eclipse-apoapsis
diff --git a/‎components/search/backend/src/routes/kotlin/Routing.kt‎
Lines changed: 30 additions & 0 deletions b/‎components/search/backend/src/routes/kotlin/Routing.kt‎
Lines changed: 30 additions & 0 deletions
diff --git a/‎components/search/backend/src/routes/kotlin/routes/GetRunsWithPackage.kt‎
Lines changed: 128 additions & 0 deletions b/‎components/search/backend/src/routes/kotlin/routes/GetRunsWithPackage.kt‎
Lines changed: 128 additions & 0 deletions
diff --git a/‎components/search/backend/src/test/kotlin/SearchIntegrationTest.kt‎
Lines changed: 58 additions & 0 deletions b/‎components/search/backend/src/test/kotlin/SearchIntegrationTest.kt‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎components/search/backend/src/test/kotlin/routes/GetRunsWithPackageAuthorizationTest.kt‎
Lines changed: 109 additions & 0 deletions b/‎components/search/backend/src/test/kotlin/routes/GetRunsWithPackageAuthorizationTest.kt‎
Lines changed: 109 additions & 0 deletions
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2025 The ORT Server Authors (See <https://github.com/eclipse-apoapsis/ort-server/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.eclipse.apoapsis.ortserver.components.search
+
+import io.ktor.server.routing.Route
+
+import org.eclipse.apoapsis.ortserver.components.search.backend.SearchService
+import org.eclipse.apoapsis.ortserver.components.search.routes.getRunsWithPackage
+
+/** Add all package-search routes. */
+fun Route.searchRoutes(searchService: SearchService) {
+    getRunsWithPackage(searchService)
+}
@@ -0,0 +1,128 @@
+/*
+ * Copyright (C) 2025 The ORT Server Authors (See <https://github.com/eclipse-apoapsis/ort-server/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.eclipse.apoapsis.ortserver.components.search.routes
+
+import io.github.smiley4.ktoropenapi.get
+
+import io.ktor.http.HttpStatusCode
+import io.ktor.server.response.respond
+import io.ktor.server.routing.Route
+
+import kotlinx.datetime.Clock
+
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.OrganizationPermission
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.ProductPermission
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.RepositoryPermission
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.requirePermission
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.requireSuperuser
+import org.eclipse.apoapsis.ortserver.components.search.apimodel.RunWithPackage
+import org.eclipse.apoapsis.ortserver.components.search.backend.SearchService
+import org.eclipse.apoapsis.ortserver.shared.ktorutils.jsonBody
+import org.eclipse.apoapsis.ortserver.shared.ktorutils.requireParameter
+
+@Suppress("LongMethod")
+internal fun Route.getRunsWithPackage(searchService: SearchService) =
+    get("/search/package", {
+        operationId = "getRunsWithPackage"
+        summary = "Return ORT runs containing a package, possibly scoped by organization, product, and repository"
+        tags = listOf("Search")
+
+        request {
+            queryParameter<String>("identifier") {
+                description = "The package identifier to search for. Also RegEx supported."
+                required = true
+            }
+            queryParameter<Long?>("organizationId") {
+                description = "Optional organization ID to filter the search."
+            }
+            queryParameter<Long?>("productId") {
+                description = "Optional product ID to filter the search."
+            }
+            queryParameter<Long?>("repositoryId") {
+                description = "Optional repository ID to filter the search."
+            }
+        }
+
+        response {
+            HttpStatusCode.OK to {
+                description = "Success"
+                jsonBody<List<RunWithPackage>> {
+                    example("Package Search Result") {
+                        value = listOf(
+                            RunWithPackage(
+                                organizationId = 1L,
+                                productId = 2L,
+                                repositoryId = 3L,
+                                ortRunId = 42L,
+                                revision = "a1b2c3d4",
+                                createdAt = Clock.System.now(),
+                                packageId = "Maven:foo:bar:1.0.0"
+                            ),
+                            RunWithPackage(
+                                organizationId = 1L,
+                                productId = 3L,
+                                repositoryId = 7L,
+                                ortRunId = 120L,
+                                revision = "a1b2c3d4",
+                                createdAt = Clock.System.now(),
+                                packageId = "Maven:foo:bar:1.0.0"
+                            )
+                        )
+                    }
+                }
+            }
+        }
+    }) {
+        val identifierParam = call.requireParameter("identifier")
+        val organizationIdParam = call.request.queryParameters["organizationId"]?.toLongOrNull()
+        val productIdParam = call.request.queryParameters["productId"]?.toLongOrNull()
+        val repositoryIdParam = call.request.queryParameters["repositoryId"]?.toLongOrNull()
+
+        if (repositoryIdParam != null && (productIdParam == null || organizationIdParam == null)) {
+            return@get call.respond(
+                HttpStatusCode.BadRequest,
+                "A repository ID requires a product and an organization ID."
+            )
+        }
+        if (productIdParam != null && organizationIdParam == null) {
+            return@get call.respond(
+                HttpStatusCode.BadRequest,
+                "A product ID requires an organization ID."
+            )
+        }
+
+        if (repositoryIdParam != null) {
+            requirePermission(RepositoryPermission.READ.roleName(repositoryIdParam))
+        } else if (productIdParam != null) {
+            requirePermission(ProductPermission.READ.roleName(productIdParam))
+        } else if (organizationIdParam != null) {
+            requirePermission(OrganizationPermission.READ.roleName(organizationIdParam))
+        } else {
+            requireSuperuser()
+        }
+
+        val ortRuns = searchService.findOrtRunsByPackage(
+            identifier = identifierParam,
+            organizationId = organizationIdParam,
+            productId = productIdParam,
+            repositoryId = repositoryIdParam
+        )
+        call.respond(HttpStatusCode.OK, ortRuns)
+    }
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2025 The ORT Server Authors (See <https://github.com/eclipse-apoapsis/ort-server/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package ort.eclipse.apoapsis.ortserver.components.search
+
+import io.ktor.client.HttpClient
+import io.ktor.server.testing.ApplicationTestBuilder
+
+import org.eclipse.apoapsis.ortserver.components.search.backend.SearchService
+import org.eclipse.apoapsis.ortserver.components.search.searchRoutes
+import org.eclipse.apoapsis.ortserver.dao.test.Fixtures
+import org.eclipse.apoapsis.ortserver.shared.ktorutils.AbstractIntegrationTest
+
+import org.jetbrains.exposed.sql.Database
+
+/** An [AbstractIntegrationTest] pre-configured for testing the search routes. */
+@Suppress("UnnecessaryAbstractClass")
+abstract class SearchIntegrationTest(
+    body: SearchIntegrationTest.() -> Unit
+) : AbstractIntegrationTest({}) {
+    lateinit var searchService: SearchService
+
+    private lateinit var db: Database
+    private lateinit var fixtures: Fixtures
+
+    init {
+        beforeEach {
+            db = dbExtension.db
+            fixtures = dbExtension.fixtures
+            searchService = SearchService(db)
+        }
+
+        body()
+    }
+
+    fun searchTestApplication(
+        block: suspend ApplicationTestBuilder.(client: HttpClient) -> Unit
+    ) = integrationTestApplication(
+        routes = { searchRoutes(searchService) },
+        block = block
+    )
+}
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2025 The ORT Server Authors (See <https://github.com/eclipse-apoapsis/ort-server/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package ort.eclipse.apoapsis.ortserver.components.search.routes
+
+import io.ktor.client.request.get
+import io.ktor.client.request.parameter
+import io.ktor.http.HttpStatusCode
+
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.OrganizationPermission
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.ProductPermission
+import org.eclipse.apoapsis.ortserver.components.authorization.keycloak.permissions.RepositoryPermission
+import org.eclipse.apoapsis.ortserver.components.search.apimodel.RunWithPackage
+import org.eclipse.apoapsis.ortserver.components.search.backend.SearchService
+import org.eclipse.apoapsis.ortserver.components.search.searchRoutes
+import org.eclipse.apoapsis.ortserver.shared.ktorutils.AbstractAuthorizationTest
+
+import ort.eclipse.apoapsis.ortserver.components.search.createRunWithPackage
+
+class GetRunsWithPackageAuthorizationTest : AbstractAuthorizationTest({
+    lateinit var searchService: SearchService
+    lateinit var runWithPackage: RunWithPackage
+
+    beforeEach {
+        searchService = SearchService(dbExtension.db)
+        runWithPackage = createRunWithPackage(
+            fixtures = dbExtension.fixtures,
+            repoId = dbExtension.fixtures.repository.id
+        )
+        authorizationService.ensureSuperuserAndSynchronizeRolesAndPermissions()
+    }
+
+    "GetRunsWithPackage" should {
+        "require superuser role for unscoped searches" {
+            requestShouldRequireSuperuser(
+                routes = { searchRoutes(searchService) },
+                successStatus = HttpStatusCode.OK
+            ) {
+                get("/search/package") {
+                    parameter("identifier", runWithPackage.packageId)
+                }
+            }
+        }
+
+        "require organization permission when scoped to organization" {
+            val organizationRole = OrganizationPermission.READ.roleName(runWithPackage.organizationId)
+
+            requestShouldRequireRole(
+                routes = { searchRoutes(searchService) },
+                role = organizationRole,
+                successStatus = HttpStatusCode.OK
+            ) {
+                get("/search/package") {
+                    parameter("identifier", runWithPackage.packageId)
+                    parameter("organizationId", runWithPackage.organizationId.toString())
+                }
+            }
+        }
+
+        "require product permission when scoped to product" {
+            val productRole = ProductPermission.READ.roleName(runWithPackage.productId)
+
+            requestShouldRequireRole(
+                routes = { searchRoutes(searchService) },
+                role = productRole,
+                successStatus = HttpStatusCode.OK
+            ) {
+                get("/search/package") {
+                    parameter("identifier", runWithPackage.packageId)
+                    parameter("organizationId", runWithPackage.organizationId.toString())
+                    parameter("productId", runWithPackage.productId.toString())
+                }
+            }
+        }
+
+        "require repository permission when scoped to repository" {
+            val repositoryRole = RepositoryPermission.READ.roleName(runWithPackage.repositoryId)
+
+            requestShouldRequireRole(
+                routes = { searchRoutes(searchService) },
+                role = repositoryRole,
+                successStatus = HttpStatusCode.OK
+            ) {
+                get("/search/package") {
+                    parameter("identifier", runWithPackage.packageId)
+                    parameter("organizationId", runWithPackage.organizationId.toString())
+                    parameter("productId", runWithPackage.productId.toString())
+                    parameter("repositoryId", runWithPackage.repositoryId.toString())
+                }
+            }
+        }
+    }
+})