feat(organization): add organization and membership rules (#146)

Because

- we need to add rules and constraints for organization and membership

This commit

- add organization and membership rules
- refactor error handling

Author: donch1989

cmd/init/main.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"log"
 	"time"
@@ -85,7 +86,7 @@ func createDefaultUser(ctx context.Context, db *gorm.DB) error {
 		return nil
 	}
 
-	if s, ok := status.FromError(err); !ok || s.Code() != codes.NotFound {
+	if !errors.Is(err, gorm.ErrRecordNotFound) {
 		return status.Errorf(codes.Internal, "error %v", err)
 	}
 

go.mod

@@ -17,7 +17,6 @@ require (
 	github.com/instill-ai/protogen-go v0.3.3-alpha.0.20231129095217-f8d4e5951d35
 	github.com/instill-ai/usage-client v0.2.4-alpha.0.20231019203021-70410a0a8061
 	github.com/instill-ai/x v0.3.0-alpha
-	github.com/jackc/pgx/v5 v5.3.0
 	github.com/knadh/koanf v1.4.4
 	github.com/mennanov/fieldmask-utils v0.5.0
 	github.com/openfga/go-sdk v0.2.3
@@ -71,6 +70,7 @@ require (
 	github.com/influxdata/line-protocol/v2 v2.2.1 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
+	github.com/jackc/pgx/v5 v5.3.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/klauspost/asmfmt v1.3.2 // indirect

pkg/acl/acl.go

@@ -105,7 +105,7 @@ func (c *ACLClient) GetOrganizationUserMembership(orgUID uuid.UUID, userUID uuid
 	for _, tuple := range *data.Tuples {
 		return *tuple.Key.Relation, nil
 	}
-	return "", fmt.Errorf("no permission")
+	return "", ErrMembershipNotFound
 }
 
 func (c *ACLClient) GetOrganizationUsers(orgUID uuid.UUID) ([]*Relation, error) {

pkg/acl/errors.go

@@ -0,0 +1,5 @@
+package acl
+
+import "errors"
+
+var ErrMembershipNotFound = errors.New("membership not found")

pkg/handler/errors.go

@@ -0,0 +1,10 @@
+package handler
+
+import "errors"
+
+var ErrCheckUpdateImmutableFields = errors.New("update immutable fields error")
+var ErrCheckOutputOnlyFields = errors.New("can not contain output only fields")
+var ErrCheckRequiredFields = errors.New("required fields missing")
+var ErrFieldMask = errors.New("field mask error")
+var ErrResourceID = errors.New("resource ID error")
+var ErrUpdateMask = errors.New("update mask error")

pkg/handler/privatehandler.go

@@ -2,14 +2,11 @@ package handler
 
 import (
 	"context"
-	"fmt"
 	"strings"
 
 	"github.com/gofrs/uuid"
 	"go.einride.tech/aip/filtering"
 	"google.golang.org/genproto/googleapis/rpc/errdetails"
-	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/status"
 
 	"github.com/instill-ai/mgmt-backend/pkg/logger"
 	"github.com/instill-ai/mgmt-backend/pkg/service"
@@ -35,7 +32,6 @@ func NewPrivateHandler(s service.Service) mgmtPB.MgmtPrivateServiceServer {
 
 // ListUsersAdmin lists all users
 func (h *PrivateHandler) ListUsersAdmin(ctx context.Context, req *mgmtPB.ListUsersAdminRequest) (*mgmtPB.ListUsersAdminResponse, error) {
-	logger, _ := logger.GetZapLogger(ctx)
 
 	pageSize := req.GetPageSize()
 	if pageSize == 0 {
@@ -46,34 +42,7 @@ func (h *PrivateHandler) ListUsersAdmin(ctx context.Context, req *mgmtPB.ListUse
 
 	pbUsers, totalSize, nextPageToken, err := h.Service.ListUsersAdmin(ctx, int(pageSize), req.GetPageToken(), filtering.Filter{})
 	if err != nil {
-		sta := status.Convert(err)
-		switch sta.Code() {
-		case codes.InvalidArgument:
-			st, e := sterr.CreateErrorBadRequest(
-				"list user error", []*errdetails.BadRequest_FieldViolation{
-					{
-						Field:       "ListUsersAdminRequest.page_token",
-						Description: sta.Message(),
-					},
-				})
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.ListUsersAdminResponse{}, st.Err()
-		default:
-			st, e := sterr.CreateErrorResourceInfo(
-				sta.Code(),
-				"list user error",
-				"user",
-				"",
-				"",
-				sta.Message(),
-			)
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.ListUsersAdminResponse{}, st.Err()
-		}
+		return nil, err
 	}
 
 	resp := mgmtPB.ListUsersAdminResponse{
@@ -86,40 +55,12 @@ func (h *PrivateHandler) ListUsersAdmin(ctx context.Context, req *mgmtPB.ListUse
 
 // GetUserAdmin gets a user
 func (h *PrivateHandler) GetUserAdmin(ctx context.Context, req *mgmtPB.GetUserAdminRequest) (*mgmtPB.GetUserAdminResponse, error) {
-	logger, _ := logger.GetZapLogger(ctx)
 
 	id := strings.TrimPrefix(req.GetName(), "users/")
 
 	pbUser, err := h.Service.GetUserAdmin(ctx, id)
 	if err != nil {
-		sta := status.Convert(err)
-		switch sta.Code() {
-		case codes.InvalidArgument:
-			st, e := sterr.CreateErrorBadRequest(
-				"get user error", []*errdetails.BadRequest_FieldViolation{
-					{
-						Field:       "GetUserAdminRequest.name",
-						Description: sta.Message(),
-					},
-				})
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.GetUserAdminResponse{}, st.Err()
-		default:
-			st, e := sterr.CreateErrorResourceInfo(
-				sta.Code(),
-				"get user error",
-				"user",
-				fmt.Sprintf("id %s", id),
-				"",
-				sta.Message(),
-			)
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.GetUserAdminResponse{}, st.Err()
-		}
+		return nil, err
 	}
 
 	resp := mgmtPB.GetUserAdminResponse{
@@ -152,34 +93,7 @@ func (h *PrivateHandler) LookUpUserAdmin(ctx context.Context, req *mgmtPB.LookUp
 
 	pbUser, err := h.Service.GetUserByUIDAdmin(ctx, uid)
 	if err != nil {
-		sta := status.Convert(err)
-		switch sta.Code() {
-		case codes.InvalidArgument:
-			st, e := sterr.CreateErrorBadRequest(
-				"look up user error", []*errdetails.BadRequest_FieldViolation{
-					{
-						Field:       "LookUpUserAdminRequest.permalink",
-						Description: sta.Message(),
-					},
-				})
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.LookUpUserAdminResponse{}, st.Err()
-		default:
-			st, e := sterr.CreateErrorResourceInfo(
-				sta.Code(),
-				"look up user error",
-				"user",
-				fmt.Sprintf("uid %s", uid),
-				"",
-				sta.Message(),
-			)
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.LookUpUserAdminResponse{}, st.Err()
-		}
+		return nil, err
 	}
 
 	resp := mgmtPB.LookUpUserAdminResponse{
@@ -190,7 +104,6 @@ func (h *PrivateHandler) LookUpUserAdmin(ctx context.Context, req *mgmtPB.LookUp
 
 // ListOrganizationsAdmin lists all organizations
 func (h *PrivateHandler) ListOrganizationsAdmin(ctx context.Context, req *mgmtPB.ListOrganizationsAdminRequest) (*mgmtPB.ListOrganizationsAdminResponse, error) {
-	logger, _ := logger.GetZapLogger(ctx)
 
 	pageSize := req.GetPageSize()
 	if pageSize == 0 {
@@ -201,34 +114,7 @@ func (h *PrivateHandler) ListOrganizationsAdmin(ctx context.Context, req *mgmtPB
 
 	pbOrganizations, totalSize, nextPageToken, err := h.Service.ListOrganizationsAdmin(ctx, int(pageSize), req.GetPageToken(), filtering.Filter{})
 	if err != nil {
-		sta := status.Convert(err)
-		switch sta.Code() {
-		case codes.InvalidArgument:
-			st, e := sterr.CreateErrorBadRequest(
-				"list organization error", []*errdetails.BadRequest_FieldViolation{
-					{
-						Field:       "ListOrganizationsAdminRequest.page_token",
-						Description: sta.Message(),
-					},
-				})
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.ListOrganizationsAdminResponse{}, st.Err()
-		default:
-			st, e := sterr.CreateErrorResourceInfo(
-				sta.Code(),
-				"list organization error",
-				"organization",
-				"",
-				"",
-				sta.Message(),
-			)
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.ListOrganizationsAdminResponse{}, st.Err()
-		}
+		return nil, err
 	}
 
 	resp := mgmtPB.ListOrganizationsAdminResponse{
@@ -241,40 +127,12 @@ func (h *PrivateHandler) ListOrganizationsAdmin(ctx context.Context, req *mgmtPB
 
 // GetOrganizationAdmin gets a organization
 func (h *PrivateHandler) GetOrganizationAdmin(ctx context.Context, req *mgmtPB.GetOrganizationAdminRequest) (*mgmtPB.GetOrganizationAdminResponse, error) {
-	logger, _ := logger.GetZapLogger(ctx)
 
 	id := strings.TrimPrefix(req.GetName(), "organizations/")
 
 	pbOrganization, err := h.Service.GetOrganizationAdmin(ctx, id)
 	if err != nil {
-		sta := status.Convert(err)
-		switch sta.Code() {
-		case codes.InvalidArgument:
-			st, e := sterr.CreateErrorBadRequest(
-				"get organization error", []*errdetails.BadRequest_FieldViolation{
-					{
-						Field:       "GetOrganizationAdminRequest.name",
-						Description: sta.Message(),
-					},
-				})
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.GetOrganizationAdminResponse{}, st.Err()
-		default:
-			st, e := sterr.CreateErrorResourceInfo(
-				sta.Code(),
-				"get organization error",
-				"organization",
-				fmt.Sprintf("id %s", id),
-				"",
-				sta.Message(),
-			)
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.GetOrganizationAdminResponse{}, st.Err()
-		}
+		return nil, err
 	}
 
 	resp := mgmtPB.GetOrganizationAdminResponse{
@@ -285,56 +143,17 @@ func (h *PrivateHandler) GetOrganizationAdmin(ctx context.Context, req *mgmtPB.G
 
 // LookUpOrganizationAdmin gets a organization by permalink
 func (h *PrivateHandler) LookUpOrganizationAdmin(ctx context.Context, req *mgmtPB.LookUpOrganizationAdminRequest) (*mgmtPB.LookUpOrganizationAdminResponse, error) {
-	logger, _ := logger.GetZapLogger(ctx)
 
 	uidStr := strings.TrimPrefix(req.GetPermalink(), "organizations/")
 	// Validation: `uid` in request is valid
 	uid, err := uuid.FromString(uidStr)
 	if err != nil {
-		st, e := sterr.CreateErrorBadRequest(
-			"look up organization invalid uuid error", []*errdetails.BadRequest_FieldViolation{
-				{
-					Field:       "LookUpOrganizationAdminRequest.permalink",
-					Description: err.Error(),
-				},
-			},
-		)
-		if e != nil {
-			logger.Error(e.Error())
-		}
-		return &mgmtPB.LookUpOrganizationAdminResponse{}, st.Err()
+		return nil, err
 	}
 
 	pbOrganization, err := h.Service.GetOrganizationByUIDAdmin(ctx, uid)
 	if err != nil {
-		sta := status.Convert(err)
-		switch sta.Code() {
-		case codes.InvalidArgument:
-			st, e := sterr.CreateErrorBadRequest(
-				"look up organization error", []*errdetails.BadRequest_FieldViolation{
-					{
-						Field:       "LookUpOrganizationAdminRequest.permalink",
-						Description: sta.Message(),
-					},
-				})
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.LookUpOrganizationAdminResponse{}, st.Err()
-		default:
-			st, e := sterr.CreateErrorResourceInfo(
-				sta.Code(),
-				"look up organization error",
-				"organization",
-				fmt.Sprintf("uid %s", uid),
-				"",
-				sta.Message(),
-			)
-			if e != nil {
-				logger.Error(e.Error())
-			}
-			return &mgmtPB.LookUpOrganizationAdminResponse{}, st.Err()
-		}
+		return nil, err
 	}
 
 	resp := mgmtPB.LookUpOrganizationAdminResponse{