mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 19:14:23 +00:00
5cbf537a91
* fix: some funcitons * feat(eventstore): implemented push events * fix: move project eventstore to project package * fix: change project eventstore funcs * feat(eventstore): overwrite context data * fix: change project eventstore * fix: add project repo to mgmt server * feat(types): SQL-config * fix: commented code * feat(eventstore): options to overwrite editor * feat: auth interceptor and cockroach migrations * fix: migrations * fix: fix filter * fix: not found on getbyid * fix: use global sql config * fix: add sequence * fix: add some tests * fix(eventstore): nullable sequence * fix: add some tests * merge * fix: add some tests * fix(migrations): correct statements for sequence * fix: add some tests * fix: add some tests * fix: changes from mr * fix: changes from mr * fix: add some tests * Update internal/eventstore/models/field.go Co-Authored-By: livio-a <livio.a@gmail.com> * fix(eventstore): code quality * fix: add types to aggregate/Event-types * fix: try tests * fix(eventstore): rename modifier* to editor* * fix(eventstore): delete editor_org * fix(migrations): remove editor_org field, rename modifier_* to editor_* * fix: query tests * fix: use prepare funcs * fix: go mod * fix: generate files * fix(eventstore): tests * fix(eventstore): rename modifier to editor * fix(migrations): add cluster migration, fix(migrations): fix typo of host in clean clsuter * fix(eventstore): move health * fix(eventstore): AggregateTypeFilter aggregateType as param * code quality * fix: go tests * feat: add member funcs * feat: add member model * feat: add member events * feat: add member repo model * fix: better error func testing * fix: project member funcs * fix: add tests * fix: add tests * feat: implement member requests * fix: merge master * fix: merge master * fix: read existing in project repo * fix: fix tests * feat: add internal cache * feat: add cache mock * fix: return values of cache mock * feat: add project role * fix: add cache config * fix: add role to eventstore * fix: use eventstore sdk * fix: use eventstore sdk * fix: add project role grpc requests * fix: fix getby id * fix: changes for mr * fix: change value to interface * feat: add app event creations * fix: searchmethods * Update internal/project/model/project_member.go Co-Authored-By: Silvan <silvan.reusser@gmail.com> * fix: use get project func * fix: append events * fix: check if value is string on equal ignore case * fix: add changes test * fix: add go mod * fix: add some tests * fix: return err not nil * fix: return err not nil * fix: add aggregate funcs and tests * fix: add oidc aggregate funcs and tests * fix: add oidc * fix: add some tests * fix: tests * fix: oidc validation * fix: generate client secret * fix: generate client id * fix: test change app * fix: deactivate/reactivate application * fix: change oidc config * fix: change oidc config secret * fix: implement grpc app funcs * fix: add application requests * fix: converter * fix: converter * fix: converter and generate clientid * fix: tests * feat: project grant aggregate * feat: project grant * fix: project grant check if role existing * fix: project grant requests * fix: project grant fixes * fix: project grant member model * fix: project grant member aggregate * fix: project grant member eventstore * fix: project grant member requests * feat: user model * feat: user command side * user command side * profile requests * local config with gopass and more * init for views (spooler, handler) * init for views (spooler, handler) * start view in management * granted project * Update internal/user/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/address.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/address.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/email.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/email.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/email.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/mfa.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/mfa.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/password.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/password.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/password.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/phone.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/phone.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/phone.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/eventsourcing/model/user_grant.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/eventsourcing/model/user_grant.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/eventsourcing/user_grant.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/user_test.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * Update internal/user/repository/eventsourcing/eventstore_mock_test.go Co-Authored-By: Livio Amstutz <livio.a@gmail.com> * changes from mr review * save files into basedir * changes from mr review * changes from mr review * implement granted project view * Update internal/usergrant/repository/eventsourcing/cache.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/usergrant/repository/eventsourcing/cache.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * changes requested on mr * fix generate codes * fix return if no events * password code * search granted projects * fix search column * update all projects on project change * search roles * filter org * project members * project grant members * fix tests * application view * project grant search * mock * Update internal/user/repository/eventsourcing/model/password.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/user/repository/eventsourcing/model/user.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * requests of mr * check email * test appendevents * test appendevents * Update internal/view/query.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/eventstore/spooler/spooler.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/view/query.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * merge request changes * Update internal/project/repository/view/model/application.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * merge request changes * Project view sql (#92) * sql and configs * error handling * sql start in eventstore * on error handling, config * merge branches * user view * user grant view * fix test * user grant search * fill data on user grant * update data on user grant * return caos errors * converter list len * merge master * Update internal/management/repository/eventsourcing/handler/user_grant.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * Update internal/usergrant/repository/view/model/user_grant_query.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * typo * Update internal/user/repository/view/model/user_query.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/user/repository/view/user_view.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update pkg/management/api/grpc/user_converter.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update pkg/management/api/grpc/user_grant_converter.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * set my org query Co-authored-by: adlerhurst <silvan.reusser@gmail.com> Co-authored-by: livio-a <livio.a@gmail.com>
153 lines
4.9 KiB
Go
153 lines
4.9 KiB
Go
package handler
|
|
|
|
import (
|
|
"context"
|
|
"github.com/caos/logging"
|
|
"github.com/caos/zitadel/internal/eventstore/models"
|
|
"github.com/caos/zitadel/internal/eventstore/spooler"
|
|
proj_model "github.com/caos/zitadel/internal/project/model"
|
|
"github.com/caos/zitadel/internal/project/repository/eventsourcing"
|
|
proj_event "github.com/caos/zitadel/internal/project/repository/eventsourcing"
|
|
es_model "github.com/caos/zitadel/internal/project/repository/eventsourcing/model"
|
|
view_model "github.com/caos/zitadel/internal/project/repository/view/model"
|
|
"time"
|
|
)
|
|
|
|
type ProjectRole struct {
|
|
handler
|
|
projectEvents *proj_event.ProjectEventstore
|
|
}
|
|
|
|
const (
|
|
projectRoleTable = "management.project_roles"
|
|
)
|
|
|
|
func (p *ProjectRole) MinimumCycleDuration() time.Duration { return p.cycleDuration }
|
|
|
|
func (p *ProjectRole) ViewModel() string {
|
|
return projectRoleTable
|
|
}
|
|
|
|
func (p *ProjectRole) EventQuery() (*models.SearchQuery, error) {
|
|
sequence, err := p.view.GetLatestProjectRoleSequence()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return eventsourcing.ProjectQuery(sequence), nil
|
|
}
|
|
|
|
func (p *ProjectRole) Process(event *models.Event) (err error) {
|
|
role := new(view_model.ProjectRoleView)
|
|
switch event.Type {
|
|
case es_model.ProjectRoleAdded:
|
|
role.AppendEvent(event)
|
|
case es_model.ProjectRoleChanged:
|
|
err := role.SetData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
role, err = p.view.ProjectRoleByIDs(event.AggregateID, event.ResourceOwner, role.Key)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
role.AppendEvent(event)
|
|
case es_model.ProjectRoleRemoved:
|
|
err := role.SetData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = p.removeRoleFromAllResourceowners(event, role)
|
|
case es_model.ProjectGrantAdded:
|
|
return p.addGrantRoles(event)
|
|
case es_model.ProjectGrantChanged:
|
|
err = p.removeRolesFromResourceowner(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return p.addGrantRoles(event)
|
|
case es_model.ProjectGrantRemoved:
|
|
return p.removeRolesFromResourceowner(event)
|
|
default:
|
|
return p.view.ProcessedProjectRoleSequence(event.Sequence)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return p.view.PutProjectRole(role)
|
|
}
|
|
|
|
func (p *ProjectRole) removeRoleFromAllResourceowners(event *models.Event, role *view_model.ProjectRoleView) error {
|
|
roles, err := p.view.ResourceOwnerProjectRolesByKey(event.AggregateID, event.ResourceOwner, role.Key)
|
|
if err != nil {
|
|
logging.LogWithFields("HANDL-slo03", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "Key", role.Key).WithError(err).Warn("could not read roles to remove")
|
|
return err
|
|
}
|
|
for _, r := range roles {
|
|
err = p.view.DeleteProjectRole(r.ProjectID, r.OrgID, r.Key, event.Sequence)
|
|
if err != nil {
|
|
logging.LogWithFields("HANDL-kloa2", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "OrgID", r.OrgID, "Key", role.Key).WithError(err).Warn("could not remove role")
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *ProjectRole) removeRolesFromResourceowner(event *models.Event) error {
|
|
roles, err := p.view.ResourceOwnerProjectRoles(event.AggregateID, event.ResourceOwner)
|
|
if err != nil {
|
|
logging.LogWithFields("HANDL-slo03", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "Key").WithError(err).Warn("could not read roles to remove")
|
|
return err
|
|
}
|
|
for _, r := range roles {
|
|
err = p.view.DeleteProjectRole(r.ProjectID, r.OrgID, r.Key, event.Sequence)
|
|
if err != nil {
|
|
logging.LogWithFields("HANDL-kloa2", "aggregateID", event.AggregateID, "ResourceOwner", event.ResourceOwner, "OrgID", r.OrgID).WithError(err).Warn("could not remove role")
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *ProjectRole) addGrantRoles(event *models.Event) error {
|
|
project, err := p.projectEvents.ProjectByID(context.Background(), event.AggregateID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
grant := new(view_model.ProjectGrant)
|
|
err = grant.SetData(event)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, roleKey := range grant.RoleKeys {
|
|
role := getRoleFromProject(roleKey, project)
|
|
projectRole := &view_model.ProjectRoleView{
|
|
OrgID: grant.GrantedOrgID,
|
|
ProjectID: event.AggregateID,
|
|
Key: roleKey,
|
|
DisplayName: role.DisplayName,
|
|
Group: role.Group,
|
|
ResourceOwner: event.ResourceOwner,
|
|
CreationDate: event.CreationDate,
|
|
Sequence: event.Sequence,
|
|
}
|
|
err := p.view.PutProjectRole(projectRole)
|
|
logging.LogWithFields("HANDL-sj3TG", "eventID", event.ID).OnError(err).Warn("could not save project role")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func getRoleFromProject(roleKey string, project *proj_model.Project) *proj_model.ProjectRole {
|
|
for _, role := range project.Roles {
|
|
if roleKey == role.Key {
|
|
return role
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (p *ProjectRole) OnError(event *models.Event, err error) error {
|
|
logging.LogWithFields("SPOOL-lso9w", "id", event.AggregateID).WithError(err).Warn("something went wrong in project role handler")
|
|
return spooler.HandleError(event, err, p.view.GetLatestProjectRoleFailedEvent, p.view.ProcessedProjectRoleFailedEvent, p.view.ProcessedProjectRoleSequence, p.errorCountUntilSkip)
|
|
}
|