v3: Add permissions endpoint for apps

`GET /v3/apps/:guid/permissions`

[Finishes #169770887]

Co-authored-by: Reid Mitchell <rmitchell@pivotal.io>
Co-authored-by: Belinda Liu <bliu@pivotal.io>

Author: reidmit

app/controllers/v3/apps_controller.rb

@@ -322,6 +322,17 @@ def current_droplet
     render status: :ok, json: Presenters::V3::DropletPresenter.new(droplet)
   end
 
+  def show_permissions
+    app, space, org = AppFetcher.new.fetch(hashed_params[:guid])
+
+    app_not_found! unless app && permission_queryer.can_read_from_space?(space.guid, org.guid)
+
+    render status: :ok, json: {
+      read_basic_data: true,
+      read_sensitive_data: permission_queryer.can_read_secrets_globally?,
+    }
+  end
+
   class DeleteAppErrorTranslatorJob < VCAP::CloudController::Jobs::ErrorTranslatorJob
     include V3ErrorsHelper
 

config/routes.rb

@@ -14,6 +14,7 @@
   post '/apps/:guid/actions/stop', to: 'apps_v3#stop'
   post '/apps/:guid/actions/restart', to: 'apps_v3#restart'
   get '/apps/:guid/env', to: 'apps_v3#show_env'
+  get '/apps/:guid/permissions', to: 'apps_v3#show_permissions'
   get '/apps/:guid/builds', to: 'apps_v3#builds'
   patch '/apps/:guid/relationships/current_droplet', to: 'apps_v3#assign_current_droplet'
   get '/apps/:guid/relationships/current_droplet', to: 'apps_v3#current_droplet_relationship'

spec/request/apps_spec.rb

@@ -12,11 +12,6 @@
   let(:user_email) { Sham.email }
   let(:user_name) { 'some-username' }
 
-  before do
-    space.organization.add_user(user)
-    space.add_developer(user)
-  end
-
   describe 'POST /v3/apps' do
     let(:buildpack) { VCAP::CloudController::Buildpack.make(stack: stack.name) }
     let(:create_request) do
@@ -50,6 +45,11 @@
       }
     end
 
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     it 'creates an app' do
       post '/v3/apps', create_request.to_json, user_header
       expect(last_response.status).to eq(201)
@@ -353,6 +353,11 @@
   end
 
   describe 'GET /v3/apps' do
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     describe 'query list parameters' do
       it_behaves_like 'request_spec_shared_examples.rb list query endpoint' do
         let(:request) { 'v3/apps' }
@@ -1062,6 +1067,8 @@
     }
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       app_model.lifecycle_data.buildpacks = [buildpack.name]
       app_model.lifecycle_data.stack = stack.name
       app_model.lifecycle_data.save
@@ -1236,6 +1243,11 @@
   end
 
   describe 'GET /v3/apps/:guid/env' do
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     it 'returns the environment of the app, including environment variables provided by the system' do
       app_model = VCAP::CloudController::AppModel.make(
         name: 'my_app',
@@ -1363,6 +1375,8 @@
     let(:order_by) { '-created_at' }
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       VCAP::CloudController::BuildpackLifecycle.new(package, staging_message).create_lifecycle_data_model(build)
       VCAP::CloudController::BuildpackLifecycle.new(package, staging_message).create_lifecycle_data_model(second_build)
       build.update(state: droplet.state, error_description: droplet.error_description)
@@ -1464,6 +1478,8 @@
     let(:kpack_client) { instance_double(Kubernetes::KpackClient, delete_image: nil) }
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       allow(CloudController::DependencyLocator.instance).to receive(:kpack_client).and_return(kpack_client)
     end
 
@@ -1543,6 +1559,9 @@
     end
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+
       VCAP::CloudController::AppLabelModel.make(
         resource_guid: app_model.guid,
         key_name: 'delete-me',
@@ -1686,6 +1705,12 @@
         desired_state: 'STOPPED',
       )
     }
+
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     it 'starts the app' do
       app_model.lifecycle_data.buildpacks = ['http://example.com/git']
       app_model.lifecycle_data.stack = stack.name
@@ -1888,6 +1913,8 @@
     end
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       app_model.lifecycle_data.buildpacks = ['http://example.com/git']
       app_model.lifecycle_data.stack = stack.name
       app_model.lifecycle_data.save
@@ -1985,6 +2012,11 @@
       )
     }
 
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     context 'app lifecycle is buildpack' do
       let!(:droplet) do
         VCAP::CloudController::DropletModel.make(
@@ -2147,6 +2179,8 @@
     let(:app_guid) { droplet_model.app_guid }
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       droplet_model.buildpack_lifecycle_data.update(buildpacks: ['http://buildpack.git.url.com'], stack: 'stack-name')
       app_model.droplet_guid = droplet_model.guid
       app_model.save
@@ -2190,6 +2224,8 @@
     let(:app_guid) { droplet_model.app_guid }
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       droplet_model.buildpack_lifecycle_data.update(buildpacks: ['http://buildpack.git.url.com'], stack: 'stack-name')
       app_model.droplet_guid = droplet_model.guid
       app_model.save
@@ -2247,6 +2283,8 @@
     end
 
     before do
+      space.organization.add_user(user)
+      space.add_developer(user)
       app_model.lifecycle_data.buildpacks = ['http://example.com/git']
       app_model.lifecycle_data.stack = stack.name
       app_model.lifecycle_data.save
@@ -2418,6 +2456,11 @@
   end
 
   describe 'PATCH /v3/apps/:guid/environment_variables' do
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     it 'patches the environment variables for the app' do
       app_model = VCAP::CloudController::AppModel.make(
         name: 'name1',
@@ -2457,6 +2500,11 @@
   end
 
   describe 'GET /v3/apps/:guid/environment_variables' do
+    before do
+      space.organization.add_user(user)
+      space.add_developer(user)
+    end
+
     it 'gets the environment variables for the app' do
       app_model = VCAP::CloudController::AppModel.make(name: 'name1', space: space, desired_state: 'STOPPED', environment_variables: { meep: 'moop' })
 
@@ -2477,4 +2525,39 @@
                                  )
     end
   end
+
+  describe 'GET /v3/apps/:guid/permissions' do
+    let(:org) { VCAP::CloudController::Organization.make }
+    let(:space) { VCAP::CloudController::Space.make(organization: org) }
+    let(:app_model) { VCAP::CloudController::AppModel.make(name: 'name1', space: space, desired_state: 'STOPPED') }
+    let(:api_call) { lambda { |user_headers| get "/v3/apps/#{app_model.guid}/permissions", nil, user_headers } }
+
+    let(:read_all_response) do
+      {
+        "read_basic_data": true,
+        "read_sensitive_data": true
+      }
+    end
+
+    let(:read_basic_response) do
+      {
+        "read_basic_data": true,
+        "read_sensitive_data": false
+      }
+    end
+
+    let(:expected_codes_and_responses) do
+      h = Hash.new(code: 404)
+      h['admin'] = { code: 200, response_object: read_all_response }
+      h['admin_read_only'] = { code: 200, response_object: read_all_response }
+      h['global_auditor'] = { code: 200, response_object: read_basic_response }
+      h['org_manager'] = { code: 200, response_object: read_basic_response }
+      h['space_manager'] = { code: 200, response_object: read_basic_response }
+      h['space_auditor'] = { code: 200, response_object: read_basic_response }
+      h['space_developer'] = { code: 200, response_object: read_basic_response }
+      h.freeze
+    end
+
+    it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
+  end
 end