[feat][backend] loop anno api (#281)

* feat(backend): add idl tag

* feat(backend): change auth point

* feat(backend): fix ut

Author: kidkidkid

backend/modules/observability/application/openapi.go

@@ -446,7 +446,7 @@ func (o *OpenAPIApplication) CreateAnnotation(ctx context.Context, req *openapi.
 
 func (o *OpenAPIApplication) DeleteAnnotation(ctx context.Context, req *openapi.DeleteAnnotationRequest) (*openapi.DeleteAnnotationResponse, error) {
 	if err := o.auth.CheckWorkspacePermission(ctx,
-		rpc.AuthActionAnnotationCreate,
+		rpc.AuthActionAnnotationDelete,
 		strconv.FormatInt(req.WorkspaceID, 10), true); err != nil {
 		return nil, err
 	}

backend/modules/observability/application/openapi_test.go

@@ -659,7 +659,7 @@ func TestOpenAPIApplication_DeleteAnnotation(t *testing.T) {
 			name: "delete annotation successfully",
 			fieldsGetter: func(ctrl *gomock.Controller) fields {
 				authMock := rpcmocks.NewMockIAuthProvider(ctrl)
-				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationCreate, "1", true).Return(nil)
+				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationDelete, "1", true).Return(nil)
 				traceServiceMock := servicemocks.NewMockITraceService(ctrl)
 				traceServiceMock.EXPECT().DeleteAnnotation(gomock.Any(), gomock.Any()).Return(nil)
 				benefitMock := benefitmocks.NewMockIBenefitService(ctrl)
@@ -711,7 +711,7 @@ func TestOpenAPIApplication_DeleteAnnotation(t *testing.T) {
 			name: "delete annotation with permission denied",
 			fieldsGetter: func(ctrl *gomock.Controller) fields {
 				authMock := rpcmocks.NewMockIAuthProvider(ctrl)
-				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationCreate, "1", true).
+				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationDelete, "1", true).
 					Return(assert.AnError)
 				traceServiceMock := servicemocks.NewMockITraceService(ctrl)
 				benefitMock := benefitmocks.NewMockIBenefitService(ctrl)
@@ -746,7 +746,7 @@ func TestOpenAPIApplication_DeleteAnnotation(t *testing.T) {
 			name: "delete annotation with benefit check failed",
 			fieldsGetter: func(ctrl *gomock.Controller) fields {
 				authMock := rpcmocks.NewMockIAuthProvider(ctrl)
-				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationCreate, "1", true).Return(nil)
+				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationDelete, "1", true).Return(nil)
 				traceServiceMock := servicemocks.NewMockITraceService(ctrl)
 				benefitMock := benefitmocks.NewMockIBenefitService(ctrl)
 				benefitMock.EXPECT().CheckTraceBenefit(gomock.Any(), gomock.Any()).
@@ -782,7 +782,7 @@ func TestOpenAPIApplication_DeleteAnnotation(t *testing.T) {
 			name: "delete annotation with trace service failed",
 			fieldsGetter: func(ctrl *gomock.Controller) fields {
 				authMock := rpcmocks.NewMockIAuthProvider(ctrl)
-				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationCreate, "1", true).Return(nil)
+				authMock.EXPECT().CheckWorkspacePermission(gomock.Any(), rpc.AuthActionAnnotationDelete, "1", true).Return(nil)
 				traceServiceMock := servicemocks.NewMockITraceService(ctrl)
 				traceServiceMock.EXPECT().DeleteAnnotation(gomock.Any(), gomock.Any()).Return(assert.AnError)
 				benefitMock := benefitmocks.NewMockIBenefitService(ctrl)

backend/modules/observability/domain/component/rpc/auth.go

@@ -13,6 +13,7 @@ const (
 	AuthActionTraceViewList      = "listLoopTraceView"
 	AuthActionTraceViewEdit      = "edit"
 	AuthActionAnnotationCreate   = "createLoopTraceAnnotation"
+	AuthActionAnnotationDelete   = "deleteLoopTraceAnnotation"
 	AuthActionTraceExport        = "exportLoopTrace"
 	AuthActionTracePreviewExport = "previewExportLoopTrace"
 	AuthActionTraceTaskCreate    = "createLoopTask"

idl/thrift/coze/loop/observability/coze.loop.observability.openapi.thrift

@@ -174,6 +174,6 @@ service OpenAPIService {
     SearchTraceTreeOApiResponse SearchTraceTreeOApi(1: SearchTraceTreeOApiRequest req) (api.post = '/v1/loop/traces/search_tree')
     ListSpansOApiResponse ListSpansOApi(1: ListSpansOApiRequest req) (api.post = '/v1/loop/spans/search', api.tag="openapi")
     ListTracesOApiResponse ListTracesOApi(1: ListTracesOApiRequest req) (api.post = '/v1/loop/traces/list')
-    CreateAnnotationResponse CreateAnnotation(1: CreateAnnotationRequest req) (api.post = '/v1/loop/annotations')
-    DeleteAnnotationResponse DeleteAnnotation(1: DeleteAnnotationRequest req) (api.delete = '/v1/loop/annotations')
+    CreateAnnotationResponse CreateAnnotation(1: CreateAnnotationRequest req) (api.post = '/v1/loop/annotations', api.tag="openapi")
+    DeleteAnnotationResponse DeleteAnnotation(1: DeleteAnnotationRequest req) (api.delete = '/v1/loop/annotations', api.tag="openapi")
 }