Filter settings by permissions

[kulmann]

This PR introduces filtering for settings and bundles, based on permissions.

Implementation for owncloud/product#99

So far, it is only about reading and listing settings, not about permission checks for saving anything. That has to come in a separate PR, ticket raised here https://github.com/owncloud/ocis-settings/issues/58

[kulmann]

@individual-it fyi, I needed to rebase this PR to get #56 in

[kulmann]

We're using the go-micro errors in our handlers now. You can define expected errors in tests like this:
merrors.New("ocis-settings", "must be in a valid format", 400),
@individual-it

[kulmann]

@individual-it

• I removed the accountUUID from the ListBundles and ListRoles requests and take the account uuid from the context instead (like we discussed this morning).
• ListBundles and GetBundle require to have the account uuid in the context. The GetBundle request now also checks if the authenticated user (= account uuid in the context) has permissions to read the bundle.
• ListBundles and GetBundle check permissions for the operations READ and READWRITE now, instead of UPDATE

Can you adjust tests accordingly?

The only thing I would like to add to this PR is, that the SaveValue request should require the CREATE, UPDATE, WRITE or READWRITE permission and that the GetValue and ListValues requests should filter for READ or READWRITE permissions.

[individual-it]

if GetBundle does not have an UUID is that the error message: {"id":"ocis-settings","code":404,"detail":"%!s(\u003cnil\u003e)","status":"Not Found"}?

[kulmann]

if GetBundle does not have an UUID is that the error message: {"id":"ocis-settings","code":404,"detail":"%!s(\u003cnil\u003e)","status":"Not Found"}?

No, the details should not be nil, that's a bug in the code. Other than that it looks good. I will change the code to return proper error details.

[kulmann]

@individual-it pushed a commit that fixes the error details on GetBundle. Now looks like this:

micro call com.owncloud.api.settings BundleService.GetBundle '{"bundle_id": "38071a68-456a-4553-846a-fa67bf5596cc"}'

error calling com.owncloud.api.settings.BundleService.GetBundle: {"id":"ocis-settings","code":404,"detail":"could not read bundle: 38071a68-456a-4553-846a-fa67bf5596cc","status":"Not Found"}

[kulmann]

@individual-it

I have managed to stabilize the grpc tests. In addition to the init() function I added a setup() and teardown() mechanism, which a) takes care that the default roles are recreated for each test and b) that the data folder gets deleted after each test.

There is also one helper at the bottom of the file now, which sets a full readWrite permission on a bundle for an account. When you look at the code where it's used, you will also find examples for using the account uuid on the new metadata context.

There are two important next tests for this PR:

• save a bundle with multiple settings, but only adding readwrite permission for one of the settings in the bundle. Then showing that the list request will return the bundle, but only with that one setting.
• save a bundle without giving permission to it or any of it's settings afterwards. Then show, that on a GetBundle request a 404 error is returned.

I can assist in the morning. I would like to finalize this PR before the standup with just these two tests. Everything else can happen in a separate PR. Especially all the roles related tests are not needed in this PR but can happen separately.

[C0rby]

I have some questions.