Return Views instead of Object models from the /authorize endpoint (#8)

fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/UserPermission.java

@@ -16,15 +16,41 @@
 
 package com.netflix.spinnaker.fiat.model;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.google.common.collect.ImmutableMap;
 import com.netflix.spinnaker.fiat.model.resources.Account;
 import com.netflix.spinnaker.fiat.model.resources.Application;
 import lombok.Data;
 
+import java.util.HashSet;
+import java.util.Map;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 @Data
 public class UserPermission {
   private String id;
-  private Set<Account> accounts;
-  private Set<Application> applications;
+  private Set<Account> accounts = new HashSet<>();
+  private Set<Application> applications = new HashSet<>();
+
+  @JsonIgnore
+  public View getView() {
+    return new View();
+  }
+
+  @Data
+  public class View {
+    String name = UserPermission.this.id;
+    Map<String, Object> resources = ImmutableMap.of(
+        "accounts",
+        UserPermission.this.accounts
+            .stream()
+            .map(Account::getView)
+            .collect(Collectors.toSet()),
+        "applications",
+        UserPermission.this.applications
+            .stream()
+            .map(Application::getView)
+            .collect(Collectors.toSet()));
+  }
 }

fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Account.java

@@ -35,6 +35,7 @@ public View getView() {
     return new View();
   }
 
+  @Data
   public class View {
     String name = Account.this.name;
     Set<Authorization> authorizations = ImmutableSet.of(Authorization.READ,

fiat-core/src/main/java/com/netflix/spinnaker/fiat/model/resources/Application.java

@@ -16,6 +16,8 @@
 
 package com.netflix.spinnaker.fiat.model.resources;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.google.common.collect.ImmutableSet;
 import com.netflix.spinnaker.fiat.model.Authorization;
 import lombok.Data;
 
@@ -25,4 +27,16 @@
 public class Application {
   private final String name;
   private final Set<Authorization> authorizations;
+
+  @JsonIgnore
+  public View getView() {
+    return new View();
+  }
+
+  @Data
+  public class View {
+    String name = Application.this.name;
+    Set<Authorization> authorizations = ImmutableSet.of(Authorization.READ,
+                                                        Authorization.WRITE);
+  }
 }

fiat-web/src/main/java/com/netflix/spinnaker/fiat/controllers/AuthorizeController.java

@@ -27,6 +27,7 @@
 
 import java.util.Optional;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 @RestController
 @RequestMapping("/authorize")
@@ -36,21 +37,31 @@ public class AuthorizeController {
   private PermissionsRepository permissionsRepository;
 
   @RequestMapping(value = "/{userId:.+}", method = RequestMethod.GET)
-  public UserPermission getUserPermission(@PathVariable String userId) {
-    return Optional.ofNullable(permissionsRepository.get(userId)).orElseThrow(NotFoundException::new);
+  public UserPermission.View getUserPermission(@PathVariable String userId) {
+    return Optional.ofNullable(permissionsRepository.get(userId))
+                   .map(UserPermission::getView)
+                   .orElseThrow(NotFoundException::new);
   }
 
   @RequestMapping(value = "/{userId:.+}/accounts", method = RequestMethod.GET)
-  public Set<Account> getUserAccounts(@PathVariable String userId) {
-    return getUserPermission(userId).getAccounts();
+  public Set<Account.View> getUserAccounts(@PathVariable String userId) {
+    return Optional.ofNullable(permissionsRepository.get(userId))
+                   .orElseThrow(NotFoundException::new)
+                   .getAccounts()
+                   .stream()
+                   .map(Account::getView)
+                   .collect(Collectors.toSet());
   }
 
   @RequestMapping(value = "/{userId:.+}/accounts/{accountName:.+}", method = RequestMethod.GET)
-  public Account getUserAccount(@PathVariable String userId, @PathVariable String accountName) {
-    return getUserAccounts(userId)
-        .stream()
-        .filter(account -> accountName.equalsIgnoreCase(account.getName()))
-        .findFirst()
-        .orElseThrow(NotFoundException::new);
+  public Account.View getUserAccount(@PathVariable String userId, @PathVariable String accountName) {
+    return Optional.ofNullable(permissionsRepository.get(userId))
+                   .orElseThrow(NotFoundException::new)
+                   .getAccounts()
+                   .stream()
+                   .filter(account -> accountName.equalsIgnoreCase(account.getName()))
+                   .findFirst()
+                   .map(Account::getView)
+                   .orElseThrow(NotFoundException::new);
   }
 }

fiat-web/src/test/groovy/com/netflix/spinnaker/fiat/controllers/AuthorizeControllerSpec.groovy

@@ -40,7 +40,7 @@ class AuthorizeControllerSpec extends Specification {
       def result = controller.getUserPermission("foo")
 
     then:
-      result == foo
+      result == foo.view
   }
 
   def "should get user's accounts from repo"() {
@@ -61,7 +61,7 @@ class AuthorizeControllerSpec extends Specification {
       def result = controller.getUserAccounts("foo")
 
     then:
-      result == [bar] as Set
+      result == [bar.view] as Set
   }
 
   def "should get user's accounts by name from repo"() {
@@ -82,6 +82,6 @@ class AuthorizeControllerSpec extends Specification {
       def result = controller.getUserAccount("foo", "bar")
 
     then:
-      result == bar
+      result == bar.view
   }
 }