feat(frontier): list project permissions with project

Signed-off-by: Kush Sharma <[email protected]>
raystack · Sep 16, 2023 · 91c6272 · 91c6272
1 parent 57e0171
commit 91c6272
Showing 1 changed file with 38 additions and 13 deletions.
diff --git a/raystack/frontier/v1beta1/frontier.proto b/raystack/frontier/v1beta1/frontier.proto
@@ -269,7 +269,7 @@ service FrontierService {
     };
   }
 
-  rpc GetProjectsByCurrentUser(GetProjectsByCurrentUserRequest) returns (GetProjectsByCurrentUserResponse) {
+  rpc ListCurrentUserProjects(ListCurrentUserProjectsRequest) returns (ListCurrentUserProjectsResponse) {
     option (google.api.http) = {get: "/v1beta1/users/self/projects"};
     option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
       tags: "User";
@@ -1508,10 +1508,21 @@ message GetProjectsByUserResponse {
   repeated Project projects = 1;
 }
 
-message GetProjectsByCurrentUserRequest {}
+message ListCurrentUserProjectsRequest {
+  // list of permissions needs to be checked against each project 
+  // query params are set as with_permissions=get&with_permissions=delete
+  // to be represented as array
+  repeated string with_permissions = 1;
+}
 
-message GetProjectsByCurrentUserResponse {
+message ListCurrentUserProjectsResponse {
   repeated Project projects = 1;
+
+  message AccessPair {
+    string project_id = 1;
+    repeated string permissions = 2;
+  }
+  repeated AccessPair access_pairs = 2;
 }
 
 message EnableUserRequest {
@@ -1560,10 +1571,18 @@ message GetUserRequest {
   string id = 1;
 }
 
-message ListCurrentUserGroupsRequest {}
+message ListCurrentUserGroupsRequest {
+  repeated string with_permissions = 1;
+}
 
 message ListCurrentUserGroupsResponse {
   repeated Group groups = 1;
+
+  message AccessPair {
+    string group_id = 1;
+    repeated string permissions = 2;
+  }
+  repeated AccessPair access_pairs = 2;
 }
 
 message ListUserGroupsRequest {
@@ -2100,10 +2119,18 @@ message ListProjectAdminsResponse {
 message ListProjectUsersRequest {
   string id = 1 [(validate.rules).string.min_len = 3];
   string permission_filter = 2;
+
+  bool with_roles = 3;
 }
 
 message ListProjectUsersResponse {
   repeated User users = 1;
+
+  message RolePair {
+    string user_id = 1;
+    repeated string role_id = 2;
+  }
+  repeated RolePair role_paris = 2;
 }
 
 message EnableProjectRequest {
@@ -2290,19 +2317,17 @@ message ListGroupUsersRequest {
   string id = 1;
   string org_id = 2;
 
-  // list of permissions needs to be checked against each member 
-  // of the group as principal and group as subject
-  repeated string with_member_permissions = 3;
+  bool with_roles = 3;
 }
 
 message ListGroupUsersResponse {
   repeated User users = 1;
 
-  message AccessPair {
+  message RolePair {
     string user_id = 1;
-    repeated string permissions = 2;
+    repeated string roles = 2;
   }
-  repeated AccessPair access_pairs = 2;
+  repeated RolePair role_pairs = 2;
 }
 
 message EnableGroupRequest {
@@ -2431,8 +2456,8 @@ message CheckResourcePermissionRequest {
   ];
   string permission = 3 [
     (google.api.field_behavior) = REQUIRED,
-    (validate.rules).string.pattern = "^[A-Za-z0-9_-]+$",
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check. <br/> *Example:* `get` or `list`"}
+    (validate.rules).string.pattern = "^[A-Za-z0-9._-]+$",
+    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check. <br/> *Example:* `get`, `list`, `compute.instance.create`"}
   ];
   string resource = 4 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "`namespace:uuid` or `namespace:name` of the org or project, and `namespace:urn` of a resource under a project. In case of an org/project either provide the complete namespace (app/organization) or Frontier can also parse aliases for the same as `org` or `project`. <br/> *Example:* `organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825` or `app/project:project-name` or `compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825`"}];
 }
@@ -2450,7 +2475,7 @@ message BatchCheckPermissionRequest {
 message BatchCheckPermissionBody {
   string permission = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (validate.rules).string.pattern = "^[A-Za-z0-9_-]+$",
+    (validate.rules).string.pattern = "^[A-Za-z0-9._-]+$",
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check. <br/> *Example:* `get` or `list`"}
   ];
   string resource = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "`namespace:uuid` or `namespace:name` of the org or project, and `namespace:urn` of a resource under a project. In case of an org/project either provide the complete namespace (app/organization) or Frontier can also parse aliases for the same as `org` or `project`. <br/> *Example:* `organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825` or `app/project:project-name` or `compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825`"}];