fix: internalrepo v2 (#996)

* fix: internalrepo v2

* fix: acl for internalrepourls

* fix: api.yaml indent

* feat: new tests for internalrepourls

---------

Co-authored-by: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com>
Co-authored-by: otomi-admin <63190600+ferruhcihan@users.noreply.github.com>

Author: 3 people

src/api.authz.test.ts

@@ -781,14 +781,23 @@ describe('API authz tests', () => {
         .expect(200)
     })
 
-    test('team member can get internal repository urls', async () => {
+    test('team member can get own internal repository urls', async () => {
       jest.spyOn(otomiStack, 'getInternalRepoUrls').mockResolvedValue([])
+
       await agent
-        .get(`/v1/internalRepoUrls`)
-        .query({ teamId })
+        .get(`/v2/teams/${teamId}/internalRepoUrls`)
         .set('Authorization', `Bearer ${teamMemberToken}`)
         .expect(200)
     })
+
+    test('team member cannot get other internal repository urls', async () => {
+      jest.spyOn(otomiStack, 'getInternalRepoUrls').mockResolvedValue([])
+
+      await agent
+        .get(`/v2/teams/${otherTeamId}/internalRepoUrls`)
+        .set('Authorization', `Bearer ${teamMemberToken}`)
+        .expect(403)
+    })
   })
 
   describe('Policy endpoint tests', () => {

src/api/v1/internalRepoUrls.ts

@@ -0,0 +1,18 @@
+import Debug from 'debug'
+import { Response } from 'express'
+import { OpenApiRequestExt } from 'src/otomi-models'
+
+const debug = Debug('otomi:api:v2:internalRepoUrls')
+
+/**
+ * GET /v2/teams/{teamId}/internalRepoUrls
+ * Get internal repository URLs for a team
+ */
+export const getInternalRepoUrls = async (req: OpenApiRequestExt, res: Response): Promise<void> => {
+  const { teamId } = req.params
+
+  debug(`getInternalRepoUrls ${teamId}`)
+
+  const v = await req.otomi.getInternalRepoUrls(teamId)
+  res.json(v)
+}

src/api/v2/teams/{teamId}/internalRepoUrls.ts

@@ -2753,17 +2753,14 @@ paths:
               schema:
                 $ref: '#/components/schemas/TestRepoConnect'
 
-  /v1/internalRepoUrls:
+  '/v2/teams/{teamId}/internalRepoUrls':
+    parameters:
+      - $ref: '#/components/parameters/teamParams'
     get:
       operationId: getInternalRepoUrls
-      x-eov-operation-handler: v1/internalRepoUrls
+      x-eov-operation-handler: v2/teams/{teamId}/internalRepoUrls
+      description: Get internal repository URLs for a team
       x-aclSchema: InternalRepoUrls
-      parameters:
-        - name: teamId
-          in: query
-          description: ID of the team
-          schema:
-            type: string
       responses:
         '400':
           $ref: '#/components/responses/BadRequest'

src/openapi/api.yaml

@@ -1,8 +1,11 @@
 InternalRepoUrls:
   x-acl:
-    platformAdmin: [read-any]
-    teamAdmin: [read-any]
-    teamMember: [read-any]
+    platformAdmin:
+      - read-any
+    teamAdmin:
+      - read
+    teamMember:
+      - read
   type: array
   items:
     type: string