mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 11:04:25 +00:00
f3e6f3b23b
* feat(command): remove org * refactor: imports, unused code, error handling * reduce org removed in action * add org deletion to projections * add org removal to projections * add org removal to projections * org removed projection * lint import * projections * fix: table names in tests * fix: table names in tests * logging * add org state * fix(domain): add Owner removed to object details * feat(ListQuery): add with owner removed * fix(org-delete): add bool to functions to select with owner removed * fix(org-delete): add bools to user grants with events to determine if dependencies lost owner * fix(org-delete): add unit tests for owner removed and org removed events * fix(org-delete): add handling of org remove for grants and members * fix(org-delete): correction of unit tests for owner removed * fix(org-delete): update projections, unit tests and get functions * fix(org-delete): add change date to authnkeys and owner removed to org metadata * fix(org-delete): include owner removed for login names * fix(org-delete): some column fixes in projections and build for queries with owner removed * indexes * fix(org-delete): include review changes * fix(org-delete): change user projection name after merge * fix(org-delete): include review changes for project grant where no project owner is necessary * fix(org-delete): include auth and adminapi tables with owner removed information * fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed * fix(org-delete): add permissions for org.remove * remove unnecessary unique constraints * fix column order in primary keys * fix(org-delete): include review changes * fix(org-delete): add owner removed indexes and chang setup step to create tables * fix(org-delete): move PK order of instance_id and change added user_grant from review * fix(org-delete): no params for prepareUserQuery * change to step 6 * merge main * fix(org-delete): OldUserName rename to private * fix linting * cleanup * fix: remove org test * create prerelease * chore: delete org-delete as prerelease Co-authored-by: Stefan Benz <stefan@caos.ch> Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
516 lines
17 KiB
Go
516 lines
17 KiB
Go
package projection
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler"
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
|
|
"github.com/zitadel/zitadel/internal/repository/instance"
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
|
"github.com/zitadel/zitadel/internal/repository/project"
|
|
"github.com/zitadel/zitadel/internal/repository/user"
|
|
"github.com/zitadel/zitadel/internal/repository/usergrant"
|
|
)
|
|
|
|
const (
|
|
UserGrantProjectionTable = "projections.user_grants3"
|
|
|
|
UserGrantID = "id"
|
|
UserGrantCreationDate = "creation_date"
|
|
UserGrantChangeDate = "change_date"
|
|
UserGrantSequence = "sequence"
|
|
UserGrantState = "state"
|
|
UserGrantResourceOwner = "resource_owner"
|
|
UserGrantInstanceID = "instance_id"
|
|
UserGrantUserID = "user_id"
|
|
UserGrantResourceOwnerUser = "resource_owner_user"
|
|
UserGrantUserOwnerRemoved = "user_owner_removed"
|
|
UserGrantProjectID = "project_id"
|
|
UserGrantResourceOwnerProject = "resource_owner_project"
|
|
UserGrantProjectOwnerRemoved = "project_owner_removed"
|
|
UserGrantGrantID = "grant_id"
|
|
UserGrantGrantedOrg = "granted_org"
|
|
UserGrantGrantedOrgRemoved = "granted_org_removed"
|
|
UserGrantRoles = "roles"
|
|
UserGrantOwnerRemoved = "owner_removed"
|
|
)
|
|
|
|
type userGrantProjection struct {
|
|
crdb.StatementHandler
|
|
}
|
|
|
|
func newUserGrantProjection(ctx context.Context, config crdb.StatementHandlerConfig) *userGrantProjection {
|
|
p := new(userGrantProjection)
|
|
config.ProjectionName = UserGrantProjectionTable
|
|
config.Reducers = p.reducers()
|
|
config.InitCheck = crdb.NewTableCheck(
|
|
crdb.NewTable([]*crdb.Column{
|
|
crdb.NewColumn(UserGrantID, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantCreationDate, crdb.ColumnTypeTimestamp),
|
|
crdb.NewColumn(UserGrantChangeDate, crdb.ColumnTypeTimestamp),
|
|
crdb.NewColumn(UserGrantSequence, crdb.ColumnTypeInt64),
|
|
crdb.NewColumn(UserGrantState, crdb.ColumnTypeEnum),
|
|
crdb.NewColumn(UserGrantResourceOwner, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantInstanceID, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantUserID, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantResourceOwnerUser, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantUserOwnerRemoved, crdb.ColumnTypeBool, crdb.Default(false)),
|
|
crdb.NewColumn(UserGrantProjectID, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantResourceOwnerProject, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantProjectOwnerRemoved, crdb.ColumnTypeBool, crdb.Default(false)),
|
|
crdb.NewColumn(UserGrantGrantID, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantGrantedOrg, crdb.ColumnTypeText),
|
|
crdb.NewColumn(UserGrantGrantedOrgRemoved, crdb.ColumnTypeBool, crdb.Default(false)),
|
|
crdb.NewColumn(UserGrantRoles, crdb.ColumnTypeTextArray, crdb.Nullable()),
|
|
crdb.NewColumn(UserGrantOwnerRemoved, crdb.ColumnTypeBool, crdb.Default(false)),
|
|
},
|
|
crdb.NewPrimaryKey(UserGrantInstanceID, UserGrantID),
|
|
crdb.WithIndex(crdb.NewIndex("user_id", []string{UserGrantUserID})),
|
|
crdb.WithIndex(crdb.NewIndex("resource_owner", []string{UserGrantResourceOwner})),
|
|
crdb.WithIndex(crdb.NewIndex("owner_removed", []string{UserGrantOwnerRemoved})),
|
|
crdb.WithIndex(crdb.NewIndex("user_owner_removed", []string{UserGrantUserOwnerRemoved})),
|
|
crdb.WithIndex(crdb.NewIndex("project_owner_removed", []string{UserGrantProjectOwnerRemoved})),
|
|
crdb.WithIndex(crdb.NewIndex("granted_org_removed", []string{UserGrantGrantedOrgRemoved})),
|
|
),
|
|
)
|
|
|
|
p.StatementHandler = crdb.NewStatementHandler(ctx, config)
|
|
return p
|
|
}
|
|
|
|
func (p *userGrantProjection) reducers() []handler.AggregateReducer {
|
|
return []handler.AggregateReducer{
|
|
{
|
|
Aggregate: usergrant.AggregateType,
|
|
EventRedusers: []handler.EventReducer{
|
|
{
|
|
Event: usergrant.UserGrantAddedType,
|
|
Reduce: p.reduceAdded,
|
|
},
|
|
{
|
|
Event: usergrant.UserGrantChangedType,
|
|
Reduce: p.reduceChanged,
|
|
},
|
|
{
|
|
Event: usergrant.UserGrantCascadeChangedType,
|
|
Reduce: p.reduceChanged,
|
|
},
|
|
{
|
|
Event: usergrant.UserGrantRemovedType,
|
|
Reduce: p.reduceRemoved,
|
|
},
|
|
{
|
|
Event: usergrant.UserGrantCascadeRemovedType,
|
|
Reduce: p.reduceRemoved,
|
|
},
|
|
{
|
|
Event: usergrant.UserGrantDeactivatedType,
|
|
Reduce: p.reduceDeactivated,
|
|
},
|
|
{
|
|
Event: usergrant.UserGrantReactivatedType,
|
|
Reduce: p.reduceReactivated,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Aggregate: user.AggregateType,
|
|
EventRedusers: []handler.EventReducer{
|
|
{
|
|
Event: user.UserRemovedType,
|
|
Reduce: p.reduceUserRemoved,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Aggregate: project.AggregateType,
|
|
EventRedusers: []handler.EventReducer{
|
|
{
|
|
Event: project.ProjectRemovedType,
|
|
Reduce: p.reduceProjectRemoved,
|
|
},
|
|
{
|
|
Event: project.GrantRemovedType,
|
|
Reduce: p.reduceProjectGrantRemoved,
|
|
},
|
|
{
|
|
Event: project.RoleRemovedType,
|
|
Reduce: p.reduceRoleRemoved,
|
|
},
|
|
{
|
|
Event: project.GrantChangedType,
|
|
Reduce: p.reduceProjectGrantChanged,
|
|
},
|
|
{
|
|
Event: project.GrantCascadeChangedType,
|
|
Reduce: p.reduceProjectGrantChanged,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Aggregate: org.AggregateType,
|
|
EventRedusers: []handler.EventReducer{
|
|
{
|
|
Event: org.OrgRemovedEventType,
|
|
Reduce: p.reduceOwnerRemoved,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
Aggregate: instance.AggregateType,
|
|
EventRedusers: []handler.EventReducer{
|
|
{
|
|
Event: instance.InstanceRemovedEventType,
|
|
Reduce: reduceInstanceRemovedHelper(UserGrantInstanceID),
|
|
},
|
|
},
|
|
},
|
|
}
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceAdded(event eventstore.Event) (*handler.Statement, error) {
|
|
e, ok := event.(*usergrant.UserGrantAddedEvent)
|
|
if !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-MQHVB", "reduce.wrong.event.type %s", usergrant.UserGrantAddedType)
|
|
}
|
|
|
|
ctx := setUserGrantContext(e.Aggregate())
|
|
userOwner, err := getResourceOwnerOfUser(ctx, p.Eventstore, e.Aggregate().InstanceID, e.UserID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
projectOwner := ""
|
|
grantOwner := ""
|
|
if e.ProjectGrantID != "" {
|
|
grantOwner, err = getGrantedOrgOfGrantedProject(ctx, p.Eventstore, e.Aggregate().InstanceID, e.ProjectID, e.ProjectGrantID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
} else {
|
|
projectOwner, err = getResourceOwnerOfProject(ctx, p.Eventstore, e.Aggregate().InstanceID, e.ProjectID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return crdb.NewCreateStatement(
|
|
e,
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantID, e.Aggregate().ID),
|
|
handler.NewCol(UserGrantResourceOwner, e.Aggregate().ResourceOwner),
|
|
handler.NewCol(UserGrantInstanceID, e.Aggregate().InstanceID),
|
|
handler.NewCol(UserGrantCreationDate, e.CreationDate()),
|
|
handler.NewCol(UserGrantChangeDate, e.CreationDate()),
|
|
handler.NewCol(UserGrantSequence, e.Sequence()),
|
|
handler.NewCol(UserGrantUserID, e.UserID),
|
|
handler.NewCol(UserGrantResourceOwnerUser, userOwner),
|
|
handler.NewCol(UserGrantProjectID, e.ProjectID),
|
|
handler.NewCol(UserGrantResourceOwnerProject, projectOwner),
|
|
handler.NewCol(UserGrantGrantID, e.ProjectGrantID),
|
|
handler.NewCol(UserGrantGrantedOrg, grantOwner),
|
|
handler.NewCol(UserGrantRoles, database.StringArray(e.RoleKeys)),
|
|
handler.NewCol(UserGrantState, domain.UserGrantStateActive),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceChanged(event eventstore.Event) (*handler.Statement, error) {
|
|
var roles database.StringArray
|
|
|
|
switch e := event.(type) {
|
|
case *usergrant.UserGrantChangedEvent:
|
|
roles = e.RoleKeys
|
|
case *usergrant.UserGrantCascadeChangedEvent:
|
|
roles = e.RoleKeys
|
|
default:
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-hOr1E", "reduce.wrong.event.type %v", []eventstore.EventType{usergrant.UserGrantChangedType, usergrant.UserGrantCascadeChangedType})
|
|
}
|
|
|
|
return crdb.NewUpdateStatement(
|
|
event,
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, event.CreationDate()),
|
|
handler.NewCol(UserGrantRoles, roles),
|
|
handler.NewCol(UserGrantSequence, event.Sequence()),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantID, event.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
switch event.(type) {
|
|
case *usergrant.UserGrantRemovedEvent, *usergrant.UserGrantCascadeRemovedEvent:
|
|
// ok
|
|
default:
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-7OBEC", "reduce.wrong.event.type %v", []eventstore.EventType{usergrant.UserGrantRemovedType, usergrant.UserGrantCascadeRemovedType})
|
|
}
|
|
|
|
return crdb.NewDeleteStatement(
|
|
event,
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantID, event.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceDeactivated(event eventstore.Event) (*handler.Statement, error) {
|
|
if _, ok := event.(*usergrant.UserGrantDeactivatedEvent); !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-oP7Gm", "reduce.wrong.event.type %s", usergrant.UserGrantDeactivatedType)
|
|
}
|
|
|
|
return crdb.NewUpdateStatement(
|
|
event,
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, event.CreationDate()),
|
|
handler.NewCol(UserGrantState, domain.UserGrantStateInactive),
|
|
handler.NewCol(UserGrantSequence, event.Sequence()),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantID, event.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceReactivated(event eventstore.Event) (*handler.Statement, error) {
|
|
if _, ok := event.(*usergrant.UserGrantDeactivatedEvent); !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DGsKh", "reduce.wrong.event.type %s", usergrant.UserGrantReactivatedType)
|
|
}
|
|
|
|
return crdb.NewUpdateStatement(
|
|
event,
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, event.CreationDate()),
|
|
handler.NewCol(UserGrantState, domain.UserGrantStateActive),
|
|
handler.NewCol(UserGrantSequence, event.Sequence()),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantID, event.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceUserRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
if _, ok := event.(*user.UserRemovedEvent); !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Bner2a", "reduce.wrong.event.type %s", user.UserRemovedType)
|
|
}
|
|
|
|
return crdb.NewDeleteStatement(
|
|
event,
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantUserID, event.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceProjectRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
if _, ok := event.(*project.ProjectRemovedEvent); !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Bne2a", "reduce.wrong.event.type %s", project.ProjectRemovedType)
|
|
}
|
|
|
|
return crdb.NewDeleteStatement(
|
|
event,
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantProjectID, event.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceProjectGrantRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
e, ok := event.(*project.GrantRemovedEvent)
|
|
if !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-dGr2a", "reduce.wrong.event.type %s", project.GrantRemovedType)
|
|
}
|
|
|
|
return crdb.NewDeleteStatement(
|
|
event,
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantGrantID, e.GrantID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceRoleRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
e, ok := event.(*project.RoleRemovedEvent)
|
|
if !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-dswg2", "reduce.wrong.event.type %s", project.RoleRemovedType)
|
|
}
|
|
|
|
return crdb.NewUpdateStatement(
|
|
event,
|
|
[]handler.Column{
|
|
crdb.NewArrayRemoveCol(UserGrantRoles, e.Key),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantProjectID, e.Aggregate().ID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceProjectGrantChanged(event eventstore.Event) (*handler.Statement, error) {
|
|
var grantID string
|
|
var keys []string
|
|
switch e := event.(type) {
|
|
case *project.GrantChangedEvent:
|
|
grantID = e.GrantID
|
|
keys = e.RoleKeys
|
|
case *project.GrantCascadeChangedEvent:
|
|
grantID = e.GrantID
|
|
keys = e.RoleKeys
|
|
default:
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-Fh3gw", "reduce.wrong.event.type %v", []eventstore.EventType{project.GrantChangedType, project.GrantCascadeChangedType})
|
|
}
|
|
|
|
return crdb.NewUpdateStatement(
|
|
event,
|
|
[]handler.Column{
|
|
crdb.NewArrayIntersectCol(UserGrantRoles, database.StringArray(keys)),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantGrantID, grantID),
|
|
handler.NewCond(UserGrantInstanceID, event.Aggregate().InstanceID),
|
|
},
|
|
), nil
|
|
}
|
|
|
|
func (p *userGrantProjection) reduceOwnerRemoved(event eventstore.Event) (*handler.Statement, error) {
|
|
e, ok := event.(*org.OrgRemovedEvent)
|
|
if !ok {
|
|
return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-jpIvp", "reduce.wrong.event.type %s", org.OrgRemovedEventType)
|
|
}
|
|
|
|
return crdb.NewMultiStatement(
|
|
e,
|
|
crdb.AddUpdateStatement(
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, e.CreationDate()),
|
|
handler.NewCol(UserGrantSequence, e.Sequence()),
|
|
handler.NewCol(UserGrantOwnerRemoved, true),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantInstanceID, e.Aggregate().InstanceID),
|
|
handler.NewCond(UserGrantResourceOwner, e.Aggregate().ID),
|
|
},
|
|
),
|
|
crdb.AddUpdateStatement(
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, e.CreationDate()),
|
|
handler.NewCol(UserGrantSequence, e.Sequence()),
|
|
handler.NewCol(UserGrantUserOwnerRemoved, true),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantInstanceID, e.Aggregate().InstanceID),
|
|
handler.NewCond(UserGrantResourceOwnerUser, e.Aggregate().ID),
|
|
},
|
|
),
|
|
crdb.AddUpdateStatement(
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, e.CreationDate()),
|
|
handler.NewCol(UserGrantSequence, e.Sequence()),
|
|
handler.NewCol(UserGrantProjectOwnerRemoved, true),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantInstanceID, e.Aggregate().InstanceID),
|
|
handler.NewCond(UserGrantResourceOwnerProject, e.Aggregate().ID),
|
|
},
|
|
),
|
|
crdb.AddUpdateStatement(
|
|
[]handler.Column{
|
|
handler.NewCol(UserGrantChangeDate, e.CreationDate()),
|
|
handler.NewCol(UserGrantSequence, e.Sequence()),
|
|
handler.NewCol(UserGrantGrantedOrgRemoved, true),
|
|
},
|
|
[]handler.Condition{
|
|
handler.NewCond(UserGrantInstanceID, e.Aggregate().InstanceID),
|
|
handler.NewCond(UserGrantGrantedOrg, e.Aggregate().ID),
|
|
},
|
|
),
|
|
), nil
|
|
}
|
|
|
|
func getResourceOwnerOfUser(ctx context.Context, es *eventstore.Eventstore, instanceID, aggID string) (string, error) {
|
|
events, err := es.Filter(
|
|
ctx,
|
|
eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
InstanceID(instanceID).
|
|
AddQuery().
|
|
AggregateTypes(user.AggregateType).
|
|
AggregateIDs(aggID).
|
|
EventTypes(user.HumanRegisteredType, user.HumanAddedType, user.MachineAddedEventType).
|
|
Builder(),
|
|
)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if len(events) != 1 {
|
|
return "", errors.ThrowNotFound(nil, "PROJ-0I92sp", "Errors.User.NotFound")
|
|
}
|
|
return events[0].Aggregate().ResourceOwner, nil
|
|
}
|
|
|
|
func getResourceOwnerOfProject(ctx context.Context, es *eventstore.Eventstore, instanceID, aggID string) (string, error) {
|
|
events, err := es.Filter(
|
|
ctx,
|
|
eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
InstanceID(instanceID).
|
|
AddQuery().
|
|
AggregateTypes(project.AggregateType).
|
|
AggregateIDs(aggID).
|
|
EventTypes(project.ProjectAddedType).
|
|
Builder(),
|
|
)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if len(events) != 1 {
|
|
return "", errors.ThrowNotFound(nil, "PROJ-0I91sp", "Errors.Project.NotFound")
|
|
}
|
|
return events[0].Aggregate().ResourceOwner, nil
|
|
}
|
|
|
|
func getGrantedOrgOfGrantedProject(ctx context.Context, es *eventstore.Eventstore, instanceID, projectID, grantID string) (string, error) {
|
|
events, err := es.Filter(
|
|
ctx,
|
|
eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
InstanceID(instanceID).
|
|
AddQuery().
|
|
AggregateTypes(project.AggregateType).
|
|
AggregateIDs(projectID).
|
|
EventTypes(project.GrantAddedType).
|
|
EventData(map[string]interface{}{
|
|
"grantId": grantID,
|
|
}).
|
|
Builder(),
|
|
)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if len(events) != 1 {
|
|
return "", errors.ThrowNotFound(nil, "PROJ-MoaSpw", "Errors.Grant.NotFound")
|
|
}
|
|
grantAddedEvent, ok := events[0].(*project.GrantAddedEvent)
|
|
if !ok {
|
|
return "", errors.ThrowNotFound(nil, "PROJ-P0s2o0", "Errors.Grant.NotFound")
|
|
}
|
|
return grantAddedEvent.GrantedOrgID, nil
|
|
}
|
|
|
|
func setUserGrantContext(event eventstore.Aggregate) context.Context {
|
|
return authz.WithInstanceID(context.Background(), event.InstanceID)
|
|
}
|