From 79d9d0144ed66537ec25302aeba8f133bddb05d7 Mon Sep 17 00:00:00 2001
From: Alexey S <kehitt@users.noreply.github.com>
Date: Mon, 19 Sep 2022 17:15:36 +0000
Subject: [PATCH] TD-400: Add context helpers for token access (#11)

---
 Dockerfile.dev                  |  4 ++--
 src/bouncer_context_helpers.erl | 28 ++++++++++++++++++++++++++--
 test/bouncer_client_SUITE.erl   | 21 +++++++++++++++++++--
 3 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/Dockerfile.dev b/Dockerfile.dev
index 8d6db61..e4cfa53 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -1,10 +1,10 @@
 ARG OTP_VERSION
 
 FROM docker.io/library/erlang:${OTP_VERSION}
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 # Install thrift compiler
 ARG THRIFT_VERSION
-
 ARG TARGETARCH
 RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${TARGETARCH}.tar.gz" \
     | tar -xvz -C /usr/local/bin/
@@ -14,4 +14,4 @@ ENV CHARSET=UTF-8
 ENV LANG=C.UTF-8
 
 # Set runtime
-CMD /bin/bash
+CMD ["/bin/bash"]
diff --git a/src/bouncer_context_helpers.erl b/src/bouncer_context_helpers.erl
index eab5d23..54c7530 100644
--- a/src/bouncer_context_helpers.erl
+++ b/src/bouncer_context_helpers.erl
@@ -44,7 +44,13 @@
 }.
 
 -type token() :: #{
-    id => id()
+    id => id(),
+    access => [resource_access()]
+}.
+
+-type resource_access() :: #{
+    id => id(),
+    roles => [binary()]
 }.
 
 -type auth_scope() :: #{
@@ -205,7 +211,25 @@ maybe_marshal_entity(Entity) ->
     #base_Entity{id = EntityID}.
 
 marshal_token(Token) ->
-    #ctx_v1_Token{id = maybe_get_param(id, Token)}.
+    TokenAccess = maybe_get_param(access, Token),
+    #ctx_v1_Token{
+        id = maybe_get_param(id, Token),
+        access = maybe(TokenAccess, fun marshal_token_access/1)
+    }.
+
+marshal_token_access(TokenAccess) ->
+    [marshal_resource_access(ResourceAccess) || ResourceAccess <- TokenAccess].
+
+marshal_resource_access(ResourceAccess) ->
+    ID = maybe_get_param(id, ResourceAccess),
+    Roles = maybe_get_param(roles, ResourceAccess),
+    #ctx_v1_ResourceAccess{
+        id = ID,
+        roles = maybe(Roles, fun marshal_token_access_roles/1)
+    }.
+
+marshal_token_access_roles(TokenAccessRoles) when is_list(TokenAccessRoles) ->
+    TokenAccessRoles.
 
 maybe_marshal_auth_scopes(undefined) ->
     undefined;
diff --git a/test/bouncer_client_SUITE.erl b/test/bouncer_client_SUITE.erl
index 7c8f429..d33dbae 100644
--- a/test/bouncer_client_SUITE.erl
+++ b/test/bouncer_client_SUITE.erl
@@ -237,6 +237,12 @@ validate_env_fragment(C) ->
 validate_auth_fragment(C) ->
     Method = <<"someMethod">>,
     TokenID = <<"📟"/utf8>>,
+    TokenAccess = [
+        #{
+            id => <<"some-api">>,
+            roles => [<<"do-nothing">>]
+        }
+    ],
     _ = mock_services(
         [
             {bouncer, fun('Judge', {_RulesetID, Fragments}) ->
@@ -245,7 +251,15 @@ validate_auth_fragment(C) ->
                     #ctx_v1_ContextFragment{
                         auth = #ctx_v1_Auth{
                             method = Method,
-                            token = #ctx_v1_Token{id = TokenID}
+                            token = #ctx_v1_Token{
+                                id = TokenID,
+                                access = [
+                                    #ctx_v1_ResourceAccess{
+                                        id = <<"some-api">>,
+                                        roles = [<<"do-nothing">>]
+                                    }
+                                ]
+                            }
                         }
                     },
                     Auth
@@ -264,7 +278,10 @@ validate_auth_fragment(C) ->
             fragments => #{
                 <<"auth">> => bouncer_context_helpers:make_auth_fragment(#{
                     method => Method,
-                    token => #{id => TokenID}
+                    token => #{
+                        id => TokenID,
+                        access => TokenAccess
+                    }
                 })
             }
         },