[Feature] Get all permissions system api

CHANGELOG.md

@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 ### Added
+- Get all permissions system api [#540](https://github.com/rokwire/core-building-block/issues/540)
 - Track usage info in accounts [#445](https://github.com/rokwire/core-building-block/issues/445)
 - Use signature Key ID to check specific key for service account auth [#481](https://github.com/rokwire/core-building-block/issues/481)
 - Include account ID in request logs [#562](https://github.com/rokwire/core-building-block/issues/562)

core/apis.go

@@ -501,6 +501,10 @@ func (s *systemImpl) SysGetApplications() ([]model.Application, error) {
 	return s.app.sysGetApplications()
 }
 
+func (s *systemImpl) SysGetAllPermissions() ([]model.Permission, error) {
+	return s.app.sysGetAllPermissions()
+}
+
 func (s *systemImpl) SysCreatePermission(name string, description *string, serviceID *string, assigners *[]string) (*model.Permission, error) {
 	return s.app.sysCreatePermission(name, description, serviceID, assigners)
 }

core/app_system.go

@@ -213,6 +213,18 @@ func (app *application) sysUpdatePermission(name string, description *string, se
 	return &permission, nil
 }
 
+func (app *application) sysGetAllPermissions() ([]model.Permission, error) {
+	permissions, err := app.storage.FindAllPermissions(nil)
+	if err != nil {
+		return nil, err
+	}
+	if permissions == nil || len(permissions) < 1 {
+		return nil, errors.WrapErrorAction(logutils.ActionFind, model.TypePermission, nil, err)
+	}
+
+	return permissions, nil
+}
+
 func (app *application) sysGetAppConfigs(appTypeID string, orgID *string, versionNumbers *model.VersionNumbers) ([]model.ApplicationConfig, error) {
 	//get the app type
 	applicationType, err := app.storage.FindApplicationType(appTypeID)

core/interfaces.go

@@ -107,6 +107,7 @@ type System interface {
 
 	SysCreatePermission(name string, description *string, serviceID *string, assigners *[]string) (*model.Permission, error)
 	SysUpdatePermission(name string, description *string, serviceID *string, assigners *[]string) (*model.Permission, error)
+	SysGetAllPermissions() ([]model.Permission, error)
 
 	SysGetAppConfigs(appTypeID string, orgID *string, versionNumbers *model.VersionNumbers) ([]model.ApplicationConfig, error)
 	SysGetAppConfig(id string) (*model.ApplicationConfig, error)
@@ -157,6 +158,7 @@ type Storage interface {
 	GetGlobalConfig() (*model.GlobalConfig, error)
 	DeleteGlobalConfig(context storage.TransactionContext) error
 
+	FindAllPermissions(context storage.TransactionContext) ([]model.Permission, error)
 	FindPermissionsByName(context storage.TransactionContext, names []string) ([]model.Permission, error)
 	FindPermissionsByServiceIDs(serviceIDs []string) ([]model.Permission, error)
 	InsertPermission(context storage.TransactionContext, item model.Permission) error

driven/storage/adapter.go

@@ -2203,6 +2203,18 @@ func (sa *Adapter) DeleteMFAType(context TransactionContext, accountID string, i
 	return nil
 }
 
+// FindAllPermissions finds all permissions
+func (sa *Adapter) FindAllPermissions(context TransactionContext) ([]model.Permission, error) {
+	permissionsFilter := bson.D{}
+	var permissionsResult []model.Permission
+	err := sa.db.permissions.FindWithContext(context, permissionsFilter, &permissionsResult, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	return permissionsResult, nil
+}
+
 // FindPermissions finds a set of permissions
 func (sa *Adapter) FindPermissions(context TransactionContext, ids []string) ([]model.Permission, error) {
 	if len(ids) == 0 {

driver/web/adapter.go

@@ -216,6 +216,7 @@ func (we Adapter) Start() {
 
 	systemSubrouter.HandleFunc("/permissions", we.wrapFunc(we.systemApisHandler.createPermission, we.auth.system.permissions)).Methods("POST")
 	systemSubrouter.HandleFunc("/permissions", we.wrapFunc(we.systemApisHandler.updatePermission, we.auth.system.permissions)).Methods("PUT")
+	systemSubrouter.HandleFunc("/permissions", we.wrapFunc(we.systemApisHandler.getAllPermissions, we.auth.system.permissions)).Methods("GET")
 
 	systemSubrouter.HandleFunc("/application/configs", we.wrapFunc(we.systemApisHandler.getApplicationConfigs, we.auth.system.permissions)).Methods("GET")
 	systemSubrouter.HandleFunc("/application/configs", we.wrapFunc(we.systemApisHandler.createApplicationConfig, we.auth.system.permissions)).Methods("POST")

driver/web/apis_system.go

@@ -746,6 +746,21 @@ func (h SystemApisHandler) updatePermission(l *logs.Log, r *http.Request, claims
 	return l.HttpResponseSuccess()
 }
 
+// getAllPermissions returns all permissions
+func (h SystemApisHandler) getAllPermissions(l *logs.Log, r *http.Request, claims *tokenauth.Claims) logs.HttpResponse {
+	permissions, err := h.coreAPIs.System.SysGetAllPermissions()
+	if err != nil {
+		return l.HttpResponseErrorAction(logutils.ActionFind, model.TypePermission, nil, err, http.StatusInternalServerError, true)
+	}
+
+	data, err := json.Marshal(permissions)
+	if err != nil {
+		return l.HttpResponseErrorAction(logutils.ActionMarshal, model.TypePermission, nil, err, http.StatusInternalServerError, false)
+	}
+
+	return l.HttpResponseSuccessJSON(data)
+}
+
 func (h SystemApisHandler) getApplicationConfigs(l *logs.Log, r *http.Request, claims *tokenauth.Claims) logs.HttpResponse {
 	appTypeIdentifier := r.URL.Query().Get("app_type_id")
 	if appTypeIdentifier == "" {

driver/web/authorization_system_policy.csv

@@ -18,6 +18,7 @@ p, get_applications, /core/system/applications/*, (GET),
 p, update_applications, /core/system/applications, (GET)|(POST), Create applications
 
 p, all_permissions, /core/system/permissions, (GET)|(POST)|(DELETE)|(PUT), All permission actions
+p, get_permissions, /core/system/permissions, (GET), Get permission actions
 p, update_permissions, /core/system/permissions, (POST)|(PUT), Update and create permissions
 
 p, all_app-configs, /core/system/application/configs, (GET)|(POST)|(PUT)|(DELETE), All app config actions

driver/web/docs/gen/def.yaml

@@ -4004,6 +4004,31 @@ paths:
         '500':
           description: Internal error
   /system/permissions:
+    get:
+      tags:
+        - System
+      summary: Get all permissions
+      description: |
+        Get all permissions
+
+        **Auth:** Requires system access token with `get_permissions` or `all_permissions` permission
+      security:
+        - bearerAuth: []
+      responses:
+        '200':
+          description: Success
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/Permission'
+        '400':
+          description: Bad request
+        '401':
+          description: Unauthorized
+        '500':
+          description: Internal error
     post:
       tags:
         - System

driver/web/docs/resources/system/permissions.yaml

@@ -1,3 +1,28 @@
+get:
+  tags:
+  - System
+  summary: Get all permissions
+  description: |
+    Get all permissions
+
+    **Auth:** Requires system access token with `get_permissions` or `all_permissions` permission
+  security:
+    - bearerAuth: []
+  responses:
+    200:
+      description: Success
+      content:
+        application/json:
+          schema:
+            type: array
+            items:
+              $ref: "../../schemas/application/Permission.yaml"
+    400:
+      description: Bad request
+    401:
+      description: Unauthorized
+    500:
+      description: Internal error
 post:
   tags:
   - System