Add handlers for updating and deleting policies

api/server/handlers/policy/create.go

@@ -33,7 +33,7 @@ func (p *PolicyCreateHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 	user, _ := r.Context().Value(types.UserScope).(*models.User)
 	proj, _ := r.Context().Value(types.ProjectScope).(*models.Project)
 
-	req := &types.CreatePolicy{}
+	req := &types.CreatePolicyRequest{}
 
 	if ok := p.DecodeAndValidate(w, r, req); !ok {
 		return

api/server/handlers/policy/delete.go

@@ -0,0 +1,43 @@
+package policy
+
+import (
+	"net/http"
+
+	"github.com/porter-dev/porter/api/server/handlers"
+	"github.com/porter-dev/porter/api/server/shared"
+	"github.com/porter-dev/porter/api/server/shared/config"
+	"github.com/porter-dev/porter/api/server/shared/requestutils"
+	"github.com/porter-dev/porter/api/types"
+	"github.com/porter-dev/porter/internal/models"
+)
+
+type PolicyDeleteHandler struct {
+	handlers.PorterHandlerReadWriter
+}
+
+func NewPolicyDeleteHandler(
+	config *config.Config,
+	decoderValidator shared.RequestDecoderValidator,
+	writer shared.ResultWriter,
+) *PolicyDeleteHandler {
+	return &PolicyDeleteHandler{
+		PorterHandlerReadWriter: handlers.NewDefaultPorterHandler(config, decoderValidator, writer),
+	}
+}
+
+func (p *PolicyDeleteHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	proj, _ := r.Context().Value(types.ProjectScope).(*models.Project)
+
+	policyID, reqErr := requestutils.GetURLParamString(r, types.URLParamPolicyID)
+
+	if reqErr != nil {
+		p.HandleAPIError(w, r, reqErr)
+		return
+	}
+
+	policy, err := p.Repo().Policy().ReadPolicy(proj.ID, policyID)
+
+	if err == nil {
+		p.Repo().Policy().DeletePolicy(policy)
+	}
+}

api/server/handlers/policy/update.go

@@ -0,0 +1,91 @@
+package policy
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/porter-dev/porter/api/server/handlers"
+	"github.com/porter-dev/porter/api/server/shared"
+	"github.com/porter-dev/porter/api/server/shared/apierrors"
+	"github.com/porter-dev/porter/api/server/shared/config"
+	"github.com/porter-dev/porter/api/server/shared/requestutils"
+	"github.com/porter-dev/porter/api/types"
+	"github.com/porter-dev/porter/internal/models"
+	"gorm.io/gorm"
+)
+
+type PolicyUpdateHandler struct {
+	handlers.PorterHandlerReadWriter
+}
+
+func NewPolicyUpdateHandler(
+	config *config.Config,
+	decoderValidator shared.RequestDecoderValidator,
+	writer shared.ResultWriter,
+) *PolicyUpdateHandler {
+	return &PolicyUpdateHandler{
+		PorterHandlerReadWriter: handlers.NewDefaultPorterHandler(config, decoderValidator, writer),
+	}
+}
+
+func (p *PolicyUpdateHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	proj, _ := r.Context().Value(types.ProjectScope).(*models.Project)
+
+	policyID, reqErr := requestutils.GetURLParamString(r, types.URLParamPolicyID)
+
+	if reqErr != nil {
+		p.HandleAPIError(w, r, reqErr)
+		return
+	}
+
+	req := &types.UpdatePolicyRequest{}
+
+	if ok := p.DecodeAndValidate(w, r, req); !ok {
+		return
+	}
+
+	policy, err := p.Repo().Policy().ReadPolicy(proj.ID, policyID)
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(
+				fmt.Errorf("policy with id %s not found in project", policyID),
+				http.StatusNotFound,
+			))
+			return
+		}
+
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	policyBytes, err := json.Marshal(req.Policy)
+
+	if err != nil {
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	if !bytes.Equal(policyBytes, policy.PolicyBytes) {
+		policy.PolicyBytes = policyBytes
+
+		policy, err = p.Repo().Policy().UpdatePolicy(policy)
+
+		if err != nil {
+			p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+			return
+		}
+	}
+
+	res, err := policy.ToAPIPolicyType()
+
+	if err != nil {
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	p.WriteResult(w, r, res)
+}

api/server/router/project.go

@@ -1035,6 +1035,64 @@ func getProjectRoutes(
 		Router:   r,
 	})
 
+	// PATCH /api/projects/{project_id}/policies/{policy_id} -> policy.NewPolicyUpdateHandler
+	policyUpdateEndpoint := factory.NewAPIEndpoint(
+		&types.APIRequestMetadata{
+			Verb:   types.APIVerbUpdate,
+			Method: types.HTTPVerbPatch,
+			Path: &types.Path{
+				Parent:       basePath,
+				RelativePath: fmt.Sprintf("%s/policies/{%s}", relPath, types.URLParamPolicyID),
+			},
+			Scopes: []types.PermissionScope{
+				types.UserScope,
+				types.ProjectScope,
+				types.SettingsScope,
+			},
+		},
+	)
+
+	policyUpdateHandler := policy.NewPolicyUpdateHandler(
+		config,
+		factory.GetDecoderValidator(),
+		factory.GetResultWriter(),
+	)
+
+	routes = append(routes, &router.Route{
+		Endpoint: policyUpdateEndpoint,
+		Handler:  policyUpdateHandler,
+		Router:   r,
+	})
+
+	// DELETE /api/projects/{project_id}/policies/{policy_id} -> policy.NewPolicyDeleteHandler
+	policyDeleteEndpoint := factory.NewAPIEndpoint(
+		&types.APIRequestMetadata{
+			Verb:   types.APIVerbDelete,
+			Method: types.HTTPVerbDelete,
+			Path: &types.Path{
+				Parent:       basePath,
+				RelativePath: fmt.Sprintf("%s/policies/{%s}", relPath, types.URLParamPolicyID),
+			},
+			Scopes: []types.PermissionScope{
+				types.UserScope,
+				types.ProjectScope,
+				types.SettingsScope,
+			},
+		},
+	)
+
+	policyDeleteHandler := policy.NewPolicyDeleteHandler(
+		config,
+		factory.GetDecoderValidator(),
+		factory.GetResultWriter(),
+	)
+
+	routes = append(routes, &router.Route{
+		Endpoint: policyDeleteEndpoint,
+		Handler:  policyDeleteHandler,
+		Router:   r,
+	})
+
 	//  POST /api/projects/{project_id}/api_token -> api_token.NewAPITokenCreateHandler
 	apiTokenCreateEndpoint := factory.NewAPIEndpoint(
 		&types.APIRequestMetadata{

api/types/policy.go

@@ -157,11 +157,15 @@ var ViewerPolicy = []*PolicyDocument{
 	},
 }
 
-type CreatePolicy struct {
+type CreatePolicyRequest struct {
 	Name   string            `json:"name" form:"required"`
 	Policy []*PolicyDocument `json:"policy" form:"required"`
 }
 
+type UpdatePolicyRequest struct {
+	Policy []*PolicyDocument `json:"policy" form:"required"`
+}
+
 const URLParamPolicyID URLParam = "policy_id"
 
 type APIPolicyMeta struct {

internal/models/policy.go

@@ -12,10 +12,10 @@ type Policy struct {
 
 	UniqueID string `gorm:"unique"`
 
-	ProjectID       uint   `gorm:"not null;check:project_id>0"`
-	CreatedByUserID uint   `gorm:"not null;check:created_by_user_id>0"`
-	Name            string `gorm:"not null;check:name!=''"`
-	PolicyBytes     []byte `gorm:"not null"`
+	ProjectID       uint
+	CreatedByUserID uint
+	Name            string
+	PolicyBytes     []byte
 }
 
 func (p *Policy) ToAPIPolicyTypeMeta() *types.APIPolicyMeta {

internal/models/project_role.go

@@ -7,12 +7,12 @@ import (
 type ProjectRole struct {
 	gorm.Model
 
-	ProjectID uint `gorm:"not null;check:project_id>0"`
-	PolicyID  uint `gorm:"not null;check:policy_id>0"`
+	ProjectID uint
+	PolicyID  uint
 
 	UniqueID string `gorm:"unique"`
 
-	Name string `gorm:"not null;check:name!=''"`
+	Name string
 
-	Users []User
+	Users []User `gorm:"many2many:user_roles"`
 }

internal/repository/gorm/migrate.go

@@ -50,6 +50,7 @@ func AutoMigrate(db *gorm.DB, debug bool) error {
 		&models.Allowlist{},
 		&models.APIToken{},
 		&models.Policy{},
+		&models.ProjectRole{},
 		&models.Tag{},
 		&models.Stack{},
 		&models.StackRevision{},