defmodule ArcadiaCloudWeb.InventoryController do @moduledoc """ Cloud resource inventory. Scope rules (phase 1): - platform_admin tenants see every non-deleted resource - other tenants see only resources tagged to their tenant_id Filters: `?kind=droplet`, `?deployment_id=...` """ use ArcadiaCloudWeb, :controller alias ArcadiaCloud.Cloud def index(conn, params) do identity = conn.assigns.current_identity base_opts = [] |> maybe_put(:kind, params["kind"]) |> maybe_put(:deployment_id, params["deployment_id"]) opts = if platform_admin?(identity) do base_opts else Keyword.put(base_opts, :tenant_id, identity.tenant_id) end resources = Cloud.list_resources(opts) |> Enum.map(&shape/1) json(conn, %{resources: resources, count: length(resources)}) end defp platform_admin?(%{roles: roles}) when is_list(roles), do: "platform_admin" in roles defp platform_admin?(_), do: false defp maybe_put(opts, _key, nil), do: opts defp maybe_put(opts, _key, ""), do: opts defp maybe_put(opts, key, value), do: Keyword.put(opts, key, value) defp shape(r) do %{ id: r.id, provider: r.provider, provider_id: r.provider_id, kind: r.kind, name: r.name, region: r.region, status: r.status, size_slug: r.size_slug, tenant_id: r.tenant_id, deployment_id: r.deployment_id, tags: r.tags, first_seen_at: r.first_seen_at, last_seen_at: r.last_seen_at } end end