From 0e5c121024480bcd6e71e444255c870c9c7d7fc2 Mon Sep 17 00:00:00 2001
From: Vitalii Yarmus <vitalii.yarmys@binary-studio.com>
Date: Fri, 21 Apr 2023 18:15:23 +0300
Subject: [PATCH] RE: add showing of error message if user have error related
 to priviligies and they does not have role SELECT_CATALOG_ROLE

---
 reverse_engineering/api.js                  | 16 +++++++++++
 reverse_engineering/helpers/oracleHelper.js | 31 +++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/reverse_engineering/api.js b/reverse_engineering/api.js
index 56d6215..5bcea7b 100644
--- a/reverse_engineering/api.js
+++ b/reverse_engineering/api.js
@@ -169,6 +169,22 @@ module.exports = {
 
 			callback(null, packages.filter(Boolean), { version: dbVersion });
 		} catch (error) {
+			if (error?.errorNum === 31603) {
+				logger.log(
+					'error',
+					{
+						message: 'Missing required role “SELECT_CATALOG_ROLE” to perform this operation',
+						stack: error.stack,
+						error,
+					},
+					'Reverse-engineering process failed',
+				);
+				return callback({
+					message: 'Missing required role “SELECT_CATALOG_ROLE” to perform this operation',
+					type: 'simpleError',
+				});
+			}	
+
 			logger.log('error', { message: error.message, stack: error.stack, error }, 'Reverse-engineering process failed');
 			callback({ message: error.message, stack: error.stack });
 		}
diff --git a/reverse_engineering/helpers/oracleHelper.js b/reverse_engineering/helpers/oracleHelper.js
index 633d591..a2d383d 100644
--- a/reverse_engineering/helpers/oracleHelper.js
+++ b/reverse_engineering/helpers/oracleHelper.js
@@ -571,6 +571,10 @@ const getDDL = async (tableName, schema, logger) => {
 			};
 		}
 	} catch (err) {
+		if(err?.errorNum === 31603 && !(await checkUserHaveRequiredRole(logger))) {
+			throw err;
+		}
+
 		logger.log('error', {
 			message: 'Cannot get DDL for table: ' + tableName,
 			error: { message: err.message, stack: err.stack, err: _.omit(err, ['message', 'stack']) }
@@ -706,6 +710,10 @@ const getViewDDL = async (viewName, logger) => {
 		const viewDDL = await _.first(_.first(queryResult)).getData();
 		return viewDDL;
 	} catch (err) {
+		if(err?.errorNum === 31603 && !(await checkUserHaveRequiredRole(logger))) {
+			throw err;
+		}
+
 		logger.log('error', {
 			message: 'Cannot get DDL for view: ' + viewName,
 			error: { message: err.message, stack: err.stack, err: _.omit(err, ['message', 'stack']) }
@@ -714,6 +722,29 @@ const getViewDDL = async (viewName, logger) => {
 	}
 };
 
+const checkUserHaveRequiredRole = async (logger) => {
+	try {
+		const userResult = await execute("SELECT sys_context('USERENV', 'CURRENT_USER') FROM dual");
+		const username = _.first(_.first(userResult));
+		const roles = (await execute(`SELECT GRANTED_ROLE FROM USER_ROLE_PRIVS WHERE USERNAME = '${username}'`))?.map(
+			([role]) => role,
+		);
+
+		return roles.includes('SELECT_CATALOG_ROLE');
+	} catch (error) {
+		logger.log(
+			'error',
+			{
+				message: 'Checking user privileges error',
+				error: { message: error.message, stack: error.stack, err: _.omit(error, ['message', 'stack']) },
+			},
+			'Getting DDL',
+		);
+
+		return false;
+	}
+}
+
 const logEnvironment = (logger) => {
 	logger.log('info', {
 		TNS_ADMIN: process.env.TNS_ADMIN ?? '',