TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-23 08:06:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
72a5c33e6ac302b978d564bd049f9364f5a989b1
zitadel/internal/query/group_users.go
Gayathri Vijayan ad8e8bf61f feat(group): manage users in user groups (#10940) 
# Which Problems Are Solved

1. Adding users to user groups and removing users from user groups.
2. Searching for users in user groups by group IDs or user IDs

# How the Problems Are Solved

By adding:
1. The API definitions to manage users in users groups
3. The command-layer implementation of adding users/removing users
to/from user groups.
4. The projection table group_users1
5. Query-side implementation to search for users in user groups

# Additional Changes

1. Remove debug statements from unit tests.
2. Fix removal of groups when orgs are removed
3. Add unit tests for groups projection

# Additional Context

* Related to #9702 
* Follow-up for PRs 
  * https://github.com/zitadel/zitadel/pull/10455
  * https://github.com/zitadel/zitadel/pull/10758
  * https://github.com/zitadel/zitadel/pull/10853
2025-10-28 13:23:54 +00:00

221 lines
6.0 KiB
Go
Raw Blame History

package query
import (
"context"
"database/sql"
"slices"
"time"
sq "github.com/Masterminds/squirrel"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/query/projection"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
"github.com/zitadel/zitadel/internal/zerrors"
)
var (
groupUsersTable = table{
name: projection.GroupUsersProjectionTable,
instanceIDCol: projection.GroupUsersColumnInstanceID,
}
GroupUsersColumnGroupID = Column{
name: projection.GroupUsersColumnGroupID,
table: groupUsersTable,
}
GroupUsersColumnUserID = Column{
name: projection.GroupUsersColumnUserID,
table: groupUsersTable,
}
GroupUsersColumnResourceOwner = Column{
name: projection.GroupUsersColumnResourceOwner,
table: groupUsersTable,
}
GroupUsersColumnCreationDate = Column{
name: projection.GroupUsersColumnCreationDate,
table: groupUsersTable,
}
GroupUsersColumnInstanceID = Column{
name: projection.GroupUsersColumnInstanceID,
table: groupUsersTable,
}
GroupUsersColumnSequence = Column{
name: projection.GroupUsersColumnSequence,
table: groupUsersTable,
}
)
type GroupUsers struct {
SearchResponse
GroupUsers []*GroupUser
}
type GroupUser struct {
GroupID string
ResourceOwner string
CreationDate time.Time
Sequence uint64
// user fields
UserID string
PreferredLoginName string
DisplayName string
AvatarUrl string
}
type GroupUsersSearchQuery struct {
SearchRequest
Queries []SearchQuery
}
func (q *Queries) SearchGroupUsers(ctx context.Context, queries *GroupUsersSearchQuery, permissionCheck domain.PermissionCheck) (_ *GroupUsers, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
groupUsers, err := q.searchGroupUsers(ctx, queries, permissionCheckV2)
if err != nil {
return nil, err
}
if permissionCheck != nil && !permissionCheckV2 {
groupUsersCheckPermission(ctx, groupUsers, permissionCheck)
}
return groupUsers, nil
}
func NewGroupUsersUserIDsSearchQuery(userIDs []string) (SearchQuery, error) {
list := make([]interface{}, len(userIDs))
for i, value := range userIDs {
list[i] = value
}
return NewListQuery(GroupUsersColumnUserID, list, ListIn)
}
func NewGroupUsersGroupIDsSearchQuery(groupIDs []string) (SearchQuery, error) {
list := make([]interface{}, len(groupIDs))
for i, value := range groupIDs {
list[i] = value
}
return NewListQuery(GroupUsersColumnGroupID, list, ListIn)
}
func (q *Queries) searchGroupUsers(ctx context.Context, queries *GroupUsersSearchQuery, permissionCheckV2 bool) (groupUsers *GroupUsers, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
query, scan := prepareGroupUsersQuery()
query = groupUsersPermissionCheckV2(ctx, query, queries, permissionCheckV2)
eq := sq.And{
sq.Eq{
GroupUsersColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
},
}
stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
if err != nil {
return nil, zerrors.ThrowInvalidArgument(err, "QUERY-TTlfF6", "Errors.Query.InvalidRequest")
}
err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
groupUsers, err = scan(rows)
return err
}, stmt, args...)
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-M5O50l", "Errors.Internal")
}
groupUsers.State, err = q.latestState(ctx, groupUsersTable)
return groupUsers, nil
}
func prepareGroupUsersQuery() (query sq.SelectBuilder, scan func(*sql.Rows) (*GroupUsers, error)) {
return sq.Select(
GroupUsersColumnGroupID.identifier(),
GroupUsersColumnUserID.identifier(),
HumanDisplayNameCol.identifier(),
LoginNameNameCol.identifier(),
GroupUsersColumnResourceOwner.identifier(),
HumanAvatarURLCol.identifier(),
GroupUsersColumnCreationDate.identifier(),
GroupUsersColumnSequence.identifier(),
countColumn.identifier(),
).From(groupUsersTable.identifier()).
LeftJoin(join(HumanUserIDCol, GroupUsersColumnUserID)).
LeftJoin(join(LoginNameUserIDCol, GroupUsersColumnUserID)).
Where(
sq.Eq{LoginNameIsPrimaryCol.identifier(): true},
).PlaceholderFormat(sq.Dollar),
func(rows *sql.Rows) (*GroupUsers, error) {
groupUsers := make([]*GroupUser, 0)
var count uint64
for rows.Next() {
g := new(GroupUser)
var (
displayName sql.NullString
avatarURL sql.NullString
preferredLoginName sql.NullString
)
err := rows.Scan(
&g.GroupID,
&g.UserID,
&displayName,
&preferredLoginName,
&g.ResourceOwner,
&avatarURL,
&g.CreationDate,
&g.Sequence,
&count,
)
if err != nil {
return nil, err
}
g.DisplayName = displayName.String
g.AvatarUrl = avatarURL.String
g.PreferredLoginName = preferredLoginName.String
groupUsers = append(groupUsers, g)
}
if err := rows.Close(); err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-JuX6i5", "Errors.Query.CloseRows")
}
return &GroupUsers{
GroupUsers: groupUsers,
SearchResponse: SearchResponse{
Count: count,
},
}, nil
}
}
func groupUsersCheckPermission(ctx context.Context, groupUsers *GroupUsers, permissionCheck domain.PermissionCheck) {
groupUsers.GroupUsers = slices.DeleteFunc(groupUsers.GroupUsers,
func(gu *GroupUser) bool {
return permissionCheck(ctx, domain.PermissionGroupUserRead, gu.ResourceOwner, gu.GroupID) != nil
},
)
}
func groupUsersPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, queries *GroupUsersSearchQuery, permissionCheckV2 bool) sq.SelectBuilder {
if !permissionCheckV2 {
return query
}
join, args := PermissionClause(
ctx,
GroupUsersColumnResourceOwner,
domain.PermissionGroupUserRead,
)
return query.JoinClause(join, args...)
}
func (q *GroupUsersSearchQuery) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
query = q.SearchRequest.toQuery(query)
for _, q := range q.Queries {
query = q.toQuery(query)
}
return query
}
Reference in New Issue View Git Blame Copy Permalink