feat(server): when operation is not allowed, return false (#1832)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: soneda-yuya

server/go.mod

@@ -149,6 +149,7 @@ require (
 	github.com/smartystreets/assertions v1.1.1 // indirect
 	github.com/smartystreets/goconvey v1.6.4 // indirect
 	github.com/sosodev/duration v1.3.1 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/urfave/cli/v2 v2.27.6 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasthttp v1.34.0 // indirect

server/internal/usecase/interactor/project.go

@@ -368,6 +368,14 @@ func (i *Project) Create(ctx context.Context, input interfaces.CreateProjectPara
 	visibility := project.VisibilityPublic
 
 	if i.policyChecker != nil {
+		operationAllowed, err := i.policyChecker.CheckPolicy(ctx, gateway.CreateGeneralOperationAllowedCheckRequest(input.WorkspaceID))
+		if err != nil {
+			return nil, err
+		}
+		if !operationAllowed.Allowed {
+			return nil, visualizer.ErrorWithCallerLogging(ctx, "operation is disabled by overused seat", errors.New("operation is disabled by overused seat"))
+		}
+
 		errPrivate := i.checkGeneralPolicy(ctx, input.WorkspaceID, project.VisibilityPrivate)
 		if errPrivate != nil {
 			visibility = project.VisibilityPublic
@@ -411,6 +419,15 @@ func (i *Project) Update(ctx context.Context, p interfaces.UpdateProjectParam, o
 	if err != nil {
 		return nil, err
 	}
+
+	operationAllowed, err := i.policyChecker.CheckPolicy(ctx, gateway.CreateGeneralOperationAllowedCheckRequest(prj.Workspace()))
+	if err != nil {
+		return nil, err
+	}
+	if !operationAllowed.Allowed {
+		return nil, visualizer.ErrorWithCallerLogging(ctx, "operation is disabled by over used seat", errors.New("operation is disabled by over used seat"))
+	}
+
 	if err := i.CanWriteWorkspace(prj.Workspace(), operator); err != nil {
 		return nil, err
 	}
@@ -542,6 +559,13 @@ func (i *Project) UpdateVisibility(ctx context.Context, pid id.ProjectID, visibi
 	if err != nil {
 		return nil, err
 	}
+	operationAllowed, err := i.policyChecker.CheckPolicy(ctx, gateway.CreateGeneralOperationAllowedCheckRequest(prj.Workspace()))
+	if err != nil {
+		return nil, err
+	}
+	if !operationAllowed.Allowed {
+		return nil, visualizer.ErrorWithCallerLogging(ctx, "operation is disabled by over used seat", errors.New("operation is disabled by over used seat"))
+	}
 
 	if err := i.CanWriteWorkspace(prj.Workspace(), operator); err != nil {
 		return nil, err
@@ -718,6 +742,14 @@ func (i *Project) Publish(ctx context.Context, params interfaces.PublishProjectP
 		return nil, err
 	}
 
+	operationAllowed, err := i.policyChecker.CheckPolicy(ctx, gateway.CreateGeneralOperationAllowedCheckRequest(prj.Workspace()))
+	if err != nil {
+		return nil, err
+	}
+	if !operationAllowed.Allowed {
+		return nil, visualizer.ErrorWithCallerLogging(ctx, "operation is disabled by over used seat", errors.New("operation is disabled by over used seat"))
+	}
+
 	sc, err := i.sceneRepo.FindByProject(ctx, prj.ID())
 	if err != nil {
 		return nil, err
@@ -911,6 +943,14 @@ func (i *Project) Delete(ctx context.Context, projectID id.ProjectID, operator *
 		return err
 	}
 
+	operationAllowed, err := i.policyChecker.CheckPolicy(ctx, gateway.CreateGeneralOperationAllowedCheckRequest(prj.Workspace()))
+	if err != nil {
+		return err
+	}
+	if !operationAllowed.Allowed {
+		return visualizer.ErrorWithCallerLogging(ctx, "operation is disabled by over used seat", errors.New("operation is disabled by over used seat"))
+	}
+
 	deleter := ProjectDeleter{
 		SceneDeleter: SceneDeleter{
 			Scene:          i.sceneRepo,
@@ -943,6 +983,14 @@ func (i *Project) ExportProjectData(ctx context.Context, pid id.ProjectID, zipWr
 		return nil, errors.New("project " + err.Error())
 	}
 
+	operationAllowed, err := i.policyChecker.CheckPolicy(ctx, gateway.CreateGeneralOperationAllowedCheckRequest(prj.Workspace()))
+	if err != nil {
+		return nil, err
+	}
+	if !operationAllowed.Allowed {
+		return nil, visualizer.ErrorWithCallerLogging(ctx, "operation is disabled by over used seat", errors.New("operation is disabled by over used seat"))
+	}
+
 	if prj.IsDeleted() {
 		fmt.Printf("Error Deleted project: %v\n", prj.ID())
 		return nil, errors.New("This project is deleted")