feat(authorization,grpc-sdk): CreateResourceAccessList viewName (#955)

* feat(authorization): createResourceAccessList RPC return viewName

* feat(authorization): createResourceAccessList RPC accept viewName arg

libraries/grpc-sdk/src/modules/authorization/index.ts

@@ -12,6 +12,7 @@ import {
   Relation,
   Resource,
   ResourceAccessListRequest,
+  ResourceAccessListResponse,
 } from '../../protoUtils/index.js';
 import { Empty } from '../../protoUtils/google/protobuf/empty.js';
 
@@ -77,7 +78,9 @@ export class Authorization extends ConduitModule<typeof AuthorizationDefinition>
     return this.client!.getAllowedResources(data);
   }
 
-  createResourceAccessList(data: ResourceAccessListRequest): Promise<unknown> {
+  createResourceAccessList(
+    data: ResourceAccessListRequest,
+  ): Promise<ResourceAccessListResponse> {
     return this.client!.createResourceAccessList(data);
   }
 }

modules/authorization/src/Authorization.ts

@@ -230,9 +230,14 @@ export default class Authorization extends ManagedModule<Config> {
     call: GrpcRequest<ResourceAccessListRequest>,
     callback: GrpcResponse<Empty>,
   ) {
-    const { subject, action, resourceType } = call.request;
-    await this.permissionsController.createAccessList(subject, action, resourceType);
-    callback(null);
+    const { subject, action, resourceType, viewName: requestedViewName } = call.request;
+    const viewName = await this.permissionsController.createAccessList(
+      subject,
+      action,
+      resourceType,
+      requestedViewName,
+    );
+    callback(null, { viewName });
   }
 
   async can(call: GrpcRequest<PermissionCheck>, callback: GrpcResponse<Decision>) {

modules/authorization/src/authorization.proto

@@ -78,7 +78,12 @@ message AllowedResourcesResponse {
 message ResourceAccessListRequest {
   string subject = 1;
   string action = 2;
-  string resourceType = 5;
+  string resourceType = 3;
+  optional string viewName = 4;
+}
+
+message ResourceAccessListResponse {
+  string viewName = 1;
 }
 
 message PermissionCheck {
@@ -110,5 +115,5 @@ service Authorization {
   rpc FindRelation(FindRelationRequest) returns (FindRelationResponse);
   rpc Can(PermissionCheck) returns (Decision);
   rpc GetAllowedResources(AllowedResourcesRequest) returns (AllowedResourcesResponse);
-  rpc CreateResourceAccessList(ResourceAccessListRequest) returns (google.protobuf.Empty);
+  rpc CreateResourceAccessList(ResourceAccessListRequest) returns (ResourceAccessListResponse);
 }

modules/authorization/src/controllers/permissions.controller.ts

@@ -127,15 +127,23 @@ export class PermissionsController {
     return { resources: allowedIds.concat(index), count };
   }
 
-  async createAccessList(subject: string, action: string, objectType: string) {
+  async createAccessList(
+    subject: string,
+    action: string,
+    objectType: string,
+    requestedViewName?: string,
+  ) {
     const computedTuple = `${subject}#${action}@${objectType}`;
     const objectTypeCollection = await this.grpcSdk
       .database!.getSchema(objectType)
       .then(r => r.collectionName);
+    const viewName =
+      requestedViewName ??
+      createHash('sha256').update(`${objectType}_${subject}_${action}`).digest('hex');
     const dbType = await this.grpcSdk.database!.getDatabaseType().then(r => r.result);
     await this.grpcSdk.database?.createView(
       objectType,
-      createHash('sha256').update(`${objectType}_${subject}_${action}`).digest('hex'),
+      viewName,
       ['Permission', 'ActorIndex', 'ObjectIndex'],
       {
         mongoQuery: [
@@ -246,6 +254,6 @@ export class PermissionsController {
               ),
       },
     );
-    return;
+    return viewName;
   }
 }