feat: add disable org on creation flag

raystack · Sep 2, 2023 · be7cbb1 · be7cbb1
1 parent 2d224c4
commit be7cbb1
Show file tree

Hide file tree

Showing 13 changed files with 959 additions and 178 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -260,7 +260,7 @@ func buildAPIDependencies(
 	)
 
 	organizationRepository := postgres.NewOrganizationRepository(dbc)
-	organizationService := organization.NewService(organizationRepository, relationService, userService, authnService)
+	organizationService := organization.NewService(organizationRepository, relationService, userService, authnService, cfg.App.OrgDisableOnCreation)
 
 	domainRepository := postgres.NewDomainRepository(logger, dbc)
 	domainService := domain.NewService(logger, domainRepository, userService, organizationService)

diff --git a/config/sample.config.yaml b/config/sample.config.yaml
@@ -29,6 +29,9 @@ app:
   # secret string "val://user:password"
   # optional
   resources_config_path_secret: env://TEST_RESOURCE_CONFIG_SECRET
+  # org_disable_on_creation if set to true will set the org status to disabled on creation. This can be used to
+  # prevent users from accessing the org until they contact the admin and get it enabled. Default is false
+  org_disable_on_creation: false
   # disable_orgs_listing if set to true will disallow non-admin APIs to list all organizations
   disable_orgs_listing: false
   # disable_orgs_listing if set to true will disallow non-admin APIs to list all users

diff --git a/core/organization/service.go b/core/organization/service.go
@@ -29,19 +29,21 @@ type AuthnService interface {
 }
 
 type Service struct {
-	repository      Repository
-	relationService RelationService
-	userService     UserService
-	authnService    AuthnService
+	repository           Repository
+	relationService      RelationService
+	userService          UserService
+	authnService         AuthnService
+	orgDisableOnCreation bool
 }
 
 func NewService(repository Repository, relationService RelationService,
-	userService UserService, authnService AuthnService) *Service {
+	userService UserService, authnService AuthnService, orgDisableOnCreation bool) *Service {
 	return &Service{
-		repository:      repository,
-		relationService: relationService,
-		userService:     userService,
-		authnService:    authnService,
+		repository:           repository,
+		relationService:      relationService,
+		userService:          userService,
+		authnService:         authnService,
+		orgDisableOnCreation: orgDisableOnCreation,
 	}
 }
 
@@ -58,10 +60,15 @@ func (s Service) Create(ctx context.Context, org Organization) (Organization, er
 		return Organization{}, fmt.Errorf("%w: %s", user.ErrNotExist, err.Error())
 	}
 
+	desiredState := Enabled
+	if s.orgDisableOnCreation {
+		desiredState = Disabled
+	}
 	newOrg, err := s.repository.Create(ctx, Organization{
 		Name:     org.Name,
 		Title:    org.Title,
 		Metadata: org.Metadata,
+		State:    desiredState,
 	})
 	if err != nil {
 		return Organization{}, err

diff --git a/docs/docs/configurations.md b/docs/docs/configurations.md
@@ -68,6 +68,9 @@ app:
   # secret string "val://user:password"
   # optional
   resources_config_path_secret: env://TEST_RESOURCE_CONFIG_SECRET
+  # org_disable_on_creation if set to true will set the org status to disabled on creation. This can be used to
+  # prevent users from accessing the org until they contact the admin and get it enabled. Default is false
+  org_disable_on_creation: false
   # disable_orgs_listing if set to true will disallow non-admin APIs to list all organizations
   disable_orgs_listing: false
   # disable_orgs_listing if set to true will disallow non-admin APIs to list all users

diff --git a/docs/docs/reference/configurations.md b/docs/docs/reference/configurations.md
@@ -35,6 +35,9 @@ app:
   # secret string "val://user:password"
   # optional
   resources_config_path_secret: env://TEST_RESOURCE_CONFIG_SECRET
+  # org_disable_on_creation if set to true will set the org status to disabled on creation. This can be used to
+  # prevent users from accessing the org until they contact the admin and get it enabled. Default is false
+  org_disable_on_creation: false
   # disable_orgs_listing if set to true will disallow non-admin APIs to list all organizations
   disable_orgs_listing: false
   # disable_orgs_listing if set to true will disallow non-admin APIs to list all users

diff --git a/internal/api/v1beta1/domain.go b/internal/api/v1beta1/domain.go
@@ -6,6 +6,7 @@ import (
 	grpczap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap"
 	"github.com/raystack/frontier/core/domain"
 	"github.com/raystack/frontier/core/organization"
+	"github.com/raystack/frontier/pkg/errors"
 	frontierv1beta1 "github.com/raystack/frontier/proto/v1beta1"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
@@ -32,20 +33,27 @@ type DomainService interface {
 
 func (h Handler) CreateOrganizationDomain(ctx context.Context, request *frontierv1beta1.CreateOrganizationDomainRequest) (*frontierv1beta1.CreateOrganizationDomainResponse, error) {
 	logger := grpczap.Extract(ctx)
-
-	if request.GetOrgId() == "" || request.GetDomain() == "" {
-		return nil, grpcBadBodyError
+	orgResp, err := h.orgService.Get(ctx, request.GetOrgId())
+	if err != nil {
+		logger.Error(err.Error())
+		switch {
+		case errors.Is(err, organization.ErrNotExist):
+			return nil, grpcOrgNotFoundErr
+		default:
+			return nil, grpcInternalServerError
+		}
+	}
+	if orgResp.State == organization.Disabled {
+		return nil, grpcOrgDisabledErr
 	}
 
 	dmn, err := h.domainService.Create(ctx, domain.Domain{
-		OrgID: request.GetOrgId(),
+		OrgID: orgResp.ID,
 		Name:  request.GetDomain(),
 	})
 	if err != nil {
 		logger.Error(err.Error())
 		switch err {
-		case organization.ErrNotExist:
-			return nil, grpcOrgNotFoundErr
 		case domain.ErrDuplicateKey:
 			return nil, grpcDomainAlreadyExistsErr
 		default:
@@ -59,16 +67,23 @@ func (h Handler) CreateOrganizationDomain(ctx context.Context, request *frontier
 
 func (h Handler) DeleteOrganizationDomain(ctx context.Context, request *frontierv1beta1.DeleteOrganizationDomainRequest) (*frontierv1beta1.DeleteOrganizationDomainResponse, error) {
 	logger := grpczap.Extract(ctx)
-
-	if request.GetId() == "" || request.GetOrgId() == "" {
-		return nil, grpcBadBodyError
+	orgResp, err := h.orgService.Get(ctx, request.GetOrgId())
+	if err != nil {
+		logger.Error(err.Error())
+		switch {
+		case errors.Is(err, organization.ErrNotExist):
+			return nil, grpcOrgNotFoundErr
+		default:
+			return nil, grpcInternalServerError
+		}
+	}
+	if orgResp.State == organization.Disabled {
+		return nil, grpcOrgDisabledErr
 	}
 
 	if err := h.domainService.Delete(ctx, request.GetId()); err != nil {
 		logger.Error(err.Error())
 		switch err {
-		case organization.ErrNotExist:
-			return nil, grpcOrgNotFoundErr
 		case domain.ErrNotExist:
 			return nil, grpcDomainNotFoundErr
 		default:
@@ -81,9 +96,18 @@ func (h Handler) DeleteOrganizationDomain(ctx context.Context, request *frontier
 
 func (h Handler) GetOrganizationDomain(ctx context.Context, request *frontierv1beta1.GetOrganizationDomainRequest) (*frontierv1beta1.GetOrganizationDomainResponse, error) {
 	logger := grpczap.Extract(ctx)
-
-	if request.GetId() == "" || request.GetOrgId() == "" {
-		return nil, grpcBadBodyError
+	orgResp, err := h.orgService.Get(ctx, request.GetOrgId())
+	if err != nil {
+		logger.Error(err.Error())
+		switch {
+		case errors.Is(err, organization.ErrNotExist):
+			return nil, grpcOrgNotFoundErr
+		default:
+			return nil, grpcInternalServerError
+		}
+	}
+	if orgResp.State == organization.Disabled {
+		return nil, grpcOrgDisabledErr
 	}
 
 	domainResp, err := h.domainService.Get(ctx, request.GetId())
@@ -103,9 +127,18 @@ func (h Handler) GetOrganizationDomain(ctx context.Context, request *frontierv1b
 
 func (h Handler) JoinOrganization(ctx context.Context, request *frontierv1beta1.JoinOrganizationRequest) (*frontierv1beta1.JoinOrganizationResponse, error) {
 	logger := grpczap.Extract(ctx)
-	orgId := request.GetOrgId()
-	if orgId == "" {
-		return nil, grpcBadBodyError
+	orgResp, err := h.orgService.Get(ctx, request.GetOrgId())
+	if err != nil {
+		logger.Error(err.Error())
+		switch {
+		case errors.Is(err, organization.ErrNotExist):
+			return nil, grpcOrgNotFoundErr
+		default:
+			return nil, grpcInternalServerError
+		}
+	}
+	if orgResp.State == organization.Disabled {
+		return nil, grpcOrgDisabledErr
 	}
 
 	// get current user
@@ -115,11 +148,9 @@ func (h Handler) JoinOrganization(ctx context.Context, request *frontierv1beta1.
 		return nil, grpcInternalServerError
 	}
 
-	if err := h.domainService.Join(ctx, orgId, principal.ID); err != nil {
+	if err := h.domainService.Join(ctx, orgResp.ID, principal.ID); err != nil {
 		logger.Error(err.Error())
 		switch err {
-		case organization.ErrNotExist:
-			return nil, grpcOrgNotFoundErr
 		case domain.ErrDomainsMisMatch:
 			return nil, grpcDomainMisMatchErr
 		default:
@@ -132,9 +163,18 @@ func (h Handler) JoinOrganization(ctx context.Context, request *frontierv1beta1.
 
 func (h Handler) VerifyOrganizationDomain(ctx context.Context, request *frontierv1beta1.VerifyOrganizationDomainRequest) (*frontierv1beta1.VerifyOrganizationDomainResponse, error) {
 	logger := grpczap.Extract(ctx)
-
-	if request.GetId() == "" || request.GetOrgId() == "" {
-		return nil, grpcBadBodyError
+	orgResp, err := h.orgService.Get(ctx, request.GetOrgId())
+	if err != nil {
+		logger.Error(err.Error())
+		switch {
+		case errors.Is(err, organization.ErrNotExist):
+			return nil, grpcOrgNotFoundErr
+		default:
+			return nil, grpcInternalServerError
+		}
+	}
+	if orgResp.State == organization.Disabled {
+		return nil, grpcOrgDisabledErr
 	}
 
 	domainResp, err := h.domainService.VerifyDomain(ctx, request.GetId())
@@ -157,12 +197,21 @@ func (h Handler) VerifyOrganizationDomain(ctx context.Context, request *frontier
 
 func (h Handler) ListOrganizationDomains(ctx context.Context, request *frontierv1beta1.ListOrganizationDomainsRequest) (*frontierv1beta1.ListOrganizationDomainsResponse, error) {
 	logger := grpczap.Extract(ctx)
-
-	if request.GetOrgId() == "" {
-		return nil, grpcBadBodyError
+	orgResp, err := h.orgService.Get(ctx, request.GetOrgId())
+	if err != nil {
+		logger.Error(err.Error())
+		switch {
+		case errors.Is(err, organization.ErrNotExist):
+			return nil, grpcOrgNotFoundErr
+		default:
+			return nil, grpcInternalServerError
+		}
+	}
+	if orgResp.State == organization.Disabled {
+		return nil, grpcOrgDisabledErr
 	}
 
-	domains, err := h.domainService.List(ctx, domain.Filter{OrgID: request.GetOrgId(), State: domain.Status(request.GetState())})
+	domains, err := h.domainService.List(ctx, domain.Filter{OrgID: orgResp.ID, State: domain.Status(request.GetState())})
 	if err != nil {
 		logger.Error(err.Error())
 		return nil, grpcInternalServerError