refactor: identity -> iam

modules/iam/routes/identities/get/handle.ts

@@ -0,0 +1,16 @@
+import { ForbiddenError, NotFoundError } from "@platform/relay";
+
+import { getPrincipalById } from "../../../services/database.ts";
+import route from "./spec.ts";
+
+export default route.access("session").handle(async ({ params: { id } }, { access }) => {
+  const principal = await getPrincipalById(id);
+  if (principal === undefined) {
+    return new NotFoundError("Identity does not exist, or has been removed.");
+  }
+  const decision = await access.isAllowed({ kind: "identity", id, attr: {} }, "read");
+  if (decision === false) {
+    return new ForbiddenError("You do not have permission to view this identity.");
+  }
+  return principal;
+});

modules/iam/routes/identities/get/spec.ts

@@ -0,0 +1,10 @@
+import { ForbiddenError, NotFoundError, route, UnauthorizedError } from "@platform/relay";
+import z from "zod";
+
+export default route
+  .get("/api/v1/identity/:id")
+  .params({
+    id: z.string(),
+  })
+  .errors([UnauthorizedError, ForbiddenError, NotFoundError])
+  .response(z.any());