From 91c6272d3e4e09f3ec40642f7244fdc9eb6bcf7c Mon Sep 17 00:00:00 2001 From: Kush Sharma Date: Wed, 13 Sep 2023 21:23:34 +0530 Subject: [PATCH] feat(frontier): list project permissions with project Signed-off-by: Kush Sharma --- raystack/frontier/v1beta1/frontier.proto | 51 ++++++++++++++++++------ 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/raystack/frontier/v1beta1/frontier.proto b/raystack/frontier/v1beta1/frontier.proto index ea46d459..b96647a6 100644 --- a/raystack/frontier/v1beta1/frontier.proto +++ b/raystack/frontier/v1beta1/frontier.proto @@ -269,7 +269,7 @@ service FrontierService { }; } - rpc GetProjectsByCurrentUser(GetProjectsByCurrentUserRequest) returns (GetProjectsByCurrentUserResponse) { + rpc ListCurrentUserProjects(ListCurrentUserProjectsRequest) returns (ListCurrentUserProjectsResponse) { option (google.api.http) = {get: "/v1beta1/users/self/projects"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User"; @@ -1508,10 +1508,21 @@ message GetProjectsByUserResponse { repeated Project projects = 1; } -message GetProjectsByCurrentUserRequest {} +message ListCurrentUserProjectsRequest { + // list of permissions needs to be checked against each project + // query params are set as with_permissions=get&with_permissions=delete + // to be represented as array + repeated string with_permissions = 1; +} -message GetProjectsByCurrentUserResponse { +message ListCurrentUserProjectsResponse { repeated Project projects = 1; + + message AccessPair { + string project_id = 1; + repeated string permissions = 2; + } + repeated AccessPair access_pairs = 2; } message EnableUserRequest { @@ -1560,10 +1571,18 @@ message GetUserRequest { string id = 1; } -message ListCurrentUserGroupsRequest {} +message ListCurrentUserGroupsRequest { + repeated string with_permissions = 1; +} message ListCurrentUserGroupsResponse { repeated Group groups = 1; + + message AccessPair { + string group_id = 1; + repeated string permissions = 2; + } + repeated AccessPair access_pairs = 2; } message ListUserGroupsRequest { @@ -2100,10 +2119,18 @@ message ListProjectAdminsResponse { message ListProjectUsersRequest { string id = 1 [(validate.rules).string.min_len = 3]; string permission_filter = 2; + + bool with_roles = 3; } message ListProjectUsersResponse { repeated User users = 1; + + message RolePair { + string user_id = 1; + repeated string role_id = 2; + } + repeated RolePair role_paris = 2; } message EnableProjectRequest { @@ -2290,19 +2317,17 @@ message ListGroupUsersRequest { string id = 1; string org_id = 2; - // list of permissions needs to be checked against each member - // of the group as principal and group as subject - repeated string with_member_permissions = 3; + bool with_roles = 3; } message ListGroupUsersResponse { repeated User users = 1; - message AccessPair { + message RolePair { string user_id = 1; - repeated string permissions = 2; + repeated string roles = 2; } - repeated AccessPair access_pairs = 2; + repeated RolePair role_pairs = 2; } message EnableGroupRequest { @@ -2431,8 +2456,8 @@ message CheckResourcePermissionRequest { ]; string permission = 3 [ (google.api.field_behavior) = REQUIRED, - (validate.rules).string.pattern = "^[A-Za-z0-9_-]+$", - (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check.
*Example:* `get` or `list`"} + (validate.rules).string.pattern = "^[A-Za-z0-9._-]+$", + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check.
*Example:* `get`, `list`, `compute.instance.create`"} ]; string resource = 4 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "`namespace:uuid` or `namespace:name` of the org or project, and `namespace:urn` of a resource under a project. In case of an org/project either provide the complete namespace (app/organization) or Frontier can also parse aliases for the same as `org` or `project`.
*Example:* `organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825` or `app/project:project-name` or `compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825`"}]; } @@ -2450,7 +2475,7 @@ message BatchCheckPermissionRequest { message BatchCheckPermissionBody { string permission = 1 [ (google.api.field_behavior) = REQUIRED, - (validate.rules).string.pattern = "^[A-Za-z0-9_-]+$", + (validate.rules).string.pattern = "^[A-Za-z0-9._-]+$", (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check.
*Example:* `get` or `list`"} ]; string resource = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "`namespace:uuid` or `namespace:name` of the org or project, and `namespace:urn` of a resource under a project. In case of an org/project either provide the complete namespace (app/organization) or Frontier can also parse aliases for the same as `org` or `project`.
*Example:* `organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825` or `app/project:project-name` or `compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825`"}];