chore: fix check permission request [FLOW-BE-56] (#77)

* fix check permission request

* fix TestResourceBuilder_Build

* fix TestClient_CheckPermission

* fix CheckPermission

* UT comment out

* Revert "UT comment out"

This reverts commit 3186bde.

Author: akiyatomohiro

cerbos/client/check.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 
 	"github.com/reearth/reearthx/appx"
@@ -34,6 +35,7 @@ func NewClient(dashboardURL string) *Client {
 }
 
 type CheckPermissionInput struct {
+	UserId   string `json:"userId"`
 	Service  string `json:"service"`
 	Resource string `json:"resource"`
 	Action   string `json:"action"`
@@ -45,6 +47,9 @@ type CheckPermissionResponse struct {
 			Allowed bool `json:"allowed"`
 		} `json:"checkPermission"`
 	} `json:"data"`
+	Errors []struct {
+		Message string `json:"message"`
+	} `json:"errors"`
 }
 
 type GraphQLQuery struct {
@@ -106,10 +111,31 @@ func (c *Client) executeRequest(req *http.Request) (bool, error) {
 	}
 	defer resp.Body.Close()
 
+	if resp.StatusCode != http.StatusOK {
+		return false, fmt.Errorf("server returned non-OK status: %d", resp.StatusCode)
+	}
+
+	bodyBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, fmt.Errorf("failed to read response body: %w", err)
+	}
+
+	fmt.Printf("Response body: %s\n", string(bodyBytes))
+
+	resp.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
+
 	var response CheckPermissionResponse
 	if err := json.NewDecoder(resp.Body).Decode(&response); err != nil {
 		return false, fmt.Errorf("failed to decode response: %w", err)
 	}
 
-	return response.Data.CheckPermission.Allowed, nil
+	if len(response.Errors) > 0 {
+		return false, fmt.Errorf("GraphQL error: %s", response.Errors[0].Message)
+	}
+
+	if response.Data.CheckPermission.Allowed {
+		return true, nil
+	}
+
+	return false, nil
 }

cerbos/client/check_test.go

@@ -3,6 +3,7 @@ package client
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@@ -103,7 +104,7 @@ func TestClient_CheckPermission(t *testing.T) {
 				Action:   "read",
 			},
 			serverStatus: http.StatusInternalServerError,
-			wantErr:      "failed to decode response",
+			wantErr:      fmt.Sprint("server returned non-OK status: ", http.StatusInternalServerError),
 		},
 	}
 

cerbos/client/permission_checker.go

@@ -19,16 +19,13 @@ func NewPermissionChecker(service string, dashboardURL string) *PermissionChecke
 	}
 }
 
-func (p *PermissionChecker) CheckPermission(ctx context.Context, authInfo *appx.AuthInfo, resource string, action string) (bool, error) {
+func (p *PermissionChecker) CheckPermission(ctx context.Context, authInfo *appx.AuthInfo, userId string, resource string, action string) (bool, error) {
 	if p == nil {
 		return false, fmt.Errorf("permission checker not found")
 	}
 
-	if authInfo == nil {
-		return false, fmt.Errorf("auth info not found")
-	}
-
 	input := CheckPermissionInput{
+		UserId:   userId,
 		Service:  p.Service,
 		Resource: resource,
 		Action:   action,

cerbos/generator/builder_test.go

@@ -176,7 +176,26 @@ func TestResourceBuilder_Build(t *testing.T) {
 				resources:   tt.resources,
 			}
 			result := builder.Build()
-			assert.Equal(t, tt.expected, result)
+
+			assert.Equal(t, len(tt.expected), len(result))
+
+			expectedMap := make(map[string]ResourceDefinition)
+			for _, res := range tt.expected {
+				expectedMap[res.Resource] = res
+			}
+
+			resultMap := make(map[string]ResourceDefinition)
+			for _, res := range result {
+				resultMap[res.Resource] = res
+			}
+
+			for resource, expectedDef := range expectedMap {
+				resultDef, exists := resultMap[resource]
+				assert.True(t, exists)
+				if exists {
+					assert.ElementsMatch(t, expectedDef.Actions, resultDef.Actions)
+				}
+			}
 		})
 	}
 }