Prepare RepositoryMetadata role Updates for #1060 Compatibility (#1061)

Motivation
To ensure smooth compatibility with #1060, the `RepositoryMetadata` structure needs an update to support changes.
AS-IS:
```json
{
  "name": "minu-test",
  "perRolePermissions": {
    "owner": [
      "READ",
      "WRITE"
    ],
    "member": ["READ"],
    "guest": []
  },
  "perUserPermissions": {
    "[email protected]": [
      "READ"
    ],
    "[email protected]": [
      "READ",
      "WRITE"
    ]
  },
  "perTokenPermissions": {
    "goodman": [
      "READ"
    ]
  },
  "creation": {
    "user": "[email protected]",
    "timestamp": "2024-08-19T02:47:23.370762417Z"
  }
}
```

TO-BE:
```json
{
  "name": "minu-test",
  "roles": {
    "projects": {
      "member": "READ",
      "guest": null
    }
    "users": {
      "[email protected]": "READ",
      "[email protected]": "WRITE"
    },
    "tokens": {
      "goodman": "READ"
    }
  },
  "creation": {
    "user": "[email protected]",
    "timestamp": "2024-08-19T02:47:23.370762417Z"
  }
}
```

Modifications:
- Enhanced the `RepositoryMetadata` deserializers to accept both legacy and new formats.
- Added `RepositoryRole`.
  - It will be used for repository instead of `Permission`.
- Removed `MetadataApiService.updateSpecificUserPermission` and `updateSpecificTokenPermission`.
  - They are not used in the UI and we don't even have test cases for that.
  - Will add those APIs later with better API design when we need it.

Result:
- The `RepositoryMetadata` structure now supports the upcoming changes in #1060.

common/src/main/java/com/linecorp/centraldogma/common/ProjectRole.java

@@ -54,4 +54,19 @@ public static ProjectRole of(JsonNode node) {
             throw new IllegalArgumentException(e);
         }
     }
+
+    /**
+     * Returns {@code true} if this {@link ProjectRole} has the specified {@link ProjectRole}.
+     */
+    public boolean has(ProjectRole other) {
+        requireNonNull(other, "other");
+        if (this == OWNER) {
+            return true;
+        }
+        if (this == MEMBER) {
+            return other != OWNER;
+        }
+        // this == GUEST
+        return this == other;
+    }
 }

common/src/main/java/com/linecorp/centraldogma/common/RepositoryRole.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2024 LINE Corporation
+ *
+ * LINE Corporation licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package com.linecorp.centraldogma.common;
+
+import static java.util.Objects.requireNonNull;
+
+/**
+ * Roles for a repository.
+ */
+public enum RepositoryRole {
+    /**
+     * Able to read a file from a repository.
+     */
+    READ,
+    /**
+     * Able to write a file to a repository.
+     */
+    WRITE,
+    /**
+     * Able to manage a repository.
+     */
+    ADMIN;
+
+    /**
+     * Returns {@code true} if this {@link RepositoryRole} has the specified {@link RepositoryRole}.
+     */
+    public boolean has(RepositoryRole other) {
+        requireNonNull(other, "other");
+        if (this == ADMIN) {
+            return true;
+        }
+        if (this == WRITE) {
+            return other != ADMIN;
+        }
+        // this == READ
+        return this == other;
+    }
+}

common/src/main/java/com/linecorp/centraldogma/internal/Jackson.java

@@ -31,6 +31,7 @@
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.TreeNode;
 import com.fasterxml.jackson.core.io.JsonStringEncoder;
@@ -185,6 +186,10 @@ public static <T> T readValue(File file, TypeReference<T> typeReference) throws
         return compactMapper.readValue(file, typeReference);
     }
 
+    public static <T> T readValue(JsonParser jp, TypeReference<T> typeReference) throws IOException {
+        return compactMapper.readValue(jp, typeReference);
+    }
+
     public static JsonNode readTree(String data) throws JsonParseException {
         try {
             return compactMapper.readTree(data);

common/src/main/java/com/linecorp/centraldogma/internal/jsonpatch/RemoveIfExistsOperation.java

@@ -30,10 +30,10 @@
 import com.fasterxml.jackson.databind.node.ObjectNode;
 
 /**
- * JSON Path {@code remove} operation.
+ * JSON Path {@code removeIfExists} operation.
  *
- * <p>This operation only takes one pointer ({@code path}) as an argument. It
- * is an error condition if no JSON value exists at that pointer.</p>
+ * <p>This operation only takes one pointer ({@code path}) as an argument. Unlike, {@link RemoveOperation}, it
+ * does not throw an error if no JSON value exists at that pointer.</p>
  */
 public final class RemoveIfExistsOperation extends JsonPatchOperation {
 

server/src/main/java/com/linecorp/centraldogma/server/command/ContentTransformer.java

@@ -18,25 +18,27 @@
 import static com.google.common.base.Preconditions.checkArgument;
 import static java.util.Objects.requireNonNull;
 
+import java.util.function.BiFunction;
 import java.util.function.Function;
 
 import com.google.common.base.MoreObjects;
 
 import com.linecorp.centraldogma.common.EntryType;
+import com.linecorp.centraldogma.common.Revision;
 
 /**
  * A {@link Function} which is used for transforming the content at the specified path of the repository.
  */
-public final class ContentTransformer<T> {
+public class ContentTransformer<T> {
 
     private final String path;
     private final EntryType entryType;
-    private final Function<T, T> transformer;
+    private final BiFunction<Revision, T, T> transformer;
 
     /**
      * Creates a new instance.
      */
-    public ContentTransformer(String path, EntryType entryType, Function<T, T> transformer) {
+    public ContentTransformer(String path, EntryType entryType, BiFunction<Revision, T, T> transformer) {
         this.path = requireNonNull(path, "path");
         checkArgument(entryType == EntryType.JSON, "entryType: %s (expected: %s)", entryType, EntryType.JSON);
         this.entryType = requireNonNull(entryType, "entryType");
@@ -60,7 +62,7 @@ public EntryType entryType() {
     /**
      * Returns the {@link Function} which transforms the content.
      */
-    public Function<T, T> transformer() {
+    public BiFunction<Revision, T, T> transformer() {
         return transformer;
     }
 

server/src/main/java/com/linecorp/centraldogma/server/internal/api/HttpApiExceptionHandler.java

@@ -48,9 +48,10 @@
 import com.linecorp.centraldogma.common.RepositoryNotFoundException;
 import com.linecorp.centraldogma.common.RevisionNotFoundException;
 import com.linecorp.centraldogma.common.TooManyRequestsException;
-import com.linecorp.centraldogma.server.internal.admin.service.TokenNotFoundException;
 import com.linecorp.centraldogma.server.internal.storage.RequestAlreadyTimedOutException;
 import com.linecorp.centraldogma.server.internal.storage.repository.RepositoryMetadataException;
+import com.linecorp.centraldogma.server.metadata.MemberNotFoundException;
+import com.linecorp.centraldogma.server.metadata.TokenNotFoundException;
 
 /**
  * A default {@link ExceptionHandlerFunction} of HTTP API.
@@ -96,8 +97,9 @@ public final class HttpApiExceptionHandler implements ServerErrorHandler {
                     (ctx, cause) -> newResponse(ctx, HttpStatus.NOT_FOUND, cause,
                                                 "Revision %s does not exist.", cause.getMessage()))
                .put(TokenNotFoundException.class,
-                    (ctx, cause) -> newResponse(ctx, HttpStatus.NOT_FOUND, cause,
-                                                "Token '%s' does not exist.", cause.getMessage()))
+                    (ctx, cause) -> newResponse(ctx, HttpStatus.NOT_FOUND, cause, cause.getMessage()))
+               .put(MemberNotFoundException.class,
+                    (ctx, cause) -> newResponse(ctx, HttpStatus.NOT_FOUND, cause, cause.getMessage()))
                .put(QueryExecutionException.class,
                     (ctx, cause) -> newResponse(ctx, HttpStatus.BAD_REQUEST, cause))
                .put(UnsupportedOperationException.class,

server/src/main/java/com/linecorp/centraldogma/server/internal/api/MetadataApiService.java

@@ -29,7 +29,6 @@
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.core.type.TypeReference;
 import com.google.common.base.MoreObjects;
 
 import com.linecorp.armeria.common.util.Exceptions;
@@ -42,7 +41,6 @@
 import com.linecorp.centraldogma.common.Author;
 import com.linecorp.centraldogma.common.ProjectRole;
 import com.linecorp.centraldogma.common.Revision;
-import com.linecorp.centraldogma.internal.Jackson;
 import com.linecorp.centraldogma.internal.jsonpatch.JsonPatch;
 import com.linecorp.centraldogma.internal.jsonpatch.JsonPatchOperation;
 import com.linecorp.centraldogma.internal.jsonpatch.ReplaceOperation;
@@ -63,9 +61,6 @@
 @RequiresRole(roles = ProjectRole.OWNER)
 public class MetadataApiService extends AbstractService {
 
-    private static final TypeReference<Collection<Permission>> permissionsTypeRef =
-            new TypeReference<Collection<Permission>>() {};
-
     private final MetadataService mds;
     private final Function<String, String> loginNameNormalizer;
 
@@ -199,28 +194,6 @@ public CompletableFuture<Revision> addSpecificUserPermission(
                                         member, memberWithPermissions.permissions());
     }
 
-    /**
-     * PATCH /metadata/{projectName}/repos/{repoName}/perm/users/{memberId}
-     *
-     * <p>Updates {@link Permission}s for the specified {@code memberId} of the specified {@code repoName}
-     * in the specified {@code projectName}.
-     */
-    @Patch("/metadata/{projectName}/repos/{repoName}/perm/users/{memberId}")
-    @Consumes("application/json-patch+json")
-    public CompletableFuture<Revision> updateSpecificUserPermission(@Param String projectName,
-                                                                    @Param String repoName,
-                                                                    @Param String memberId,
-                                                                    JsonPatch jsonPatch,
-                                                                    Author author) {
-        final ReplaceOperation operation = ensureSingleReplaceOperation(jsonPatch, "/permissions");
-        final Collection<Permission> permissions = Jackson.convertValue(operation.value(), permissionsTypeRef);
-        final User member = new User(loginNameNormalizer.apply(urlDecode(memberId)));
-        return mds.findPermissions(projectName, repoName, member)
-                  .thenCompose(unused -> mds.updatePerUserPermission(author,
-                                                                     projectName, repoName, member,
-                                                                     permissions));
-    }
-
     /**
      * DELETE /metadata/{projectName}/repos/{repoName}/perm/users/{memberId}
      *
@@ -254,26 +227,6 @@ public CompletableFuture<Revision> addSpecificTokenPermission(
                                          tokenWithPermissions.id(), tokenWithPermissions.permissions());
     }
 
-    /**
-     * PATCH /metadata/{projectName}/repos/{repoName}/perm/tokens/{appId}
-     *
-     * <p>Updates {@link Permission}s for the specified {@code appId} of the specified {@code repoName}
-     * in the specified {@code projectName}.
-     */
-    @Patch("/metadata/{projectName}/repos/{repoName}/perm/tokens/{appId}")
-    @Consumes("application/json-patch+json")
-    public CompletableFuture<Revision> updateSpecificTokenPermission(@Param String projectName,
-                                                                     @Param String repoName,
-                                                                     @Param String appId,
-                                                                     JsonPatch jsonPatch,
-                                                                     Author author) {
-        final ReplaceOperation operation = ensureSingleReplaceOperation(jsonPatch, "/permissions");
-        final Collection<Permission> permissions = Jackson.convertValue(operation.value(), permissionsTypeRef);
-        return mds.findTokenByAppId(appId)
-                  .thenCompose(token -> mds.updatePerTokenPermission(
-                          author, projectName, repoName, appId, permissions));
-    }
-
     /**
      * DELETE /metadata/{projectName}/repos/{repoName}/perm/tokens/{appId}
      *

server/src/main/java/com/linecorp/centraldogma/server/internal/api/auth/ApplicationTokenAuthorizer.java

@@ -37,9 +37,9 @@
 import com.linecorp.armeria.server.auth.AuthTokenExtractors;
 import com.linecorp.armeria.server.auth.Authorizer;
 import com.linecorp.centraldogma.server.internal.admin.auth.AuthUtil;
-import com.linecorp.centraldogma.server.internal.admin.service.TokenNotFoundException;
 import com.linecorp.centraldogma.server.internal.api.HttpApiUtil;
 import com.linecorp.centraldogma.server.metadata.Token;
+import com.linecorp.centraldogma.server.metadata.TokenNotFoundException;
 import com.linecorp.centraldogma.server.metadata.Tokens;
 import com.linecorp.centraldogma.server.metadata.UserWithToken;
 

server/src/main/java/com/linecorp/centraldogma/server/internal/storage/repository/git/AbstractChangesApplier.java

@@ -38,14 +38,13 @@
 import com.linecorp.centraldogma.common.CentralDogmaException;
 import com.linecorp.centraldogma.common.Revision;
 import com.linecorp.centraldogma.internal.Jackson;
-import com.linecorp.centraldogma.server.internal.admin.service.TokenNotFoundException;
 import com.linecorp.centraldogma.server.storage.StorageException;
 
 abstract class AbstractChangesApplier {
 
     private static final byte[] EMPTY_BYTE = new byte[0];
 
-    int apply(Repository jGitRepository, @Nullable Revision baseRevision,
+    int apply(Repository jGitRepository, Revision headRevision,
               @Nullable ObjectId baseTreeId, DirCache dirCache) {
         try (ObjectInserter inserter = jGitRepository.newObjectInserter();
              ObjectReader reader = jGitRepository.newObjectReader()) {
@@ -59,16 +58,16 @@ int apply(Repository jGitRepository, @Nullable Revision baseRevision,
                 builder.finish();
             }
 
-            return doApply(dirCache, reader, inserter);
-        } catch (CentralDogmaException | TokenNotFoundException | IllegalArgumentException e) {
+            return doApply(headRevision, dirCache, reader, inserter);
+        } catch (CentralDogmaException e) {
             throw e;
         } catch (Exception e) {
-            throw new StorageException("failed to apply changes on revision: " +
-                                       (baseRevision != null ? baseRevision.major() : 0), e);
+            throw new StorageException("failed to apply changes on revision: " + headRevision.major(), e);
         }
     }
 
-    abstract int doApply(DirCache dirCache, ObjectReader reader, ObjectInserter inserter) throws IOException;
+    abstract int doApply(Revision headRevision, DirCache dirCache,
+                         ObjectReader reader, ObjectInserter inserter) throws IOException;
 
     static void applyPathEdit(DirCache dirCache, PathEdit edit) {
         final DirCacheEditor e = dirCache.editor();