fix(query): align roles api with table functions (#17843)

Author: everpcpc

src/query/service/src/servers/http/v1/roles.rs

@@ -13,7 +13,6 @@
 // limitations under the License.
 
 use databend_common_exception::Result;
-use databend_common_users::UserApiProvider;
 use poem::error::InternalServerError;
 use poem::error::Result as PoemResult;
 use poem::web::Json;
@@ -23,6 +22,8 @@ use serde::Serialize;
 
 use crate::servers::http::v1::HttpQueryContext;
 
+const PUBLIC_ROLE: &str = "public";
+
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct ListRolesResponse {
     pub roles: Vec<RoleInfo>,
@@ -35,47 +36,34 @@ pub struct RoleInfo {
     pub is_default: bool,
 }
 
+/// same as `show_roles` in
+/// src/query/service/src/table_functions/show_roles/show_roles_table.rs
 #[async_backtrace::framed]
 async fn handle(ctx: &HttpQueryContext) -> Result<ListRolesResponse> {
-    let user = ctx.session.get_current_user()?;
+    let mut all_roles = ctx.session.get_all_available_roles().await?;
+    all_roles.sort_by(|a, b| a.name.cmp(&b.name));
+    let current_user = ctx.session.get_current_user()?;
     let current_role = ctx
         .session
         .get_current_role()
-        .map_or("public".to_string(), |role| role.name);
-    let default_role = user
+        .map_or(PUBLIC_ROLE.to_string(), |role| role.name);
+    let default_role = current_user
         .option
         .default_role()
-        .map_or("public".to_string(), |role| role.to_string());
+        .map_or(PUBLIC_ROLE.to_string(), |role| role.to_string());
     let mut roles = vec![];
-    if user.is_account_admin() {
-        // return all roles for account admin
-        let user_api = UserApiProvider::instance();
-        let all_roles = user_api
-            .get_roles(&ctx.session.get_current_tenant())
-            .await?;
-        for role in all_roles {
-            let is_current = role.name == current_role;
-            let is_default = role.name == default_role;
-            roles.push(RoleInfo {
-                name: role.name,
-                is_current,
-                is_default,
-            });
-        }
-    } else {
-        for role in user.grants.roles() {
-            let is_current = role == current_role;
-            let is_default = role == default_role;
-            roles.push(RoleInfo {
-                name: role.clone(),
-                is_current,
-                is_default,
-            });
-        }
+    for role in all_roles {
+        let is_current = role.name == current_role;
+        let is_default = role.name == default_role;
+        roles.push(RoleInfo {
+            name: role.name,
+            is_current,
+            is_default,
+        });
     }
     if roles.is_empty() {
         roles.push(RoleInfo {
-            name: "public".to_string(),
+            name: PUBLIC_ROLE.to_string(),
             is_current: true,
             is_default: true,
         });

src/query/service/src/servers/http/v1/users.rs

@@ -53,7 +53,7 @@ pub struct UserItem {
     pub hostname: String,
     pub auth_type: String,
     pub default_role: String,
-    pub roles: Vec<String>,
+    pub grant_roles: Vec<String>,
     pub disabled: bool,
     pub network_policy: Option<String>,
     pub password_policy: Option<String>,
@@ -71,7 +71,7 @@ async fn handle(ctx: &HttpQueryContext) -> Result<ListUsersResponse> {
             hostname: user.hostname.clone(),
             auth_type: user.auth_info.get_type().to_str().to_string(),
             default_role: user.option.default_role().cloned().unwrap_or_default(),
-            roles: user.grants.roles(),
+            grant_roles: user.grants.roles(),
             disabled: user.option.disabled().cloned().unwrap_or_default(),
             network_policy: user.option.network_policy().cloned(),
             password_policy: user.option.password_policy().cloned(),

src/query/service/src/servers/http/v1/verify.rs

@@ -35,9 +35,14 @@ pub async fn verify_handler(ctx: &HttpQueryContext) -> PoemResult<impl IntoRespo
         .session
         .get_current_user()
         .map_err(HttpErrorCode::server_error)?;
+    let roles = ctx
+        .session
+        .get_all_effective_roles()
+        .await
+        .map_err(HttpErrorCode::server_error)?;
     Ok(Json(VerifyResponse {
         tenant: tenant.tenant_name().to_string(),
-        user: user.name.to_string(),
-        roles: user.grants.roles(),
+        user: user.name,
+        roles: roles.into_iter().map(|r| r.name).collect(),
     }))
 }