🛂 Activity RBAC

go.mod

@@ -32,7 +32,7 @@ require (
 	github.com/nyaruka/phonenumbers v1.1.7
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0
-	github.com/rigdev/rig-go-api v0.0.0-20241016115738-abe8c0b9fe81
+	github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a
 	github.com/rigdev/rig-go-sdk v0.0.0-20240612092526-69df8621bc22
 	github.com/rivo/tview v0.0.0-20240524063012-037df494fb76
 	github.com/robfig/cron v1.2.0

go.sum

@@ -309,8 +309,8 @@ github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJ
 github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rigdev/rig-go-api v0.0.0-20241016115738-abe8c0b9fe81 h1:V/ZLEdOZ0jLemexdyUymiJ3vMWMvc0E6EwdYvP+YO2U=
-github.com/rigdev/rig-go-api v0.0.0-20241016115738-abe8c0b9fe81/go.mod h1:6xxlwvADYBFRiIrot3yrcXVJT2IMGfkTZ5LIRomNlXY=
+github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a h1:uaaVqBigHwgd3dhjxeR9wlonKOm5qemLm41Gk8WG2nw=
+github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a/go.mod h1:6xxlwvADYBFRiIrot3yrcXVJT2IMGfkTZ5LIRomNlXY=
 github.com/rigdev/rig-go-sdk v0.0.0-20240612092526-69df8621bc22 h1:NFjBY/F42lcgqnqru+h1q3RrzRk645HUilCvbZD7exI=
 github.com/rigdev/rig-go-sdk v0.0.0-20240612092526-69df8621bc22/go.mod h1:bmASl5RyuOoEddGeaOxHB27W3KDI4sBxqfnR1cRTstY=
 github.com/rivo/tview v0.0.0-20240524063012-037df494fb76 h1:iqvDlgyjmqleATtFbA7c14djmPh2n4mCYUv7JlD/ruA=

pkg/rbac/actions.go

@@ -1,6 +1,7 @@
 package rbac
 
 import (
+	"github.com/rigdev/rig-go-api/api/v1/activity/activityconnect"
 	"github.com/rigdev/rig-go-api/api/v1/capsule/capsuleconnect"
 	"github.com/rigdev/rig-go-api/api/v1/cluster/clusterconnect"
 	"github.com/rigdev/rig-go-api/api/v1/environment/environmentconnect"
@@ -131,6 +132,10 @@ const (
 	ActionMetricsView = "metrics:view"
 )
 
+const (
+	ActionActivityView = "activity:view"
+)
+
 var CapsuleActionMap = map[string]string{
 	capsuleconnect.ServiceWatchStatusProcedure:              ActionCapsuleView,
 	capsuleconnect.ServiceGetStatusProcedure:                ActionCapsuleView,
@@ -262,3 +267,7 @@ var MetricsActionMap = map[string]string{
 	metricsconnect.ServiceGetMetricsManyProcedure:       ActionMetricsView,
 	metricsconnect.ServiceGetMetricsExpressionProcedure: ActionMetricsView,
 }
+
+var ActivityActionMap = map[string]string{
+	activityconnect.ServiceGetActivitiesProcedure: ActionActivityView,
+}

pkg/rbac/permissions.go

@@ -117,6 +117,14 @@ func GetViewerPermissions(projectID, environmentID string) []*role.Permission {
 				Project:     projectID,
 			},
 		},
+		{
+			Action: ActionActivityView,
+			Scope: &role.Scope{
+				Resource:    WithWildcard(ResourceActivity),
+				Environment: environmentID,
+				Project:     projectID,
+			},
+		},
 	}
 }
 

pkg/rbac/resources.go

@@ -12,6 +12,7 @@ const (
 	ResourceCluster        = "cluster"
 	ResourceEnvironment    = "environment"
 	ResourceMetrics        = "metrics"
+	ResourceActivity       = "activity"
 )
 
 func WithWildcard(resource string) string {