fix: move activity log to queries and remove old code (#3096)

* move changes to queries and remove old code * fix changes query * remove unused code * fix sorting * fix sorting * refactor and remove old code * remove accidental go.mod replace * add missing file * remove listDetail from ChangesResponse
2025-08-12 01:47:33 +00:00 · 2022-01-26 10:16:33 +01:00
parent 52da2354a3
commit e99b7f4972
100 changed files with 579 additions and 3565 deletions
--- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
+++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go
@@ -14,9 +14,6 @@ import (
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
 	iam_view "github.com/caos/zitadel/internal/iam/repository/view"
 	"github.com/caos/zitadel/internal/query"
 	"github.com/caos/zitadel/internal/telemetry/tracing"
@@ -33,7 +30,7 @@ type TokenVerifierRepo struct {
 	Query                *query.Queries
 }

-func (repo *TokenVerifierRepo) TokenByID(ctx context.Context, tokenID, userID string) (*usr_model.TokenView, error) {
+func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID string) (*usr_model.TokenView, error) {
 	token, viewErr := repo.View.TokenByID(tokenID)
 	if viewErr != nil && !caos_errs.IsNotFound(viewErr) {
 		return nil, viewErr
@@ -82,7 +79,7 @@ func (repo *TokenVerifierRepo) VerifyAccessToken(ctx context.Context, tokenStrin
 	if len(splittedToken) != 2 {
 		return "", "", "", "", "", caos_errs.ThrowUnauthenticated(nil, "APP-GDg3a", "invalid token")
 	}
-	token, err := repo.TokenByID(ctx, splittedToken[0], splittedToken[1])
+	token, err := repo.tokenByID(ctx, splittedToken[0], splittedToken[1])
 	if err != nil {
 		return "", "", "", "", "", caos_errs.ThrowUnauthenticated(err, "APP-BxUSiL", "invalid token")
 	}
@@ -237,7 +234,7 @@ func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName str
 	ctx, span := tracing.NewSpan(ctx)
 	defer func() { span.EndWithError(err) }()

-	iam, err := repo.getIAMByID(ctx)
+	iam, err := repo.Query.IAMByID(ctx, domain.IAMID)
 	if err != nil {
 		return "", "", err
 	}
@@ -261,23 +258,6 @@ func (r *TokenVerifierRepo) getUserEvents(ctx context.Context, userID string, se
 	return r.Eventstore.FilterEvents(ctx, query)
 }

-func (u *TokenVerifierRepo) getIAMByID(ctx context.Context) (*iam_model.IAM, error) {
-	query, err := iam_view.IAMByIDQuery(domain.IAMID, 0)
-	if err != nil {
-		return nil, err
-	}
-	iam := &iam_es_model.IAM{
-		ObjectRoot: models.ObjectRoot{
-			AggregateID: domain.IAMID,
-		},
-	}
-	err = es_sdk.Filter(ctx, u.Eventstore.FilterEvents, iam.AppendEvents, query)
-	if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
-		return nil, err
-	}
-	return iam_es_model.IAMToModel(iam), nil
-}
-
 func (repo *TokenVerifierRepo) checkDefaultFeatures(ctx context.Context, requiredFeatures ...string) error {
 	features, err := repo.Query.DefaultFeatures(ctx)
 	if err != nil {
--- a/internal/authz/repository/eventsourcing/eventstore/user_grant.go
+++ b/internal/authz/repository/eventsourcing/eventstore/user_grant.go
@@ -1,158 +0,0 @@
-package eventstore
-
-import (
-	"context"
-
-	v1 "github.com/caos/zitadel/internal/eventstore/v1"
-	"github.com/caos/zitadel/internal/eventstore/v1/models"
-	es_sdk "github.com/caos/zitadel/internal/eventstore/v1/sdk"
-	iam_model "github.com/caos/zitadel/internal/iam/model"
-	iam_es_model "github.com/caos/zitadel/internal/iam/repository/eventsourcing/model"
-	iam_view "github.com/caos/zitadel/internal/iam/repository/view"
-
-	"github.com/caos/zitadel/internal/api/authz"
-	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
-	"github.com/caos/zitadel/internal/domain"
-	caos_errs "github.com/caos/zitadel/internal/errors"
-	user_model "github.com/caos/zitadel/internal/user/model"
-	user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
-	grant_model "github.com/caos/zitadel/internal/usergrant/model"
-)
-
-type UserGrantRepo struct {
-	View         *view.View
-	IamID        string
-	IamProjectID string
-	Auth         authz.Config
-	Eventstore   v1.Eventstore
-}
-
-func (repo *UserGrantRepo) Health() error {
-	return repo.View.Health()
-}
-
-func (repo *UserGrantRepo) SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error) {
-	memberships, err := repo.searchUserMemberships(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return userMembershipsToMemberships(memberships), nil
-}
-
-func (repo *UserGrantRepo) SearchMyZitadelPermissions(ctx context.Context) ([]string, error) {
-	memberships, err := repo.searchUserMemberships(ctx)
-	if err != nil {
-		return nil, err
-	}
-	permissions := &grant_model.Permissions{Permissions: []string{}}
-	for _, membership := range memberships {
-		for _, role := range membership.Roles {
-			permissions = repo.mapRoleToPermission(permissions, membership, role)
-		}
-	}
-	return permissions.Permissions, nil
-}
-
-func (repo *UserGrantRepo) searchUserMemberships(ctx context.Context) ([]*user_view_model.UserMembershipView, error) {
-	ctxData := authz.GetCtxData(ctx)
-	orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
-		Queries: []*user_model.UserMembershipSearchQuery{
-			{
-				Key:    user_model.UserMembershipSearchKeyUserID,
-				Method: domain.SearchMethodEquals,
-				Value:  ctxData.UserID,
-			},
-			{
-				Key:    user_model.UserMembershipSearchKeyResourceOwner,
-				Method: domain.SearchMethodEquals,
-				Value:  ctxData.OrgID,
-			},
-		},
-	})
-	if err != nil {
-		return nil, err
-	}
-	iamMemberships, iamCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
-		Queries: []*user_model.UserMembershipSearchQuery{
-			{
-				Key:    user_model.UserMembershipSearchKeyUserID,
-				Method: domain.SearchMethodEquals,
-				Value:  ctxData.UserID,
-			},
-			{
-				Key:    user_model.UserMembershipSearchKeyAggregateID,
-				Method: domain.SearchMethodEquals,
-				Value:  repo.IamID,
-			},
-		},
-	})
-	if err != nil {
-		return nil, err
-	}
-	if orgCount == 0 && iamCount == 0 {
-		return []*user_view_model.UserMembershipView{}, nil
-	}
-	return append(orgMemberships, iamMemberships...), nil
-}
-
-func (repo *UserGrantRepo) FillIamProjectID(ctx context.Context) error {
-	if repo.IamProjectID != "" {
-		return nil
-	}
-	iam, err := repo.getIAMByID(ctx)
-	if err != nil {
-		return err
-	}
-	if iam.SetUpDone < domain.StepCount-1 {
-		return caos_errs.ThrowPreconditionFailed(nil, "EVENT-skiwS", "Setup not done")
-	}
-	repo.IamProjectID = iam.IAMProjectID
-	return nil
-}
-
-func (repo *UserGrantRepo) mapRoleToPermission(permissions *grant_model.Permissions, membership *user_view_model.UserMembershipView, role string) *grant_model.Permissions {
-	for _, mapping := range repo.Auth.RolePermissionMappings {
-		if mapping.Role == role {
-			ctxID := ""
-			if membership.MemberType == int32(user_model.MemberTypeProject) || membership.MemberType == int32(user_model.MemberTypeProjectGrant) {
-				ctxID = membership.ObjectID
-			}
-			permissions.AppendPermissions(ctxID, mapping.Permissions...)
-		}
-	}
-	return permissions
-}
-
-func (u *UserGrantRepo) getIAMByID(ctx context.Context) (*iam_model.IAM, error) {
-	query, err := iam_view.IAMByIDQuery(domain.IAMID, 0)
-	if err != nil {
-		return nil, err
-	}
-	iam := &iam_es_model.IAM{
-		ObjectRoot: models.ObjectRoot{
-			AggregateID: domain.IAMID,
-		},
-	}
-	err = es_sdk.Filter(ctx, u.Eventstore.FilterEvents, iam.AppendEvents, query)
-	if err != nil && caos_errs.IsNotFound(err) && iam.Sequence == 0 {
-		return nil, err
-	}
-	return iam_es_model.IAMToModel(iam), nil
-}
-
-func userMembershipToMembership(membership *user_view_model.UserMembershipView) *authz.Membership {
-	return &authz.Membership{
-		MemberType:  authz.MemberType(membership.MemberType),
-		AggregateID: membership.AggregateID,
-		ObjectID:    membership.ObjectID,
-		Roles:       membership.Roles,
-	}
-}
-
-func userMembershipsToMemberships(memberships []*user_view_model.UserMembershipView) []*authz.Membership {
-	result := make([]*authz.Membership, len(memberships))
-	for i, m := range memberships {
-		result[i] = userMembershipToMembership(m)
-	}
-	return result
-}
--- a/internal/authz/repository/eventsourcing/eventstore/user_membership.go
+++ b/internal/authz/repository/eventsourcing/eventstore/user_membership.go
@@ -0,0 +1,86 @@
+package eventstore
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
+	"github.com/caos/zitadel/internal/domain"
+	user_model "github.com/caos/zitadel/internal/user/model"
+	user_view_model "github.com/caos/zitadel/internal/user/repository/view/model"
+)
+
+type UserMembershipRepo struct {
+	View *view.View
+}
+
+func (repo *UserMembershipRepo) Health() error {
+	return repo.View.Health()
+}
+
+func (repo *UserMembershipRepo) SearchMyMemberships(ctx context.Context) ([]*authz.Membership, error) {
+	memberships, err := repo.searchUserMemberships(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return userMembershipsToMemberships(memberships), nil
+}
+
+func (repo *UserMembershipRepo) searchUserMemberships(ctx context.Context) ([]*user_view_model.UserMembershipView, error) {
+	ctxData := authz.GetCtxData(ctx)
+	orgMemberships, orgCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
+		Queries: []*user_model.UserMembershipSearchQuery{
+			{
+				Key:    user_model.UserMembershipSearchKeyUserID,
+				Method: domain.SearchMethodEquals,
+				Value:  ctxData.UserID,
+			},
+			{
+				Key:    user_model.UserMembershipSearchKeyResourceOwner,
+				Method: domain.SearchMethodEquals,
+				Value:  ctxData.OrgID,
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	iamMemberships, iamCount, err := repo.View.SearchUserMemberships(&user_model.UserMembershipSearchRequest{
+		Queries: []*user_model.UserMembershipSearchQuery{
+			{
+				Key:    user_model.UserMembershipSearchKeyUserID,
+				Method: domain.SearchMethodEquals,
+				Value:  ctxData.UserID,
+			},
+			{
+				Key:    user_model.UserMembershipSearchKeyAggregateID,
+				Method: domain.SearchMethodEquals,
+				Value:  domain.IAMID,
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+	if orgCount == 0 && iamCount == 0 {
+		return []*user_view_model.UserMembershipView{}, nil
+	}
+	return append(orgMemberships, iamMemberships...), nil
+}
+
+func userMembershipToMembership(membership *user_view_model.UserMembershipView) *authz.Membership {
+	return &authz.Membership{
+		MemberType:  authz.MemberType(membership.MemberType),
+		AggregateID: membership.AggregateID,
+		ObjectID:    membership.ObjectID,
+		Roles:       membership.Roles,
+	}
+}
+
+func userMembershipsToMemberships(memberships []*user_view_model.UserMembershipView) []*authz.Membership {
+	result := make([]*authz.Membership, len(memberships))
+	for i, m := range memberships {
+		result[i] = userMembershipToMembership(m)
+	}
+	return result
+}
--- a/internal/authz/repository/eventsourcing/repository.go
+++ b/internal/authz/repository/eventsourcing/repository.go
@@ -3,19 +3,17 @@ package eventsourcing
 import (
 	"context"

-	"github.com/caos/zitadel/internal/crypto"
-	v1 "github.com/caos/zitadel/internal/eventstore/v1"
-
-	"github.com/caos/zitadel/internal/query"
-
-	"github.com/caos/zitadel/internal/api/authz"
+	"github.com/caos/zitadel/internal/authz/repository"
 	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/eventstore"
 	"github.com/caos/zitadel/internal/authz/repository/eventsourcing/spooler"
 	authz_view "github.com/caos/zitadel/internal/authz/repository/eventsourcing/view"
 	sd "github.com/caos/zitadel/internal/config/systemdefaults"
 	"github.com/caos/zitadel/internal/config/types"
+	"github.com/caos/zitadel/internal/crypto"
+	v1 "github.com/caos/zitadel/internal/eventstore/v1"
 	es_spol "github.com/caos/zitadel/internal/eventstore/v1/spooler"
 	"github.com/caos/zitadel/internal/id"
+	"github.com/caos/zitadel/internal/query"
 )

 type Config struct {
@@ -26,11 +24,11 @@ type Config struct {

 type EsRepository struct {
 	spooler *es_spol.Spooler
-	eventstore.UserGrantRepo
+	eventstore.UserMembershipRepo
 	eventstore.TokenVerifierRepo
 }

-func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (*EsRepository, error) {
+func Start(conf Config, systemDefaults sd.SystemDefaults, queries *query.Queries) (repository.Repository, error) {
 	es, err := v1.Start(conf.Eventstore)
 	if err != nil {
 		return nil, err
@@ -56,16 +54,12 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, qu

 	return &EsRepository{
 		spool,
-		eventstore.UserGrantRepo{
-			View:       view,
-			IamID:      systemDefaults.IamID,
-			Auth:       authZ,
-			Eventstore: es,
+		eventstore.UserMembershipRepo{
+			View: view,
 		},
 		eventstore.TokenVerifierRepo{
 			TokenVerificationKey: keyAlgorithm,
 			Eventstore:           es,
-			IAMID:                systemDefaults.IamID,
 			View:                 view,
 			Query:                queries,
 		},
@@ -73,7 +67,7 @@ func Start(conf Config, authZ authz.Config, systemDefaults sd.SystemDefaults, qu
 }

 func (repo *EsRepository) Health(ctx context.Context) error {
-	if err := repo.UserGrantRepo.Health(); err != nil {
+	if err := repo.UserMembershipRepo.Health(); err != nil {
 		return err
 	}
 	return nil