mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-15 22:48:35 +00:00
7eb45c6cfd
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
215 lines
7.4 KiB
Go
215 lines
7.4 KiB
Go
package management
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
member_grpc "github.com/zitadel/zitadel/internal/api/grpc/member"
|
|
object_grpc "github.com/zitadel/zitadel/internal/api/grpc/object"
|
|
proj_grpc "github.com/zitadel/zitadel/internal/api/grpc/project"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management"
|
|
)
|
|
|
|
func (s *Server) GetProjectGrantByID(ctx context.Context, req *mgmt_pb.GetProjectGrantByIDRequest) (*mgmt_pb.GetProjectGrantByIDResponse, error) {
|
|
grant, err := s.query.ProjectGrantByID(ctx, true, req.GrantId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.GetProjectGrantByIDResponse{
|
|
ProjectGrant: proj_grpc.GrantedProjectViewToPb(grant),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) ListProjectGrants(ctx context.Context, req *mgmt_pb.ListProjectGrantsRequest) (*mgmt_pb.ListProjectGrantsResponse, error) {
|
|
queries, err := listProjectGrantsRequestToModel(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grants, err := s.query.SearchProjectGrants(ctx, queries, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.ListProjectGrantsResponse{
|
|
Result: proj_grpc.GrantedProjectViewsToPb(grants.ProjectGrants),
|
|
Details: object_grpc.ToListDetails(grants.Count, grants.Sequence, grants.LastRun),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) ListAllProjectGrants(ctx context.Context, req *mgmt_pb.ListAllProjectGrantsRequest) (*mgmt_pb.ListAllProjectGrantsResponse, error) {
|
|
queries, err := listAllProjectGrantsRequestToModel(req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = queries.AppendMyResourceOwnerQuery(authz.GetCtxData(ctx).OrgID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = queries.AppendPermissionQueries(authz.GetRequestPermissionsFromCtx(ctx))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grants, err := s.query.SearchProjectGrants(ctx, queries, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.ListAllProjectGrantsResponse{
|
|
Result: proj_grpc.GrantedProjectViewsToPb(grants.ProjectGrants),
|
|
Details: object_grpc.ToListDetails(grants.Count, grants.Sequence, grants.LastRun),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) AddProjectGrant(ctx context.Context, req *mgmt_pb.AddProjectGrantRequest) (*mgmt_pb.AddProjectGrantResponse, error) {
|
|
grant := AddProjectGrantRequestToCommand(req, "", authz.GetCtxData(ctx).OrgID)
|
|
details, err := s.command.AddProjectGrant(ctx, grant)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.AddProjectGrantResponse{
|
|
GrantId: grant.GrantID,
|
|
Details: object_grpc.AddToDetailsPb(
|
|
details.Sequence,
|
|
details.EventDate,
|
|
details.ResourceOwner,
|
|
),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) UpdateProjectGrant(ctx context.Context, req *mgmt_pb.UpdateProjectGrantRequest) (*mgmt_pb.UpdateProjectGrantResponse, error) {
|
|
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(req.ProjectId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grantQuery, err := query.NewUserGrantGrantIDSearchQuery(req.GrantId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
|
Queries: []query.SearchQuery{projectQuery, grantQuery},
|
|
}, true)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grant, err := s.command.ChangeProjectGrant(ctx, UpdateProjectGrantRequestToCommand(req, authz.GetCtxData(ctx).OrgID), userGrantsToIDs(grants.UserGrants)...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.UpdateProjectGrantResponse{
|
|
Details: object_grpc.ChangeToDetailsPb(
|
|
grant.Sequence,
|
|
grant.EventDate,
|
|
grant.ResourceOwner,
|
|
),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) DeactivateProjectGrant(ctx context.Context, req *mgmt_pb.DeactivateProjectGrantRequest) (*mgmt_pb.DeactivateProjectGrantResponse, error) {
|
|
details, err := s.command.DeactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.DeactivateProjectGrantResponse{
|
|
Details: object_grpc.DomainToChangeDetailsPb(details),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) ReactivateProjectGrant(ctx context.Context, req *mgmt_pb.ReactivateProjectGrantRequest) (*mgmt_pb.ReactivateProjectGrantResponse, error) {
|
|
details, err := s.command.ReactivateProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.ReactivateProjectGrantResponse{
|
|
Details: object_grpc.DomainToChangeDetailsPb(details),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) RemoveProjectGrant(ctx context.Context, req *mgmt_pb.RemoveProjectGrantRequest) (*mgmt_pb.RemoveProjectGrantResponse, error) {
|
|
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(req.ProjectId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grantQuery, err := query.NewUserGrantGrantIDSearchQuery(req.GrantId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
|
Queries: []query.SearchQuery{projectQuery, grantQuery},
|
|
}, false)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
details, err := s.command.RemoveProjectGrant(ctx, req.ProjectId, req.GrantId, authz.GetCtxData(ctx).OrgID, userGrantsToIDs(userGrants.UserGrants)...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.RemoveProjectGrantResponse{
|
|
Details: object_grpc.DomainToChangeDetailsPb(details),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) ListProjectGrantMemberRoles(ctx context.Context, req *mgmt_pb.ListProjectGrantMemberRolesRequest) (*mgmt_pb.ListProjectGrantMemberRolesResponse, error) {
|
|
roles := s.query.GetProjectGrantMemberRoles()
|
|
return &mgmt_pb.ListProjectGrantMemberRolesResponse{
|
|
Result: roles,
|
|
Details: object_grpc.ToListDetails(uint64(len(roles)), 0, time.Now()),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) ListProjectGrantMembers(ctx context.Context, req *mgmt_pb.ListProjectGrantMembersRequest) (*mgmt_pb.ListProjectGrantMembersResponse, error) {
|
|
queries, err := ListProjectGrantMembersRequestToModel(ctx, req)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
response, err := s.query.ProjectGrantMembers(ctx, queries)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.ListProjectGrantMembersResponse{
|
|
Result: member_grpc.MembersToPb(s.assetAPIPrefix(ctx), response.Members),
|
|
Details: object_grpc.ToListDetails(response.Count, response.Sequence, response.LastRun),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) AddProjectGrantMember(ctx context.Context, req *mgmt_pb.AddProjectGrantMemberRequest) (*mgmt_pb.AddProjectGrantMemberResponse, error) {
|
|
member, err := s.command.AddProjectGrantMember(ctx, AddProjectGrantMemberRequestToDomain(req))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.AddProjectGrantMemberResponse{
|
|
Details: object_grpc.AddToDetailsPb(
|
|
member.Sequence,
|
|
member.ChangeDate,
|
|
member.ResourceOwner,
|
|
),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) UpdateProjectGrantMember(ctx context.Context, req *mgmt_pb.UpdateProjectGrantMemberRequest) (*mgmt_pb.UpdateProjectGrantMemberResponse, error) {
|
|
member, err := s.command.ChangeProjectGrantMember(ctx, UpdateProjectGrantMemberRequestToDomain(req))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.UpdateProjectGrantMemberResponse{
|
|
Details: object_grpc.ChangeToDetailsPb(
|
|
member.Sequence,
|
|
member.ChangeDate,
|
|
member.ResourceOwner,
|
|
),
|
|
}, nil
|
|
}
|
|
|
|
func (s *Server) RemoveProjectGrantMember(ctx context.Context, req *mgmt_pb.RemoveProjectGrantMemberRequest) (*mgmt_pb.RemoveProjectGrantMemberResponse, error) {
|
|
details, err := s.command.RemoveProjectGrantMember(ctx, req.ProjectId, req.UserId, req.GrantId)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &mgmt_pb.RemoveProjectGrantMemberResponse{
|
|
Details: object_grpc.DomainToChangeDetailsPb(details),
|
|
}, nil
|
|
}
|