zitadel/internal/query/zitadel_permission.go
Silvan b5564572bc
feat(eventstore): increase parallel write capabilities (#5940)
This implementation increases parallel write capabilities of the eventstore.
Please have a look at the technical advisories: [05](https://zitadel.com/docs/support/advisory/a10005) and  [06](https://zitadel.com/docs/support/advisory/a10006).
The implementation of eventstore.push is rewritten and stored events are migrated to a new table `eventstore.events2`.
If you are using cockroach: make sure that the database user of ZITADEL has `VIEWACTIVITY` grant. This is used to query events.
2023-10-19 12:19:10 +02:00

56 lines
1.6 KiB
Go

package query
import (
"context"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
)
func (q *Queries) MyZitadelPermissions(ctx context.Context, orgID, userID string) (_ *domain.Permissions, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
userIDQuery, err := NewMembershipUserIDQuery(userID)
if err != nil {
return nil, err
}
orgIDsQuery, err := NewMembershipResourceOwnersSearchQuery(orgID, authz.GetInstance(ctx).InstanceID())
if err != nil {
return nil, err
}
grantedOrgIDQuery, err := NewMembershipGrantedOrgIDSearchQuery(orgID)
if err != nil {
return nil, err
}
memberships, err := q.Memberships(ctx, &MembershipSearchQuery{
Queries: []SearchQuery{userIDQuery, Or(orgIDsQuery, grantedOrgIDQuery)},
}, false, false)
if err != nil {
return nil, err
}
permissions := &domain.Permissions{Permissions: []string{}}
for _, membership := range memberships.Memberships {
for _, role := range membership.Roles {
permissions = q.mapRoleToPermission(permissions, membership, role)
}
}
return permissions, nil
}
func (q *Queries) mapRoleToPermission(permissions *domain.Permissions, membership *Membership, role string) *domain.Permissions {
for _, mapping := range q.zitadelRoles {
if mapping.Role == role {
ctxID := ""
if membership.Project != nil {
ctxID = membership.Project.ProjectID
} else if membership.ProjectGrant != nil {
ctxID = membership.ProjectGrant.GrantID
}
permissions.AppendPermissions(ctxID, mapping.Permissions...)
}
}
return permissions
}