TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
dd33538c0a
zitadel/internal/query/restrictions.go
Elio Bischof dd33538c0a
feat: restrict languages (#6931) 
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* finish reverting to old property name

* finish reverting to old property name

* load languages

* refactor(i18n): centralize translators and fs

* lint

* amplify no validations on preferred languages

* fix integration test

* lint

* fix resetting allowed languages

* test unchanged restrictions
2023-12-05 11:12:01 +00:00

124 lines
3.9 KiB
Go
Raw Blame History

package query
import (
"context"
"database/sql"
"errors"
"time"
sq "github.com/Masterminds/squirrel"
"golang.org/x/text/language"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/api/call"
"github.com/zitadel/zitadel/internal/database"
"github.com/zitadel/zitadel/internal/domain"
zitade_errors "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/query/projection"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
)
var (
restrictionsTable = table{
name: projection.RestrictionsProjectionTable,
instanceIDCol: projection.RestrictionsColumnInstanceID,
}
RestrictionsColumnAggregateID = Column{
name: projection.RestrictionsColumnAggregateID,
table: restrictionsTable,
}
RestrictionsColumnCreationDate = Column{
name: projection.RestrictionsColumnCreationDate,
table: restrictionsTable,
}
RestrictionsColumnChangeDate = Column{
name: projection.RestrictionsColumnChangeDate,
table: restrictionsTable,
}
RestrictionsColumnResourceOwner = Column{
name: projection.RestrictionsColumnResourceOwner,
table: restrictionsTable,
}
RestrictionsColumnInstanceID = Column{
name: projection.RestrictionsColumnInstanceID,
table: restrictionsTable,
}
RestrictionsColumnSequence = Column{
name: projection.RestrictionsColumnSequence,
table: restrictionsTable,
}
RestrictionsColumnDisallowPublicOrgRegistration = Column{
name: projection.RestrictionsColumnDisallowPublicOrgRegistration,
table: restrictionsTable,
}
RestrictionsColumnAllowedLanguages = Column{
name: projection.RestrictionsColumnAllowedLanguages,
table: restrictionsTable,
}
)
type Restrictions struct {
AggregateID string
CreationDate time.Time
ChangeDate time.Time
ResourceOwner string
Sequence uint64
DisallowPublicOrgRegistration bool
AllowedLanguages []language.Tag
}
func (q *Queries) GetInstanceRestrictions(ctx context.Context) (restrictions Restrictions, err error) {
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
stmt, scan := prepareRestrictionsQuery(ctx, q.client)
instanceID := authz.GetInstance(ctx).InstanceID()
query, args, err := stmt.Where(sq.Eq{
RestrictionsColumnInstanceID.identifier(): instanceID,
RestrictionsColumnResourceOwner.identifier(): instanceID,
}).ToSql()
if err != nil {
return restrictions, zitade_errors.ThrowInternal(err, "QUERY-XnLMQ", "Errors.Query.SQLStatment")
}
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
restrictions, err = scan(row)
return err
}, query, args...)
if errors.Is(err, sql.ErrNoRows) {
// not found is not an error
err = nil
}
return restrictions, err
}
func prepareRestrictionsQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilder, func(*sql.Row) (Restrictions, error)) {
return sq.Select(
RestrictionsColumnAggregateID.identifier(),
RestrictionsColumnCreationDate.identifier(),
RestrictionsColumnChangeDate.identifier(),
RestrictionsColumnResourceOwner.identifier(),
RestrictionsColumnSequence.identifier(),
RestrictionsColumnDisallowPublicOrgRegistration.identifier(),
RestrictionsColumnAllowedLanguages.identifier(),
).
From(restrictionsTable.identifier() + db.Timetravel(call.Took(ctx))).
PlaceholderFormat(sq.Dollar),
func(row *sql.Row) (restrictions Restrictions, err error) {
allowedLanguages := database.TextArray[string](make([]string, 0))
disallowPublicOrgRegistration := sql.NullBool{}
err = row.Scan(
&restrictions.AggregateID,
&restrictions.CreationDate,
&restrictions.ChangeDate,
&restrictions.ResourceOwner,
&restrictions.Sequence,
&disallowPublicOrgRegistration,
&allowedLanguages,
)
restrictions.DisallowPublicOrgRegistration = disallowPublicOrgRegistration.Bool
restrictions.AllowedLanguages = domain.StringsToLanguages(allowedLanguages)
return restrictions, err
}
}
Reference in New Issue View Git Blame Copy Permalink