mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-05 14:37:45 +00:00
0e181b218c
This PR adds the functionality to manage user schemas through the new user schema service. It includes the possibility to create a basic JSON schema and also provides a way on defining permissions (read, write) for owner and self context with an annotation. Further annotations for OIDC claims and SAML attribute mappings will follow. A guide on how to create a schema and assign permissions has been started. It will be extended though out the process of implementing the schema and users based on those. Note: This feature is in an early stage and therefore not enabled by default. To test it out, please enable the UserSchema feature flag on your instance / system though the feature service.
42 lines
1018 B
Go
42 lines
1018 B
Go
package schema
|
|
|
|
import (
|
|
_ "embed"
|
|
"io"
|
|
"strings"
|
|
|
|
"github.com/santhosh-tekuri/jsonschema/v5"
|
|
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
var (
|
|
//go:embed zitadel.schema.v1.json
|
|
zitadelJSON string
|
|
)
|
|
|
|
const (
|
|
MetaSchemaID = "urn:zitadel:schema:v1"
|
|
)
|
|
|
|
func NewSchema(role role, r io.Reader) (*jsonschema.Schema, error) {
|
|
c := jsonschema.NewCompiler()
|
|
if err := c.AddResource(PermissionSchemaID, strings.NewReader(permissionJSON)); err != nil {
|
|
return nil, err
|
|
}
|
|
if err := c.AddResource(MetaSchemaID, strings.NewReader(zitadelJSON)); err != nil {
|
|
return nil, err
|
|
}
|
|
c.RegisterExtension(PermissionSchemaID, permissionSchema, permissionExtension{
|
|
role,
|
|
})
|
|
if err := c.AddResource("schema.json", r); err != nil {
|
|
return nil, zerrors.ThrowInvalidArgument(err, "COMMA-Frh42", "Errors.UserSchema.Schema.Invalid")
|
|
}
|
|
schema, err := c.Compile("schema.json")
|
|
if err != nil {
|
|
return nil, zerrors.ThrowInvalidArgument(err, "COMMA-W21tg", "Errors.UserSchema.Schema.Invalid")
|
|
}
|
|
return schema, nil
|
|
}
|