feat(controlplane): scope invitation system (#553)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/cli/cmd/organization_invitation_create.go

@@ -23,13 +23,13 @@ import (
 )
 
 func newOrganizationInvitationCreateCmd() *cobra.Command {
-	var receiverEmail, organizationID string
+	var receiverEmail string
 	cmd := &cobra.Command{
 		Use:   "create",
 		Short: "Invite a User to an Organization",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			res, err := action.NewOrgInvitationCreate(actionOpts).Run(
-				context.Background(), organizationID, receiverEmail)
+				context.Background(), receiverEmail)
 			if err != nil {
 				return err
 			}
@@ -42,9 +42,5 @@ func newOrganizationInvitationCreateCmd() *cobra.Command {
 	err := cmd.MarkFlagRequired("receiver")
 	cobra.CheckErr(err)
 
-	cmd.Flags().StringVar(&organizationID, "organization", "", "ID of the organization to invite the user to")
-	err = cmd.MarkFlagRequired("organization")
-	cobra.CheckErr(err)
-
 	return cmd
 }

app/cli/cmd/organization_invitation_list_sent.go

@@ -50,10 +50,10 @@ func orgInvitationTableOutput(items []*action.OrgInvitationItem) error {
 	}
 
 	t := newTableWriter()
-	t.AppendHeader(table.Row{"ID", "Org Name", "Receiver Email", "Status", "Created At"})
+	t.AppendHeader(table.Row{"ID", "Receiver Email", "Status", "Created At"})
 
 	for _, i := range items {
-		t.AppendRow(table.Row{i.ID, i.Organization.Name, i.ReceiverEmail, i.Status, i.CreatedAt.Format(time.RFC822)})
+		t.AppendRow(table.Row{i.ID, i.ReceiverEmail, i.Status, i.CreatedAt.Format(time.RFC822)})
 		t.AppendSeparator()
 	}
 

app/cli/internal/action/org_invitation_create.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -29,11 +29,10 @@ func NewOrgInvitationCreate(cfg *ActionsOpts) *OrgInvitationCreate {
 	return &OrgInvitationCreate{cfg}
 }
 
-func (action *OrgInvitationCreate) Run(ctx context.Context, organization, receiver string) (*OrgInvitationItem, error) {
+func (action *OrgInvitationCreate) Run(ctx context.Context, receiver string) (*OrgInvitationItem, error) {
 	client := pb.NewOrgInvitationServiceClient(action.cfg.CPConnection)
 	resp, err := client.Create(ctx, &pb.OrgInvitationServiceCreateRequest{
-		OrganizationId: organization,
-		ReceiverEmail:  receiver,
+		ReceiverEmail: receiver,
 	})
 
 	if err != nil {

app/controlplane/api/controlplane/v1/org_invitation.pb.go

@@ -17,9 +17,9 @@ syntax = "proto3";
 
 package controlplane.v1;
 
+import "controlplane/v1/response_messages.proto";
 import "google/protobuf/timestamp.proto";
 import "validate/validate.proto";
-import "controlplane/v1/response_messages.proto";
 
 option go_package = "github.com/chainloop-dev/chainloop/app/controlplane/api/controlplane/v1;v1";
 
@@ -33,7 +33,8 @@ service OrgInvitationService {
 }
 
 message OrgInvitationServiceCreateRequest {
-  string organization_id = 1 [(validate.rules).string.uuid = true];
+  // organization is deprecated and not used anymore
+  string organization_id = 1 [deprecated = true];
   string receiver_email = 2 [(validate.rules).string.email = true];
 }
 

app/controlplane/api/controlplane/v1/org_invitation.pb.validate.go

@@ -1,5 +1,5 @@
 //
-// Copyright 2023 The Chainloop Authors.
+// Copyright 2024 The Chainloop Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -48,7 +48,7 @@ type OrgInvitationRepo interface {
 	PendingInvitation(ctx context.Context, orgID uuid.UUID, receiverEmail string) (*OrgInvitation, error)
 	PendingInvitations(ctx context.Context, receiverEmail string) ([]*OrgInvitation, error)
 	SoftDelete(ctx context.Context, id uuid.UUID) error
-	ListBySender(ctx context.Context, sender uuid.UUID) ([]*OrgInvitation, error)
+	ListBySenderAndOrg(ctx context.Context, sender, org uuid.UUID) ([]*OrgInvitation, error)
 	ChangeStatus(ctx context.Context, ID uuid.UUID, status OrgInvitationStatus) error
 }
 
@@ -87,14 +87,15 @@ func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, rec
 		return nil, NewErrValidationStr("sender and receiver emails cannot be the same")
 	}
 
-	// 3 - Check if the user has permissions to invite to the org
+	// 3 - Check that the user is a member of the given org
+	// NOTE: this check is not necessary, as the user is already a member of the org
 	if membership, err := uc.mRepo.FindByOrgAndUser(ctx, orgUUID, senderUUID); err != nil {
 		return nil, fmt.Errorf("failed to find memberships: %w", err)
 	} else if membership == nil {
 		return nil, NewErrNotFound("user does not have permission to invite to this org")
 	}
 
-	// 4 - The receiver does not exist in the org already
+	// 4 - The receiver does exist in the org already
 	memberships, err := uc.mRepo.FindByOrg(ctx, orgUUID)
 	if err != nil {
 		return nil, fmt.Errorf("error finding memberships for user %s: %w", senderUUID.String(), err)
@@ -116,7 +117,7 @@ func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, rec
 		return nil, NewErrValidationStr("invitation already exists for this user and org")
 	}
 
-	// 5 - Create the invitation
+	// 6 - Create the invitation
 	invitation, err := uc.repo.Create(ctx, orgUUID, senderUUID, receiverEmail)
 	if err != nil {
 		return nil, fmt.Errorf("error creating invitation: %w", err)
@@ -125,13 +126,18 @@ func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, rec
 	return invitation, nil
 }
 
-func (uc *OrgInvitationUseCase) ListBySender(ctx context.Context, senderID string) ([]*OrgInvitation, error) {
+func (uc *OrgInvitationUseCase) ListBySenderAndOrg(ctx context.Context, senderID, orgID string) ([]*OrgInvitation, error) {
 	senderUUID, err := uuid.Parse(senderID)
 	if err != nil {
 		return nil, NewErrInvalidUUID(err)
 	}
 
-	return uc.repo.ListBySender(ctx, senderUUID)
+	orgUUID, err := uuid.Parse(orgID)
+	if err != nil {
+		return nil, NewErrInvalidUUID(err)
+	}
+
+	return uc.repo.ListBySenderAndOrg(ctx, senderUUID, orgUUID)
 }
 
 // Revoke an invitation by ID only if the user is the one who created it

app/controlplane/api/controlplane/v1/org_invitation.proto

@@ -30,6 +30,46 @@ import (
 
 const receiverEmail = "[email protected]"
 
+func (s *OrgInvitationIntegrationTestSuite) TestList() {
+	ctx := context.Background()
+	inviteOrg1A, err := s.OrgInvitation.Create(ctx, s.org1.ID, s.user.ID, receiverEmail)
+	s.NoError(err)
+	inviteOrg1B, err := s.OrgInvitation.Create(ctx, s.org1.ID, s.user.ID, "[email protected]")
+	s.NoError(err)
+	inviteOrg2A, err := s.OrgInvitation.Create(ctx, s.org2.ID, s.user.ID, receiverEmail)
+	s.NoError(err)
+
+	testCases := []struct {
+		name     string
+		orgID    string
+		expected []*biz.OrgInvitation
+	}{
+		{
+			name:     "org1",
+			orgID:    s.org1.ID,
+			expected: []*biz.OrgInvitation{inviteOrg1A, inviteOrg1B},
+		},
+		{
+			name:     "org2",
+			orgID:    s.org2.ID,
+			expected: []*biz.OrgInvitation{inviteOrg2A},
+		},
+		{
+			name:     "org3",
+			orgID:    s.org3.ID,
+			expected: []*biz.OrgInvitation{},
+		},
+	}
+
+	for _, tc := range testCases {
+		s.T().Run(tc.name, func(t *testing.T) {
+			invites, err := s.OrgInvitation.ListBySenderAndOrg(ctx, s.user.ID, tc.orgID)
+			s.NoError(err)
+			s.Equal(tc.expected, invites)
+		})
+	}
+}
+
 func (s *OrgInvitationIntegrationTestSuite) TestCreate() {
 	s.T().Run("invalid org ID", func(t *testing.T) {
 		invite, err := s.OrgInvitation.Create(context.Background(), "deadbeef", s.user.ID, receiverEmail)

app/controlplane/api/gen/frontend/controlplane/v1/org_invitation.ts

@@ -2,7 +2,7 @@
 ALTER TABLE "memberships" ADD COLUMN "role" character varying;
 
 -- Set the existing memberships to the role "role:admin" to not to break compatibility
-UPDATE "memberships" SET "role" = 'role:admin';
+UPDATE "memberships" SET "role" = 'role:org:admin';
 
 -- enable the not null constraint
 ALTER TABLE "memberships" ALTER COLUMN "role" SET NOT NULL;