feat(api): handlers vcs_project (#6120)

* feat(api): dao vcs_project

Signed-off-by: Yvonnick Esnault <yvonnick.esnault@corp.ovh.com>

engine/api/api_routes.go

@@ -433,7 +433,8 @@ func (api *API) InitRouter() {
 	r.Handle("/template/{groupName}/{templateSlug}/instance/{instanceID}", Scope(sdk.AuthConsumerScopeTemplate), r.DELETE(api.deleteTemplateInstanceHandler))
 	r.Handle("/template/{groupName}/{templateSlug}/usage", Scope(sdk.AuthConsumerScopeTemplate), r.GET(api.getTemplateUsageHandler))
 
-	r.Handle("/v2/project/{projectKey}/vcs", nil, r.POSTv2(api.postVCSOnProjectHandler))
+	r.Handle("/v2/project/{projectKey}/vcs", nil, r.POSTv2(api.postVCSProjectHandler), r.GETv2(api.getVCSProjectAllHandler))
+	r.Handle("/v2/project/{projectKey}/vcs/{vcsProjectName}", nil, r.PUTv2(api.putVCSProjectHandler), r.DELETEv2(api.deleteVCSProjectHandler), r.GETv2(api.getVCSProjectHandler))
 
 	//Not Found handler
 	r.Mux.NotFoundHandler = http.HandlerFunc(r.NotFoundHandler)

engine/api/rbac/dao_rbac_project.go

@@ -12,35 +12,35 @@ import (
 	"github.com/ovh/cds/sdk"
 )
 
-func insertRbacProject(ctx context.Context, db gorpmapper.SqlExecutorWithTx, dbRP *rbacProject) error {
-	if err := gorpmapping.InsertAndSign(ctx, db, dbRP); err != nil {
+func insertRbacProject(ctx context.Context, db gorpmapper.SqlExecutorWithTx, rbacProject *rbacProject) error {
+	if err := gorpmapping.InsertAndSign(ctx, db, rbacProject); err != nil {
 		return err
 	}
 
-	for _, rbProjectID := range dbRP.RBACProjectsIDs {
-		if err := insertRbacProjectIdentifiers(ctx, db, dbRP.ID, rbProjectID); err != nil {
+	for _, projectKey := range rbacProject.RBACProjectKeys {
+		if err := insertRbacProjectKey(ctx, db, rbacProject.ID, projectKey); err != nil {
 			return err
 		}
 	}
-	for _, rbUserID := range dbRP.RBACUsersIDs {
-		if err := insertRbacProjectUser(ctx, db, dbRP.ID, rbUserID); err != nil {
+	for _, rbUserID := range rbacProject.RBACUsersIDs {
+		if err := insertRbacProjectUser(ctx, db, rbacProject.ID, rbUserID); err != nil {
 			return err
 		}
 	}
-	for _, rbGroupID := range dbRP.RBACGroupsIDs {
-		if err := insertRbacProjectGroup(ctx, db, dbRP.ID, rbGroupID); err != nil {
+	for _, rbGroupID := range rbacProject.RBACGroupsIDs {
+		if err := insertRbacProjectGroup(ctx, db, rbacProject.ID, rbGroupID); err != nil {
 			return err
 		}
 	}
 	return nil
 }
 
-func insertRbacProjectIdentifiers(ctx context.Context, db gorpmapper.SqlExecutorWithTx, rbacParentID int64, projectID int64) error {
-	identifier := rbacProjectIdentifiers{
+func insertRbacProjectKey(ctx context.Context, db gorpmapper.SqlExecutorWithTx, rbacParentID int64, projectKey string) error {
+	rpk := rbacProjectKey{
 		RbacProjectID: rbacParentID,
-		ProjectID:     projectID,
+		ProjectKey:    projectKey,
 	}
-	if err := gorpmapping.InsertAndSign(ctx, db, &identifier); err != nil {
+	if err := gorpmapping.InsertAndSign(ctx, db, &rpk); err != nil {
 		return err
 	}
 	return nil

engine/api/rbac/dao_rbac_project_key.go

@@ -0,0 +1,113 @@
+package rbac
+
+import (
+	"context"
+
+	"github.com/lib/pq"
+
+	"github.com/go-gorp/gorp"
+	"github.com/rockbears/log"
+
+	"github.com/ovh/cds/engine/api/database/gorpmapping"
+	"github.com/ovh/cds/sdk"
+)
+
+func getAllRBACProjectKeys(ctx context.Context, db gorp.SqlExecutor, q gorpmapping.Query) ([]rbacProjectKey, error) {
+	var rbacProjectIdentifier []rbacProjectKey
+	if err := gorpmapping.GetAll(ctx, db, q, &rbacProjectIdentifier); err != nil {
+		return nil, err
+	}
+	rbacProjectIdentifierFiltered := make([]rbacProjectKey, 0, len(rbacProjectIdentifier))
+	for _, projectDatas := range rbacProjectIdentifier {
+		isValid, err := gorpmapping.CheckSignature(projectDatas, projectDatas.Signature)
+		if err != nil {
+			return nil, sdk.WrapError(err, "error when checking signature for rbac_project_keys %d", projectDatas.ID)
+		}
+		if !isValid {
+			log.Error(ctx, "rbac.getAllRBACProjectKeys> rbac_project_keys %d data corrupted", projectDatas.ID)
+			continue
+		}
+		rbacProjectIdentifierFiltered = append(rbacProjectIdentifierFiltered, projectDatas)
+	}
+	return rbacProjectIdentifierFiltered, nil
+}
+
+func loadRBACProjectKeys(ctx context.Context, db gorp.SqlExecutor, rbacProject *rbacProject) error {
+	q := gorpmapping.NewQuery("SELECT * FROM rbac_project_keys WHERE rbac_project_id = $1").Args(rbacProject.ID)
+	rbacProjectKeys, err := getAllRBACProjectKeys(ctx, db, q)
+	if err != nil {
+		return err
+	}
+	rbacProject.RBACProject.RBACProjectKeys = make([]string, 0, len(rbacProjectKeys))
+	for _, projectDatas := range rbacProjectKeys {
+		rbacProject.RBACProject.RBACProjectKeys = append(rbacProject.RBACProject.RBACProjectKeys, projectDatas.ProjectKey)
+	}
+	return nil
+}
+
+func loadRRBACProjectKeys(ctx context.Context, db gorp.SqlExecutor, rbacProjectIDs []int64) ([]rbacProjectKey, error) {
+	query := gorpmapping.NewQuery(`SELECT * FROM rbac_project_keys WHERE rbac_project_id = ANY($1)`).Args(pq.Int64Array(rbacProjectIDs))
+	return getAllRBACProjectKeys(ctx, db, query)
+}
+
+func HasRoleOnProjectAndUserID(ctx context.Context, db gorp.SqlExecutor, role string, userID string, projectKey string) (bool, error) {
+	projectKeys, err := LoadProjectKeysByRoleAndUserID(ctx, db, role, userID)
+	if err != nil {
+		return false, err
+	}
+	return sdk.IsInArray(projectKey, projectKeys), nil
+}
+
+func LoadProjectKeysByRoleAndUserID(ctx context.Context, db gorp.SqlExecutor, role string, userID string) ([]string, error) {
+	// Get rbac_project_groups
+	rbacProjectGroups, err := loadRbacProjectGroupsByUserID(ctx, db, userID)
+	if err != nil {
+		return nil, err
+	}
+	// Get rbac_project_users
+	rbacProjectUsers, err := loadRbacProjectUsersByUserID(ctx, db, userID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Deduplicate rbac_project.id
+	mapRbacProjectID := make(map[int64]struct{})
+	rbacProjectIDs := make([]int64, 0)
+	for _, rpg := range rbacProjectGroups {
+		mapRbacProjectID[rpg.RbacProjectID] = struct{}{}
+		rbacProjectIDs = append(rbacProjectIDs, rpg.RbacProjectID)
+	}
+	for _, rpu := range rbacProjectUsers {
+		if _, has := mapRbacProjectID[rpu.RbacProjectID]; !has {
+			mapRbacProjectID[rpu.RbacProjectID] = struct{}{}
+			rbacProjectIDs = append(rbacProjectIDs, rpu.RbacProjectID)
+		}
+	}
+
+	// Get rbac_project
+	rbacProjects, err := loadRbacProjectsByRoleAndIDs(ctx, db, role, rbacProjectIDs)
+	if err != nil {
+		return nil, err
+	}
+
+	// Get rbac_project_keys
+	rbacProjectIDs = make([]int64, 0, len(rbacProjects))
+	for _, rp := range rbacProjects {
+		rbacProjectIDs = append(rbacProjectIDs, rp.ID)
+	}
+	rbacProjectKeys, err := loadRRBACProjectKeys(ctx, db, rbacProjectIDs)
+	if err != nil {
+		return nil, err
+	}
+
+	// Deduplicate project keys
+	projectKeys := make([]string, 0)
+	projectMap := make(map[string]struct{})
+	for _, rpi := range rbacProjectKeys {
+		if _, has := projectMap[rpi.ProjectKey]; !has {
+			projectMap[rpi.ProjectKey] = struct{}{}
+			projectKeys = append(projectKeys, rpi.ProjectKey)
+		}
+	}
+	return projectKeys, nil
+}