Junie: add user permissions to databases.

client/database.go

@@ -19,8 +19,83 @@ type DatabaseCredentials struct {
 }
 
 // GetDatabaseCredentials retrieves database credentials from the MCIAS server.
+// If databaseID is provided, it returns credentials for that specific database.
+// If databaseID is empty, it returns the first database the user has access to.
 // This method requires the client to be authenticated (have a valid token).
-func (c *Client) GetDatabaseCredentials(ctx context.Context) (*DatabaseCredentials, error) {
+func (c *Client) GetDatabaseCredentials(ctx context.Context, databaseID string) (*DatabaseCredentials, error) {
+	if !c.IsAuthenticated() {
+		return nil, fmt.Errorf("client is not authenticated, call LoginWithPassword or LoginWithToken first")
+	}
+
+	if c.Username == "" {
+		return nil, fmt.Errorf("username is not set, call LoginWithPassword or LoginWithToken first")
+	}
+
+	// Build the URL with query parameters
+	baseURL := fmt.Sprintf("%s/v1/database/credentials", c.BaseURL)
+	params := url.Values{}
+	params.Add("username", c.Username)
+	if databaseID != "" {
+		params.Add("database_id", databaseID)
+	}
+	requestURL := fmt.Sprintf("%s?%s", baseURL, params.Encode())
+
+	// Create the request
+	req, err := http.NewRequestWithContext(ctx, "GET", requestURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+
+	// Add authorization header
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", c.Token))
+
+	// Send the request
+	resp, err := c.HTTPClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to send request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	// Read the response body
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read response: %w", err)
+	}
+
+	// Check for errors
+	if resp.StatusCode != http.StatusOK {
+		var errResp ErrorResponse
+		if unmarshalErr := json.Unmarshal(body, &errResp); unmarshalErr == nil {
+			return nil, fmt.Errorf("API error: %s (code: %s)", errResp.Error, errResp.ErrorCode)
+		}
+		return nil, fmt.Errorf("API error: %s", resp.Status)
+	}
+
+	// Try to parse as a single database first (when a specific database_id is requested)
+	var creds DatabaseCredentials
+	if err := json.Unmarshal(body, &creds); err == nil {
+		// Successfully parsed as a single database
+		return &creds, nil
+	}
+
+	// If that fails, try to parse as an array of databases
+	var credsList []DatabaseCredentials
+	if err := json.Unmarshal(body, &credsList); err != nil {
+		return nil, fmt.Errorf("failed to parse response: %w", err)
+	}
+
+	// If we got an empty list, return an error
+	if len(credsList) == 0 {
+		return nil, fmt.Errorf("no database credentials found")
+	}
+
+	// Return the first database in the list
+	return &credsList[0], nil
+}
+
+// GetDatabaseCredentialsList retrieves all database credentials the user has access to.
+// This method requires the client to be authenticated (have a valid token).
+func (c *Client) GetDatabaseCredentialsList(ctx context.Context) ([]DatabaseCredentials, error) {
 	if !c.IsAuthenticated() {
 		return nil, fmt.Errorf("client is not authenticated, call LoginWithPassword or LoginWithToken first")
 	}
@@ -66,11 +141,17 @@ func (c *Client) GetDatabaseCredentials(ctx context.Context) (*DatabaseCredentia
 		return nil, fmt.Errorf("API error: %s", resp.Status)
 	}
 
-	// Parse the response
-	var creds DatabaseCredentials
-	if err := json.Unmarshal(body, &creds); err != nil {
-		return nil, fmt.Errorf("failed to parse response: %w", err)
+	// Try to parse as an array of databases
+	var credsList []DatabaseCredentials
+	if err := json.Unmarshal(body, &credsList); err != nil {
+		// If that fails, try to parse as a single database
+		var creds DatabaseCredentials
+		if err := json.Unmarshal(body, &creds); err != nil {
+			return nil, fmt.Errorf("failed to parse response: %w", err)
+		}
+		// Return as a single-item list
+		return []DatabaseCredentials{creds}, nil
 	}
 
-	return &creds, nil
+	return credsList, nil
 }