feat: allow listing identities by organization ID

ory · Sep 12, 2024 · 5cfbf66 · 5cfbf66
1 parent f7c1024
commit 5cfbf66
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 0 deletions.
diff --git a/identity/handler.go b/identity/handler.go
@@ -171,6 +171,12 @@ type listIdentitiesParameters struct {
 	// in: query
 	DeclassifyCredentials []string `json:"include_credential"`
 
+	// OrganizationID is the organization id to filter identities by.
+	//
+	// If `ids` is set, this parameter is ignored.
+	// required: false
+	OrganizationID string `json:"organization_id"`
+
 	crdbx.ConsistencyRequestParameters
 }
 
@@ -211,6 +217,7 @@ func (h *Handler) list(w http.ResponseWriter, r *http.Request, _ httprouter.Para
 			IdsFilter:                    r.URL.Query()["ids"],
 			CredentialsIdentifier:        r.URL.Query().Get("credentials_identifier"),
 			CredentialsIdentifierSimilar: r.URL.Query().Get("preview_credentials_identifier_similar"),
+			OrganizationID:               x.ParseUUID(r.URL.Query().Get("organization_id")),
 			ConsistencyLevel:             crdbx.ConsistencyLevelFromRequest(r),
 			DeclassifyCredentials:        declassify,
 		}

diff --git a/identity/pool.go b/identity/pool.go
@@ -23,6 +23,7 @@ type (
 		CredentialsIdentifierSimilar string
 		DeclassifyCredentials        []CredentialsType
 		KeySetPagination             []keysetpagination.Option
+		OrganizationID               uuid.UUID
 		// DEPRECATED
 		PagePagination   *x.Page
 		ConsistencyLevel crdbx.ConsistencyLevel

diff --git a/internal/client-go/api_identity.go b/internal/client-go/api_identity.go
diff --git a/internal/httpclient/api_identity.go b/internal/httpclient/api_identity.go
diff --git a/persistence/sql/identity/persister_identity.go b/persistence/sql/identity/persister_identity.go
@@ -859,6 +859,11 @@ func (p *IdentityPersister) ListIdentities(ctx context.Context, params identity.
 				AND identities.id in (?)
 			`
 			args = append(args, params.IdsFilter)
+		} else if !params.OrganizationID.IsNil() {
+			wheres += `
+				AND identities.organization_id = ?
+			`
+			args = append(args, params.OrganizationID.String())
 		}
 
 		query := fmt.Sprintf(`

diff --git a/spec/api.json b/spec/api.json
@@ -4032,6 +4032,14 @@
               },
               "type": "array"
             }
+          },
+          {
+            "description": "OrganizationID is the organization id to filter identities by.\n\nIf `ids` is set, this parameter is ignored.",
+            "in": "query",
+            "name": "organization_id",
+            "schema": {
+              "type": "string"
+            }
           }
         ],
         "responses": {

diff --git a/spec/swagger.json b/spec/swagger.json
@@ -261,6 +261,12 @@
             "description": "Include Credentials in Response\n\nInclude any credential, for example `password` or `oidc`, in the response. When set to `oidc`, This will return\nthe initial OAuth 2.0 Access Token, OAuth 2.0 Refresh Token and the OpenID Connect ID Token if available.",
             "name": "include_credential",
             "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "OrganizationID is the organization id to filter identities by.\n\nIf `ids` is set, this parameter is ignored.",
+            "name": "organization_id",
+            "in": "query"
           }
         ],
         "responses": {