Generate helpers in ServicePermissions (#193)

Author: majst01

generate/Makefile

@@ -17,4 +17,4 @@ go-mocks:
 		--user $$(id -u):$$(id -g) \
 		-w /work \
 		-v $(PWD):/work \
-		vektra/mockery:v2.52.3 --keeptree --inpackage --dir go --output go/tests/mocks --all --log-level debug
+		vektra/mockery:v2.53.0 --keeptree --inpackage --dir go --output go/tests/mocks --all --log-level debug

generate/generate.go

@@ -112,7 +112,10 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 				serverReflectionInfov1alpha1: true,
 				serverReflectionInfo:         true,
 			},
-			Self: map[string]bool{},
+			Self:    map[string]bool{},
+			Admin:   map[string]bool{},
+			Tenant:  map[string]bool{},
+			Project: map[string]bool{},
 		}
 		chargeable = permissions.Chargeable{}
 		auditable  = permissions.Auditable{}
@@ -149,28 +152,37 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 						switch *methodOpt.IdentifierValue {
 						case v1.TenantRole_TENANT_ROLE_OWNER.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()], methodName)
+							visibility.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_EDITOR.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()], methodName)
+							visibility.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_VIEWER.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()], methodName)
+							visibility.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_GUEST.String():
 							roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()], methodName)
+							visibility.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Project
 						case v1.ProjectRole_PROJECT_ROLE_OWNER.String():
 							roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()], methodName)
+							visibility.Project[methodName] = true
 						case v1.ProjectRole_PROJECT_ROLE_EDITOR.String():
 							roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()], methodName)
+							visibility.Project[methodName] = true
 						case v1.ProjectRole_PROJECT_ROLE_VIEWER.String():
 							roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()], methodName)
+							visibility.Project[methodName] = true
 						case v1.ProjectRole_PROJECT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Admin
 						case v1.AdminRole_ADMIN_ROLE_EDITOR.String():
 							roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()], methodName)
+							visibility.Admin[methodName] = true
 						case v1.AdminRole_ADMIN_ROLE_VIEWER.String():
 							roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()], methodName)
+							visibility.Admin[methodName] = true
 						case v1.AdminRole_ADMIN_ROLE_UNSPECIFIED.String():
 							// noop
 						// Visibility

generate/go_servicepermissions.tpl

@@ -1,6 +1,10 @@
 // Code generated discover.go. DO NOT EDIT.
 package permissions
 
+import (
+	"connectrpc.com/connect"
+)
+
 func GetServices() []string {
 	return []string{
 {{- range $s := .Services }}
@@ -54,6 +58,21 @@ func GetServicePermissions() *ServicePermissions {
 			Self:    map[string]bool{
 {{- range $key, $value := .Visibility.Self }}
 	"{{ $key }}": {{ $value }} ,
+{{- end }}
+			},
+			Admin:    map[string]bool{
+{{- range $key, $value := .Visibility.Admin }}
+	"{{ $key }}": {{ $value }} ,
+{{- end }}
+			},
+			Tenant:    map[string]bool{
+{{- range $key, $value := .Visibility.Tenant }}
+	"{{ $key }}": {{ $value }} ,
+{{- end }}
+			},
+			Project:    map[string]bool{
+{{- range $key, $value := .Visibility.Project }}
+	"{{ $key }}": {{ $value }} ,
 {{- end }}
 			},
 		},
@@ -69,3 +88,60 @@ func GetServicePermissions() *ServicePermissions {
 		},
 	}
 }
+
+func IsPublicScope(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Visibility.Public[req.Spec().Procedure]
+	return ok
+}
+
+func IsSelfScope(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Visibility.Self[req.Spec().Procedure]
+	return ok
+}
+
+func IsAdminScope(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Visibility.Admin[req.Spec().Procedure]
+	return ok
+}
+
+func IsTenantScope(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Visibility.Tenant[req.Spec().Procedure]
+	return ok
+}
+
+func IsProjectScope(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Visibility.Project[req.Spec().Procedure]
+	return ok
+}
+
+func IsChargeable(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Chargeable[req.Spec().Procedure]
+	return ok
+}
+
+func IsAuditable(req connect.AnyRequest) bool {
+	_, ok := GetServicePermissions().Auditable[req.Spec().Procedure]
+	return ok
+}
+
+func GetTenantFromRequest(req connect.AnyRequest) (string, bool) {
+	if !IsTenantScope(req) {
+		return "", false
+	}
+	switch rq := req.Any().(type) {
+	case interface{ GetLogin() string }:
+		return rq.GetLogin(), true
+	}
+	return "", false
+}
+
+func GetProjectFromRequest(req connect.AnyRequest) (string, bool) {
+	if !IsProjectScope(req) {
+		return "", false
+	}
+	switch rq := req.Any().(type) {
+	case interface{ GetProject() string }:
+		return rq.GetProject(), true
+	}
+	return "", false
+}

go/permissions/permissions.go

@@ -33,4 +33,7 @@ type Roles struct {
 type Visibility struct {
 	Public map[string]bool `json:"public,omitempty"`
 	Self   map[string]bool `json:"self,omitempty"`
+	Admin   map[string]bool `json:"admin,omitempty"`
+	Tenant  map[string]bool `json:"tenant,omitempty"`
+	Project map[string]bool `json:"project,omitempty"`
 }