mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-13 14:18:31 +00:00
7eb45c6cfd
# Which Problems Are Solved Resource management of projects and sub-resources was before limited by the context provided by the management API, which would mean you could only manage resources belonging to a specific organization. # How the Problems Are Solved With the addition of a resource-based API, it is now possible to manage projects and sub-resources on the basis of the resources themselves, which means that as long as you have the permission for the resource, you can create, read, update and delete it. - CreateProject to create a project under an organization - UpdateProject to update an existing project - DeleteProject to delete an existing project - DeactivateProject and ActivateProject to change the status of a project - GetProject to query for a specific project with an identifier - ListProject to query for projects and granted projects - CreateProjectGrant to create a project grant with project and granted organization - UpdateProjectGrant to update the roles of a project grant - DeactivateProjectGrant and ActivateProjectGrant to change the status of a project grant - DeleteProjectGrant to delete an existing project grant - ListProjectGrants to query for project grants - AddProjectRole to add a role to an existing project - UpdateProjectRole to change texts of an existing role - RemoveProjectRole to remove an existing role - ListProjectRoles to query for project roles # Additional Changes - Changes to ListProjects, which now contains granted projects as well - Changes to messages as defined in the [API_DESIGN](https://github.com/zitadel/zitadel/blob/main/API_DESIGN.md) - Permission checks for project functionality on query and command side - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - ListProjects now also correctly lists `granted projects` - Permission checks for project grant and project role functionality on query and command side - Change existing pre checks so that they also work resource specific without resourceowner - Added the resourceowner to the grant and role if no resourceowner is provided - Corrected import tests with project grants and roles - Added testing to unit tests on command side - Change update endpoints to no error returns if nothing changes in the resource - Changed all integration test utility to the new service - Corrected some naming in the proto files to adhere to the API_DESIGN # Additional Context Closes #9177 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
656 lines
21 KiB
Go
656 lines
21 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"errors"
|
|
"slices"
|
|
"time"
|
|
|
|
sq "github.com/Masterminds/squirrel"
|
|
"github.com/zitadel/logging"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
|
"github.com/zitadel/zitadel/internal/query/projection"
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
var (
|
|
projectsTable = table{
|
|
name: projection.ProjectProjectionTable,
|
|
instanceIDCol: projection.ProjectColumnInstanceID,
|
|
}
|
|
ProjectColumnID = Column{
|
|
name: projection.ProjectColumnID,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnName = Column{
|
|
name: projection.ProjectColumnName,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnProjectRoleAssertion = Column{
|
|
name: projection.ProjectColumnProjectRoleAssertion,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnProjectRoleCheck = Column{
|
|
name: projection.ProjectColumnProjectRoleCheck,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnHasProjectCheck = Column{
|
|
name: projection.ProjectColumnHasProjectCheck,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnPrivateLabelingSetting = Column{
|
|
name: projection.ProjectColumnPrivateLabelingSetting,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnCreationDate = Column{
|
|
name: projection.ProjectColumnCreationDate,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnChangeDate = Column{
|
|
name: projection.ProjectColumnChangeDate,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnResourceOwner = Column{
|
|
name: projection.ProjectColumnResourceOwner,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnInstanceID = Column{
|
|
name: projection.ProjectColumnInstanceID,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnSequence = Column{
|
|
name: projection.ProjectColumnSequence,
|
|
table: projectsTable,
|
|
}
|
|
ProjectColumnState = Column{
|
|
name: projection.ProjectColumnState,
|
|
table: projectsTable,
|
|
}
|
|
)
|
|
|
|
var (
|
|
grantedProjectsAlias = table{
|
|
name: "granted_projects",
|
|
instanceIDCol: projection.ProjectColumnInstanceID,
|
|
}
|
|
GrantedProjectColumnID = Column{
|
|
name: projection.ProjectColumnID,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
GrantedProjectColumnCreationDate = Column{
|
|
name: projection.ProjectColumnCreationDate,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
GrantedProjectColumnChangeDate = Column{
|
|
name: projection.ProjectColumnChangeDate,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnResourceOwner = Column{
|
|
name: projection.ProjectColumnResourceOwner,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnInstanceID = Column{
|
|
name: projection.ProjectGrantColumnInstanceID,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnState = Column{
|
|
name: "project_state",
|
|
table: grantedProjectsAlias,
|
|
}
|
|
GrantedProjectColumnName = Column{
|
|
name: "project_name",
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnProjectRoleAssertion = Column{
|
|
name: projection.ProjectColumnProjectRoleAssertion,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnProjectRoleCheck = Column{
|
|
name: projection.ProjectColumnProjectRoleCheck,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnHasProjectCheck = Column{
|
|
name: projection.ProjectColumnHasProjectCheck,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnPrivateLabelingSetting = Column{
|
|
name: projection.ProjectColumnPrivateLabelingSetting,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnGrantResourceOwner = Column{
|
|
name: "project_grant_resource_owner",
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnGrantedOrganization = Column{
|
|
name: projection.ProjectGrantColumnGrantedOrgID,
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnGrantedOrganizationName = Column{
|
|
name: "granted_org_name",
|
|
table: grantedProjectsAlias,
|
|
}
|
|
grantedProjectColumnGrantState = Column{
|
|
name: "project_grant_state",
|
|
table: grantedProjectsAlias,
|
|
}
|
|
)
|
|
|
|
type Projects struct {
|
|
SearchResponse
|
|
Projects []*Project
|
|
}
|
|
|
|
func projectsCheckPermission(ctx context.Context, projects *Projects, permissionCheck domain.PermissionCheck) {
|
|
projects.Projects = slices.DeleteFunc(projects.Projects,
|
|
func(project *Project) bool {
|
|
return projectCheckPermission(ctx, project.ResourceOwner, project.ID, permissionCheck) != nil
|
|
},
|
|
)
|
|
}
|
|
|
|
func projectCheckPermission(ctx context.Context, resourceOwner string, projectID string, permissionCheck domain.PermissionCheck) error {
|
|
return permissionCheck(ctx, domain.PermissionProjectRead, resourceOwner, projectID)
|
|
}
|
|
|
|
func projectPermissionCheckV2(ctx context.Context, query sq.SelectBuilder, enabled bool, queries *ProjectAndGrantedProjectSearchQueries) sq.SelectBuilder {
|
|
if !enabled {
|
|
return query
|
|
}
|
|
join, args := PermissionClause(
|
|
ctx,
|
|
grantedProjectColumnResourceOwner,
|
|
domain.PermissionProjectRead,
|
|
SingleOrgPermissionOption(queries.Queries),
|
|
OwnedRowsPermissionOption(GrantedProjectColumnID),
|
|
)
|
|
return query.JoinClause(join, args...)
|
|
}
|
|
|
|
type Project struct {
|
|
ID string
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
ResourceOwner string
|
|
State domain.ProjectState
|
|
Sequence uint64
|
|
|
|
Name string
|
|
ProjectRoleAssertion bool
|
|
ProjectRoleCheck bool
|
|
HasProjectCheck bool
|
|
PrivateLabelingSetting domain.PrivateLabelingSetting
|
|
}
|
|
|
|
type ProjectSearchQueries struct {
|
|
SearchRequest
|
|
Queries []SearchQuery
|
|
GrantQueries []SearchQuery
|
|
}
|
|
|
|
func (q *Queries) GetProjectByIDWithPermission(ctx context.Context, shouldTriggerBulk bool, id string, permissionCheck domain.PermissionCheck) (*Project, error) {
|
|
project, err := q.ProjectByID(ctx, shouldTriggerBulk, id)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if err := projectCheckPermission(ctx, project.ResourceOwner, project.ID, permissionCheck); err != nil {
|
|
return nil, err
|
|
}
|
|
return project, nil
|
|
}
|
|
|
|
func (q *Queries) ProjectByID(ctx context.Context, shouldTriggerBulk bool, id string) (project *Project, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
if shouldTriggerBulk {
|
|
_, traceSpan := tracing.NewNamedSpan(ctx, "TriggerProjectProjection")
|
|
ctx, err = projection.ProjectProjection.Trigger(ctx, handler.WithAwaitRunning())
|
|
logging.OnError(err).Debug("trigger failed")
|
|
traceSpan.EndWithError(err)
|
|
}
|
|
|
|
stmt, scan := prepareProjectQuery()
|
|
eq := sq.Eq{
|
|
ProjectColumnID.identifier(): id,
|
|
ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID(),
|
|
}
|
|
query, args, err := stmt.Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-2m00Q", "Errors.Query.SQLStatment")
|
|
}
|
|
|
|
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
|
|
project, err = scan(row)
|
|
return err
|
|
}, query, args...)
|
|
return project, err
|
|
}
|
|
|
|
func (q *Queries) SearchProjects(ctx context.Context, queries *ProjectSearchQueries, permissionCheck domain.PermissionCheck) (*Projects, error) {
|
|
projects, err := q.searchProjects(ctx, queries)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if permissionCheck != nil {
|
|
projectsCheckPermission(ctx, projects, permissionCheck)
|
|
}
|
|
return projects, nil
|
|
}
|
|
|
|
func (q *Queries) searchProjects(ctx context.Context, queries *ProjectSearchQueries) (projects *Projects, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
query, scan := prepareProjectsQuery()
|
|
eq := sq.Eq{ProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
|
|
stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInvalidArgument(err, "QUERY-fn9ew", "Errors.Query.InvalidRequest")
|
|
}
|
|
|
|
err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
|
|
projects, err = scan(rows)
|
|
return err
|
|
}, stmt, args...)
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-2j00f", "Errors.Internal")
|
|
}
|
|
projects.State, err = q.latestState(ctx, projectsTable)
|
|
return projects, err
|
|
}
|
|
|
|
type ProjectAndGrantedProjectSearchQueries struct {
|
|
SearchRequest
|
|
Queries []SearchQuery
|
|
}
|
|
|
|
func (q *ProjectAndGrantedProjectSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
|
|
query = q.SearchRequest.toQuery(query)
|
|
for _, q := range q.Queries {
|
|
query = q.toQuery(query)
|
|
}
|
|
return query
|
|
}
|
|
|
|
func (q *Queries) SearchGrantedProjects(ctx context.Context, queries *ProjectAndGrantedProjectSearchQueries, permissionCheck domain.PermissionCheck) (*GrantedProjects, error) {
|
|
permissionCheckV2 := PermissionV2(ctx, permissionCheck)
|
|
projects, err := q.searchGrantedProjects(ctx, queries, permissionCheckV2)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if permissionCheck != nil && !authz.GetFeatures(ctx).PermissionCheckV2 {
|
|
grantedProjectsCheckPermission(ctx, projects, permissionCheck)
|
|
}
|
|
return projects, nil
|
|
}
|
|
|
|
func (q *Queries) searchGrantedProjects(ctx context.Context, queries *ProjectAndGrantedProjectSearchQueries, permissionCheckV2 bool) (grantedProjects *GrantedProjects, err error) {
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
query, scan := prepareGrantedProjectsQuery()
|
|
query = projectPermissionCheckV2(ctx, query, permissionCheckV2, queries)
|
|
eq := sq.Eq{grantedProjectColumnInstanceID.identifier(): authz.GetInstance(ctx).InstanceID()}
|
|
stmt, args, err := queries.toQuery(query).Where(eq).ToSql()
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInvalidArgument(err, "QUERY-T84X9", "Errors.Query.InvalidRequest")
|
|
}
|
|
|
|
err = q.client.QueryContext(ctx, func(rows *sql.Rows) error {
|
|
grantedProjects, err = scan(rows)
|
|
return err
|
|
}, stmt, args...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return grantedProjects, nil
|
|
}
|
|
|
|
func NewGrantedProjectNameSearchQuery(method TextComparison, value string) (SearchQuery, error) {
|
|
return NewTextQuery(GrantedProjectColumnName, value, method)
|
|
}
|
|
|
|
func NewGrantedProjectResourceOwnerSearchQuery(value string) (SearchQuery, error) {
|
|
return NewTextQuery(grantedProjectColumnResourceOwner, value, TextEquals)
|
|
}
|
|
|
|
func NewGrantedProjectIDSearchQuery(ids []string) (SearchQuery, error) {
|
|
list := make([]interface{}, len(ids))
|
|
for i, value := range ids {
|
|
list[i] = value
|
|
}
|
|
return NewListQuery(GrantedProjectColumnID, list, ListIn)
|
|
}
|
|
|
|
func NewGrantedProjectOrganizationIDSearchQuery(value string) (SearchQuery, error) {
|
|
project, err := NewTextQuery(grantedProjectColumnResourceOwner, value, TextEquals)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
grant, err := NewTextQuery(grantedProjectColumnGrantedOrganization, value, TextEquals)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return NewOrQuery(project, grant)
|
|
}
|
|
|
|
func NewGrantedProjectGrantResourceOwnerSearchQuery(value string) (SearchQuery, error) {
|
|
return NewTextQuery(grantedProjectColumnGrantResourceOwner, value, TextEquals)
|
|
}
|
|
|
|
func NewGrantedProjectGrantedOrganizationIDSearchQuery(value string) (SearchQuery, error) {
|
|
return NewTextQuery(grantedProjectColumnGrantedOrganization, value, TextEquals)
|
|
}
|
|
|
|
func NewProjectNameSearchQuery(method TextComparison, value string) (SearchQuery, error) {
|
|
return NewTextQuery(ProjectColumnName, value, method)
|
|
}
|
|
|
|
func NewProjectIDSearchQuery(ids []string) (SearchQuery, error) {
|
|
list := make([]interface{}, len(ids))
|
|
for i, value := range ids {
|
|
list[i] = value
|
|
}
|
|
return NewListQuery(ProjectColumnID, list, ListIn)
|
|
}
|
|
|
|
func NewProjectResourceOwnerSearchQuery(value string) (SearchQuery, error) {
|
|
return NewTextQuery(ProjectColumnResourceOwner, value, TextEquals)
|
|
}
|
|
|
|
func (r *ProjectSearchQueries) AppendMyResourceOwnerQuery(orgID string) error {
|
|
query, err := NewProjectResourceOwnerSearchQuery(orgID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
r.Queries = append(r.Queries, query)
|
|
return nil
|
|
}
|
|
|
|
func (r *ProjectSearchQueries) AppendPermissionQueries(permissions []string) error {
|
|
if !authz.HasGlobalPermission(permissions) {
|
|
ids := authz.GetAllPermissionCtxIDs(permissions)
|
|
query, err := NewProjectIDSearchQuery(ids)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
r.Queries = append(r.Queries, query)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (q *ProjectSearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
|
|
query = q.SearchRequest.toQuery(query)
|
|
for _, q := range q.Queries {
|
|
query = q.toQuery(query)
|
|
}
|
|
return query
|
|
}
|
|
|
|
func prepareProjectQuery() (sq.SelectBuilder, func(*sql.Row) (*Project, error)) {
|
|
return sq.Select(
|
|
ProjectColumnID.identifier(),
|
|
ProjectColumnCreationDate.identifier(),
|
|
ProjectColumnChangeDate.identifier(),
|
|
ProjectColumnResourceOwner.identifier(),
|
|
ProjectColumnState.identifier(),
|
|
ProjectColumnSequence.identifier(),
|
|
ProjectColumnName.identifier(),
|
|
ProjectColumnProjectRoleAssertion.identifier(),
|
|
ProjectColumnProjectRoleCheck.identifier(),
|
|
ProjectColumnHasProjectCheck.identifier(),
|
|
ProjectColumnPrivateLabelingSetting.identifier()).
|
|
From(projectsTable.identifier()).
|
|
PlaceholderFormat(sq.Dollar),
|
|
func(row *sql.Row) (*Project, error) {
|
|
p := new(Project)
|
|
err := row.Scan(
|
|
&p.ID,
|
|
&p.CreationDate,
|
|
&p.ChangeDate,
|
|
&p.ResourceOwner,
|
|
&p.State,
|
|
&p.Sequence,
|
|
&p.Name,
|
|
&p.ProjectRoleAssertion,
|
|
&p.ProjectRoleCheck,
|
|
&p.HasProjectCheck,
|
|
&p.PrivateLabelingSetting,
|
|
)
|
|
if err != nil {
|
|
if errors.Is(err, sql.ErrNoRows) {
|
|
return nil, zerrors.ThrowNotFound(err, "QUERY-fk2fs", "Errors.Project.NotFound")
|
|
}
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-dj2FF", "Errors.Internal")
|
|
}
|
|
return p, nil
|
|
}
|
|
}
|
|
|
|
func prepareProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*Projects, error)) {
|
|
return sq.Select(
|
|
ProjectColumnID.identifier(),
|
|
ProjectColumnCreationDate.identifier(),
|
|
ProjectColumnChangeDate.identifier(),
|
|
ProjectColumnResourceOwner.identifier(),
|
|
ProjectColumnState.identifier(),
|
|
ProjectColumnSequence.identifier(),
|
|
ProjectColumnName.identifier(),
|
|
ProjectColumnProjectRoleAssertion.identifier(),
|
|
ProjectColumnProjectRoleCheck.identifier(),
|
|
ProjectColumnHasProjectCheck.identifier(),
|
|
ProjectColumnPrivateLabelingSetting.identifier(),
|
|
countColumn.identifier()).
|
|
From(projectsTable.identifier()).
|
|
PlaceholderFormat(sq.Dollar),
|
|
func(rows *sql.Rows) (*Projects, error) {
|
|
projects := make([]*Project, 0)
|
|
var count uint64
|
|
for rows.Next() {
|
|
project := new(Project)
|
|
err := rows.Scan(
|
|
&project.ID,
|
|
&project.CreationDate,
|
|
&project.ChangeDate,
|
|
&project.ResourceOwner,
|
|
&project.State,
|
|
&project.Sequence,
|
|
&project.Name,
|
|
&project.ProjectRoleAssertion,
|
|
&project.ProjectRoleCheck,
|
|
&project.HasProjectCheck,
|
|
&project.PrivateLabelingSetting,
|
|
&count,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
projects = append(projects, project)
|
|
}
|
|
|
|
if err := rows.Close(); err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-QMXJv", "Errors.Query.CloseRows")
|
|
}
|
|
|
|
return &Projects{
|
|
Projects: projects,
|
|
SearchResponse: SearchResponse{
|
|
Count: count,
|
|
},
|
|
}, nil
|
|
}
|
|
}
|
|
|
|
type GrantedProjects struct {
|
|
SearchResponse
|
|
GrantedProjects []*GrantedProject
|
|
}
|
|
|
|
func grantedProjectsCheckPermission(ctx context.Context, grantedProjects *GrantedProjects, permissionCheck domain.PermissionCheck) {
|
|
grantedProjects.GrantedProjects = slices.DeleteFunc(grantedProjects.GrantedProjects,
|
|
func(grantedProject *GrantedProject) bool {
|
|
return projectCheckPermission(ctx, grantedProject.ResourceOwner, grantedProject.ProjectID, permissionCheck) != nil
|
|
},
|
|
)
|
|
}
|
|
|
|
type GrantedProject struct {
|
|
ProjectID string
|
|
CreationDate time.Time
|
|
ChangeDate time.Time
|
|
ResourceOwner string
|
|
InstanceID string
|
|
ProjectState domain.ProjectState
|
|
ProjectName string
|
|
|
|
ProjectRoleAssertion bool
|
|
ProjectRoleCheck bool
|
|
HasProjectCheck bool
|
|
PrivateLabelingSetting domain.PrivateLabelingSetting
|
|
|
|
GrantedOrgID string
|
|
OrgName string
|
|
ProjectGrantState domain.ProjectGrantState
|
|
}
|
|
|
|
func prepareGrantedProjectsQuery() (sq.SelectBuilder, func(*sql.Rows) (*GrantedProjects, error)) {
|
|
return sq.Select(
|
|
GrantedProjectColumnID.identifier(),
|
|
GrantedProjectColumnCreationDate.identifier(),
|
|
GrantedProjectColumnChangeDate.identifier(),
|
|
grantedProjectColumnResourceOwner.identifier(),
|
|
grantedProjectColumnInstanceID.identifier(),
|
|
grantedProjectColumnState.identifier(),
|
|
GrantedProjectColumnName.identifier(),
|
|
grantedProjectColumnProjectRoleAssertion.identifier(),
|
|
grantedProjectColumnProjectRoleCheck.identifier(),
|
|
grantedProjectColumnHasProjectCheck.identifier(),
|
|
grantedProjectColumnPrivateLabelingSetting.identifier(),
|
|
grantedProjectColumnGrantedOrganization.identifier(),
|
|
grantedProjectColumnGrantedOrganizationName.identifier(),
|
|
grantedProjectColumnGrantState.identifier(),
|
|
countColumn.identifier(),
|
|
).From(getProjectsAndGrantedProjectsFromQuery()).
|
|
PlaceholderFormat(sq.Dollar),
|
|
func(rows *sql.Rows) (*GrantedProjects, error) {
|
|
projects := make([]*GrantedProject, 0)
|
|
var (
|
|
count uint64
|
|
orgID = sql.NullString{}
|
|
orgName = sql.NullString{}
|
|
projectGrantState = sql.NullInt16{}
|
|
)
|
|
for rows.Next() {
|
|
grantedProject := new(GrantedProject)
|
|
err := rows.Scan(
|
|
&grantedProject.ProjectID,
|
|
&grantedProject.CreationDate,
|
|
&grantedProject.ChangeDate,
|
|
&grantedProject.ResourceOwner,
|
|
&grantedProject.InstanceID,
|
|
&grantedProject.ProjectState,
|
|
&grantedProject.ProjectName,
|
|
&grantedProject.ProjectRoleAssertion,
|
|
&grantedProject.ProjectRoleCheck,
|
|
&grantedProject.HasProjectCheck,
|
|
&grantedProject.PrivateLabelingSetting,
|
|
&orgID,
|
|
&orgName,
|
|
&projectGrantState,
|
|
&count,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if orgID.Valid {
|
|
grantedProject.GrantedOrgID = orgID.String
|
|
}
|
|
if orgName.Valid {
|
|
grantedProject.OrgName = orgName.String
|
|
}
|
|
if projectGrantState.Valid {
|
|
grantedProject.ProjectGrantState = domain.ProjectGrantState(projectGrantState.Int16)
|
|
}
|
|
projects = append(projects, grantedProject)
|
|
}
|
|
|
|
if err := rows.Close(); err != nil {
|
|
return nil, zerrors.ThrowInternal(err, "QUERY-K9gEE", "Errors.Query.CloseRows")
|
|
}
|
|
|
|
return &GrantedProjects{
|
|
GrantedProjects: projects,
|
|
SearchResponse: SearchResponse{
|
|
Count: count,
|
|
},
|
|
}, nil
|
|
}
|
|
}
|
|
|
|
func getProjectsAndGrantedProjectsFromQuery() string {
|
|
return "(" +
|
|
prepareProjects() +
|
|
" UNION ALL " +
|
|
prepareGrantedProjects() +
|
|
") AS " + grantedProjectsAlias.identifier()
|
|
}
|
|
|
|
func prepareProjects() string {
|
|
builder := sq.Select(
|
|
ProjectColumnID.identifier()+" AS "+GrantedProjectColumnID.name,
|
|
ProjectColumnCreationDate.identifier()+" AS "+GrantedProjectColumnCreationDate.name,
|
|
ProjectColumnChangeDate.identifier()+" AS "+GrantedProjectColumnChangeDate.name,
|
|
ProjectColumnResourceOwner.identifier()+" AS "+grantedProjectColumnResourceOwner.name,
|
|
ProjectColumnInstanceID.identifier()+" AS "+grantedProjectColumnInstanceID.name,
|
|
ProjectColumnState.identifier()+" AS "+grantedProjectColumnState.name,
|
|
ProjectColumnName.identifier()+" AS "+GrantedProjectColumnName.name,
|
|
ProjectColumnProjectRoleAssertion.identifier()+" AS "+grantedProjectColumnProjectRoleAssertion.name,
|
|
ProjectColumnProjectRoleCheck.identifier()+" AS "+grantedProjectColumnProjectRoleCheck.name,
|
|
ProjectColumnHasProjectCheck.identifier()+" AS "+grantedProjectColumnHasProjectCheck.name,
|
|
ProjectColumnPrivateLabelingSetting.identifier()+" AS "+grantedProjectColumnPrivateLabelingSetting.name,
|
|
"NULL::TEXT AS "+grantedProjectColumnGrantResourceOwner.name,
|
|
"NULL::TEXT AS "+grantedProjectColumnGrantedOrganization.name,
|
|
"NULL::TEXT AS "+grantedProjectColumnGrantedOrganizationName.name,
|
|
"NULL::SMALLINT AS "+grantedProjectColumnGrantState.name,
|
|
countColumn.identifier()).
|
|
From(projectsTable.identifier()).
|
|
PlaceholderFormat(sq.Dollar)
|
|
|
|
stmt, _ := builder.MustSql()
|
|
return stmt
|
|
}
|
|
|
|
func prepareGrantedProjects() string {
|
|
grantedOrgTable := orgsTable.setAlias(ProjectGrantGrantedOrgTableAlias)
|
|
grantedOrgIDColumn := OrgColumnID.setTable(grantedOrgTable)
|
|
builder := sq.Select(
|
|
ProjectGrantColumnProjectID.identifier()+" AS "+GrantedProjectColumnID.name,
|
|
ProjectGrantColumnCreationDate.identifier()+" AS "+GrantedProjectColumnCreationDate.name,
|
|
ProjectGrantColumnChangeDate.identifier()+" AS "+GrantedProjectColumnChangeDate.name,
|
|
ProjectColumnResourceOwner.identifier()+" AS "+grantedProjectColumnResourceOwner.name,
|
|
ProjectGrantColumnInstanceID.identifier()+" AS "+grantedProjectColumnInstanceID.name,
|
|
ProjectColumnState.identifier()+" AS "+grantedProjectColumnState.name,
|
|
ProjectColumnName.identifier()+" AS "+GrantedProjectColumnName.name,
|
|
ProjectColumnProjectRoleAssertion.identifier()+" AS "+grantedProjectColumnProjectRoleAssertion.name,
|
|
ProjectColumnProjectRoleCheck.identifier()+" AS "+grantedProjectColumnProjectRoleCheck.name,
|
|
ProjectColumnHasProjectCheck.identifier()+" AS "+grantedProjectColumnHasProjectCheck.name,
|
|
ProjectColumnPrivateLabelingSetting.identifier()+" AS "+grantedProjectColumnPrivateLabelingSetting.name,
|
|
ProjectGrantColumnResourceOwner.identifier()+" AS "+grantedProjectColumnGrantResourceOwner.name,
|
|
ProjectGrantColumnGrantedOrgID.identifier()+" AS "+grantedProjectColumnGrantedOrganization.name,
|
|
ProjectGrantColumnGrantedOrgName.identifier()+" AS "+grantedProjectColumnGrantedOrganizationName.name,
|
|
ProjectGrantColumnState.identifier()+" AS "+grantedProjectColumnGrantState.name,
|
|
countColumn.identifier()).
|
|
From(projectGrantsTable.identifier()).
|
|
PlaceholderFormat(sq.Dollar).
|
|
LeftJoin(join(ProjectColumnID, ProjectGrantColumnProjectID)).
|
|
LeftJoin(join(grantedOrgIDColumn, ProjectGrantColumnGrantedOrgID))
|
|
|
|
stmt, _ := builder.MustSql()
|
|
return stmt
|
|
}
|