mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:37:32 +00:00
feat: remove org (#4148)
* feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Silvan
@@ -57,11 +57,11 @@ type AuthRequestRepo struct {
|
||||
}
|
||||
|
||||
type labelPolicyProvider interface {
|
||||
ActiveLabelPolicyByOrg(context.Context, string) (*query.LabelPolicy, error)
|
||||
ActiveLabelPolicyByOrg(context.Context, string, bool) (*query.LabelPolicy, error)
|
||||
}
|
||||
|
||||
type privacyPolicyProvider interface {
|
||||
PrivacyPolicyByOrg(context.Context, bool, string) (*query.PrivacyPolicy, error)
|
||||
PrivacyPolicyByOrg(context.Context, bool, string, bool) (*query.PrivacyPolicy, error)
|
||||
}
|
||||
|
||||
type userSessionViewProvider interface {
|
||||
@@ -73,11 +73,11 @@ type userViewProvider interface {
|
||||
}
|
||||
|
||||
type loginPolicyViewProvider interface {
|
||||
LoginPolicyByID(context.Context, bool, string) (*query.LoginPolicy, error)
|
||||
LoginPolicyByID(context.Context, bool, string, bool) (*query.LoginPolicy, error)
|
||||
}
|
||||
|
||||
type lockoutPolicyViewProvider interface {
|
||||
LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error)
|
||||
LockoutPolicyByOrg(context.Context, bool, string, bool) (*query.LockoutPolicy, error)
|
||||
}
|
||||
|
||||
type idpProviderViewProvider interface {
|
||||
@@ -85,7 +85,7 @@ type idpProviderViewProvider interface {
|
||||
}
|
||||
|
||||
type idpUserLinksProvider interface {
|
||||
IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery) (*query.IDPUserLinks, error)
|
||||
IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery, withOwnerRemoved bool) (*query.IDPUserLinks, error)
|
||||
}
|
||||
|
||||
type userEventProvider interface {
|
||||
@@ -102,17 +102,17 @@ type orgViewProvider interface {
|
||||
}
|
||||
|
||||
type userGrantProvider interface {
|
||||
ProjectByClientID(context.Context, string) (*query.Project, error)
|
||||
ProjectByClientID(context.Context, string, bool) (*query.Project, error)
|
||||
UserGrantsByProjectAndUserID(context.Context, string, string) ([]*query.UserGrant, error)
|
||||
}
|
||||
|
||||
type projectProvider interface {
|
||||
ProjectByClientID(context.Context, string) (*query.Project, error)
|
||||
ProjectByClientID(context.Context, string, bool) (*query.Project, error)
|
||||
OrgProjectMappingByIDs(orgID, projectID, instanceID string) (*project_view_model.OrgProjectMapping, error)
|
||||
}
|
||||
|
||||
type applicationProvider interface {
|
||||
AppByOIDCClientID(context.Context, string) (*query.App, error)
|
||||
AppByOIDCClientID(context.Context, string, bool) (*query.App, error)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) Health(ctx context.Context) error {
|
||||
@@ -127,7 +127,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
|
||||
return nil, err
|
||||
}
|
||||
request.ID = reqID
|
||||
project, err := repo.ProjectProvider.ProjectByClientID(ctx, request.ApplicationID)
|
||||
project, err := repo.ProjectProvider.ProjectByClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -135,7 +135,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
appIDs, err := repo.Query.SearchClientIDs(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
|
||||
appIDs, err := repo.Query.SearchClientIDs(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -547,7 +547,7 @@ func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context, orgID string) (*query.LoginPolicy, []*domain.IDPProvider, error) {
|
||||
policy, err := repo.LoginPolicyViewProvider.LoginPolicyByID(ctx, false, orgID)
|
||||
policy, err := repo.LoginPolicyViewProvider.LoginPolicyByID(ctx, false, orgID, false)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -710,7 +710,7 @@ func (repo *AuthRequestRepo) checkDomainDiscovery(ctx context.Context, request *
|
||||
return false
|
||||
}
|
||||
// and if the login policy allows domain discovery
|
||||
policy, err := repo.Query.LoginPolicyByID(ctx, true, org.ID)
|
||||
policy, err := repo.Query.LoginPolicyByID(ctx, true, org.ID, false)
|
||||
if err != nil || !policy.AllowDomainDiscovery {
|
||||
return false
|
||||
}
|
||||
@@ -997,7 +997,7 @@ func checkExternalIDPsOfUser(ctx context.Context, idpUserLinksProvider idpUserLi
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpUserLinksProvider.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery}})
|
||||
return idpUserLinksProvider.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery}}, false)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) usersForUserSelection(request *domain.AuthRequest) ([]domain.UserSelection, error) {
|
||||
@@ -1113,7 +1113,7 @@ func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, reques
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) GetPrivacyPolicy(ctx context.Context, orgID string) (*domain.PrivacyPolicy, error) {
|
||||
policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID)
|
||||
policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID, false)
|
||||
if errors.IsNotFound(err) {
|
||||
return new(domain.PrivacyPolicy), nil
|
||||
}
|
||||
@@ -1141,7 +1141,7 @@ func privacyPolicyToDomain(p *query.PrivacyPolicy) *domain.PrivacyPolicy {
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLockoutPolicy(ctx context.Context, orgID string) (*query.LockoutPolicy, error) {
|
||||
policy, err := repo.LockoutPolicyViewProvider.LockoutPolicyByOrg(ctx, false, orgID)
|
||||
policy, err := repo.LockoutPolicyViewProvider.LockoutPolicyByOrg(ctx, false, orgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1149,7 +1149,7 @@ func (repo *AuthRequestRepo) getLockoutPolicy(ctx context.Context, orgID string)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLabelPolicy(ctx context.Context, orgID string) (*domain.LabelPolicy, error) {
|
||||
policy, err := repo.LabelPolicyProvider.ActiveLabelPolicyByOrg(ctx, orgID)
|
||||
policy, err := repo.LabelPolicyProvider.ActiveLabelPolicyByOrg(ctx, orgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1187,7 +1187,7 @@ func labelPolicyToDomain(p *query.LabelPolicy) *domain.LabelPolicy {
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLoginTexts(ctx context.Context, aggregateID string) ([]*domain.CustomText, error) {
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText)
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1198,7 +1198,7 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
|
||||
if _, ok := request.Request.(*domain.AuthRequestOIDC); !ok {
|
||||
return false, nil
|
||||
}
|
||||
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID)
|
||||
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -1206,7 +1206,7 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getDomainPolicy(ctx context.Context, orgID string) (*query.DomainPolicy, error) {
|
||||
return repo.Query.DomainPolicyByOrg(ctx, false, orgID)
|
||||
return repo.Query.DomainPolicyByOrg(ctx, false, orgID, false)
|
||||
}
|
||||
|
||||
func setOrgID(ctx context.Context, orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
|
||||
@@ -1420,7 +1420,7 @@ func userGrantRequired(ctx context.Context, request *domain.AuthRequest, user *u
|
||||
var project *query.Project
|
||||
switch request.Request.Type() {
|
||||
case domain.AuthRequestTypeOIDC, domain.AuthRequestTypeSAML:
|
||||
project, err = userGrantProvider.ProjectByClientID(ctx, request.ApplicationID)
|
||||
project, err = userGrantProvider.ProjectByClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -1441,7 +1441,7 @@ func projectRequired(ctx context.Context, request *domain.AuthRequest, projectPr
|
||||
var project *query.Project
|
||||
switch request.Request.Type() {
|
||||
case domain.AuthRequestTypeOIDC, domain.AuthRequestTypeSAML:
|
||||
project, err = projectProvider.ProjectByClientID(ctx, request.ApplicationID)
|
||||
project, err = projectProvider.ProjectByClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
@@ -132,7 +132,7 @@ type mockLoginPolicy struct {
|
||||
policy *query.LoginPolicy
|
||||
}
|
||||
|
||||
func (m *mockLoginPolicy) LoginPolicyByID(ctx context.Context, _ bool, id string) (*query.LoginPolicy, error) {
|
||||
func (m *mockLoginPolicy) LoginPolicyByID(ctx context.Context, _ bool, id string, _ bool) (*query.LoginPolicy, error) {
|
||||
return m.policy, nil
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ type mockLockoutPolicy struct {
|
||||
policy *query.LockoutPolicy
|
||||
}
|
||||
|
||||
func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error) {
|
||||
func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string, bool) (*query.LockoutPolicy, error) {
|
||||
return m.policy, nil
|
||||
}
|
||||
|
||||
@@ -195,7 +195,7 @@ type mockUserGrants struct {
|
||||
userGrants int
|
||||
}
|
||||
|
||||
func (m *mockUserGrants) ProjectByClientID(ctx context.Context, s string) (*query.Project, error) {
|
||||
func (m *mockUserGrants) ProjectByClientID(ctx context.Context, s string, _ bool) (*query.Project, error) {
|
||||
return &query.Project{ProjectRoleCheck: m.roleCheck}, nil
|
||||
}
|
||||
|
||||
@@ -212,7 +212,7 @@ type mockProject struct {
|
||||
projectCheck bool
|
||||
}
|
||||
|
||||
func (m *mockProject) ProjectByClientID(ctx context.Context, s string) (*query.Project, error) {
|
||||
func (m *mockProject) ProjectByClientID(ctx context.Context, s string, _ bool) (*query.Project, error) {
|
||||
return &query.Project{HasProjectCheck: m.projectCheck}, nil
|
||||
}
|
||||
|
||||
@@ -227,7 +227,7 @@ type mockApp struct {
|
||||
app *query.App
|
||||
}
|
||||
|
||||
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string) (*query.App, error) {
|
||||
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string, _ bool) (*query.App, error) {
|
||||
if m.app != nil {
|
||||
return m.app, nil
|
||||
}
|
||||
@@ -238,7 +238,7 @@ type mockIDPUserLinks struct {
|
||||
idps []*query.IDPUserLink
|
||||
}
|
||||
|
||||
func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery) (*query.IDPUserLinks, error) {
|
||||
func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery, withOwnerRemoved bool) (*query.IDPUserLinks, error) {
|
||||
return &query.IDPUserLinks{Links: m.idps}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ func (repo *OrgRepository) GetIDPConfigByID(ctx context.Context, idpConfigID str
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) {
|
||||
policy, err := repo.Query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
|
||||
policy, err := repo.Query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -39,11 +39,11 @@ func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetLoginText(ctx context.Context, orgID string) ([]*domain.CustomText, error) {
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText)
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgLoginTexts, err := repo.Query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText)
|
||||
orgLoginTexts, err := repo.Query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
idpConfigTable = "auth.idp_configs"
|
||||
idpConfigTable = "auth.idp_configs2"
|
||||
)
|
||||
|
||||
type IDPConfig struct {
|
||||
@@ -121,6 +121,8 @@ func (i *IDPConfig) processIdpConfig(providerType iam_model.IDPProviderType, eve
|
||||
return i.view.DeleteIDPConfig(idp.IDPConfigID, event)
|
||||
case instance.InstanceRemovedEventType:
|
||||
return i.view.DeleteInstanceIDPs(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return i.view.UpdateOrgOwnerRemovedIDPs(event)
|
||||
default:
|
||||
return i.view.ProcessedIDPConfigSequence(event)
|
||||
}
|
||||
|
||||
@@ -21,7 +21,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
idpProviderTable = "auth.idp_providers"
|
||||
idpProviderTable = "auth.idp_providers2"
|
||||
)
|
||||
|
||||
type IDPProvider struct {
|
||||
@@ -140,7 +140,9 @@ func (i *IDPProvider) processIdpProvider(event *models.Event) (err error) {
|
||||
case org.LoginPolicyRemovedEventType:
|
||||
return i.view.DeleteIDPProvidersByAggregateID(event.AggregateID, event.InstanceID, event)
|
||||
case instance.InstanceRemovedEventType:
|
||||
return i.view.DeleteInstanceIDPs(event)
|
||||
return i.view.DeleteInstanceIDPProviders(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return i.view.UpdateOrgOwnerRemovedIDPProviders(event)
|
||||
default:
|
||||
return i.view.ProcessedIDPProviderSequence(event)
|
||||
}
|
||||
@@ -194,9 +196,9 @@ func (i *IDPProvider) OnSuccess(instanceIDs []string) error {
|
||||
}
|
||||
|
||||
func (i *IDPProvider) getOrgIDPConfig(instanceID, aggregateID, idpConfigID string) (*query2.IDP, error) {
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID)
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID, false)
|
||||
}
|
||||
|
||||
func (i *IDPProvider) getDefaultIDPConfig(instanceID, idpConfigID string) (*query2.IDP, error) {
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID)
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID, false)
|
||||
}
|
||||
|
||||
@@ -12,11 +12,12 @@ import (
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/spooler"
|
||||
view_model "github.com/zitadel/zitadel/internal/project/repository/view/model"
|
||||
"github.com/zitadel/zitadel/internal/repository/instance"
|
||||
"github.com/zitadel/zitadel/internal/repository/org"
|
||||
"github.com/zitadel/zitadel/internal/repository/project"
|
||||
)
|
||||
|
||||
const (
|
||||
orgProjectMappingTable = "auth.org_project_mapping"
|
||||
orgProjectMappingTable = "auth.org_project_mapping2"
|
||||
)
|
||||
|
||||
type OrgProjectMapping struct {
|
||||
@@ -108,6 +109,8 @@ func (p *OrgProjectMapping) Reduce(event *es_models.Event) (err error) {
|
||||
}
|
||||
case instance.InstanceRemovedEventType:
|
||||
return p.view.DeleteInstanceOrgProjectMappings(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return p.view.UpdateOwnerRemovedOrgProjectMappings(event)
|
||||
default:
|
||||
return p.view.ProcessedOrgProjectMappingSequence(event)
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/query"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/spooler"
|
||||
"github.com/zitadel/zitadel/internal/repository/instance"
|
||||
"github.com/zitadel/zitadel/internal/repository/org"
|
||||
"github.com/zitadel/zitadel/internal/repository/project"
|
||||
"github.com/zitadel/zitadel/internal/repository/user"
|
||||
view_model "github.com/zitadel/zitadel/internal/user/repository/view/model"
|
||||
@@ -114,6 +115,8 @@ func (t *RefreshToken) Reduce(event *es_models.Event) (err error) {
|
||||
return t.view.DeleteUserRefreshTokens(event.AggregateID, event.InstanceID, event)
|
||||
case instance.InstanceRemovedEventType:
|
||||
return t.view.DeleteInstanceRefreshTokens(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return t.view.DeleteOrgRefreshTokens(event)
|
||||
default:
|
||||
return t.view.ProcessedRefreshTokenSequence(event)
|
||||
}
|
||||
|
||||
@@ -17,6 +17,7 @@ import (
|
||||
project_es_model "github.com/zitadel/zitadel/internal/project/repository/eventsourcing/model"
|
||||
proj_view "github.com/zitadel/zitadel/internal/project/repository/view"
|
||||
"github.com/zitadel/zitadel/internal/repository/instance"
|
||||
"github.com/zitadel/zitadel/internal/repository/org"
|
||||
"github.com/zitadel/zitadel/internal/repository/project"
|
||||
"github.com/zitadel/zitadel/internal/repository/user"
|
||||
user_repo "github.com/zitadel/zitadel/internal/repository/user"
|
||||
@@ -151,6 +152,11 @@ func (t *Token) Reduce(event *es_models.Event) (err error) {
|
||||
return t.view.DeleteApplicationTokens(event, applicationsIDs...)
|
||||
case instance.InstanceRemovedEventType:
|
||||
return t.view.DeleteInstanceTokens(event)
|
||||
case org.OrgRemovedEventType:
|
||||
// deletes all tokens including PATs, which is expected for now
|
||||
// if there is an undo of the org deletion in the future,
|
||||
// we will need to have a look on how to handle the deleted PATs
|
||||
return t.view.DeleteOrgTokens(event)
|
||||
default:
|
||||
return t.view.ProcessedTokenSequence(event)
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
userTable = "auth.users"
|
||||
userTable = "auth.users2"
|
||||
)
|
||||
|
||||
type User struct {
|
||||
@@ -228,6 +228,8 @@ func (u *User) ProcessOrg(event *es_models.Event) (err error) {
|
||||
return u.fillLoginNamesOnOrgUsers(event)
|
||||
case org.OrgDomainPrimarySetEventType:
|
||||
return u.fillPreferredLoginNamesOnOrgUsers(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return u.view.UpdateOrgOwnerRemovedUsers(event)
|
||||
default:
|
||||
return u.view.ProcessedUserSequence(event)
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
externalIDPTable = "auth.user_external_idps"
|
||||
externalIDPTable = "auth.user_external_idps2"
|
||||
)
|
||||
|
||||
type ExternalIDP struct {
|
||||
@@ -153,6 +153,8 @@ func (i *ExternalIDP) processIdpConfig(event *es_models.Event) (err error) {
|
||||
return i.view.PutExternalIDPs(event, exterinalIDPs...)
|
||||
case instance.InstanceRemovedEventType:
|
||||
return i.view.DeleteInstanceExternalIDPs(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return i.view.UpdateOrgOwnerRemovedExternalIDPs(event)
|
||||
default:
|
||||
return i.view.ProcessedExternalIDPSequence(event)
|
||||
}
|
||||
@@ -184,9 +186,9 @@ func (i *ExternalIDP) OnSuccess(instanceIDs []string) error {
|
||||
}
|
||||
|
||||
func (i *ExternalIDP) getOrgIDPConfig(instanceID, aggregateID, idpConfigID string) (*query2.IDP, error) {
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID)
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, aggregateID, false)
|
||||
}
|
||||
|
||||
func (i *ExternalIDP) getDefaultIDPConfig(instanceID, idpConfigID string) (*query2.IDP, error) {
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID)
|
||||
return i.queries.IDPByIDAndResourceOwner(withInstanceID(context.Background(), instanceID), false, idpConfigID, instanceID, false)
|
||||
}
|
||||
|
||||
@@ -156,6 +156,8 @@ func (u *UserSession) Reduce(event *models.Event) (err error) {
|
||||
return u.view.DeleteUserSessions(event.AggregateID, event.InstanceID, event)
|
||||
case instance.InstanceRemovedEventType:
|
||||
return u.view.DeleteInstanceUserSessions(event)
|
||||
case org.OrgRemovedEventType:
|
||||
return u.view.DeleteOrgUserSessions(event)
|
||||
default:
|
||||
return u.view.ProcessedUserSessionSequence(event)
|
||||
}
|
||||
|
||||
@@ -127,7 +127,7 @@ func (q queryViewWrapper) UserGrantsByProjectAndUserID(ctx context.Context, proj
|
||||
return nil, err
|
||||
}
|
||||
queries := &query.UserGrantsQueries{Queries: []query.SearchQuery{userGrantUserID, userGrantProjectID}}
|
||||
grants, err := q.Queries.UserGrants(ctx, queries)
|
||||
grants, err := q.Queries.UserGrants(ctx, queries, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
externalIDPTable = "auth.user_external_idps"
|
||||
externalIDPTable = "auth.user_external_idps2"
|
||||
)
|
||||
|
||||
func (v *View) ExternalIDPByExternalUserIDAndIDPConfigID(externalUserID, idpConfigID, instanceID string) (*model.ExternalIDPView, error) {
|
||||
@@ -64,6 +64,14 @@ func (v *View) DeleteInstanceExternalIDPs(event *models.Event) error {
|
||||
return v.ProcessedExternalIDPSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgOwnerRemovedExternalIDPs(event *models.Event) error {
|
||||
err := view.UpdateOrgOwnerRemovedExternalIDPs(v.Db, externalIDPTable, event.InstanceID, event.ResourceOwner)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedExternalIDPSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestExternalIDPSequence(instanceID string) (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(externalIDPTable, instanceID)
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
idpConfigTable = "auth.idp_configs"
|
||||
idpConfigTable = "auth.idp_configs2"
|
||||
)
|
||||
|
||||
func (v *View) IDPConfigByID(idpID, instanceID string) (*iam_es_model.IDPConfigView, error) {
|
||||
@@ -49,6 +49,14 @@ func (v *View) DeleteInstanceIDPs(event *models.Event) error {
|
||||
return v.ProcessedIDPConfigSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgOwnerRemovedIDPs(event *models.Event) error {
|
||||
err := view.UpdateOrgOwnerRemovedIDPs(v.Db, idpConfigTable, event.InstanceID, event.AggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPConfigSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPConfigSequence(instanceID string) (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpConfigTable, instanceID)
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
idpProviderTable = "auth.idp_providers"
|
||||
idpProviderTable = "auth.idp_providers2"
|
||||
)
|
||||
|
||||
func (v *View) IDPProviderByAggregateAndIDPConfigID(aggregateID, idpConfigID, instanceID string) (*model.IDPProviderView, error) {
|
||||
@@ -69,6 +69,14 @@ func (v *View) DeleteInstanceIDPProviders(event *models.Event) error {
|
||||
return v.ProcessedIDPProviderSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgOwnerRemovedIDPProviders(event *models.Event) error {
|
||||
err := view.UpdateOrgOwnerRemovedIDPProviders(v.Db, idpProviderTable, event.InstanceID, event.AggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedIDPProviderSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestIDPProviderSequence(instanceID string) (*global_view.CurrentSequence, error) {
|
||||
return v.latestSequence(idpProviderTable, instanceID)
|
||||
}
|
||||
|
||||
@@ -9,15 +9,15 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
orgPrgojectMappingTable = "auth.org_project_mapping"
|
||||
orgProjectMappingTable = "auth.org_project_mapping2"
|
||||
)
|
||||
|
||||
func (v *View) OrgProjectMappingByIDs(orgID, projectID, instanceID string) (*model.OrgProjectMapping, error) {
|
||||
return view.OrgProjectMappingByIDs(v.Db, orgPrgojectMappingTable, orgID, projectID, instanceID)
|
||||
return view.OrgProjectMappingByIDs(v.Db, orgProjectMappingTable, orgID, projectID, instanceID)
|
||||
}
|
||||
|
||||
func (v *View) PutOrgProjectMapping(mapping *model.OrgProjectMapping, event *models.Event) error {
|
||||
err := view.PutOrgProjectMapping(v.Db, orgPrgojectMappingTable, mapping)
|
||||
err := view.PutOrgProjectMapping(v.Db, orgProjectMappingTable, mapping)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -25,7 +25,7 @@ func (v *View) PutOrgProjectMapping(mapping *model.OrgProjectMapping, event *mod
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgProjectMapping(orgID, projectID, instanceID string, event *models.Event) error {
|
||||
err := view.DeleteOrgProjectMapping(v.Db, orgPrgojectMappingTable, orgID, projectID, instanceID)
|
||||
err := view.DeleteOrgProjectMapping(v.Db, orgProjectMappingTable, orgID, projectID, instanceID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
@@ -33,7 +33,15 @@ func (v *View) DeleteOrgProjectMapping(orgID, projectID, instanceID string, even
|
||||
}
|
||||
|
||||
func (v *View) DeleteInstanceOrgProjectMappings(event *models.Event) error {
|
||||
err := view.DeleteInstanceOrgProjectMappings(v.Db, orgPrgojectMappingTable, event.InstanceID)
|
||||
err := view.DeleteInstanceOrgProjectMappings(v.Db, orgProjectMappingTable, event.InstanceID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedOrgProjectMappingSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOwnerRemovedOrgProjectMappings(event *models.Event) error {
|
||||
err := view.UpdateOwnerRemovedOrgProjectMappings(v.Db, orgProjectMappingTable, event.InstanceID, event.AggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
@@ -41,31 +49,31 @@ func (v *View) DeleteInstanceOrgProjectMappings(event *models.Event) error {
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgProjectMappingsByProjectID(projectID, instanceID string) error {
|
||||
return view.DeleteOrgProjectMappingsByProjectID(v.Db, orgPrgojectMappingTable, projectID, instanceID)
|
||||
return view.DeleteOrgProjectMappingsByProjectID(v.Db, orgProjectMappingTable, projectID, instanceID)
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgProjectMappingsByProjectGrantID(projectGrantID, instanceID string) error {
|
||||
return view.DeleteOrgProjectMappingsByProjectGrantID(v.Db, orgPrgojectMappingTable, projectGrantID, instanceID)
|
||||
return view.DeleteOrgProjectMappingsByProjectGrantID(v.Db, orgProjectMappingTable, projectGrantID, instanceID)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgProjectMappingSequence(instanceID string) (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(orgPrgojectMappingTable, instanceID)
|
||||
return v.latestSequence(orgProjectMappingTable, instanceID)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgProjectMappingSequences(instanceIDs []string) ([]*repository.CurrentSequence, error) {
|
||||
return v.latestSequences(orgPrgojectMappingTable, instanceIDs)
|
||||
return v.latestSequences(orgProjectMappingTable, instanceIDs)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedOrgProjectMappingSequence(event *models.Event) error {
|
||||
return v.saveCurrentSequence(orgPrgojectMappingTable, event)
|
||||
return v.saveCurrentSequence(orgProjectMappingTable, event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgProjectMappingSpoolerRunTimestamp(instanceIDs []string) error {
|
||||
return v.updateSpoolerRunSequence(orgPrgojectMappingTable, instanceIDs)
|
||||
return v.updateSpoolerRunSequence(orgProjectMappingTable, instanceIDs)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestOrgProjectMappingFailedEvent(sequence uint64, instanceID string) (*repository.FailedEvent, error) {
|
||||
return v.latestFailedEvent(orgPrgojectMappingTable, instanceID, sequence)
|
||||
return v.latestFailedEvent(orgProjectMappingTable, instanceID, sequence)
|
||||
}
|
||||
|
||||
func (v *View) ProcessedOrgProjectMappingFailedEvent(failedEvent *repository.FailedEvent) error {
|
||||
|
||||
@@ -73,6 +73,14 @@ func (v *View) DeleteInstanceRefreshTokens(event *models.Event) error {
|
||||
return v.ProcessedRefreshTokenSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgRefreshTokens(event *models.Event) error {
|
||||
err := usr_view.DeleteOrgRefreshTokens(v.Db, refreshTokenTable, event.InstanceID, event.ResourceOwner)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedRefreshTokenSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestRefreshTokenSequence(instanceID string) (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(refreshTokenTable, instanceID)
|
||||
}
|
||||
|
||||
@@ -84,6 +84,14 @@ func (v *View) DeleteInstanceTokens(event *models.Event) error {
|
||||
return v.ProcessedTokenSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgTokens(event *models.Event) error {
|
||||
err := usr_view.DeleteOrgTokens(v.Db, tokenTable, event.InstanceID, event.ResourceOwner)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedTokenSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestTokenSequence(instanceID string) (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(tokenTable, instanceID)
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
userTable = "auth.users"
|
||||
userTable = "auth.users2"
|
||||
)
|
||||
|
||||
func (v *View) UserByID(userID, instanceID string) (*model.UserView, error) {
|
||||
@@ -97,7 +97,7 @@ func (v *View) UserByPhoneAndResourceOwner(phone, resourceOwner, instanceID stri
|
||||
func (v *View) userByID(instanceID string, queries ...query.SearchQuery) (*model.UserView, error) {
|
||||
ctx := authz.WithInstanceID(context.Background(), instanceID)
|
||||
|
||||
queriedUser, err := v.query.GetNotifyUser(ctx, true, queries...)
|
||||
queriedUser, err := v.query.GetNotifyUser(ctx, true, false, queries...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -189,6 +189,14 @@ func (v *View) DeleteInstanceUsers(event *models.Event) error {
|
||||
return v.ProcessedUserSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) UpdateOrgOwnerRemovedUsers(event *models.Event) error {
|
||||
err := view.UpdateOrgOwnerRemovedUsers(v.Db, userTable, event.InstanceID, event.AggregateID)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserSequence(instanceID string) (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userTable, instanceID)
|
||||
}
|
||||
|
||||
@@ -64,6 +64,14 @@ func (v *View) DeleteInstanceUserSessions(event *models.Event) error {
|
||||
return v.ProcessedUserSessionSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) DeleteOrgUserSessions(event *models.Event) error {
|
||||
err := view.DeleteOrgUserSessions(v.Db, userSessionTable, event.InstanceID, event.ResourceOwner)
|
||||
if err != nil && !errors.IsNotFound(err) {
|
||||
return err
|
||||
}
|
||||
return v.ProcessedUserSessionSequence(event)
|
||||
}
|
||||
|
||||
func (v *View) GetLatestUserSessionSequence(instanceID string) (*repository.CurrentSequence, error) {
|
||||
return v.latestSequence(userSessionTable, instanceID)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user