From 558e0456e08828e54969fcd04a499c5b6419e92d Mon Sep 17 00:00:00 2001
From: Murad Biashimov <murad.biashimov@aiven.io>
Date: Thu, 18 Jul 2024 10:31:04 +0200
Subject: [PATCH] feat(userproject): add access grant handlers

---
 config.yaml                        |  2 +
 handler/projectuser/projectuser.go | 64 ++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/config.yaml b/config.yaml
index 0bf7bb8..44287ff 100644
--- a/config.yaml
+++ b/config.yaml
@@ -240,6 +240,8 @@ ProjectBilling:
   - ProjectInvoiceGet
   - ProjectInvoiceList
 ProjectUser:
+  - ProjectUserAccessGrantRemove
+  - ProjectUserAccessGrantSet
   - ProjectUserList
   - ProjectUserRemove
   - ProjectUserUpdate
diff --git a/handler/projectuser/projectuser.go b/handler/projectuser/projectuser.go
index a4fa015..11cb18c 100644
--- a/handler/projectuser/projectuser.go
+++ b/handler/projectuser/projectuser.go
@@ -11,6 +11,16 @@ import (
 )
 
 type Handler interface {
+	// ProjectUserAccessGrantRemove remove direct access to a project for a user
+	// DELETE /v1/organization/{organization_id}/projects/{project_id}/access/users/{user_id}
+	// https://api.aiven.io/doc/#tag/Organizations/operation/ProjectUserAccessGrantRemove
+	ProjectUserAccessGrantRemove(ctx context.Context, organizationId string, projectId string, userId string) error
+
+	// ProjectUserAccessGrantSet add or update direct access to a project for a user with a given role
+	// PUT /v1/organization/{organization_id}/projects/{project_id}/access/users/{user_id}
+	// https://api.aiven.io/doc/#tag/Organizations/operation/ProjectUserAccessGrantSet
+	ProjectUserAccessGrantSet(ctx context.Context, organizationId string, projectId string, userId string, in *ProjectUserAccessGrantSetIn) (*ProjectUserAccessGrantSetOut, error)
+
 	// ProjectUserList list users with access to the project. May contain same user multiple times if they belong to multiple teams associated to the project
 	// GET /v1/project/{project}/users
 	// https://api.aiven.io/doc/#tag/Project/operation/ProjectUserList
@@ -39,6 +49,24 @@ type ProjectUserHandler struct {
 	doer doer
 }
 
+func (h *ProjectUserHandler) ProjectUserAccessGrantRemove(ctx context.Context, organizationId string, projectId string, userId string) error {
+	path := fmt.Sprintf("/v1/organization/%s/projects/%s/access/users/%s", url.PathEscape(organizationId), url.PathEscape(projectId), url.PathEscape(userId))
+	_, err := h.doer.Do(ctx, "ProjectUserAccessGrantRemove", "DELETE", path, nil)
+	return err
+}
+func (h *ProjectUserHandler) ProjectUserAccessGrantSet(ctx context.Context, organizationId string, projectId string, userId string, in *ProjectUserAccessGrantSetIn) (*ProjectUserAccessGrantSetOut, error) {
+	path := fmt.Sprintf("/v1/organization/%s/projects/%s/access/users/%s", url.PathEscape(organizationId), url.PathEscape(projectId), url.PathEscape(userId))
+	b, err := h.doer.Do(ctx, "ProjectUserAccessGrantSet", "PUT", path, in)
+	if err != nil {
+		return nil, err
+	}
+	out := new(ProjectUserAccessGrantSetOut)
+	err = json.Unmarshal(b, out)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
 func (h *ProjectUserHandler) ProjectUserList(ctx context.Context, project string) (*ProjectUserListOut, error) {
 	path := fmt.Sprintf("/v1/project/%s/users", url.PathEscape(project))
 	b, err := h.doer.Do(ctx, "ProjectUserList", "GET", path, nil)
@@ -88,6 +116,29 @@ func MemberTypeChoices() []string {
 	return []string{"admin", "developer", "operator", "read_only"}
 }
 
+// ProjectUserAccessGrantSetIn ProjectUserAccessGrantSetRequestBody
+type ProjectUserAccessGrantSetIn struct {
+	Role RoleType `json:"role"` // The granted role
+}
+
+// ProjectUserAccessGrantSetOut ProjectUserAccessGrantSetResponse
+type ProjectUserAccessGrantSetOut struct {
+	CreateTime time.Time                     `json:"create_time"`    // Time the grant was created
+	Role       RoleType                      `json:"role"`           // Granted role
+	Type       ProjectUserAccessGrantSetType `json:"type,omitempty"` // The principal type for the grant
+	UpdateTime time.Time                     `json:"update_time"`    // Time the grant was last modified
+	UserId     string                        `json:"user_id"`        // User ID
+}
+type ProjectUserAccessGrantSetType string
+
+const (
+	ProjectUserAccessGrantSetTypeUser ProjectUserAccessGrantSetType = "user"
+)
+
+func ProjectUserAccessGrantSetTypeChoices() []string {
+	return []string{"user"}
+}
+
 // ProjectUserListOut ProjectUserListResponse
 type ProjectUserListOut struct {
 	GroupUsers  []GroupUserOut  `json:"group_users"` // List of users in groups that have access to the project
@@ -99,6 +150,19 @@ type ProjectUserListOut struct {
 type ProjectUserUpdateIn struct {
 	MemberType MemberType `json:"member_type"` // Project member type
 }
+type RoleType string
+
+const (
+	RoleTypeAdmin     RoleType = "admin"
+	RoleTypeOperator  RoleType = "operator"
+	RoleTypeDeveloper RoleType = "developer"
+	RoleTypeReadOnly  RoleType = "read_only"
+)
+
+func RoleTypeChoices() []string {
+	return []string{"admin", "operator", "developer", "read_only"}
+}
+
 type UserOut struct {
 	Auth           []string   `json:"auth"`                // List of user's required authentication methods
 	BillingContact bool       `json:"billing_contact"`     // Set for project's billing contacts