rebase, fix moved cilent, update interceptor

Signed-off-by: Sarah Funkhouser <[email protected]>

Author: golanglemonade

internal/ent/generated/accessmap.go

@@ -5,89 +5,88 @@ import (
 
 	"entgo.io/ent"
 
-	"github.com/rs/zerolog"
 	"github.com/theopenlane/iam/auth"
-	"github.com/theopenlane/iam/fgax"
 
 	"github.com/theopenlane/core/internal/ent/generated"
 	"github.com/theopenlane/core/internal/ent/generated/intercept"
 	"github.com/theopenlane/core/internal/ent/generated/predicate"
 	"github.com/theopenlane/core/internal/ent/generated/standard"
+	"github.com/theopenlane/core/internal/ent/generated/trustcenter"
+	"github.com/theopenlane/core/internal/ent/generated/trustcentercompliance"
 	"github.com/theopenlane/core/internal/ent/privacy/rule"
-	"github.com/theopenlane/core/internal/ent/privacy/utils"
 )
 
 // TraverseStandard only returns public standards and standards owned by the organization
 func TraverseStandard() ent.Interceptor {
 	return intercept.TraverseStandard(func(ctx context.Context, q *generated.StandardQuery) error {
-		zerolog.Ctx(ctx).Debug().Msg("traversing standard")
-
 		anon, isAnon := auth.AnonymousTrustCenterUserFromContext(ctx)
 		if isAnon {
-			standardIDs, err := getAllowedTrustCenterStandards(ctx, anon.TrustCenterID)
-			if err != nil {
-				return err
-			}
-
-			q.Where(standard.IDIn(standardIDs...))
-		} else {
-			orgIDs, err := auth.GetOrganizationIDsFromContext(ctx)
-			if err != nil {
-				return err
-			}
-
-			systemStandardPredicates := []predicate.Standard{
-				standard.OwnerIDIsNil(),
-				standard.SystemOwned(true),
-			}
-
-			admin, err := rule.CheckIsSystemAdminWithContext(ctx)
-			if err != nil {
-				return err
-			}
-
-			if !admin {
-				// if the user is a not-system admin, restrict to only public standards
-				systemStandardPredicates = append(systemStandardPredicates, standard.IsPublic(true))
-			}
-
-			// filter to return system owned standards and standards owned by the organization
 			q.Where(
-				standard.Or(
-					standard.And(
-						systemStandardPredicates...,
+				standard.HasTrustCenterCompliancesWith(
+					trustcentercompliance.HasTrustCenterWith(
+						trustcenter.OwnerID(anon.OrganizationID),
 					),
-					standard.OwnerIDIn(orgIDs...),
 				),
 			)
+			return nil
 		}
 
-		return nil
-	})
-}
-
-func getAllowedTrustCenterStandards(ctx context.Context, tcID string) ([]string, error) {
-	req := fgax.ListRequest{
-		SubjectID:   tcID,
-		SubjectType: "trust_center",
-		ObjectType:  "standard",
-		Relation:    "associated_with",
-	}
+		orgIDs, err := auth.GetOrganizationIDsFromContext(ctx)
+		if err != nil {
+			return err
+		}
 
-	zerolog.Ctx(ctx).Debug().Interface("req", req).Msg("getting authorized object ids")
+		systemStandardPredicates := []predicate.Standard{
+			standard.OwnerIDIsNil(),
+			standard.SystemOwned(true),
+		}
 
-	resp, err := utils.AuthzClientFromContext(ctx).ListObjectsRequest(ctx, req)
-	if err != nil {
-		return []string{}, err
-	}
-	standardIDs := []string{}
-	for _, obj := range resp.Objects {
-		entity, err := fgax.ParseEntity(obj)
+		admin, err := rule.CheckIsSystemAdminWithContext(ctx)
 		if err != nil {
-			return []string{}, nil
+			return err
+		}
+
+		if !admin {
+			// if the user is a not-system admin, restrict to only public standards
+			systemStandardPredicates = append(systemStandardPredicates, standard.IsPublic(true))
 		}
-		standardIDs = append(standardIDs, entity.Identifier)
-	}
 
-	return standardIDs, nil
+		// filter to return system owned standards and standards owned by the organization
+		q.Where(
+			standard.Or(
+				standard.And(
+					systemStandardPredicates...,
+				),
+				standard.OwnerIDIn(orgIDs...),
+			),
+		)
+
+		return nil
+	})
 }
+
+// func getAllowedTrustCenterStandards(ctx context.Context, tcID string) ([]string, error) {
+// 	req := fgax.ListRequest{
+// 		SubjectID:   tcID,
+// 		SubjectType: "trust_center",
+// 		ObjectType:  "standard",
+// 		Relation:    "associated_with",
+// 	}
+
+// 	zerolog.Ctx(ctx).Debug().Interface("req", req).Msg("getting authorized object ids")
+
+// 	resp, err := utils.AuthzClientFromContext(ctx).ListObjectsRequest(ctx, req)
+// 	if err != nil {
+// 		return []string{}, err
+// 	}
+// 	standardIDs := []string{}
+// 	for _, obj := range resp.Objects {
+// 		entity, err := fgax.ParseEntity(obj)
+// 		if err != nil {
+// 			return []string{}, nil
+// 		}
+// 		standardIDs = append(standardIDs, entity.Identifier)
+// 	}
+
+// 	return standardIDs, nil
+// }

internal/ent/generated/gql_collection.go

@@ -8,6 +8,7 @@ import (
 	"github.com/gertd/go-pluralize"
 	"github.com/theopenlane/entx"
 
+	"github.com/theopenlane/core/internal/ent/generated/hook"
 	"github.com/theopenlane/core/internal/ent/hooks"
 	"github.com/theopenlane/core/internal/ent/interceptors"
 	"github.com/theopenlane/core/internal/ent/mixin"
@@ -155,6 +156,10 @@ func (Standard) Hooks() []ent.Hook {
 		hooks.HookStandardPublicAccessTuples(),
 		hooks.HookStandardCreate(),
 		hooks.HookStandardDelete(),
+		hook.On(
+			hooks.OrgOwnedTuplesHook(),
+			ent.OpCreate,
+		),
 	}
 }
 

internal/ent/generated/runtime/runtime.go

@@ -16,6 +16,7 @@ import (
 	"github.com/theopenlane/core/internal/ent/hooks"
 	"github.com/theopenlane/core/internal/ent/interceptors"
 	"github.com/theopenlane/core/internal/ent/privacy/policy"
+	"github.com/theopenlane/entx/accessmap"
 	"github.com/theopenlane/iam/entfga"
 )
 
@@ -75,6 +76,9 @@ func (t TrustCenterCompliance) Edges() []ent.Edge {
 			edgeSchema: Standard{},
 			field:      "standard_id",
 			required:   true,
+			annotations: []schema.Annotation{
+				accessmap.EdgeViewCheck(Standard{}.Name()),
+			},
 		}),
 	}
 }