document: --me で /scim/v2/{domain_code}/Me をフォールバック

buty4649 · claude · buty4649 · commit 90d11bfbc398 · 2026-04-17T16:02:57.000+09:00
XPOINT_USER（もしくは --xpoint-user）が設定されていればそれを使い、未設定時は
/scim/v2/{domain_code}/Me を呼んで認証ユーザの userName を取得するようにする。

Co-Authored-By: Claude Opus 4.7 &lt;noreply@anthropic.com&gt;
diff --git a/README.md b/README.md
@@ -104,7 +104,7 @@ xp document search --title 経費                       # 件名部分一致
 xp document search --form-name 稟議 --form-group-id 3 # フォーム名 + フォームグループID
 xp document search --writer alice --writer bob        # 申請者指定（複数可）
 xp document search --writer-group grp1                # 申請者グループ指定
-xp document search --me                               # 自分が申請者の書類
+xp document search --me                               # 自分が申請者の書類（XPOINT_USER、未設定なら /scim/v2/{domain_code}/Me から取得）
 xp document search --since 2024-01-01 --until 2024-12-31
 ```
 
diff --git a/cmd/document.go b/cmd/document.go
@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -75,7 +76,8 @@ Filter flags build a search body automatically:
   --form-group-id <n>      form group ID (fgid)
   --writer <code>          writer user code (repeatable)
   --writer-group <code>    writer user-group code (repeatable)
-  --me                     shorthand for --writer <current user code>
+  --me                     shorthand for --writer <current user code>;
+                           looked up via XPOINT_USER or /scim/v2/{domain_code}/Me
   --since <YYYY-MM-DD>     lower bound of 新規更新日 (cr_dt)
   --until <YYYY-MM-DD>     upper bound of 新規更新日 (cr_dt)
 
@@ -173,7 +175,7 @@ func init() {
 	f.IntVar(&docSearchFGID, "form-group-id", 0, "form group ID (fgid); 0 = omit")
 	f.StringSliceVar(&docSearchWriters, "writer", nil, "writer user code (repeatable)")
 	f.StringSliceVar(&docSearchGroups, "writer-group", nil, "writer user-group code (repeatable)")
-	f.BoolVar(&docSearchMe, "me", false, "restrict to documents written by the current user (XPOINT_USER)")
+	f.BoolVar(&docSearchMe, "me", false, "restrict to documents written by the current user (XPOINT_USER, or /scim/v2/{domain_code}/Me)")
 	f.StringVar(&docSearchSince, "since", "", "lower bound of 新規更新日 (YYYY-MM-DD)")
 	f.StringVar(&docSearchUntil, "until", "", "upper bound of 新規更新日 (YYYY-MM-DD)")
 
@@ -218,7 +220,14 @@ func runDocumentSearch(cmd *cobra.Command, args []string) error {
 		if len(bodyBytes) > 0 {
 			return fmt.Errorf("--body cannot be combined with filter flags (--title, --form-*, --writer*, --me, --since, --until)")
 		}
-		built, err := buildSearchBodyFromFlags()
+		meCode := ""
+		if docSearchMe {
+			meCode, err = resolveCurrentUserCode(cmd.Context(), client)
+			if err != nil {
+				return err
+			}
+		}
+		built, err := buildSearchBodyFromFlags(meCode)
 		if err != nil {
 			return err
 		}
@@ -460,9 +469,33 @@ type writerListEntry struct {
 	Code string `json:"code"`
 }
 
+// resolveCurrentUserCode returns the authenticated user's login ID for --me.
+// It prefers XPOINT_USER / --xpoint-user; if neither is set, it falls back to
+// GET /scim/v2/{domain_code}/Me (which requires OAuth2 and the domain code).
+func resolveCurrentUserCode(ctx context.Context, client *xpoint.Client) (string, error) {
+	if u := pick(flagUser, "XPOINT_USER"); u != "" {
+		return u, nil
+	}
+	domain := pick(flagDomainCode, "XPOINT_DOMAIN_CODE")
+	if domain == "" {
+		return "", fmt.Errorf("--me requires the current user code: set --xpoint-user / XPOINT_USER, or --xpoint-domain-code / XPOINT_DOMAIN_CODE to look it up via /scim/v2/{domain_code}/Me")
+	}
+	info, err := client.GetSelfInfo(ctx, domain)
+	if err != nil {
+		return "", fmt.Errorf("resolve --me via /scim/v2/%s/Me: %w", domain, err)
+	}
+	if info.UserName == "" {
+		return "", fmt.Errorf("resolve --me: userName is empty in /scim/v2/%s/Me response", domain)
+	}
+	return info.UserName, nil
+}
+
 // buildSearchBodyFromFlags converts --title / --form-* / --writer* / --me /
 // --since / --until into a JSON request body for POST /api/v1/search/documents.
-func buildSearchBodyFromFlags() (json.RawMessage, error) {
+//
+// meCode is the resolved user code to use for --me (empty if --me was not set
+// or resolution is not needed).
+func buildSearchBodyFromFlags(meCode string) (json.RawMessage, error) {
 	body := map[string]any{}
 
 	if docSearchTitle != "" {
@@ -489,12 +522,8 @@ func buildSearchBodyFromFlags() (json.RawMessage, error) {
 			writers = append(writers, writerListEntry{Type: "group", Code: code})
 		}
 	}
-	if docSearchMe {
-		me := pick(flagUser, "XPOINT_USER")
-		if me == "" {
-			return nil, fmt.Errorf("--me requires the current user code: set --xpoint-user or XPOINT_USER")
-		}
-		writers = append(writers, writerListEntry{Type: "user", Code: me})
+	if meCode != "" {
+		writers = append(writers, writerListEntry{Type: "user", Code: meCode})
 	}
 	if len(writers) > 0 {
 		body["writer_list"] = writers
diff --git a/cmd/document_test.go b/cmd/document_test.go
@@ -1,6 +1,7 @@
 package cmd
 
 import (
+	"context"
 	"encoding/json"
 	"io"
 	"os"
@@ -13,18 +14,7 @@ import (
 // zero values so each test starts from a clean slate.
 func resetSearchFlags(t *testing.T) {
 	t.Helper()
-	docSearchBody = ""
-	docSearchTitle = ""
-	docSearchFormName = ""
-	docSearchFormID = 0
-	docSearchFGID = 0
-	docSearchWriters = nil
-	docSearchGroups = nil
-	docSearchMe = false
-	docSearchSince = ""
-	docSearchUntil = ""
-	flagUser = ""
-	t.Cleanup(func() {
+	clear := func() {
 		docSearchBody = ""
 		docSearchTitle = ""
 		docSearchFormName = ""
@@ -36,7 +26,10 @@ func resetSearchFlags(t *testing.T) {
 		docSearchSince = ""
 		docSearchUntil = ""
 		flagUser = ""
-	})
+		flagDomainCode = ""
+	}
+	clear()
+	t.Cleanup(clear)
 }
 
 func TestBuildSearchBody_TitleAndForm(t *testing.T) {
@@ -46,7 +39,7 @@ func TestBuildSearchBody_TitleAndForm(t *testing.T) {
 	docSearchFormID = 42
 	docSearchFGID = 7
 
-	raw, err := buildSearchBodyFromFlags()
+	raw, err := buildSearchBodyFromFlags("")
 	if err != nil {
 		t.Fatalf("build: %v", err)
 	}
@@ -73,7 +66,7 @@ func TestBuildSearchBody_Writers(t *testing.T) {
 	docSearchWriters = []string{"u1", "u2"}
 	docSearchGroups = []string{"g1"}
 
-	raw, err := buildSearchBodyFromFlags()
+	raw, err := buildSearchBodyFromFlags("")
 	if err != nil {
 		t.Fatalf("build: %v", err)
 	}
@@ -100,41 +93,15 @@ func TestBuildSearchBody_Writers(t *testing.T) {
 	}
 }
 
-func TestBuildSearchBody_MeRequiresUser(t *testing.T) {
-	resetSearchFlags(t)
-	docSearchMe = true
-
-	_, err := buildSearchBodyFromFlags()
-	if err == nil || !strings.Contains(err.Error(), "--me requires") {
-		t.Errorf("err = %v", err)
-	}
-}
-
-func TestBuildSearchBody_MeWithFlagUser(t *testing.T) {
+func TestBuildSearchBody_MeCodeAppendsWriter(t *testing.T) {
 	resetSearchFlags(t)
-	docSearchMe = true
-	flagUser = "alice"
 
-	raw, err := buildSearchBodyFromFlags()
+	raw, err := buildSearchBodyFromFlags("alice")
 	if err != nil {
 		t.Fatalf("build: %v", err)
 	}
 	if !strings.Contains(string(raw), `"code":"alice"`) {
-		t.Errorf("body missing current user: %s", string(raw))
-	}
-}
-
-func TestBuildSearchBody_MeFromEnv(t *testing.T) {
-	resetSearchFlags(t)
-	docSearchMe = true
-	t.Setenv("XPOINT_USER", "bob")
-
-	raw, err := buildSearchBodyFromFlags()
-	if err != nil {
-		t.Fatalf("build: %v", err)
-	}
-	if !strings.Contains(string(raw), `"code":"bob"`) {
-		t.Errorf("body missing env user: %s", string(raw))
+		t.Errorf("body missing me user: %s", string(raw))
 	}
 }
 
@@ -143,7 +110,7 @@ func TestBuildSearchBody_SinceUntil(t *testing.T) {
 	docSearchSince = "2024-01-15"
 	docSearchUntil = "2024-12-31"
 
-	raw, err := buildSearchBodyFromFlags()
+	raw, err := buildSearchBodyFromFlags("")
 	if err != nil {
 		t.Fatalf("build: %v", err)
 	}
@@ -169,12 +136,49 @@ func TestBuildSearchBody_InvalidSince(t *testing.T) {
 	resetSearchFlags(t)
 	docSearchSince = "2024/01/15"
 
-	_, err := buildSearchBodyFromFlags()
+	_, err := buildSearchBodyFromFlags("")
 	if err == nil || !strings.Contains(err.Error(), "--since") {
 		t.Errorf("err = %v", err)
 	}
 }
 
+func TestResolveCurrentUserCode_UsesFlagUser(t *testing.T) {
+	resetSearchFlags(t)
+	flagUser = "alice"
+
+	code, err := resolveCurrentUserCode(context.Background(), nil)
+	if err != nil {
+		t.Fatalf("resolve: %v", err)
+	}
+	if code != "alice" {
+		t.Errorf("code = %q, want alice", code)
+	}
+}
+
+func TestResolveCurrentUserCode_UsesEnvUser(t *testing.T) {
+	resetSearchFlags(t)
+	t.Setenv("XPOINT_USER", "bob")
+
+	code, err := resolveCurrentUserCode(context.Background(), nil)
+	if err != nil {
+		t.Fatalf("resolve: %v", err)
+	}
+	if code != "bob" {
+		t.Errorf("code = %q, want bob", code)
+	}
+}
+
+func TestResolveCurrentUserCode_ErrorsWithoutUserOrDomain(t *testing.T) {
+	resetSearchFlags(t)
+	t.Setenv("XPOINT_USER", "")
+	t.Setenv("XPOINT_DOMAIN_CODE", "")
+
+	_, err := resolveCurrentUserCode(context.Background(), nil)
+	if err == nil || !strings.Contains(err.Error(), "--xpoint-user") {
+		t.Errorf("err = %v", err)
+	}
+}
+
 func TestRunDocumentSearch_BodyAndFilterConflict(t *testing.T) {
 	resetSearchFlags(t)
 	t.Setenv("XPOINT_SUBDOMAIN", "acme")
diff --git a/internal/xpoint/client.go b/internal/xpoint/client.go
@@ -355,6 +355,26 @@ func (c *Client) DeleteDocument(ctx context.Context, docID int) (*DeleteDocument
 	return &out, nil
 }
 
+type SelfInfo struct {
+	ID          string `json:"id"`
+	UserName    string `json:"userName"`
+	DisplayName string `json:"displayName"`
+}
+
+// GetSelfInfo calls GET /scim/v2/{domain_code}/Me to fetch the authenticated
+// user's info. Requires OAuth2 bearer auth.
+func (c *Client) GetSelfInfo(ctx context.Context, domainCode string) (*SelfInfo, error) {
+	if domainCode == "" {
+		return nil, fmt.Errorf("domain code is required for /scim/v2/{domain_code}/Me")
+	}
+	path := fmt.Sprintf("/scim/v2/%s/Me", url.PathEscape(domainCode))
+	var out SelfInfo
+	if err := c.do(ctx, http.MethodGet, path, nil, nil, &out); err != nil {
+		return nil, err
+	}
+	return &out, nil
+}
+
 // DownloadPDF calls GET /api/v1/documents/{docid}/pdf and returns the PDF
 // bytes and the server-provided filename (parsed from Content-Disposition,
 // which may use RFC 5987 encoding). The filename is empty when the server
diff --git a/internal/xpoint/client_test.go b/internal/xpoint/client_test.go
@@ -356,6 +356,37 @@ func TestDocumentURL(t *testing.T) {
 	}
 }
 
+func TestGetSelfInfo(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Method != http.MethodGet {
+			t.Errorf("method = %s, want GET", r.Method)
+		}
+		if r.URL.Path != "/scim/v2/acme/Me" {
+			t.Errorf("path = %s", r.URL.Path)
+		}
+		w.Header().Set("Content-Type", "application/scim+json")
+		_, _ = w.Write([]byte(`{"id":"100","userName":"u001","displayName":"田中"}`))
+	}))
+	defer srv.Close()
+
+	c := clientForServer(srv)
+	info, err := c.GetSelfInfo(context.Background(), "acme")
+	if err != nil {
+		t.Fatalf("GetSelfInfo: %v", err)
+	}
+	if info.UserName != "u001" || info.ID != "100" || info.DisplayName != "田中" {
+		t.Errorf("info = %+v", info)
+	}
+}
+
+func TestGetSelfInfo_RequiresDomainCode(t *testing.T) {
+	c := NewClient("unused", Auth{AccessToken: "t"})
+	_, err := c.GetSelfInfo(context.Background(), "")
+	if err == nil || !strings.Contains(err.Error(), "domain code is required") {
+		t.Errorf("err = %v", err)
+	}
+}
+
 func TestDownloadPDF(t *testing.T) {
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != http.MethodGet {
