjectByID(context.Background(), grant.ProjectID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.fillProjectData(grant, project)
|
||||
|
||||
org, err := u.getOrgByID(context.TODO(), resourceOwner)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
u.fillOrgData(grant, org)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) fillUserData(grant *view_model.UserGrantView, user *model.UserView) {
|
||||
grant.UserName = user.UserName
|
||||
grant.UserResourceOwner = user.ResourceOwner
|
||||
if user.HumanView != nil {
|
||||
grant.FirstName = user.FirstName
|
||||
grant.LastName = user.LastName
|
||||
grant.DisplayName = user.FirstName + " " + user.LastName
|
||||
grant.Email = user.Email
|
||||
grant.AvatarKey = user.AvatarKey
|
||||
}
|
||||
if user.MachineView != nil {
|
||||
grant.DisplayName = user.MachineView.Name
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserGrant) fillProjectData(grant *view_model.UserGrantView, project *proj_model.Project) {
|
||||
grant.ProjectName = project.Name
|
||||
grant.ProjectOwner = project.ResourceOwner
|
||||
}
|
||||
|
||||
func (u *UserGrant) fillOrgData(grant *view_model.UserGrantView, org *org_model.Org) {
|
||||
grant.OrgName = org.Name
|
||||
for _, domain := range org.Domains {
|
||||
if domain.Primary {
|
||||
grant.OrgPrimaryDomain = domain.Domain
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (u *UserGrant) OnError(event *es_models.Event, err error) error {
|
||||
logging.LogWithFields("SPOOL-UZmc7", "id", event.AggregateID).WithError(err).Warn("something went wrong in user grant handler")
|
||||
return spooler.HandleError(event, err, u.view.GetLatestUserGrantFailedEvent, u.view.ProcessedUserGrantFailedEvent, u.view.ProcessedUserGrantSequence, u.errorCountUntilSkip)
|
||||
}
|
||||
|
||||
func (u *UserGrant) OnSuccess() error {
|
||||
return spooler.HandleSuccess(u.view.UpdateUserGrantSpoolerRunTimestamp)
|
||||
}
|
||||
|
||||
func (u *UserGrant) getUserByID(userID string) (*model.UserView, error) {
|
||||
user, usrErr := u.view.UserByID(userID)
|
||||
if usrErr != nil && !errors.IsNotFound(usrErr) {
|
||||
return nil, usrErr
|
||||
}
|
||||
if user == nil {
|
||||
user = &model.UserView{}
|
||||
}
|
||||
events, err := u.getUserEvents(userID, user.Sequence)
|
||||
if err != nil {
|
||||
return user, usrErr
|
||||
}
|
||||
userCopy := *user
|
||||
for _, event := range events {
|
||||
if err := userCopy.AppendEvent(event); err != nil {
|
||||
return user, nil
|
||||
}
|
||||
}
|
||||
if userCopy.State == int32(usr_model.UserStateDeleted) {
|
||||
return nil, errors.ThrowNotFound(nil, "HANDLER-m9dos", "Errors.User.NotFound")
|
||||
}
|
||||
return &userCopy, nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) getUserEvents(userID string, sequence uint64) ([]*es_models.Event, error) {
|
||||
query, err := view.UserByIDQuery(userID, sequence)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return u.es.FilterEvents(context.Background(), query)
|
||||
}
|
||||
|
||||
func (u *UserGrant) getOrgByID(ctx context.Context, orgID string) (*org_model.Org, error) {
|
||||
query, err := org_view.OrgByIDQuery(orgID, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
esOrg := &org_es_model.Org{
|
||||
ObjectRoot: es_models.ObjectRoot{
|
||||
AggregateID: orgID,
|
||||
},
|
||||
}
|
||||
err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, esOrg.AppendEvents, query)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return nil, err
|
||||
}
|
||||
if esOrg.Sequence == 0 {
|
||||
return nil, errors.ThrowNotFound(nil, "EVENT-3m9vs", "Errors.Org.NotFound")
|
||||
}
|
||||
|
||||
return org_es_model.OrgToModel(esOrg), nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) getProjectByID(ctx context.Context, projID string) (*proj_model.Project, error) {
|
||||
query, err := proj_view.ProjectByIDQuery(projID, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
esProject := &proj_es_model.Project{
|
||||
ObjectRoot: es_models.ObjectRoot{
|
||||
AggregateID: projID,
|
||||
},
|
||||
}
|
||||
err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, esProject.AppendEvents, query)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return nil, err
|
||||
}
|
||||
if esProject.Sequence == 0 {
|
||||
return nil, errors.ThrowNotFound(nil, "EVENT-DAfng", "Errors.Project.NotFound")
|
||||
}
|
||||
|
||||
return proj_es_model.ProjectToModel(esProject), nil
|
||||
}
|
||||
|
||||
func (u *UserGrant) getIAMByID(ctx context.Context) (*iam_model.IAM, error) {
|
||||
query, err := iam_view.IAMByIDQuery(domain.IAMID, 0)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iam := &iam_es_model.IAM{
|
||||
ObjectRoot: es_models.ObjectRoot{
|
||||
AggregateID: domain.IAMID,
|
||||
},
|
||||
}
|
||||
err = es_sdk.Filter(ctx, u.Eventstore().FilterEvents, iam.AppendEvents, query)
|
||||
if err != nil && errors.IsNotFound(err) && iam.Sequence == 0 {
|
||||
return nil, err
|
||||
}
|
||||
return iam_es_model.IAMToModel(iam), nil
|
||||
}
|
||||
@@ -3,17 +3,14 @@ package eventsourcing
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/caos/zitadel/internal/api/authz"
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/eventstore"
|
||||
"github.com/caos/zitadel/internal/auth/repository/eventsourcing/spooler"
|
||||
auth_view "github.com/caos/zitadel/internal/auth/repository/eventsourcing/view"
|
||||
"github.com/caos/zitadel/internal/auth_request/repository/cache"
|
||||
authz_repo "github.com/caos/zitadel/internal/authz/repository/eventsourcing"
|
||||
"github.com/caos/zitadel/internal/command"
|
||||
sd "github.com/caos/zitadel/internal/config/systemdefaults"
|
||||
"github.com/caos/zitadel/internal/config/types"
|
||||
"github.com/caos/zitadel/internal/crypto"
|
||||
es2 "github.com/caos/zitadel/internal/eventstore"
|
||||
v1 "github.com/caos/zitadel/internal/eventstore/v1"
|
||||
es_spol "github.com/caos/zitadel/internal/eventstore/v1/spooler"
|
||||
"github.com/caos/zitadel/internal/id"
|
||||
@@ -37,13 +34,11 @@ type EsRepository struct {
|
||||
eventstore.AuthRequestRepo
|
||||
eventstore.TokenRepo
|
||||
eventstore.RefreshTokenRepo
|
||||
eventstore.ApplicationRepo
|
||||
eventstore.UserSessionRepo
|
||||
eventstore.UserGrantRepo
|
||||
eventstore.OrgRepository
|
||||
}
|
||||
|
||||
func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries, authZRepo *authz_repo.EsRepository, esV2 *es2.Eventstore) (*EsRepository, error) {
|
||||
func Start(conf Config, systemDefaults sd.SystemDefaults, command *command.Commands, queries *query.Queries) (*EsRepository, error) {
|
||||
es, err := v1.Start(conf.Eventstore)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -83,10 +78,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
|
||||
PrefixAvatarURL: assetsAPI,
|
||||
}
|
||||
//TODO: remove as soon as possible
|
||||
queryView := struct {
|
||||
*query.Queries
|
||||
*auth_view.View
|
||||
}{
|
||||
queryView := queryViewWrapper{
|
||||
queries,
|
||||
view,
|
||||
}
|
||||
@@ -131,22 +123,9 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
|
||||
SearchLimit: conf.SearchLimit,
|
||||
KeyAlgorithm: keyAlgorithm,
|
||||
},
|
||||
eventstore.ApplicationRepo{
|
||||
Commands: command,
|
||||
Query: queries,
|
||||
},
|
||||
|
||||
eventstore.UserSessionRepo{
|
||||
View: view,
|
||||
},
|
||||
eventstore.UserGrantRepo{
|
||||
SearchLimit: conf.SearchLimit,
|
||||
View: view,
|
||||
IamID: systemDefaults.IamID,
|
||||
Auth: authZ,
|
||||
AuthZRepo: authZRepo,
|
||||
Query: queries,
|
||||
},
|
||||
eventstore.OrgRepository{
|
||||
SearchLimit: conf.SearchLimit,
|
||||
View: view,
|
||||
@@ -157,6 +136,27 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, co
|
||||
}, nil
|
||||
}
|
||||
|
||||
type queryViewWrapper struct {
|
||||
*query.Queries
|
||||
*auth_view.View
|
||||
}
|
||||
|
||||
func (q queryViewWrapper) UserGrantsByProjectAndUserID(projectID, userID string) ([]*query.UserGrant, error) {
|
||||
userGrantProjectID, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
userGrantUserID, err := query.NewUserGrantUserIDSearchQuery(userID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID, userGrantProjectID}}
|
||||
grants, err := q.Queries.UserGrants(context.TODO(), queries)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return grants.UserGrants, nil
|
||||
}
|
||||
func (repo *EsRepository) Health(ctx context.Context) error {
|
||||
if err := repo.UserRepo.Health(ctx); err != nil {
|
||||
return err
|
||||
|
||||
@@ -1,89 +0,0 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
key_model "github.com/caos/zitadel/internal/key/model"
|
||||
"github.com/caos/zitadel/internal/key/repository/view"
|
||||
"github.com/caos/zitadel/internal/key/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
keyTable = "auth.keys"
|
||||
)
|
||||
|
||||
func (v *View) KeyByIDAndType(keyID string, private bool) (*model.KeyView, error) {
|
||||
return view.KeyByIDAndType(v.Db, keyTable, keyID, private)
|
||||
}
|
||||
|
||||
func (v *View) GetActivePrivateKeyForSigning(expiry time.Time) (*key_model.KeyView, error) {
|
||||
key, err := view.GetSigningKey(v.Db, keyTable, expiry)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return model.KeyViewToModel(key), nil
|
||||
}
|
||||
|
||||
func (v *View) GetSigningKey(expiry time.Time) (*key_model.SigningKey, time.Time, error) {
|
||||
key, err := view.GetSigningKey(v.Db, keyTable, expiry)
|
||||
if err != nil {
|
||||
return nil, time.Time{}, err
|
||||
}
|
||||
signingKey, err := key_model.SigningKeyFromKeyView(model.KeyViewToModel(key), v.keyAlgorithm)
|
||||
return signingKey, key.Expiry, err
|
||||
}
|
||||
|
||||
func (v *View) GetActiveKeySet() ([]*key_model.PublicKey, error) {
|
||||
keys, err := view.GetActivePublicKeys(v.Db, keyTable)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return key_model.PublicKeysFromKeyView(model.KeyViewsToModel(keys), v.keyAlgorithm)
|
||||
}
|
||||
|
||||
func (v *View) PutKeys(privateKey, publicKey *model.KeyView, event *models.Event) error {
|
||||
err := view.PutKeys(v.Db, keyTable, privateKey, publicKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedKeySequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteKey(keyID string, private bool, event *models.Event) error {
|
||||
err := view.DeleteKey(v.Db, keyTable, keyID, private)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedKeySequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteKeyPair(keyID string, event *models.Event) error {
|
||||
err := view.DeleteKeyPair(v.Db, keyTable, keyID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedKeySequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestKeySequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(keyTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedKeySequence(event *models.Event) error {
|
||||
return v.saveCurrentSequence(keyTable, event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateKeySpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(keyTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestKeyFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
return v.latestFailedEvent(keyTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedKeyFailedEvent(failedEvent *repository.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -1,86 +0,0 @@
|
||||
package view
|
||||
|
||||
import (
|
||||
"github.com/caos/zitadel/internal/errors"
|
||||
"github.com/caos/zitadel/internal/eventstore/v1/models"
|
||||
grant_model "github.com/caos/zitadel/internal/usergrant/model"
|
||||
"github.com/caos/zitadel/internal/usergrant/repository/view"
|
||||
"github.com/caos/zitadel/internal/usergrant/repository/view/model"
|
||||
"github.com/caos/zitadel/internal/view/repository"
|
||||
)
|
||||
|
||||
const (
|
||||
userGrantTable = "auth.user_grants"
|
||||
)
|
||||
|
||||
func (v *View) UserGrantByID(grantID string) (*model.UserGrantView, error) {
|
||||
return view.UserGrantByID(v.Db, userGrantTable, grantID)
|
||||
}
|
||||
|
||||
func (v *View) UserGrantByIDs(resourceOwnerID, projectID, userID string) (*model.UserGrantView, error) {
|
||||
return view.UserGrantByIDs(v.Db, userGrantTable, resourceOwnerID, projectID, userID)
|
||||
}
|
||||
|
||||
func (v *View) UserGrantsByUserID(userID string) ([]*model.UserGrantView, error) {
|
||||
return view.UserGrantsByUserID(v.Db, userGrantTable, userID)
|
||||
}
|
||||
|
||||
func (v *View) UserGrantsByProjectID(projectID string) ([]*model.UserGrantView, error) {
|
||||
return view.UserGrantsByProjectID(v.Db, userGrantTable, projectID)
|
||||
}
|
||||
|
||||
func (v *View) UserGrantsByOrgID(projectID string) ([]*model.UserGrantView, error) {
|
||||
return view.UserGrantsByOrgID(v.Db, userGrantTable, projectID)
|
||||
}
|
||||
|
||||
func (v *View) UserGrantsByProjectAndUserID(projectID, userID string) ([]*model.UserGrantView, error) {
|
||||
return view.UserGrantsByProjectAndUserID(v.Db, userGrantTable, projectID, userID)
|
||||
}
|
||||
|
||||
func (v *View) SearchUserGrants(request *grant_model.UserGrantSearchRequest) ([]*model.UserGrantView, uint64, error) {
|
||||
return view.SearchUserGrants(v.Db, userGrantTable, request)
|
||||
}
|
||||
|
||||
func (v *View) PutUserGrant(grant *model.UserGrantView, event *models.Event) error {
|
||||
err := view.PutUserGrant(v.Db, userGrantTable, grant)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) PutUserGrants(grants []*model.UserGrantView, event *models.Event) error {
|
||||
err := view.PutUserGrants(v.Db, userGrantTable, grants...)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteUserGrant(grantID string, event *models.Event) error {
|
||||
err := view.DeleteUserGrant(v.Db, userGrantTable, grantID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserGrantSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserGrantSequence() (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userGrantTable)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedUserGrantSequence(event *models.Event) error {
|
||||
return v.saveCurrentSequence(userGrantTable, event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateUserGrantSpoolerRunTimestamp() error {
|
||||
return v.updateSpoolerRunSequence(userGrantTable)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserGrantFailedEvent(sequence uint64) (*repository.FailedEvent, error) {
|
||||
return v.latestFailedEvent(userGrantTable, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedUserGrantFailedEvent(failedEvent *repository.FailedEvent) error {
|
||||
return v.saveFailedEvent(failedEvent)
|
||||
}
|
||||
@@ -9,9 +9,7 @@ type Repository interface {
|
||||
UserRepository
|
||||
AuthRequestRepository
|
||||
TokenRepository
|
||||
ApplicationRepository
|
||||
UserSessionRepository
|
||||
UserGrantRepository
|
||||
OrgRepository
|
||||
RefreshTokenRepository
|
||||
}
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
package repository
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/caos/zitadel/internal/usergrant/model"
|
||||
)
|
||||
|
||||
type UserGrantRepository interface {
|
||||
SearchMyUserGrants(ctx context.Context, request *model.UserGrantSearchRequest) (*model.UserGrantSearchResponse, error)
|
||||
SearchMyProjectOrgs(ctx context.Context, request *model.UserGrantSearchRequest) (*model.ProjectOrgSearchResponse, error)
|
||||
SearchMyZitadelPermissions(ctx context.Context) ([]string, error)
|
||||
SearchMyProjectPermissions(ctx context.Context) ([]string, error)
|
||||
UserGrantsByProjectAndUserID(projectID, userID string) ([]*model.UserGrantView, error)
|
||||
}
|
||||
Reference in New Issue
Block a user