mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-14 03:54:21 +00:00
a321d850ae
* fix logging * token verification * feat: assert roles * feat: add project role assertion on project and token type on app * id and access token role assertion * add project role check * user grant required step in login * update library * fix merge * fix merge * fix merge * update oidc library * fix tests * add tests for GrantRequiredStep * add missing field ProjectRoleCheck on project view model * fix project create * fix project create
120 lines
2.5 KiB
Go
120 lines
2.5 KiB
Go
package model
|
|
|
|
import (
|
|
"github.com/golang/protobuf/ptypes/timestamp"
|
|
|
|
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
|
)
|
|
|
|
type Project struct {
|
|
es_models.ObjectRoot
|
|
|
|
State ProjectState
|
|
Name string
|
|
Members []*ProjectMember
|
|
Roles []*ProjectRole
|
|
Applications []*Application
|
|
Grants []*ProjectGrant
|
|
ProjectRoleAssertion bool
|
|
ProjectRoleCheck bool
|
|
}
|
|
type ProjectChanges struct {
|
|
Changes []*ProjectChange
|
|
LastSequence uint64
|
|
}
|
|
|
|
type ProjectChange struct {
|
|
ChangeDate *timestamp.Timestamp `json:"changeDate,omitempty"`
|
|
EventType string `json:"eventType,omitempty"`
|
|
Sequence uint64 `json:"sequence,omitempty"`
|
|
ModifierId string `json:"modifierUser,omitempty"`
|
|
ModifierName string `json:"-"`
|
|
Data interface{} `json:"data,omitempty"`
|
|
}
|
|
|
|
type ProjectState int32
|
|
|
|
const (
|
|
ProjectStateActive ProjectState = iota
|
|
ProjectStateInactive
|
|
ProjectStateRemoved
|
|
)
|
|
|
|
func NewProject(id string) *Project {
|
|
return &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: id}, State: ProjectStateActive}
|
|
}
|
|
|
|
func (p *Project) IsActive() bool {
|
|
return p.State == ProjectStateActive
|
|
}
|
|
|
|
func (p *Project) IsValid() bool {
|
|
return p.Name != ""
|
|
}
|
|
|
|
func (p *Project) GetMember(userID string) (int, *ProjectMember) {
|
|
for i, m := range p.Members {
|
|
if m.UserID == userID {
|
|
return i, m
|
|
}
|
|
}
|
|
return -1, nil
|
|
}
|
|
|
|
func (p *Project) ContainsRole(role *ProjectRole) bool {
|
|
for _, r := range p.Roles {
|
|
if r.Key == role.Key {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (p *Project) GetApp(appID string) (int, *Application) {
|
|
for i, a := range p.Applications {
|
|
if a.AppID == appID {
|
|
return i, a
|
|
}
|
|
}
|
|
return -1, nil
|
|
}
|
|
|
|
func (p *Project) GetGrant(grantID string) (int, *ProjectGrant) {
|
|
for i, g := range p.Grants {
|
|
if g.GrantID == grantID {
|
|
return i, g
|
|
}
|
|
}
|
|
return -1, nil
|
|
}
|
|
|
|
func (p *Project) ContainsGrantForOrg(orgID string) bool {
|
|
for _, g := range p.Grants {
|
|
if g.GrantedOrgID == orgID {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (p *Project) ContainsRoles(roleKeys []string) bool {
|
|
for _, r := range roleKeys {
|
|
if !p.ContainsRole(&ProjectRole{Key: r}) {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (p *Project) ContainsGrantMember(member *ProjectGrantMember) bool {
|
|
for _, g := range p.Grants {
|
|
if g.GrantID != member.GrantID {
|
|
continue
|
|
}
|
|
if _, m := g.GetMember(member.UserID); m != nil {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|