mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 17:27:31 +00:00
fix: project grant permissions v2 remove (#10337)
# Which Problems Are Solved [Permissions v2](https://github.com/zitadel/zitadel/issues/9972) is not possible in the current implementation. # How the Problems Are Solved We remove Permissions v2 from project grants related API calls, to alleviate this problems. Resulting in some removals of testing, implementations and performance impact # Additional Changes None # Additional Context None
This commit is contained in:
Stefan Benz
@@ -549,7 +549,8 @@ func createGrantedProject(ctx context.Context, instance *integration.Instance, t
|
||||
}
|
||||
|
||||
func TestServer_ListAuthorizations_PermissionsV2(t *testing.T) {
|
||||
ensureFeaturePermissionV2Enabled(t, InstancePermissionV2)
|
||||
// removed as permission v2 is not implemented yet for project grant level permissions
|
||||
// ensureFeaturePermissionV2Enabled(t, InstancePermissionV2)
|
||||
iamOwnerCtx := InstancePermissionV2.WithAuthorizationToken(EmptyCTX, integration.UserTypeIAMOwner)
|
||||
|
||||
projectOwnerResp := InstancePermissionV2.CreateMachineUser(iamOwnerCtx)
|
||||
@@ -558,11 +559,11 @@ func TestServer_ListAuthorizations_PermissionsV2(t *testing.T) {
|
||||
InstancePermissionV2.CreateProjectMembership(t, iamOwnerCtx, projectResp.GetId(), projectOwnerResp.GetUserId())
|
||||
projectOwnerCtx := integration.WithAuthorizationToken(EmptyCTX, projectOwnerPatResp.Token)
|
||||
|
||||
//projectGrantOwnerResp := InstancePermissionV2.CreateMachineUser(iamOwnerCtx)
|
||||
//projectGrantOwnerPatResp := InstancePermissionV2.CreatePersonalAccessToken(iamOwnerCtx, projectGrantOwnerResp.GetUserId())
|
||||
projectGrantOwnerResp := InstancePermissionV2.CreateMachineUser(iamOwnerCtx)
|
||||
projectGrantOwnerPatResp := InstancePermissionV2.CreatePersonalAccessToken(iamOwnerCtx, projectGrantOwnerResp.GetUserId())
|
||||
grantedProjectResp := createGrantedProject(iamOwnerCtx, InstancePermissionV2, t, projectResp)
|
||||
//InstancePermissionV2.CreateProjectGrantMembership(t, iamOwnerCtx, projectResp.GetId(), grantedProjectResp.GetGrantedOrganizationId(), projectGrantOwnerResp.GetUserId())
|
||||
//projectGrantOwnerCtx := integration.WithAuthorizationToken(EmptyCTX, projectGrantOwnerPatResp.Token)
|
||||
InstancePermissionV2.CreateProjectGrantMembership(t, iamOwnerCtx, projectResp.GetId(), grantedProjectResp.GetGrantedOrganizationId(), projectGrantOwnerResp.GetUserId())
|
||||
projectGrantOwnerCtx := integration.WithAuthorizationToken(EmptyCTX, projectGrantOwnerPatResp.Token)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -615,7 +616,7 @@ func TestServer_ListAuthorizations_PermissionsV2(t *testing.T) {
|
||||
},
|
||||
want: &authorization.ListAuthorizationsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 1,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Authorizations: []*authorization.Authorization{},
|
||||
@@ -892,8 +893,8 @@ func TestServer_ListAuthorizations_PermissionsV2(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
response.Authorizations[1] = createAuthorizationForProject(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), projectResp.GetName(), projectResp.GetId())
|
||||
response.Authorizations[0] = createAuthorizationWithProjectGrant(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), grantedProjectResp.GetName(), grantedProjectResp.GetId())
|
||||
response.Authorizations[0] = createAuthorizationForProject(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), projectResp.GetName(), projectResp.GetId())
|
||||
createAuthorizationWithProjectGrant(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), grantedProjectResp.GetName(), grantedProjectResp.GetId())
|
||||
},
|
||||
req: &authorization.ListAuthorizationsRequest{
|
||||
Filters: []*authorization.AuthorizationsSearchFilter{{}},
|
||||
@@ -905,43 +906,40 @@ func TestServer_ListAuthorizations_PermissionsV2(t *testing.T) {
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Authorizations: []*authorization.Authorization{
|
||||
{}, {},
|
||||
{},
|
||||
},
|
||||
},
|
||||
},
|
||||
/*
|
||||
TODO: correct when permission check is added for project grants https://github.com/zitadel/zitadel/issues/9972
|
||||
{
|
||||
name: "list single id, project and project grant, project grant owner",
|
||||
args: args{
|
||||
ctx: projectGrantOwnerCtx,
|
||||
dep: func(request *authorization.ListAuthorizationsRequest, response *authorization.ListAuthorizationsResponse) {
|
||||
userResp := InstancePermissionV2.CreateUserTypeHuman(iamOwnerCtx, gofakeit.Email())
|
||||
{
|
||||
name: "list single id, project and project grant, project grant owner",
|
||||
args: args{
|
||||
ctx: projectGrantOwnerCtx,
|
||||
dep: func(request *authorization.ListAuthorizationsRequest, response *authorization.ListAuthorizationsResponse) {
|
||||
userResp := InstancePermissionV2.CreateUserTypeHuman(iamOwnerCtx, gofakeit.Email())
|
||||
|
||||
request.Filters[0].Filter = &authorization.AuthorizationsSearchFilter_UserId{
|
||||
UserId: &filter.IDFilter{
|
||||
Id: userResp.GetId(),
|
||||
},
|
||||
}
|
||||
request.Filters[0].Filter = &authorization.AuthorizationsSearchFilter_UserId{
|
||||
UserId: &filter.IDFilter{
|
||||
Id: userResp.GetId(),
|
||||
},
|
||||
}
|
||||
|
||||
createAuthorizationForProject(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), projectResp.GetName(), projectResp.GetId())
|
||||
response.Authorizations[0] = createAuthorizationForProjectGrant(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), grantedProjectResp.GetName(), grantedProjectResp.GetId())
|
||||
},
|
||||
req: &authorization.ListAuthorizationsRequest{
|
||||
Filters: []*authorization.AuthorizationsSearchFilter{{}},
|
||||
},
|
||||
createAuthorizationForProject(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), projectResp.GetName(), projectResp.GetId())
|
||||
response.Authorizations[0] = createAuthorizationForProjectGrant(iamOwnerCtx, InstancePermissionV2, t, InstancePermissionV2.DefaultOrg.GetId(), userResp.GetId(), grantedProjectResp.GetName(), grantedProjectResp.GetId(), grantedProjectResp.GetGrantedOrganizationId())
|
||||
},
|
||||
want: &authorization.ListAuthorizationsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 2,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Authorizations: []*authorization.Authorization{
|
||||
{},
|
||||
},
|
||||
req: &authorization.ListAuthorizationsRequest{
|
||||
Filters: []*authorization.AuthorizationsSearchFilter{{}},
|
||||
},
|
||||
},
|
||||
*/
|
||||
want: &authorization.ListAuthorizationsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 2,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Authorizations: []*authorization.Authorization{
|
||||
{},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
|
||||
@@ -17,7 +17,7 @@ import (
|
||||
)
|
||||
|
||||
func TestServer_ListAdministrators(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
iamOwnerCtx := instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
projectName := gofakeit.AppName()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), projectName, false, false)
|
||||
@@ -66,7 +66,7 @@ func TestServer_ListAdministrators(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *internal_permission.ListAdministratorsRequest, response *internal_permission.ListAdministratorsResponse) {
|
||||
admin := createInstanceAdministrator(iamOwnerCtx, instance, t)
|
||||
request.Filters[0].Filter = &internal_permission.AdministratorSearchFilter_InUserIdsFilter{
|
||||
@@ -90,7 +90,7 @@ func TestServer_ListAdministrators(t *testing.T) {
|
||||
{
|
||||
name: "list by id, missing permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *internal_permission.ListAdministratorsRequest, response *internal_permission.ListAdministratorsResponse) {
|
||||
admin := createInstanceAdministrator(iamOwnerCtx, instance, t)
|
||||
request.Filters[0].Filter = &internal_permission.AdministratorSearchFilter_InUserIdsFilter{
|
||||
@@ -427,7 +427,7 @@ func TestServer_ListAdministrators(t *testing.T) {
|
||||
{
|
||||
name: "list multiple id, org owner",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *internal_permission.ListAdministratorsRequest, response *internal_permission.ListAdministratorsResponse) {
|
||||
admin1 := createInstanceAdministrator(iamOwnerCtx, instance, t)
|
||||
admin2 := createOrganizationAdministrator(iamOwnerCtx, instance, t)
|
||||
@@ -644,8 +644,9 @@ func createProjectGrantAdministrator(ctx context.Context, instance *integration.
|
||||
}
|
||||
|
||||
func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
// removed as permission v2 is not implemented yet for project grant level permissions
|
||||
// ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
projectName := gofakeit.AppName()
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), projectName, false, false)
|
||||
@@ -694,7 +695,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *internal_permission.ListAdministratorsRequest, response *internal_permission.ListAdministratorsResponse) {
|
||||
admin := createInstanceAdministrator(iamOwnerCtx, instancePermissionV2, t)
|
||||
request.Filters[0].Filter = &internal_permission.AdministratorSearchFilter_InUserIdsFilter{
|
||||
@@ -709,7 +710,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &internal_permission.ListAdministratorsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 1,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Administrators: []*internal_permission.Administrator{},
|
||||
@@ -718,7 +719,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, missing permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *internal_permission.ListAdministratorsRequest, response *internal_permission.ListAdministratorsResponse) {
|
||||
admin := createInstanceAdministrator(iamOwnerCtx, instancePermissionV2, t)
|
||||
request.Filters[0].Filter = &internal_permission.AdministratorSearchFilter_InUserIdsFilter{
|
||||
@@ -733,7 +734,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &internal_permission.ListAdministratorsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 1,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Administrators: []*internal_permission.Administrator{},
|
||||
@@ -1055,7 +1056,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list multiple id, org owner",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *internal_permission.ListAdministratorsRequest, response *internal_permission.ListAdministratorsResponse) {
|
||||
admin1 := createInstanceAdministrator(iamOwnerCtx, instancePermissionV2, t)
|
||||
admin2 := createOrganizationAdministrator(iamOwnerCtx, instancePermissionV2, t)
|
||||
@@ -1076,7 +1077,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &internal_permission.ListAdministratorsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 3,
|
||||
TotalResult: 4,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Administrators: []*internal_permission.Administrator{
|
||||
@@ -1107,7 +1108,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &internal_permission.ListAdministratorsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 2,
|
||||
TotalResult: 4,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Administrators: []*internal_permission.Administrator{
|
||||
@@ -1115,7 +1116,6 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
// TODO: correct when permission check is added for project grants https://github.com/zitadel/zitadel/issues/9972
|
||||
{
|
||||
name: "list multiple id, project grant owner",
|
||||
args: args{
|
||||
@@ -1130,7 +1130,7 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
Ids: []string{admin1.GetUser().GetId(), admin2.GetUser().GetId(), admin3.GetUser().GetId(), admin4.GetUser().GetId()},
|
||||
},
|
||||
}
|
||||
// response.Administrators[0] = admin4
|
||||
response.Administrators[0] = admin4
|
||||
},
|
||||
req: &internal_permission.ListAdministratorsRequest{
|
||||
Filters: []*internal_permission.AdministratorSearchFilter{{}},
|
||||
@@ -1138,10 +1138,10 @@ func TestServer_ListAdministrators_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &internal_permission.ListAdministratorsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 4,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Administrators: []*internal_permission.Administrator{},
|
||||
Administrators: []*internal_permission.Administrator{{}},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@@ -18,7 +18,7 @@ import (
|
||||
)
|
||||
|
||||
func TestServer_GetProject(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
iamOwnerCtx := instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -34,7 +34,7 @@ func TestServer_GetProject(t *testing.T) {
|
||||
{
|
||||
name: "missing permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
resp := createProject(iamOwnerCtx, instance, t, orgID, false, false)
|
||||
@@ -48,7 +48,7 @@ func TestServer_GetProject(t *testing.T) {
|
||||
{
|
||||
name: "missing permission, other org owner",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
@@ -94,7 +94,7 @@ func TestServer_GetProject(t *testing.T) {
|
||||
{
|
||||
name: "get, ok, org owner",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.GetProjectRequest, response *project.GetProjectResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
resp := createProject(iamOwnerCtx, instance, t, orgID, false, false)
|
||||
@@ -147,7 +147,7 @@ func TestServer_GetProject(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_ListProjects(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
iamOwnerCtx := instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
@@ -190,7 +190,7 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
@@ -210,7 +210,7 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
{
|
||||
name: "list by id, missing permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
@@ -349,7 +349,7 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
{
|
||||
name: "list multiple id, limited permissions",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
@@ -505,7 +505,7 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
{
|
||||
name: "list granted project, project id",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
|
||||
@@ -576,8 +576,9 @@ func TestServer_ListProjects(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
// removed as permission v2 is not implemented yet for project grant level permissions
|
||||
// ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
orgID := instancePermissionV2.DefaultOrg.GetId()
|
||||
|
||||
type args struct {
|
||||
@@ -612,7 +613,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgID, false, false)
|
||||
request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
|
||||
@@ -630,7 +631,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, missing permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
resp := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, false)
|
||||
@@ -646,7 +647,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &project.ListProjectsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 1,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Projects: []*project.Project{},
|
||||
@@ -848,7 +849,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list multiple id, limited permissions",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
resp1 := createProject(iamOwnerCtx, instancePermissionV2, t, orgResp.GetOrganizationId(), false, false)
|
||||
@@ -868,7 +869,7 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &project.ListProjectsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 1,
|
||||
TotalResult: 3,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Projects: []*project.Project{
|
||||
@@ -876,11 +877,10 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
},
|
||||
},
|
||||
},
|
||||
// TODO: correct when permission check is added for project grants https://github.com/zitadel/zitadel/issues/9972
|
||||
{
|
||||
name: "list granted project, project id",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectsRequest, response *project.ListProjectsResponse) {
|
||||
orgID := instancePermissionV2.DefaultOrg.GetId()
|
||||
|
||||
@@ -888,28 +888,26 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
projectName := gofakeit.AppName()
|
||||
orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, orgName, gofakeit.Email())
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), projectName, true, true)
|
||||
// projectGrantResp :=
|
||||
instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
|
||||
projectGrantResp := instancePermissionV2.CreateProjectGrant(iamOwnerCtx, t, projectResp.GetId(), orgID)
|
||||
request.Filters[0].Filter = &project.ProjectSearchFilter_InProjectIdsFilter{
|
||||
InProjectIdsFilter: &filter.InIDsFilter{Ids: []string{projectResp.GetId()}},
|
||||
}
|
||||
/*
|
||||
response.Projects[0] = &project.Project{
|
||||
Id: projectResp.GetId(),
|
||||
Name: projectName,
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
CreationDate: projectGrantResp.GetCreationDate(),
|
||||
ChangeDate: projectGrantResp.GetCreationDate(),
|
||||
State: 1,
|
||||
ProjectRoleAssertion: false,
|
||||
ProjectAccessRequired: true,
|
||||
AuthorizationRequired: true,
|
||||
PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
|
||||
GrantedOrganizationId: gu.Ptr(orgID),
|
||||
GrantedOrganizationName: gu.Ptr(instancePermissionV2.DefaultOrg.GetName()),
|
||||
GrantedState: 1,
|
||||
}
|
||||
*/
|
||||
|
||||
response.Projects[0] = &project.Project{
|
||||
Id: projectResp.GetId(),
|
||||
Name: projectName,
|
||||
OrganizationId: orgResp.GetOrganizationId(),
|
||||
CreationDate: projectGrantResp.GetCreationDate(),
|
||||
ChangeDate: projectGrantResp.GetCreationDate(),
|
||||
State: 1,
|
||||
ProjectRoleAssertion: false,
|
||||
ProjectAccessRequired: true,
|
||||
AuthorizationRequired: true,
|
||||
PrivateLabelingSetting: project.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED,
|
||||
GrantedOrganizationId: gu.Ptr(orgID),
|
||||
GrantedOrganizationName: gu.Ptr(instancePermissionV2.DefaultOrg.GetName()),
|
||||
GrantedState: 1,
|
||||
}
|
||||
},
|
||||
req: &project.ListProjectsRequest{
|
||||
Filters: []*project.ProjectSearchFilter{{}},
|
||||
@@ -917,10 +915,10 @@ func TestServer_ListProjects_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &project.ListProjectsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 2,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
Projects: []*project.Project{},
|
||||
Projects: []*project.Project{{}},
|
||||
},
|
||||
},
|
||||
}
|
||||
@@ -996,7 +994,7 @@ func assertPaginationResponse(t *assert.CollectT, expected *filter.PaginationRes
|
||||
}
|
||||
|
||||
func TestServer_ListProjectGrants(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
iamOwnerCtx := instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
userResp := instance.CreateMachineUser(iamOwnerCtx)
|
||||
patResp := instance.CreatePersonalAccessToken(iamOwnerCtx, userResp.GetUserId())
|
||||
@@ -1042,7 +1040,7 @@ func TestServer_ListProjectGrants(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
|
||||
@@ -1088,7 +1086,7 @@ func TestServer_ListProjectGrants(t *testing.T) {
|
||||
{
|
||||
name: "list by id",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
@@ -1118,7 +1116,7 @@ func TestServer_ListProjectGrants(t *testing.T) {
|
||||
{
|
||||
name: "list by id, missing permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
@@ -1178,7 +1176,7 @@ func TestServer_ListProjectGrants(t *testing.T) {
|
||||
{
|
||||
name: "list multiple id, limited permissions",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name1 := gofakeit.AppName()
|
||||
name2 := gofakeit.AppName()
|
||||
@@ -1342,8 +1340,9 @@ func TestServer_ListProjectGrants(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
// removed as permission v2 is not implemented yet for project grant level permissions
|
||||
// ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -1383,7 +1382,7 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
request.Filters[0].Filter = &project.ProjectGrantSearchFilter_InProjectIdsFilter{
|
||||
@@ -1407,7 +1406,7 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgID := instancePermissionV2.DefaultOrg.GetId()
|
||||
@@ -1437,7 +1436,7 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, missing permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name := gofakeit.AppName()
|
||||
orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
@@ -1456,7 +1455,7 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &project.ListProjectGrantsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 0,
|
||||
TotalResult: 1,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
ProjectGrants: []*project.ProjectGrant{},
|
||||
@@ -1497,7 +1496,7 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list multiple id, limited permissions",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectGrantsRequest, response *project.ListProjectGrantsResponse) {
|
||||
name1 := gofakeit.AppName()
|
||||
name2 := gofakeit.AppName()
|
||||
@@ -1523,7 +1522,7 @@ func TestServer_ListProjectGrants_PermissionV2(t *testing.T) {
|
||||
},
|
||||
want: &project.ListProjectGrantsResponse{
|
||||
Pagination: &filter.PaginationResponse{
|
||||
TotalResult: 1,
|
||||
TotalResult: 3,
|
||||
AppliedLimit: 100,
|
||||
},
|
||||
ProjectGrants: []*project.ProjectGrant{
|
||||
@@ -1578,7 +1577,7 @@ func createProjectGrant(ctx context.Context, instance *integration.Instance, t *
|
||||
}
|
||||
|
||||
func TestServer_ListProjectRoles(t *testing.T) {
|
||||
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
iamOwnerCtx := instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
dep func(*project.ListProjectRolesRequest, *project.ListProjectRolesResponse)
|
||||
@@ -1609,7 +1608,7 @@ func TestServer_ListProjectRoles(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, instance.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
|
||||
@@ -1640,7 +1639,7 @@ func TestServer_ListProjectRoles(t *testing.T) {
|
||||
{
|
||||
name: "list single id, missing permission",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
|
||||
orgResp := instance.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
@@ -1661,7 +1660,7 @@ func TestServer_ListProjectRoles(t *testing.T) {
|
||||
{
|
||||
name: "list single id",
|
||||
args: args{
|
||||
ctx: instance.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
|
||||
orgID := instance.DefaultOrg.GetId()
|
||||
projectResp := instance.CreateProject(iamOwnerCtx, t, orgID, gofakeit.AppName(), false, false)
|
||||
@@ -1736,7 +1735,7 @@ func TestServer_ListProjectRoles(t *testing.T) {
|
||||
|
||||
func TestServer_ListProjectRoles_PermissionV2(t *testing.T) {
|
||||
ensureFeaturePermissionV2Enabled(t, instancePermissionV2)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
||||
iamOwnerCtx := instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
|
||||
|
||||
type args struct {
|
||||
ctx context.Context
|
||||
@@ -1768,7 +1767,7 @@ func TestServer_ListProjectRoles_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list by id, no permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeNoPermission),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeNoPermission),
|
||||
dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, instancePermissionV2.DefaultOrg.GetId(), gofakeit.AppName(), false, false)
|
||||
|
||||
@@ -1799,7 +1798,7 @@ func TestServer_ListProjectRoles_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list single id, missing permission",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
|
||||
orgResp := instancePermissionV2.CreateOrganization(iamOwnerCtx, gofakeit.AppName(), gofakeit.Email())
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgResp.GetOrganizationId(), gofakeit.AppName(), false, false)
|
||||
@@ -1820,7 +1819,7 @@ func TestServer_ListProjectRoles_PermissionV2(t *testing.T) {
|
||||
{
|
||||
name: "list single id",
|
||||
args: args{
|
||||
ctx: instancePermissionV2.WithAuthorization(CTX, integration.UserTypeOrgOwner),
|
||||
ctx: instancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner),
|
||||
dep: func(request *project.ListProjectRolesRequest, response *project.ListProjectRolesResponse) {
|
||||
orgID := instancePermissionV2.DefaultOrg.GetId()
|
||||
projectResp := instancePermissionV2.CreateProject(iamOwnerCtx, t, orgID, gofakeit.AppName(), false, false)
|
||||
|
||||
Reference in New Issue
Block a user