add endpoint to retrieve user permissions

Signed-off-by: Josh Hootman <[email protected]>

Author: HootDunk

UnityAuth/src/main/java/io/unityfoundation/auth/AuthController.java

@@ -3,9 +3,12 @@
 import io.micronaut.core.annotation.Introspected;
 import io.micronaut.core.annotation.Nullable;
 import io.micronaut.http.HttpResponse;
+import io.micronaut.http.HttpStatus;
 import io.micronaut.http.annotation.Body;
 import io.micronaut.http.annotation.Controller;
+import io.micronaut.http.annotation.Get;
 import io.micronaut.http.annotation.Post;
+import io.micronaut.http.exceptions.HttpStatusException;
 import io.micronaut.security.annotation.Secured;
 import io.micronaut.security.authentication.Authentication;
 import io.micronaut.security.rules.SecurityRule;
@@ -15,11 +18,14 @@
 import io.unityfoundation.auth.entities.Service.ServiceStatus;
 import io.unityfoundation.auth.entities.ServiceRepo;
 import io.unityfoundation.auth.entities.Tenant;
+import io.unityfoundation.auth.entities.Tenant.TenantStatus;
 import io.unityfoundation.auth.entities.TenantRepo;
 import io.unityfoundation.auth.entities.User;
 import io.unityfoundation.auth.entities.UserRepo;
+import jakarta.validation.constraints.NotNull;
 import java.util.List;
 import java.util.Optional;
+import java.util.function.BiPredicate;
 
 @Secured(SecurityRule.IS_AUTHENTICATED)
 @Controller("/api")
@@ -35,6 +41,34 @@ public AuthController(UserRepo userRepo, ServiceRepo serviceRepo, TenantRepo ten
     this.tenantRepo = tenantRepo;
   }
 
+  @Get("/permissions")
+  public HttpResponse<UserPermissionsResponse> permissions(@Body UserPermissionsRequest requestDTO,
+      Authentication authentication) {
+    Tenant tenant = tenantRepo.findById(requestDTO.tenantId())
+        .orElseThrow(() -> new HttpStatusException(HttpStatus.NOT_FOUND, "No tenant found."));
+
+    if (!tenant.getStatus().equals(TenantStatus.ENABLED)){
+      throw new HttpStatusException(HttpStatus.FORBIDDEN, "The tenant is not enabled.");
+    }
+
+    User user = userRepo.findByEmail(authentication.getName()).orElse(null);
+    if (checkUserStatus(user)) {
+      throw new HttpStatusException(HttpStatus.FORBIDDEN, "The user's account has been disabled.");
+    }
+
+    Service service = serviceRepo.findById(requestDTO.serviceId())
+        .orElseThrow(() -> new HttpStatusException(HttpStatus.NOT_FOUND, "Service not found."));
+
+    if (service.getStatus() == ServiceStatus.DISABLED) {
+      throw new HttpStatusException(HttpStatus.FORBIDDEN, "The service is disabled.");
+    } else if (service.getStatus() == ServiceStatus.DOWN_FOR_MAINTENANCE) {
+      throw new HttpStatusException(HttpStatus.SERVICE_UNAVAILABLE,
+          "The service is down for maintenance.");
+    }
+
+    return HttpResponse.ok(new UserPermissionsResponse(getPermissionsFor(user, tenant)));
+  }
+
   @Post("/hasPermission")
   public HttpResponse<HasPermissionResponse> hasPermission(@Body HasPermissionRequest requestDTO,
       Authentication authentication) {
@@ -87,20 +121,26 @@ private String checkServiceStatus(Optional<Service> service) {
     return null;
   }
 
+    private final BiPredicate<TenantPermission, Tenant> isTenantOrSystemOrSubtenantScopeAndBelongsToTenant = (tp, t) ->
+        PermissionScope.SYSTEM.equals(tp.permissionScope()) || (
+            (PermissionScope.TENANT.equals(tp.permissionScope())
+                || PermissionScope.SUBTENANT.equals(tp.permissionScope()))
+                && tp.tenantId == t.getId());
+
+
   private List<String> checkUserPermission(User user, Tenant tenant, List<String> permissions) {
-    List<TenantPermission> userPermissions = userRepo.getTenantPermissionsFor(user.getId()).stream()
-        .filter(tenantPermission ->
-            PermissionScope.SYSTEM.equals(tenantPermission.permissionScope()) ||
-            ((PermissionScope.TENANT.equals(tenantPermission.permissionScope()) || PermissionScope.SUBTENANT.equals(tenantPermission.permissionScope()))
-             && tenantPermission.tenantId == tenant.getId()))
-        .toList();
+    List<String> commonPermissions = getPermissionsFor(user, tenant).stream()
+        .filter(permissions::contains).toList();
 
-    List<String> commonPermissions = userPermissions.stream()
+    return commonPermissions;
+  }
+
+  private List<String> getPermissionsFor(User user, Tenant tenant) {
+    return userRepo.getTenantPermissionsFor(user.getId()).stream()
+        .filter(tenantPermission ->
+            isTenantOrSystemOrSubtenantScopeAndBelongsToTenant.test(tenantPermission, tenant))
         .map(TenantPermission::permissionName)
-        .filter(permissions::contains)
         .toList();
-
-    return commonPermissions;
   }
 
   private HttpResponse<HasPermissionResponse> createHasPermissionResponse(boolean hasPermission,
@@ -129,4 +169,13 @@ public record TenantPermission(
 
   }
 
+  @Serdeable
+  public record UserPermissionsRequest(@NotNull Long tenantId,
+                                       @NotNull Long serviceId) {
+
+  }
+
+  @Serdeable
+  public record UserPermissionsResponse(List<String> permissions){}
+
 }