feat: actions (#2377)

* feat(actions): begin api * feat(actions): begin api * api and projections * fix: handle multiple statements for a single event in projections * export func type * fix test * update to new reduce interface * flows in login * feat: jwt idp * feat: command side * feat: add tests * actions and flows * fill idp views with jwt idps and return apis * add jwtEndpoint to jwt idp * begin jwt request handling * add feature * merge * merge * handle jwt idp * cleanup * bug fixes * autoregister * get token from specific header name * fix: proto * fixes * i18n * begin tests * fix and log http proxy * remove docker cache * fixes * usergrants in actions api * tests adn cleanup * cleanup * fix add user grant * set login context * i18n Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2025-08-12 01:37:31 +00:00 · 2021-09-27 13:43:49 +02:00
parent 5c32fc9c12
commit ed80a8bb1e
73 changed files with 5197 additions and 64 deletions
--- a/internal/api/grpc/management/actions.go
+++ b/internal/api/grpc/management/actions.go
@@ -0,0 +1,94 @@
+package management
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	action_grpc "github.com/caos/zitadel/internal/api/grpc/action"
+	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
+	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
+)
+
+func (s *Server) ListActions(ctx context.Context, req *mgmt_pb.ListActionsRequest) (*mgmt_pb.ListActionsResponse, error) {
+	query, _ := listActionsToQuery(authz.GetCtxData(ctx).OrgID, req)
+	actions, err := s.query.SearchActions(ctx, query)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.ListActionsResponse{
+		Result: action_grpc.ActionsToPb(actions),
+	}, nil
+}
+
+func (s *Server) GetAction(ctx context.Context, req *mgmt_pb.GetActionRequest) (*mgmt_pb.GetActionResponse, error) {
+	action, err := s.query.GetAction(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.GetActionResponse{
+		Action: action_grpc.ActionToPb(action),
+	}, nil
+}
+
+func (s *Server) CreateAction(ctx context.Context, req *mgmt_pb.CreateActionRequest) (*mgmt_pb.CreateActionResponse, error) {
+	id, details, err := s.command.AddAction(ctx, createActionRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.CreateActionResponse{
+		Id: id,
+		Details: obj_grpc.AddToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) UpdateAction(ctx context.Context, req *mgmt_pb.UpdateActionRequest) (*mgmt_pb.UpdateActionResponse, error) {
+	details, err := s.command.ChangeAction(ctx, updateActionRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.UpdateActionResponse{
+		Details: obj_grpc.AddToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) DeactivateAction(ctx context.Context, req *mgmt_pb.DeactivateActionRequest) (*mgmt_pb.DeactivateActionResponse, error) {
+	details, err := s.command.DeactivateAction(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
+	return &mgmt_pb.DeactivateActionResponse{
+		Details: obj_grpc.AddToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner,
+		),
+	}, err
+}
+
+func (s *Server) ReactivateAction(ctx context.Context, req *mgmt_pb.ReactivateActionRequest) (*mgmt_pb.ReactivateActionResponse, error) {
+	details, err := s.command.ReactivateAction(ctx, req.Id, authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.ReactivateActionResponse{
+		Details: obj_grpc.AddToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner,
+		),
+	}, nil
+}
+
+func (s *Server) DeleteAction(ctx context.Context, req *mgmt_pb.DeleteActionRequest) (*mgmt_pb.DeleteActionResponse, error) {
+	flowTypes, err := s.query.GetFlowTypesOfActionID(ctx, req.Id)
+	if err != nil {
+		return nil, err
+	}
+	_, err = s.command.DeleteAction(ctx, req.Id, authz.GetCtxData(ctx).OrgID, flowTypes...)
+	return &mgmt_pb.DeleteActionResponse{}, err
+}
--- a/internal/api/grpc/management/actions_converter.go
+++ b/internal/api/grpc/management/actions_converter.go
@@ -0,0 +1,64 @@
+package management
+
+import (
+	action_grpc "github.com/caos/zitadel/internal/api/grpc/action"
+	"github.com/caos/zitadel/internal/api/grpc/object"
+	"github.com/caos/zitadel/internal/domain"
+	"github.com/caos/zitadel/internal/eventstore/v1/models"
+	"github.com/caos/zitadel/internal/query"
+	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
+)
+
+func createActionRequestToDomain(req *mgmt_pb.CreateActionRequest) *domain.Action {
+	return &domain.Action{
+		Name:          req.Name,
+		Script:        req.Script,
+		Timeout:       req.Timeout.AsDuration(),
+		AllowedToFail: req.AllowedToFail,
+	}
+}
+
+func updateActionRequestToDomain(req *mgmt_pb.UpdateActionRequest) *domain.Action {
+	return &domain.Action{
+		ObjectRoot: models.ObjectRoot{
+			AggregateID: req.Id,
+		},
+		Name:          req.Name,
+		Script:        req.Script,
+		Timeout:       req.Timeout.AsDuration(),
+		AllowedToFail: req.AllowedToFail,
+	}
+}
+
+func listActionsToQuery(id string, req *mgmt_pb.ListActionsRequest) (_ *query.ActionSearchQueries, err error) {
+	offset, limit, asc := object.ListQueryToModel(req.Query)
+	queries := make([]query.SearchQuery, len(req.Queries)+1)
+	queries[0], err = query.NewActionResourceOwnerQuery(id)
+	if err != nil {
+		return nil, err
+	}
+	for i, actionQuery := range req.Queries {
+		queries[i+1], err = ActionQueryToQuery(actionQuery.Query)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return &query.ActionSearchQueries{
+		SearchRequest: query.SearchRequest{
+			Offset: offset,
+			Limit:  limit,
+			Asc:    asc,
+		},
+		Queries: queries,
+	}, nil
+}
+
+func ActionQueryToQuery(query interface{}) (query.SearchQuery, error) {
+	switch q := query.(type) {
+	case *mgmt_pb.ActionQuery_ActionNameQuery:
+		return action_grpc.ActionNameQuery(q.ActionNameQuery)
+	case *mgmt_pb.ActionQuery_ActionStateQuery:
+		return action_grpc.ActionStateQuery(q.ActionStateQuery)
+	}
+	return nil, nil
+}
--- a/internal/api/grpc/management/auth_checks.go
+++ b/internal/api/grpc/management/auth_checks.go
@@ -0,0 +1,32 @@
+package management
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	caos_errors "github.com/caos/zitadel/internal/errors"
+)
+
+func checkExplicitProjectPermission(ctx context.Context, grantID, projectID string) error {
+	permissions := authz.GetRequestPermissionsFromCtx(ctx)
+	if authz.HasGlobalPermission(permissions) {
+		return nil
+	}
+	ids := authz.GetAllPermissionCtxIDs(permissions)
+	if grantID != "" && listContainsID(ids, grantID) {
+		return nil
+	}
+	if listContainsID(ids, projectID) {
+		return nil
+	}
+	return caos_errors.ThrowPermissionDenied(nil, "EVENT-Shu7e", "Errors.UserGrant.NoPermissionForProject")
+}
+
+func listContainsID(ids []string, id string) bool {
+	for _, i := range ids {
+		if i == id {
+			return true
+		}
+	}
+	return false
+}
--- a/internal/api/grpc/management/flow.go
+++ b/internal/api/grpc/management/flow.go
@@ -0,0 +1,50 @@
+package management
+
+import (
+	"context"
+
+	"github.com/caos/zitadel/internal/api/authz"
+	action_grpc "github.com/caos/zitadel/internal/api/grpc/action"
+	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
+	mgmt_pb "github.com/caos/zitadel/pkg/grpc/management"
+)
+
+func (s *Server) GetFlow(ctx context.Context, req *mgmt_pb.GetFlowRequest) (*mgmt_pb.GetFlowResponse, error) {
+	flow, err := s.query.GetFlow(ctx, action_grpc.FlowTypeToDomain(req.Type))
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.GetFlowResponse{
+		Flow: action_grpc.FlowToPb(flow),
+	}, nil
+}
+
+func (s *Server) ClearFlow(ctx context.Context, req *mgmt_pb.ClearFlowRequest) (*mgmt_pb.ClearFlowResponse, error) {
+	details, err := s.command.ClearFlow(ctx, action_grpc.FlowTypeToDomain(req.Type), authz.GetCtxData(ctx).OrgID)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.ClearFlowResponse{
+		Details: obj_grpc.DomainToChangeDetailsPb(details),
+	}, err
+}
+
+func (s *Server) SetTriggerActions(ctx context.Context, req *mgmt_pb.SetTriggerActionsRequest) (*mgmt_pb.SetTriggerActionsResponse, error) {
+	details, err := s.command.SetTriggerActions(
+		ctx,
+		action_grpc.FlowTypeToDomain(req.FlowType),
+		action_grpc.TriggerTypeToDomain(req.TriggerType),
+		req.ActionIds,
+		authz.GetCtxData(ctx).OrgID,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &mgmt_pb.SetTriggerActionsResponse{
+		Details: obj_grpc.AddToDetailsPb(
+			details.Sequence,
+			details.EventDate,
+			details.ResourceOwner,
+		),
+	}, nil
+}
--- a/internal/api/grpc/management/user_grant.go
+++ b/internal/api/grpc/management/user_grant.go
@@ -2,6 +2,7 @@ package management

 import (
 	"context"
+
 	"github.com/caos/zitadel/internal/api/authz"
 	obj_grpc "github.com/caos/zitadel/internal/api/grpc/object"
 	"github.com/caos/zitadel/internal/api/grpc/user"
@@ -37,7 +38,11 @@ func (s *Server) ListUserGrants(ctx context.Context, req *mgmt_pb.ListUserGrantR
 }

 func (s *Server) AddUserGrant(ctx context.Context, req *mgmt_pb.AddUserGrantRequest) (*mgmt_pb.AddUserGrantResponse, error) {
-	grant, err := s.command.AddUserGrant(ctx, AddUserGrantRequestToDomain(req), authz.GetCtxData(ctx).OrgID)
+	grant := AddUserGrantRequestToDomain(req)
+	if err := checkExplicitProjectPermission(ctx, grant.ProjectGrantID, grant.ProjectID); err != nil {
+		return nil, err
+	}
+	grant, err := s.command.AddUserGrant(ctx, grant, authz.GetCtxData(ctx).OrgID)
 	if err != nil {
 		return nil, err
 	}