From 07c12677a941c21faf891840faf43d74612dc8bd Mon Sep 17 00:00:00 2001
From: Aditya Thebe <contact@adityathebe.com>
Date: Tue, 1 Oct 2024 12:12:15 +0545
Subject: [PATCH] chore: improve permission error

---
 api/v1/playbook_types.go | 4 ++--
 playbook/approval.go     | 3 +--
 playbook/playbook.go     | 2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/api/v1/playbook_types.go b/api/v1/playbook_types.go
index f20762d84..109457b57 100644
--- a/api/v1/playbook_types.go
+++ b/api/v1/playbook_types.go
@@ -27,8 +27,8 @@ const (
 	PlaybookParameterTypePeople    = "people"
 	PlaybookParameterTypeTeam      = "team"
 	PlaybookParameterTypeText      = "text"
-	PlaybookParameterTypeMillis    = "Millis"
-	PlaybookParameterTypeBytes     = "Bytes"
+	PlaybookParameterTypeMillis    = "millicores"
+	PlaybookParameterTypeBytes     = "bytes"
 )
 
 // PlaybookParameter defines a parameter that a playbook needs to run.
diff --git a/playbook/approval.go b/playbook/approval.go
index b6130c75f..340019a08 100644
--- a/playbook/approval.go
+++ b/playbook/approval.go
@@ -3,7 +3,6 @@ package playbook
 import (
 	"encoding/json"
 	"errors"
-	"fmt"
 	"net/http"
 
 	"github.com/flanksource/commons/collections"
@@ -57,7 +56,7 @@ func approveRun(ctx context.Context, run *models.PlaybookRun) error {
 	if objects, err := run.GetRBACAttributes(ctx.DB()); err != nil {
 		return ctx.Oops().Wrap(err)
 	} else if !rbac.HasPermission(ctx, approver.ID.String(), objects, rbac.ActionPlaybookApprove) {
-		return ctx.Oops().Code(api.EFORBIDDEN).Hint(fmt.Sprintf("Required permission: %s", rbac.ActionPlaybookApprove)).Wrap(errors.New("forbidden to approve playbook"))
+		return ctx.Oops().With("permission", rbac.ActionPlaybookRun, "objects", objects).Code(api.EFORBIDDEN).Wrap(errors.New("access denied: approval permission required"))
 	}
 
 	var spec v1.PlaybookSpec
diff --git a/playbook/playbook.go b/playbook/playbook.go
index 741e51d51..1a7d54a47 100644
--- a/playbook/playbook.go
+++ b/playbook/playbook.go
@@ -136,7 +136,7 @@ func Run(ctx context.Context, playbook *models.Playbook, req RunParams) (*models
 	if objects, err := run.GetRBACAttributes(ctx.DB()); err != nil {
 		return nil, ctx.Oops().Wrap(err)
 	} else if !rbac.HasPermission(ctx, ctx.User().ID.String(), objects, rbac.ActionPlaybookRun) {
-		return nil, ctx.Oops().Code(dutyAPI.EFORBIDDEN).Hint(fmt.Sprintf("Required permission: %s", rbac.ActionPlaybookRun)).Wrap(errors.New("forbidden to run playbook"))
+		return nil, ctx.Oops().With("permission", rbac.ActionPlaybookRun, "objects", objects).Code(dutyAPI.EFORBIDDEN).Wrap(errors.New("access denied: run permission required"))
 	}
 
 	if err := req.setDefaults(ctx, spec, templateEnv); err != nil {