From 8dcbdd2a7e54d8850b6b6bb0b3257890f24d882d Mon Sep 17 00:00:00 2001
From: Murad Biashimov <murad.biashimov@aiven.io>
Date: Tue, 20 Aug 2024 09:21:24 +0200
Subject: [PATCH] feat: add user permissions

---
 config.yaml                          |  2 +
 handler/organization/organization.go | 72 ++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)

diff --git a/config.yaml b/config.yaml
index ed6232e..5d0d8dc 100644
--- a/config.yaml
+++ b/config.yaml
@@ -177,6 +177,8 @@ Organization:
   - OrganizationGet
   - OrganizationProjectsList
   - OrganizationUpdate
+  - PermissionsGet
+  - PermissionsUpdate
   - UserOrganizationCreate
   - UserOrganizationsList
 OrganizationUser:
diff --git a/handler/organization/organization.go b/handler/organization/organization.go
index dcef3d3..b588ad6 100644
--- a/handler/organization/organization.go
+++ b/handler/organization/organization.go
@@ -46,6 +46,16 @@ type Handler interface {
 	// https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUpdate
 	OrganizationUpdate(ctx context.Context, organizationId string, in *OrganizationUpdateIn) (*OrganizationUpdateOut, error)
 
+	// PermissionsGet [EXPERIMENTAL] List of permissions
+	// GET /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id}
+	// https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsGet
+	PermissionsGet(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string) ([]PermissionOut, error)
+
+	// PermissionsUpdate [EXPERIMENTAL] Update permissions
+	// PATCH /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id}
+	// https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsUpdate
+	PermissionsUpdate(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string, in *PermissionsUpdateIn) error
+
 	// UserOrganizationCreate create an organization
 	// POST /v1/organizations
 	// https://api.aiven.io/doc/#tag/Organizations/operation/UserOrganizationCreate
@@ -145,6 +155,24 @@ func (h *OrganizationHandler) OrganizationUpdate(ctx context.Context, organizati
 	}
 	return out, nil
 }
+func (h *OrganizationHandler) PermissionsGet(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string) ([]PermissionOut, error) {
+	path := fmt.Sprintf("/v1/organization/%s/permissions/%s/%s", url.PathEscape(organizationId), url.PathEscape(string(resourceType)), url.PathEscape(resourceId))
+	b, err := h.doer.Do(ctx, "PermissionsGet", "GET", path, nil)
+	if err != nil {
+		return nil, err
+	}
+	out := new(permissionsGetOut)
+	err = json.Unmarshal(b, out)
+	if err != nil {
+		return nil, err
+	}
+	return out.Permissions, nil
+}
+func (h *OrganizationHandler) PermissionsUpdate(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string, in *PermissionsUpdateIn) error {
+	path := fmt.Sprintf("/v1/organization/%s/permissions/%s/%s", url.PathEscape(organizationId), url.PathEscape(string(resourceType)), url.PathEscape(resourceId))
+	_, err := h.doer.Do(ctx, "PermissionsUpdate", "PATCH", path, in)
+	return err
+}
 func (h *OrganizationHandler) UserOrganizationCreate(ctx context.Context, in *UserOrganizationCreateIn) (*UserOrganizationCreateOut, error) {
 	path := fmt.Sprintf("/v1/organizations")
 	b, err := h.doer.Do(ctx, "UserOrganizationCreate", "POST", path, in)
@@ -268,6 +296,45 @@ type OrganizationUpdateOut struct {
 	Tier                         TierType  `json:"tier"`                                       // Tier of the organization
 	UpdateTime                   time.Time `json:"update_time"`                                // Time of the organization's latest update
 }
+type PermissionIn struct {
+	Permissions   []string      `json:"permissions"`    // List of roles
+	PrincipalId   string        `json:"principal_id"`   // ID of the principal
+	PrincipalType PrincipalType `json:"principal_type"` // Type of the principal
+}
+type PermissionOut struct {
+	CreateTime    time.Time     `json:"create_time"`    // Create Time
+	Permissions   []string      `json:"permissions"`    // List of roles
+	PrincipalId   string        `json:"principal_id"`   // ID of the principal
+	PrincipalType PrincipalType `json:"principal_type"` // Type of the principal
+	UpdateTime    time.Time     `json:"update_time"`    // Update Time
+}
+
+// PermissionsUpdateIn PermissionsUpdateRequestBody
+type PermissionsUpdateIn struct {
+	Permissions []PermissionIn `json:"permissions"` // List of roles to set
+}
+type PrincipalType string
+
+const (
+	PrincipalTypeUser      PrincipalType = "user"
+	PrincipalTypeUserGroup PrincipalType = "user_group"
+)
+
+func PrincipalTypeChoices() []string {
+	return []string{"user", "user_group"}
+}
+
+type ResourceType string
+
+const (
+	ResourceTypeAccount ResourceType = "account"
+	ResourceTypeProject ResourceType = "project"
+)
+
+func ResourceTypeChoices() []string {
+	return []string{"account", "project"}
+}
+
 type TierType string
 
 const (
@@ -312,6 +379,11 @@ type organizationAuthDomainListOut struct {
 	Domains []DomainOut `json:"domains"` // List of domains for the organization
 }
 
+// permissionsGetOut PermissionsGetResponse
+type permissionsGetOut struct {
+	Permissions []PermissionOut `json:"permissions"` // List of roles
+}
+
 // userOrganizationsListOut UserOrganizationsListResponse
 type userOrganizationsListOut struct {
 	Organizations []OrganizationOut `json:"organizations"` // Organizations