feat: improve playbook permission error (#1476)

* feat: improve playbook permission error

* chore: improve permission error

api/v1/playbook_types.go

@@ -27,8 +27,8 @@ const (
 	PlaybookParameterTypePeople    = "people"
 	PlaybookParameterTypeTeam      = "team"
 	PlaybookParameterTypeText      = "text"
-	PlaybookParameterTypeMillis    = "Millis"
-	PlaybookParameterTypeBytes     = "Bytes"
+	PlaybookParameterTypeMillis    = "millicores"
+	PlaybookParameterTypeBytes     = "bytes"
 )
 
 // PlaybookParameter defines a parameter that a playbook needs to run.

playbook/approval.go

@@ -2,6 +2,7 @@ package playbook
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 
 	"github.com/flanksource/commons/collections"
@@ -55,7 +56,7 @@ func approveRun(ctx context.Context, run *models.PlaybookRun) error {
 	if objects, err := run.GetRBACAttributes(ctx.DB()); err != nil {
 		return ctx.Oops().Wrap(err)
 	} else if !rbac.HasPermission(ctx, approver.ID.String(), objects, rbac.ActionPlaybookApprove) {
-		return ctx.Oops().Code(api.EFORBIDDEN).Errorf("forbidden to approve playbook")
+		return ctx.Oops().With("permission", rbac.ActionPlaybookRun, "objects", objects).Code(api.EFORBIDDEN).Wrap(errors.New("access denied: approval permission required"))
 	}
 
 	var spec v1.PlaybookSpec

playbook/playbook.go

@@ -2,6 +2,7 @@ package playbook
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"os"
 
@@ -135,7 +136,7 @@ func Run(ctx context.Context, playbook *models.Playbook, req RunParams) (*models
 	if objects, err := run.GetRBACAttributes(ctx.DB()); err != nil {
 		return nil, ctx.Oops().Wrap(err)
 	} else if !rbac.HasPermission(ctx, ctx.User().ID.String(), objects, rbac.ActionPlaybookRun) {
-		return nil, ctx.Oops().Code(dutyAPI.EFORBIDDEN).Errorf("forbidden to run playbook")
+		return nil, ctx.Oops().With("permission", rbac.ActionPlaybookRun, "objects", objects).Code(dutyAPI.EFORBIDDEN).Wrap(errors.New("access denied: run permission required"))
 	}
 
 	if err := req.setDefaults(ctx, spec, templateEnv); err != nil {