mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-15 14:18:36 +00:00
7eb45c6cfd
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
128 lines
3.1 KiB
Go
128 lines
3.1 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/repository/project"
|
|
)
|
|
|
|
type ProjectRoleWriteModel struct {
|
|
eventstore.WriteModel
|
|
|
|
Key string
|
|
DisplayName string
|
|
Group string
|
|
State domain.ProjectRoleState
|
|
}
|
|
|
|
func (wm *ProjectRoleWriteModel) GetWriteModel() *eventstore.WriteModel {
|
|
return &wm.WriteModel
|
|
}
|
|
|
|
func NewProjectRoleWriteModelWithKey(key, projectID, resourceOwner string) *ProjectRoleWriteModel {
|
|
return &ProjectRoleWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: projectID,
|
|
ResourceOwner: resourceOwner,
|
|
},
|
|
Key: key,
|
|
}
|
|
}
|
|
|
|
func NewProjectRoleWriteModel(projectID, resourceOwner string) *ProjectRoleWriteModel {
|
|
return &ProjectRoleWriteModel{
|
|
WriteModel: eventstore.WriteModel{
|
|
AggregateID: projectID,
|
|
ResourceOwner: resourceOwner,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (wm *ProjectRoleWriteModel) AppendEvents(events ...eventstore.Event) {
|
|
for _, event := range events {
|
|
switch e := event.(type) {
|
|
case *project.RoleAddedEvent:
|
|
if e.Key == wm.Key {
|
|
wm.WriteModel.AppendEvents(e)
|
|
}
|
|
case *project.RoleChangedEvent:
|
|
if e.Key == wm.Key {
|
|
wm.WriteModel.AppendEvents(e)
|
|
}
|
|
case *project.RoleRemovedEvent:
|
|
if e.Key == wm.Key {
|
|
wm.WriteModel.AppendEvents(e)
|
|
}
|
|
case *project.ProjectRemovedEvent:
|
|
wm.WriteModel.AppendEvents(e)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (wm *ProjectRoleWriteModel) Reduce() error {
|
|
for _, event := range wm.Events {
|
|
switch e := event.(type) {
|
|
case *project.RoleAddedEvent:
|
|
wm.Key = e.Key
|
|
wm.DisplayName = e.DisplayName
|
|
wm.Group = e.Group
|
|
wm.State = domain.ProjectRoleStateActive
|
|
case *project.RoleChangedEvent:
|
|
wm.Key = e.Key
|
|
if e.DisplayName != nil {
|
|
wm.DisplayName = *e.DisplayName
|
|
}
|
|
if e.Group != nil {
|
|
wm.Group = *e.Group
|
|
}
|
|
case *project.RoleRemovedEvent:
|
|
wm.State = domain.ProjectRoleStateRemoved
|
|
case *project.ProjectRemovedEvent:
|
|
wm.State = domain.ProjectRoleStateRemoved
|
|
}
|
|
}
|
|
return wm.WriteModel.Reduce()
|
|
}
|
|
|
|
func (wm *ProjectRoleWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
|
|
ResourceOwner(wm.ResourceOwner).
|
|
AddQuery().
|
|
AggregateTypes(project.AggregateType).
|
|
AggregateIDs(wm.AggregateID).
|
|
EventTypes(
|
|
project.RoleAddedType,
|
|
project.RoleChangedType,
|
|
project.RoleRemovedType,
|
|
project.ProjectRemovedType).
|
|
Builder()
|
|
}
|
|
|
|
func (wm *ProjectRoleWriteModel) NewProjectRoleChangedEvent(
|
|
ctx context.Context,
|
|
aggregate *eventstore.Aggregate,
|
|
key,
|
|
displayName,
|
|
group string,
|
|
) (*project.RoleChangedEvent, bool, error) {
|
|
changes := make([]project.RoleChanges, 0)
|
|
var err error
|
|
|
|
if wm.DisplayName != displayName {
|
|
changes = append(changes, project.ChangeDisplayName(displayName))
|
|
}
|
|
if wm.Group != group {
|
|
changes = append(changes, project.ChangeGroup(group))
|
|
}
|
|
if len(changes) == 0 {
|
|
return nil, false, nil
|
|
}
|
|
changeEvent, err := project.NewRoleChangedEvent(ctx, aggregate, key, changes)
|
|
if err != nil {
|
|
return nil, false, err
|
|
}
|
|
return changeEvent, true, nil
|
|
}
|