mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
76fe032b5f
* feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * lint
109 lines
3.2 KiB
Go
109 lines
3.2 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"errors"
|
|
"time"
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/api/call"
|
|
zitade_errors "github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
)
|
|
|
|
var (
|
|
restrictionsTable = table{
|
|
name: projection.RestrictionsProjectionTable,
|
|
instanceIDCol: projection.RestrictionsColumnInstanceID,
|
|
}
|
|
RestrictionsColumnAggregateID = Column{
|
|
name: projection.RestrictionsColumnAggregateID,
|
|
table: restrictionsTable,
|
|
}
|
|
RestrictionsColumnCreationDate = Column{
|
|
name: projection.RestrictionsColumnCreationDate,
|
|
table: restrictionsTable,
|
|
}
|
|
RestrictionsColumnChangeDate = Column{
|
|
name: projection.RestrictionsColumnChangeDate,
|
|
table: restrictionsTable,
|
|
}
|
|
RestrictionsColumnResourceOwner = Column{
|
|
name: projection.RestrictionsColumnResourceOwner,
|
|
table: restrictionsTable,
|
|
}
|
|
RestrictionsColumnInstanceID = Column{
|
|
name: projection.RestrictionsColumnInstanceID,
|
|
table: restrictionsTable,
|
|
}
|
|
RestrictionsColumnSequence = Column{
|
|
name: projection.RestrictionsColumnSequence,
|
|
table: restrictionsTable,
|
|
}
|
|
RestrictionsColumnDisallowPublicOrgRegistrations = Column{
|
|
name: projection.RestrictionsColumnDisallowPublicOrgRegistration,
|
|
table: restrictionsTable,
|
|
}
|
|
)
|
|
|
|
type Restrictions struct {
|
|
AggregateID string
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
ResourceOwner string
|
|
Sequence uint64
|
|
|
|
DisallowPublicOrgRegistration bool
|
|
}
|
|
|
|
func (q *Queries) GetInstanceRestrictions(ctx context.Context) (restrictions Restrictions, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
stmt, scan := prepareRestrictionsQuery(ctx, q.client)
|
|
instanceID := authz.GetInstance(ctx).InstanceID()
|
|
query, args, err := stmt.Where(sq.Eq{
|
|
RestrictionsColumnInstanceID.identifier(): instanceID,
|
|
RestrictionsColumnResourceOwner.identifier(): instanceID,
|
|
}).ToSql()
|
|
if err != nil {
|
|
return restrictions, zitade_errors.ThrowInternal(err, "QUERY-XnLMQ", "Errors.Query.SQLStatment")
|
|
}
|
|
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
|
|
restrictions, err = scan(row)
|
|
return err
|
|
}, query, args...)
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
// not found is not an error
|
|
err = nil
|
|
}
|
|
return restrictions, err
|
|
}
|
|
|
|
func prepareRestrictionsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (Restrictions, error)) {
|
|
return sq.Select(
|
|
RestrictionsColumnAggregateID.identifier(),
|
|
RestrictionsColumnCreationDate.identifier(),
|
|
RestrictionsColumnChangeDate.identifier(),
|
|
RestrictionsColumnResourceOwner.identifier(),
|
|
RestrictionsColumnSequence.identifier(),
|
|
RestrictionsColumnDisallowPublicOrgRegistrations.identifier(),
|
|
).
|
|
From(restrictionsTable.identifier() + db.Timetravel(call.Took(ctx))).
|
|
PlaceholderFormat(sq.Dollar),
|
|
func(row *sql.Row) (restrictions Restrictions, err error) {
|
|
return restrictions, row.Scan(
|
|
&restrictions.AggregateID,
|
|
&restrictions.CreationDate,
|
|
&restrictions.ChangeDate,
|
|
&restrictions.ResourceOwner,
|
|
&restrictions.Sequence,
|
|
&restrictions.DisallowPublicOrgRegistration,
|
|
)
|
|
}
|
|
}
|