mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-06 10:32:19 +00:00
d7f202d20f
# Which Problems Are Solved When a project is created by a user with only the `PROJECT_CREATOR` role, they can no longer view/manage the created project. Although the project is created, the user sees the following error: `No matching permissions found (AUTH-3jknH)`. This is due to the [removal](https://github.com/zitadel/zitadel/pull/9317) of auto-assignment of the `PROJECT_OWNER` role when a project is newly created. # How the Problems Are Solved By introducing optional fields in the CreateProject API to include a list of users and a list of project member roles to be assigned to the users. When there are no roles mentioned, the `PROJECT_OWNER` role is assigned by default to all the users mentioned in the list. # Additional Changes N/A # Additional Context - Closes #10561 - Closes #10592 - Should be backported as this issue is not specific to v4 --------- Co-authored-by: conblem <mail@conblem.me> Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> Co-authored-by: Livio Spring <livio.a@gmail.com>
179 lines
5.9 KiB
Go
179 lines
5.9 KiB
Go
package project
|
|
|
|
import (
|
|
"context"
|
|
|
|
"connectrpc.com/connect"
|
|
"github.com/muhlemmer/gu"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
"github.com/zitadel/zitadel/internal/command"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
project_pb "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
|
|
)
|
|
|
|
func (s *Server) CreateProject(ctx context.Context, req *connect.Request[project_pb.CreateProjectRequest]) (*connect.Response[project_pb.CreateProjectResponse], error) {
|
|
add := projectCreateToCommand(req.Msg)
|
|
project, err := s.command.AddProject(ctx, add)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var creationDate *timestamppb.Timestamp
|
|
if !project.EventDate.IsZero() {
|
|
creationDate = timestamppb.New(project.EventDate)
|
|
}
|
|
return connect.NewResponse(&project_pb.CreateProjectResponse{
|
|
Id: add.AggregateID,
|
|
CreationDate: creationDate,
|
|
}), nil
|
|
}
|
|
|
|
func projectCreateToCommand(req *project_pb.CreateProjectRequest) *command.AddProject {
|
|
admins := projectCreateAdminsToCommand(req.GetAdmins())
|
|
var aggregateID string
|
|
if req.Id != nil {
|
|
aggregateID = *req.Id
|
|
}
|
|
return &command.AddProject{
|
|
ObjectRoot: models.ObjectRoot{
|
|
ResourceOwner: req.OrganizationId,
|
|
AggregateID: aggregateID,
|
|
},
|
|
Name: req.Name,
|
|
ProjectRoleAssertion: req.ProjectRoleAssertion,
|
|
ProjectRoleCheck: req.AuthorizationRequired,
|
|
HasProjectCheck: req.ProjectAccessRequired,
|
|
PrivateLabelingSetting: privateLabelingSettingToDomain(req.PrivateLabelingSetting),
|
|
Admins: admins,
|
|
}
|
|
}
|
|
|
|
func projectCreateAdminsToCommand(requestAdmins []*project_pb.CreateProjectRequest_Admin) []*command.AddProjectAdmin {
|
|
if len(requestAdmins) == 0 {
|
|
return nil
|
|
}
|
|
admins := make([]*command.AddProjectAdmin, len(requestAdmins))
|
|
for i, admin := range requestAdmins {
|
|
admins[i] = &command.AddProjectAdmin{
|
|
ID: admin.GetUserId(),
|
|
Roles: admin.GetRoles(),
|
|
}
|
|
}
|
|
return admins
|
|
}
|
|
|
|
func privateLabelingSettingToDomain(setting project_pb.PrivateLabelingSetting) domain.PrivateLabelingSetting {
|
|
switch setting {
|
|
case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ALLOW_LOGIN_USER_RESOURCE_OWNER_POLICY:
|
|
return domain.PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy
|
|
case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_ENFORCE_PROJECT_RESOURCE_OWNER_POLICY:
|
|
return domain.PrivateLabelingSettingEnforceProjectResourceOwnerPolicy
|
|
case project_pb.PrivateLabelingSetting_PRIVATE_LABELING_SETTING_UNSPECIFIED:
|
|
return domain.PrivateLabelingSettingUnspecified
|
|
default:
|
|
return domain.PrivateLabelingSettingUnspecified
|
|
}
|
|
}
|
|
|
|
func (s *Server) UpdateProject(ctx context.Context, req *connect.Request[project_pb.UpdateProjectRequest]) (*connect.Response[project_pb.UpdateProjectResponse], error) {
|
|
project, err := s.command.ChangeProject(ctx, projectUpdateToCommand(req.Msg))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var changeDate *timestamppb.Timestamp
|
|
if !project.EventDate.IsZero() {
|
|
changeDate = timestamppb.New(project.EventDate)
|
|
}
|
|
return connect.NewResponse(&project_pb.UpdateProjectResponse{
|
|
ChangeDate: changeDate,
|
|
}), nil
|
|
}
|
|
|
|
func projectUpdateToCommand(req *project_pb.UpdateProjectRequest) *command.ChangeProject {
|
|
var labeling *domain.PrivateLabelingSetting
|
|
if req.PrivateLabelingSetting != nil {
|
|
labeling = gu.Ptr(privateLabelingSettingToDomain(*req.PrivateLabelingSetting))
|
|
}
|
|
return &command.ChangeProject{
|
|
ObjectRoot: models.ObjectRoot{
|
|
AggregateID: req.Id,
|
|
},
|
|
Name: req.Name,
|
|
ProjectRoleAssertion: req.ProjectRoleAssertion,
|
|
ProjectRoleCheck: req.ProjectRoleCheck,
|
|
HasProjectCheck: req.HasProjectCheck,
|
|
PrivateLabelingSetting: labeling,
|
|
}
|
|
}
|
|
|
|
func (s *Server) DeleteProject(ctx context.Context, req *connect.Request[project_pb.DeleteProjectRequest]) (*connect.Response[project_pb.DeleteProjectResponse], error) {
|
|
userGrantIDs, err := s.userGrantsFromProject(ctx, req.Msg.GetId())
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
deletedAt, err := s.command.DeleteProject(ctx, req.Msg.GetId(), "", userGrantIDs...)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var deletionDate *timestamppb.Timestamp
|
|
if !deletedAt.IsZero() {
|
|
deletionDate = timestamppb.New(deletedAt)
|
|
}
|
|
return connect.NewResponse(&project_pb.DeleteProjectResponse{
|
|
DeletionDate: deletionDate,
|
|
}), nil
|
|
}
|
|
|
|
func (s *Server) userGrantsFromProject(ctx context.Context, projectID string) ([]string, error) {
|
|
projectQuery, err := query.NewUserGrantProjectIDSearchQuery(projectID)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
userGrants, err := s.query.UserGrants(ctx, &query.UserGrantsQueries{
|
|
Queries: []query.SearchQuery{projectQuery},
|
|
}, false, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return userGrantsToIDs(userGrants.UserGrants), nil
|
|
}
|
|
|
|
func (s *Server) DeactivateProject(ctx context.Context, req *connect.Request[project_pb.DeactivateProjectRequest]) (*connect.Response[project_pb.DeactivateProjectResponse], error) {
|
|
details, err := s.command.DeactivateProject(ctx, req.Msg.GetId(), "")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var changeDate *timestamppb.Timestamp
|
|
if !details.EventDate.IsZero() {
|
|
changeDate = timestamppb.New(details.EventDate)
|
|
}
|
|
return connect.NewResponse(&project_pb.DeactivateProjectResponse{
|
|
ChangeDate: changeDate,
|
|
}), nil
|
|
}
|
|
|
|
func (s *Server) ActivateProject(ctx context.Context, req *connect.Request[project_pb.ActivateProjectRequest]) (*connect.Response[project_pb.ActivateProjectResponse], error) {
|
|
details, err := s.command.ReactivateProject(ctx, req.Msg.GetId(), "")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
var changeDate *timestamppb.Timestamp
|
|
if !details.EventDate.IsZero() {
|
|
changeDate = timestamppb.New(details.EventDate)
|
|
}
|
|
return connect.NewResponse(&project_pb.ActivateProjectResponse{
|
|
ChangeDate: changeDate,
|
|
}), nil
|
|
}
|
|
|
|
func userGrantsToIDs(userGrants []*query.UserGrant) []string {
|
|
converted := make([]string, len(userGrants))
|
|
for i, grant := range userGrants {
|
|
converted[i] = grant.ID
|
|
}
|
|
return converted
|
|
}
|