# Which Problems Are Solved
The commands for the resource based v2beta AuthorizationService API are
added.
Authorizations, previously knows as user grants, give a user in a
specific organization and project context roles.
The project can be owned or granted.
The given roles can be used to restrict access within the projects
applications.
The commands for the resource based v2beta InteralPermissionService API
are added.
Administrators, previously knows as memberships, give a user in a
specific organization and project context roles.
The project can be owned or granted.
The give roles give the user permissions to manage different resources
in Zitadel.
API definitions from https://github.com/zitadel/zitadel/issues/9165 are
implemented.
Contains endpoints for user metadata.
# How the Problems Are Solved
### New Methods
- CreateAuthorization
- UpdateAuthorization
- DeleteAuthorization
- ActivateAuthorization
- DeactivateAuthorization
- ListAuthorizations
- CreateAdministrator
- UpdateAdministrator
- DeleteAdministrator
- ListAdministrators
- SetUserMetadata to set metadata on a user
- DeleteUserMetadata to delete metadata on a user
- ListUserMetadata to query for metadata of a user
## Deprecated Methods
### v1.ManagementService
- GetUserGrantByID
- ListUserGrants
- AddUserGrant
- UpdateUserGrant
- DeactivateUserGrant
- ReactivateUserGrant
- RemoveUserGrant
- BulkRemoveUserGrant
### v1.AuthService
- ListMyUserGrants
- ListMyProjectPermissions
# Additional Changes
- Permission checks for metadata functionality on query and command side
- correct existence checks for resources, for example you can only be an
administrator on an existing project
- combined all member tables to singular query for the administrators
- add permission checks for command an query side functionality
- combined functions on command side where necessary for easier
maintainability
# Additional Context
Closes#9165
---------
Co-authored-by: Elio Bischof <elio@zitadel.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Update the ../proto/zitadel/member.proto to
include the UserResourceOwner as part of member.
Update the queries to include UserResourceOwner
for the following :
zitadel/internal/query/iam_member.go
zitadel/internal/query/org_member.go
zitadel/internal/query/project_member.go
zitadel/internal/query/project_grant_member.go
Non Breaking Changes
# Which Problems Are Solved
https://github.com/zitadel/zitadel/issues/5062
# How the Problems Are Solved
- Updated the member.proto file to include user_resource_owner. I have
compiled using` make compile` command .
- Changed the queries to include the userResourceOwner as part of
Member.
- Then, updated the converter to map the userResourceOwner.
# Additional Changes
Replace this example text with a concise list of additional changes that
this PR introduces, that are not directly solving the initial problem
but are related.
For example:
- The docs explicitly describe that the property XY is mandatory
- Adds missing translations for validations.
# Additional Context
- Closes#5062
-
https://discordapp.com/channels/927474939156643850/1326245856193544232/1326476710752948316
chore(fmt): run gci on complete project
Fix global import formatting in go code by running the `gci` command. This allows us to just use the command directly, instead of fixing the import order manually for the linter, on each PR.
Co-authored-by: Elio Bischof <elio@zitadel.com>
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
* chore(console): remove first and lastName fallback from user
* use display name and ensure it's set without required name fields
* add user type to user grant and memberships responses
* contributor, members
* fix avatar display checks
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* feat: org member queries
* fix(api): use query for iam member calls
* fix(queries): org members
* fix(queries): project members
* fix(queries): project grant members
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix(membership): correct display name
* fix(projection): additional member manipulation events
* additional member tests
* fix(projections): additional events of idp links
* fix: use query for memberships (#2797)
* fix(api): use query for memberships
* remove comment
* handle err
* refactor(projections): idp user link user aggregate type
* fix(projections): handle old user events
* fix(api): add asset prefix
* no image for iam members
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix: adaot config to commands (and queries)
* remove dependency on vv2 in v1
* add queries user to operator
* set password for queries on tests
* set password for queries on tests
* fix config
