TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 15:27:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
feat/9053-list-users-by-meta
zitadel/internal/domain/permission.go
Stefan Benz 6d98b33c56 feat: organization settings for user uniqueness (#10246) 
# Which Problems Are Solved

Currently the username uniqueness is on instance level, we want to
achieve a way to set it at organization level.

# How the Problems Are Solved

Addition of endpoints and a resource on organization level, where this
setting can be managed. If nothing it set, the uniqueness is expected to
be at instance level, where only users with instance permissions should
be able to change this setting.

# Additional Changes

None

# Additional Context

Includes #10086
Closes #9964 

---------

Co-authored-by: Marco A. <marco@zitadel.com>
2025-07-29 15:56:21 +02:00

76 lines
3.3 KiB
Go
Raw Permalink Blame History

package domain
import "context"
type Permissions struct {
Permissions []string
}
func (p *Permissions) AppendPermissions(ctxID string, permissions ...string) {
for _, permission := range permissions {
p.appendPermission(ctxID, permission)
}
}
func (p *Permissions) appendPermission(ctxID, permission string) {
if ctxID != "" {
permission = permission + ":" + ctxID
}
for _, existingPermission := range p.Permissions {
if existingPermission == permission {
return
}
}
p.Permissions = append(p.Permissions, permission)
}
type PermissionCheck func(ctx context.Context, permission, resourceOwnerID, aggregateID string) (err error)
const (
PermissionUserWrite = "user.write"
PermissionUserRead = "user.read"
PermissionUserDelete = "user.delete"
PermissionUserCredentialWrite = "user.credential.write"
PermissionSessionWrite = "session.write"
PermissionSessionRead = "session.read"
PermissionSessionLink = "session.link"
PermissionSessionDelete = "session.delete"
PermissionOrgRead = "org.read"
PermissionIDPRead = "iam.idp.read"
PermissionOrgIDPRead = "org.idp.read"
PermissionProjectWrite = "project.write"
PermissionProjectRead = "project.read"
PermissionProjectDelete = "project.delete"
PermissionProjectGrantWrite = "project.grant.write"
PermissionProjectGrantRead = "project.grant.read"
PermissionProjectGrantDelete = "project.grant.delete"
PermissionProjectRoleWrite = "project.role.write"
PermissionProjectRoleRead = "project.role.read"
PermissionProjectRoleDelete = "project.role.delete"
PermissionProjectAppWrite = "project.app.write"
PermissionProjectAppDelete = "project.app.delete"
PermissionProjectAppRead = "project.app.read"
PermissionInstanceMemberWrite = "iam.member.write"
PermissionInstanceMemberDelete = "iam.member.delete"
PermissionInstanceMemberRead = "iam.member.read"
PermissionOrgMemberWrite = "org.member.write"
PermissionOrgMemberDelete = "org.member.delete"
PermissionOrgMemberRead = "org.member.read"
PermissionProjectMemberWrite = "project.member.write"
PermissionProjectMemberDelete = "project.member.delete"
PermissionProjectMemberRead = "project.member.read"
PermissionProjectGrantMemberWrite = "project.grant.member.write"
PermissionProjectGrantMemberDelete = "project.grant.member.delete"
PermissionProjectGrantMemberRead = "project.grant.member.read"
PermissionUserGrantWrite = "user.grant.write"
PermissionUserGrantRead = "user.grant.read"
PermissionUserGrantDelete = "user.grant.delete"
PermissionIAMPolicyWrite = "iam.policy.write"
PermissionIAMPolicyDelete = "iam.policy.delete"
PermissionPolicyRead = "policy.read"
)
// ProjectPermissionCheck is used as a check for preconditions dependent on application, project, user resourceowner and usergrants.
// Configurable on the project the application belongs to through the flags related to authentication.
type ProjectPermissionCheck func(ctx context.Context, clientID, userID string) (err error)
Reference in New Issue View Git Blame Copy Permalink