Add ProjectRoles field to GetUserResponse (#3755)

* Add ProjectRoles field to GetUserResponse Signed-off-by: Radoslav Dimitrov <[email protected]> * Add a deprecated=true label for projects Signed-off-by: Radoslav Dimitrov <[email protected]> * Ignore the deprecated warning since it's intentional Signed-off-by: Radoslav Dimitrov <[email protected]> --------- Signed-off-by: Radoslav Dimitrov <[email protected]>
mindersec · Jul 2, 2024 · 9ab8122 · 9ab8122
1 parent 34acceb
commit 9ab8122
Show file tree

Hide file tree

Showing 6 changed files with 3,004 additions and 2,832 deletions.
diff --git a/cmd/cli/app/auth/common.go b/cmd/cli/app/auth/common.go
@@ -70,7 +70,7 @@ func renderUserInfo(conn string, user *minderv1.GetUserResponse) {
 	t := table.New(table.Simple, layouts.KeyValue, nil)
 	t.AddRow("Minder Server", conn)
 	t.AddRow("Subject", user.GetUser().GetIdentitySubject())
-	for _, project := range getProjectTableRows(user.Projects) {
+	for _, project := range getProjectTableRows(user.GetProjectRoles()) {
 		t.AddRow(project...)
 	}
 	t.Render()
@@ -85,7 +85,7 @@ func renderUserInfoWhoami(conn string, outWriter io.Writer, format string, user
 		t.AddRow("Created At", user.GetUser().GetCreatedAt().AsTime().String())
 		t.AddRow("Updated At", user.GetUser().GetUpdatedAt().AsTime().String())
 		t.AddRow("Minder Server", conn)
-		for _, project := range getProjectTableRows(user.Projects) {
+		for _, project := range getProjectTableRows(user.GetProjectRoles()) {
 			t.AddRow(project...)
 		}
 		t.Render()
@@ -104,15 +104,15 @@ func renderUserInfoWhoami(conn string, outWriter io.Writer, format string, user
 	}
 }
 
-func getProjectTableRows(projects []*minderv1.Project) [][]string {
+func getProjectTableRows(projects []*minderv1.ProjectRole) [][]string {
 	var rows [][]string
 	projectKey := "Project"
 	for idx, project := range projects {
 		if len(projects) > 1 {
 			projectKey = fmt.Sprintf("Project #%d", idx+1)
 		}
-		projectVal := fmt.Sprintf("%s / %s", project.GetName(), project.GetProjectId())
-		rows = append(rows, []string{projectKey, projectVal})
+		projectVal := fmt.Sprintf("%s / %s", project.GetProject().GetName(), project.GetProject().GetProjectId())
+		rows = append(rows, []string{fmt.Sprintf("%s (role: %s)", projectKey, project.GetRole().GetName()), projectVal})
 	}
 	return rows
 }

diff --git a/docs/docs/ref/proto.md b/docs/docs/ref/proto.md
diff --git a/internal/controlplane/handlers_user.go b/internal/controlplane/handlers_user.go
@@ -185,22 +185,23 @@ func (s *Server) DeleteUser(ctx context.Context,
 	return &pb.DeleteUserResponse{}, nil
 }
 
-func (s *Server) getUserDependencies(ctx context.Context, user db.User) ([]*pb.Project, error) {
+func (s *Server) getUserDependencies(ctx context.Context, user db.User) ([]*pb.ProjectRole, []*pb.Project, error) {
 	// get all the projects associated with that user
 	projs, err := s.authzClient.ProjectsForUser(ctx, user.IdentitySubject)
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 
-	var projectsPB []*pb.Project
+	var projectRoles []*pb.ProjectRole
+	var deprecatedPrjs []*pb.Project
 	for _, proj := range projs {
 		pinfo, err := s.store.GetProjectByID(ctx, proj)
 		if err != nil {
 			// if the project was deleted while iterating, skip it
 			if errors.Is(err, sql.ErrNoRows) {
 				continue
 			}
-			return nil, err
+			return nil, nil, err
 		}
 
 		// Try to parse the project metadata to complete the response fields
@@ -212,17 +213,55 @@ func (s *Server) getUserDependencies(ctx context.Context, user db.User) ([]*pb.P
 			pDescr = meta.Public.Description
 		}
 
-		projectsPB = append(projectsPB, &pb.Project{
+		// Get all role assignments for this project
+		as, err := s.authzClient.AssignmentsToProject(ctx, proj)
+		if err != nil {
+			return nil, nil, status.Errorf(codes.Internal, "error getting role assignments: %v", err)
+		}
+
+		// Find the role for the user
+		var roleString string
+		for _, a := range as {
+			if a.Subject == user.IdentitySubject {
+				roleString = a.Role
+			}
+		}
+
+		// Parse role
+		authzRole, err := authz.ParseRole(roleString)
+		if err != nil {
+			return nil, nil, status.Errorf(codes.Internal, "failed to parse role: %v", err)
+		}
+
+		// TODO: Delete once all use ProjectRoles
+		deprecatedPrjs = append(deprecatedPrjs, &pb.Project{
 			ProjectId:   proj.String(),
 			Name:        pinfo.Name,
 			CreatedAt:   timestamppb.New(pinfo.CreatedAt),
 			UpdatedAt:   timestamppb.New(pinfo.UpdatedAt),
 			DisplayName: pDisplay,
 			Description: pDescr,
 		})
+
+		// Append the project role to the response
+		projectRoles = append(projectRoles, &pb.ProjectRole{
+			Role: &pb.Role{
+				Name:        authzRole.String(),
+				DisplayName: authz.AllRolesDisplayName[authzRole],
+				Description: authz.AllRoles[authzRole],
+			},
+			Project: &pb.Project{
+				ProjectId:   proj.String(),
+				Name:        pinfo.Name,
+				CreatedAt:   timestamppb.New(pinfo.CreatedAt),
+				UpdatedAt:   timestamppb.New(pinfo.UpdatedAt),
+				DisplayName: pDisplay,
+				Description: pDescr,
+			},
+		})
 	}
 
-	return projectsPB, nil
+	return projectRoles, deprecatedPrjs, nil
 }
 
 // GetUser is a service for getting personal user details
@@ -255,12 +294,13 @@ func (s *Server) GetUser(ctx context.Context, _ *pb.GetUserRequest) (*pb.GetUser
 		UpdatedAt:       timestamppb.New(user.UpdatedAt),
 	}
 
-	projs, err := s.getUserDependencies(ctx, user)
+	projectRoles, deprecatedPrjs, err := s.getUserDependencies(ctx, user)
 	if err != nil {
 		return nil, status.Errorf(codes.Unknown, "failed to get user dependencies: %s", err)
 	}
-	resp.Projects = projs
-
+	resp.ProjectRoles = projectRoles
+	// nolint: staticcheck
+	resp.Projects = deprecatedPrjs
 	return &resp, nil
 }
 

diff --git a/pkg/api/openapi/minder/v1/minder.swagger.json b/pkg/api/openapi/minder/v1/minder.swagger.json