fix: only return licensed application if feature is active (#611)

pmig · kosmoz · web-flow · commit 92cd1b9618b2 · 2025-03-07T22:20:24.000+01:00
Signed-off-by: Philip Miglinci &lt;pmig@glasskube.com&gt;
Co-authored-by: Jakob Steiner &lt;kosmoz@users.noreply.github.com&gt;
diff --git a/internal/db/applications.go b/internal/db/applications.go
@@ -5,6 +5,8 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/glasskube/distr/internal/util"
+
 	"github.com/glasskube/distr/internal/apierrors"
 	internalctx "github.com/glasskube/distr/internal/context"
 	"github.com/glasskube/distr/internal/types"
@@ -20,9 +22,20 @@ const (
 		coalesce((
 			SELECT array_agg(row(av.id, av.created_at, av.archived_at, av.name, av.application_id,
 				av.chart_type, av.chart_name, av.chart_url, av.chart_version) ORDER BY av.created_at ASC)
-			FROM applicationversion av
+			FROM ApplicationVersion av
 			WHERE av.application_id = a.id
-		), array[]::record[]) as versions `
+		), array[]::record[]) AS versions `
+
+	applicationWithLicensedVersionsOutputExpr = applicationOutputExpr + `,
+		coalesce((
+			SELECT array_agg(row(av.id, av.created_at, av.archived_at, av.name, av.application_id,
+				av.chart_type, av.chart_name, av.chart_url, av.chart_version) ORDER BY av.created_at ASC)
+			FROM ApplicationVersion av
+			WHERE av.application_id = a.id and
+				((av.id IN
+					(SELECT application_version_id FROM ApplicationLicense_ApplicationVersion WHERE application_license_id = al.id)
+					OR (SELECT NOT EXISTS (SELECT FROM ApplicationLicense_ApplicationVersion WHERE application_license_id = al.id)))
+		)), array[]::record[]) AS versions `
 )
 
 func CreateApplication(ctx context.Context, application *types.Application, orgID uuid.UUID) error {
@@ -88,22 +101,51 @@ func GetApplicationsByOrgID(ctx context.Context, orgID uuid.UUID) ([]types.Appli
 	}
 }
 
+func appendMissingVersions(application types.Application,
+	versions []types.ApplicationVersion) types.Application {
+
+	for _, version := range versions {
+		found := false
+		for _, existingVersion := range application.Versions {
+			if version.ID == existingVersion.ID {
+				found = true
+				break
+			}
+		}
+		if !found {
+			application.Versions = append(application.Versions, version)
+		}
+	}
+	return application
+}
+
+func mergeApplications(applications []types.Application) []types.Application {
+	applicationMap := make(map[uuid.UUID]types.Application)
+	for _, application := range applications {
+		if existingApplication, ok := applicationMap[application.ID]; ok {
+			applicationMap[application.ID] = appendMissingVersions(existingApplication, application.Versions)
+		} else {
+			applicationMap[application.ID] = application
+		}
+	}
+	return util.GetValues(applicationMap)
+}
+
 func GetApplicationsWithLicenseOwnerID(ctx context.Context, id uuid.UUID) ([]types.Application, error) {
 	db := internalctx.GetDb(ctx)
-	// TODO: Only include versions from at least one license
 	if rows, err := db.Query(ctx, `
-			SELECT DISTINCT `+applicationWithVersionsOutputExpr+`
+			SELECT DISTINCT `+applicationWithLicensedVersionsOutputExpr+`
 			FROM ApplicationLicense al
 				LEFT JOIN Application a ON al.application_id = a.id
-			WHERE al.owner_useraccount_id = @id
+			WHERE al.owner_useraccount_id = @id AND (al.expires_at IS NULL OR al.expires_at > now())
 			ORDER BY a.name
 			`, pgx.NamedArgs{"id": id}); err != nil {
 		return nil, fmt.Errorf("failed to query applications: %w", err)
 	} else if applications, err :=
 		pgx.CollectRows(rows, pgx.RowToStructByName[types.Application]); err != nil {
 		return nil, fmt.Errorf("failed to get applications: %w", err)
 	} else {
-		return applications, nil
+		return mergeApplications(applications), nil
 	}
 }
 
@@ -126,6 +168,27 @@ func GetApplication(ctx context.Context, id, orgID uuid.UUID) (*types.Applicatio
 	}
 }
 
+func GetApplicationWithLicenseOwnerID(ctx context.Context, oID uuid.UUID, id uuid.UUID) (*types.Application, error) {
+	db := internalctx.GetDb(ctx)
+	if rows, err := db.Query(ctx, `
+			SELECT DISTINCT `+applicationWithLicensedVersionsOutputExpr+`
+			FROM ApplicationLicense al
+				LEFT JOIN Application a ON al.application_id = a.id
+			WHERE al.owner_useraccount_id = @ownerID AND a.id = @id AND (al.expires_at IS NULL OR al.expires_at > now())
+			ORDER BY a.name
+			`, pgx.NamedArgs{"ownerID": oID, "id": id}); err != nil {
+		return nil, fmt.Errorf("failed to query applications: %w", err)
+	} else if applications, err :=
+		pgx.CollectRows(rows, pgx.RowToStructByName[types.Application]); err != nil {
+		if errors.Is(err, pgx.ErrNoRows) {
+			return nil, apierrors.ErrNotFound
+		}
+		return nil, fmt.Errorf("failed to get application: %w", err)
+	} else {
+		return &mergeApplications(applications)[0], nil
+	}
+}
+
 func GetApplicationForApplicationVersionID(ctx context.Context, id, orgID uuid.UUID) (*types.Application, error) {
 	db := internalctx.GetDb(ctx)
 	if rows, err := db.Query(ctx, `
diff --git a/internal/handlers/applications.go b/internal/handlers/applications.go
@@ -140,7 +140,40 @@ func getApplications(w http.ResponseWriter, r *http.Request) {
 }
 
 func getApplication(w http.ResponseWriter, r *http.Request) {
-	RespondJSON(w, internalctx.GetApplication(r.Context()))
+	ctx := r.Context()
+	auth := auth.Authentication.Require(ctx)
+	log := internalctx.GetLogger(ctx)
+
+	org, err := db.GetOrganizationByID(ctx, *auth.CurrentOrgID())
+	if err != nil {
+		log.Error("failed to get org", zap.Error(err))
+		sentry.GetHubFromContext(ctx).CaptureException(err)
+		http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+		return
+	}
+
+	if org.HasFeature(types.FeatureLicensing) && *auth.CurrentUserRole() == types.UserRoleCustomer {
+
+		if applicationID, err := uuid.Parse(r.PathValue("applicationId")); err != nil {
+			http.NotFound(w, r)
+			return
+		} else {
+			application, err := db.GetApplicationWithLicenseOwnerID(ctx, auth.CurrentUserID(), applicationID)
+			if errors.Is(err, apierrors.ErrNotFound) {
+				http.NotFound(w, r)
+			} else if err != nil {
+				log.Error("failed to get application", zap.Error(err))
+				sentry.GetHubFromContext(ctx).CaptureException(err)
+				http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
+			} else {
+				RespondJSON(w, application)
+			}
+		}
+
+	} else {
+		RespondJSON(w, internalctx.GetApplication(r.Context()))
+	}
+
 }
 
 func getApplicationVersion(w http.ResponseWriter, r *http.Request) {
diff --git a/internal/util/maps.go b/internal/util/maps.go
@@ -57,3 +57,11 @@ func MergeIntoRecursive(dst, src map[string]any) error {
 	}
 	return nil
 }
+
+func GetValues[K comparable, V any](src map[K]V) []V {
+	values := make([]V, 0, len(src))
+	for _, value := range src {
+		values = append(values, value)
+	}
+	return values
+}

Original file line number	Diff line number	Diff line change
`@@ -57,3 +57,11 @@ func MergeIntoRecursive(dst, src map[string]any) error {`
`57`	`57`	`}`
`58`	`58`	`return nil`
`59`	`59`	`}`
	`60`	`+`
	`61`	`+func GetValues[K comparable, V any](src map[K]V) []V {`
	`62`	`+ values := make([]V, 0, len(src))`
	`63`	`+ for _, value := range src {`
	`64`	`+ values = append(values, value)`
	`65`	`+ }`
	`66`	`+ return values`
	`67`	`+}`