# Which Problems Are Solved
Currently there is only the option to either filter for all usergrants
of an organization or the usergrants of a singluar user.
# How the Problems Are Solved
Add the option to provide a list of userIDs to query user grants.
# Additional Changes
Fixed internal typo for function.
# Additional Context
Closes#9675
…of project grant
# Which Problems Are Solved
On Management API the fields for `GrantedOrgId`, `GrantedOrgName` and
`GrantedOrgDomain` were only filled if it was a usergrant for a granted
project.
# How the Problems Are Solved
Correctly query the Organization of the User again to the Organization
the Project is granted to.
Then fill in the information about the Organization of the User in the
fields `GrantedOrgId`, `GrantedOrgName` and `GrantedOrgDomain`.
# Additional Changes
Additionally query the information about the Organization the Project is
granted to, to have it available for the Authorization v2beta API.
# Additional Context
Closes#10723
---------
Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
# Which Problems Are Solved
ZITADEL's user grants deactivation mechanism did not work correctly.
Deactivated user grants were still provided in token, which could lead
to unauthorized access to applications and resources.
Additionally, the management and auth API always returned the state as
active or did not provide any information about the state.
# How the Problems Are Solved
- Correctly check the user grant state on active for tokens and user
information (userinfo, introspection, saml attributes)
- Map state in API and display in Console
* fix: add granted org info to user grants query response
* fix: show user info, tests and add columns to user grant
* fix: add check for org membership
* fix: typo in find logic
---------
Co-authored-by: Max Peintner <max@caos.ch>
* chore(console): remove first and lastName fallback from user
* use display name and ensure it's set without required name fields
* add user type to user grant and memberships responses
* contributor, members
* fix avatar display checks
---------
Co-authored-by: Livio Spring <livio.a@gmail.com>
* refactor(domain): add user type
* fix(projections): start with login names
* fix(login_policy): correct handling of user domain claimed event
* fix(projections): add members
* refactor: simplify member projections
* add migration for members
* add metadata to member projections
* refactor: login name projection
* fix: set correct suffixes on login name projections
* test(projections): login name reduces
* fix: correct cols in reduce member
* test(projections): org, iam, project members
* member additional cols and conds as opt,
add project grant members
* fix(migration): members
* fix(migration): correct database name
* migration version
* migs
* better naming for member cond and col
* split project and project grant members
* prepare member columns
* feat(queries): membership query
* test(queries): membership prepare
* fix(queries): multiple projections for latest sequence
* fix(api): use query for membership queries in auth and management
* feat: org member queries
* fix(api): use query for iam member calls
* fix(queries): org members
* fix(queries): project members
* fix(queries): project grant members
* fix(query): member queries and user avatar column
* member cols
* fix(queries): membership stmt
* fix user test
* fix user test
* fix(projections): add user grant projection
* fix(user_grant): handle state changes
* add state to migration
* fix(management): use query for user grant requests
* merge eventstore-naming into user-grant-projection
* feat(queries): user grants
* fix(migrations): version
* fix(api): user query for user grants
* fix(query): event mappers for usergrant aggregate
* fix(projection): correct aggregate for user grants
* fix(queries): user grant roles as list contains
* cleanup reducers
* fix avater_key to avatar_key
* tests
* cleanup
* cleanup
* add resourceowner query
* fix: user grant project name search query
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
