mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 11:27:33 +00:00
feat: remove org (#4148)
* feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Silvan
@@ -57,11 +57,11 @@ type AuthRequestRepo struct {
|
||||
}
|
||||
|
||||
type labelPolicyProvider interface {
|
||||
ActiveLabelPolicyByOrg(context.Context, string) (*query.LabelPolicy, error)
|
||||
ActiveLabelPolicyByOrg(context.Context, string, bool) (*query.LabelPolicy, error)
|
||||
}
|
||||
|
||||
type privacyPolicyProvider interface {
|
||||
PrivacyPolicyByOrg(context.Context, bool, string) (*query.PrivacyPolicy, error)
|
||||
PrivacyPolicyByOrg(context.Context, bool, string, bool) (*query.PrivacyPolicy, error)
|
||||
}
|
||||
|
||||
type userSessionViewProvider interface {
|
||||
@@ -73,11 +73,11 @@ type userViewProvider interface {
|
||||
}
|
||||
|
||||
type loginPolicyViewProvider interface {
|
||||
LoginPolicyByID(context.Context, bool, string) (*query.LoginPolicy, error)
|
||||
LoginPolicyByID(context.Context, bool, string, bool) (*query.LoginPolicy, error)
|
||||
}
|
||||
|
||||
type lockoutPolicyViewProvider interface {
|
||||
LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error)
|
||||
LockoutPolicyByOrg(context.Context, bool, string, bool) (*query.LockoutPolicy, error)
|
||||
}
|
||||
|
||||
type idpProviderViewProvider interface {
|
||||
@@ -85,7 +85,7 @@ type idpProviderViewProvider interface {
|
||||
}
|
||||
|
||||
type idpUserLinksProvider interface {
|
||||
IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery) (*query.IDPUserLinks, error)
|
||||
IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery, withOwnerRemoved bool) (*query.IDPUserLinks, error)
|
||||
}
|
||||
|
||||
type userEventProvider interface {
|
||||
@@ -102,17 +102,17 @@ type orgViewProvider interface {
|
||||
}
|
||||
|
||||
type userGrantProvider interface {
|
||||
ProjectByClientID(context.Context, string) (*query.Project, error)
|
||||
ProjectByClientID(context.Context, string, bool) (*query.Project, error)
|
||||
UserGrantsByProjectAndUserID(context.Context, string, string) ([]*query.UserGrant, error)
|
||||
}
|
||||
|
||||
type projectProvider interface {
|
||||
ProjectByClientID(context.Context, string) (*query.Project, error)
|
||||
ProjectByClientID(context.Context, string, bool) (*query.Project, error)
|
||||
OrgProjectMappingByIDs(orgID, projectID, instanceID string) (*project_view_model.OrgProjectMapping, error)
|
||||
}
|
||||
|
||||
type applicationProvider interface {
|
||||
AppByOIDCClientID(context.Context, string) (*query.App, error)
|
||||
AppByOIDCClientID(context.Context, string, bool) (*query.App, error)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) Health(ctx context.Context) error {
|
||||
@@ -127,7 +127,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
|
||||
return nil, err
|
||||
}
|
||||
request.ID = reqID
|
||||
project, err := repo.ProjectProvider.ProjectByClientID(ctx, request.ApplicationID)
|
||||
project, err := repo.ProjectProvider.ProjectByClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -135,7 +135,7 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *dom
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
appIDs, err := repo.Query.SearchClientIDs(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{projectIDQuery}})
|
||||
appIDs, err := repo.Query.SearchClientIDs(ctx, &query.AppSearchQueries{Queries: []query.SearchQuery{projectIDQuery}}, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -547,7 +547,7 @@ func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id, userAgentID
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLoginPolicyAndIDPProviders(ctx context.Context, orgID string) (*query.LoginPolicy, []*domain.IDPProvider, error) {
|
||||
policy, err := repo.LoginPolicyViewProvider.LoginPolicyByID(ctx, false, orgID)
|
||||
policy, err := repo.LoginPolicyViewProvider.LoginPolicyByID(ctx, false, orgID, false)
|
||||
if err != nil {
|
||||
return nil, nil, err
|
||||
}
|
||||
@@ -710,7 +710,7 @@ func (repo *AuthRequestRepo) checkDomainDiscovery(ctx context.Context, request *
|
||||
return false
|
||||
}
|
||||
// and if the login policy allows domain discovery
|
||||
policy, err := repo.Query.LoginPolicyByID(ctx, true, org.ID)
|
||||
policy, err := repo.Query.LoginPolicyByID(ctx, true, org.ID, false)
|
||||
if err != nil || !policy.AllowDomainDiscovery {
|
||||
return false
|
||||
}
|
||||
@@ -997,7 +997,7 @@ func checkExternalIDPsOfUser(ctx context.Context, idpUserLinksProvider idpUserLi
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return idpUserLinksProvider.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery}})
|
||||
return idpUserLinksProvider.IDPUserLinks(ctx, &query.IDPUserLinksSearchQuery{Queries: []query.SearchQuery{userIDQuery}}, false)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) usersForUserSelection(request *domain.AuthRequest) ([]domain.UserSelection, error) {
|
||||
@@ -1113,7 +1113,7 @@ func (repo *AuthRequestRepo) mfaSkippedOrSetUp(user *user_model.UserView, reques
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) GetPrivacyPolicy(ctx context.Context, orgID string) (*domain.PrivacyPolicy, error) {
|
||||
policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID)
|
||||
policy, err := repo.PrivacyPolicyProvider.PrivacyPolicyByOrg(ctx, false, orgID, false)
|
||||
if errors.IsNotFound(err) {
|
||||
return new(domain.PrivacyPolicy), nil
|
||||
}
|
||||
@@ -1141,7 +1141,7 @@ func privacyPolicyToDomain(p *query.PrivacyPolicy) *domain.PrivacyPolicy {
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLockoutPolicy(ctx context.Context, orgID string) (*query.LockoutPolicy, error) {
|
||||
policy, err := repo.LockoutPolicyViewProvider.LockoutPolicyByOrg(ctx, false, orgID)
|
||||
policy, err := repo.LockoutPolicyViewProvider.LockoutPolicyByOrg(ctx, false, orgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1149,7 +1149,7 @@ func (repo *AuthRequestRepo) getLockoutPolicy(ctx context.Context, orgID string)
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLabelPolicy(ctx context.Context, orgID string) (*domain.LabelPolicy, error) {
|
||||
policy, err := repo.LabelPolicyProvider.ActiveLabelPolicyByOrg(ctx, orgID)
|
||||
policy, err := repo.LabelPolicyProvider.ActiveLabelPolicyByOrg(ctx, orgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1187,7 +1187,7 @@ func labelPolicyToDomain(p *query.LabelPolicy) *domain.LabelPolicy {
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getLoginTexts(ctx context.Context, aggregateID string) ([]*domain.CustomText, error) {
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText)
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, aggregateID, domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -1198,7 +1198,7 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
|
||||
if _, ok := request.Request.(*domain.AuthRequestOIDC); !ok {
|
||||
return false, nil
|
||||
}
|
||||
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID)
|
||||
app, err := provider.AppByOIDCClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -1206,7 +1206,7 @@ func (repo *AuthRequestRepo) hasSucceededPage(ctx context.Context, request *doma
|
||||
}
|
||||
|
||||
func (repo *AuthRequestRepo) getDomainPolicy(ctx context.Context, orgID string) (*query.DomainPolicy, error) {
|
||||
return repo.Query.DomainPolicyByOrg(ctx, false, orgID)
|
||||
return repo.Query.DomainPolicyByOrg(ctx, false, orgID, false)
|
||||
}
|
||||
|
||||
func setOrgID(ctx context.Context, orgViewProvider orgViewProvider, request *domain.AuthRequest) error {
|
||||
@@ -1420,7 +1420,7 @@ func userGrantRequired(ctx context.Context, request *domain.AuthRequest, user *u
|
||||
var project *query.Project
|
||||
switch request.Request.Type() {
|
||||
case domain.AuthRequestTypeOIDC, domain.AuthRequestTypeSAML:
|
||||
project, err = userGrantProvider.ProjectByClientID(ctx, request.ApplicationID)
|
||||
project, err = userGrantProvider.ProjectByClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
@@ -1441,7 +1441,7 @@ func projectRequired(ctx context.Context, request *domain.AuthRequest, projectPr
|
||||
var project *query.Project
|
||||
switch request.Request.Type() {
|
||||
case domain.AuthRequestTypeOIDC, domain.AuthRequestTypeSAML:
|
||||
project, err = projectProvider.ProjectByClientID(ctx, request.ApplicationID)
|
||||
project, err = projectProvider.ProjectByClientID(ctx, request.ApplicationID, false)
|
||||
if err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
||||
@@ -132,7 +132,7 @@ type mockLoginPolicy struct {
|
||||
policy *query.LoginPolicy
|
||||
}
|
||||
|
||||
func (m *mockLoginPolicy) LoginPolicyByID(ctx context.Context, _ bool, id string) (*query.LoginPolicy, error) {
|
||||
func (m *mockLoginPolicy) LoginPolicyByID(ctx context.Context, _ bool, id string, _ bool) (*query.LoginPolicy, error) {
|
||||
return m.policy, nil
|
||||
}
|
||||
|
||||
@@ -140,7 +140,7 @@ type mockLockoutPolicy struct {
|
||||
policy *query.LockoutPolicy
|
||||
}
|
||||
|
||||
func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string) (*query.LockoutPolicy, error) {
|
||||
func (m *mockLockoutPolicy) LockoutPolicyByOrg(context.Context, bool, string, bool) (*query.LockoutPolicy, error) {
|
||||
return m.policy, nil
|
||||
}
|
||||
|
||||
@@ -195,7 +195,7 @@ type mockUserGrants struct {
|
||||
userGrants int
|
||||
}
|
||||
|
||||
func (m *mockUserGrants) ProjectByClientID(ctx context.Context, s string) (*query.Project, error) {
|
||||
func (m *mockUserGrants) ProjectByClientID(ctx context.Context, s string, _ bool) (*query.Project, error) {
|
||||
return &query.Project{ProjectRoleCheck: m.roleCheck}, nil
|
||||
}
|
||||
|
||||
@@ -212,7 +212,7 @@ type mockProject struct {
|
||||
projectCheck bool
|
||||
}
|
||||
|
||||
func (m *mockProject) ProjectByClientID(ctx context.Context, s string) (*query.Project, error) {
|
||||
func (m *mockProject) ProjectByClientID(ctx context.Context, s string, _ bool) (*query.Project, error) {
|
||||
return &query.Project{HasProjectCheck: m.projectCheck}, nil
|
||||
}
|
||||
|
||||
@@ -227,7 +227,7 @@ type mockApp struct {
|
||||
app *query.App
|
||||
}
|
||||
|
||||
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string) (*query.App, error) {
|
||||
func (m *mockApp) AppByOIDCClientID(ctx context.Context, id string, _ bool) (*query.App, error) {
|
||||
if m.app != nil {
|
||||
return m.app, nil
|
||||
}
|
||||
@@ -238,7 +238,7 @@ type mockIDPUserLinks struct {
|
||||
idps []*query.IDPUserLink
|
||||
}
|
||||
|
||||
func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery) (*query.IDPUserLinks, error) {
|
||||
func (m *mockIDPUserLinks) IDPUserLinks(ctx context.Context, queries *query.IDPUserLinksSearchQuery, withOwnerRemoved bool) (*query.IDPUserLinks, error) {
|
||||
return &query.IDPUserLinks{Links: m.idps}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ func (repo *OrgRepository) GetIDPConfigByID(ctx context.Context, idpConfigID str
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*iam_model.PasswordComplexityPolicyView, error) {
|
||||
policy, err := repo.Query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID)
|
||||
policy, err := repo.Query.PasswordComplexityPolicyByOrg(ctx, true, authz.GetCtxData(ctx).OrgID, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -39,11 +39,11 @@ func (repo *OrgRepository) GetMyPasswordComplexityPolicy(ctx context.Context) (*
|
||||
}
|
||||
|
||||
func (repo *OrgRepository) GetLoginText(ctx context.Context, orgID string) ([]*domain.CustomText, error) {
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText)
|
||||
loginTexts, err := repo.Query.CustomTextListByTemplate(ctx, authz.GetInstance(ctx).InstanceID(), domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
orgLoginTexts, err := repo.Query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText)
|
||||
orgLoginTexts, err := repo.Query.CustomTextListByTemplate(ctx, orgID, domain.LoginCustomText, false)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user