MF-538 - Remove owner_id from Groups (#548)

* MF-538 - Remove owner_id from Groups * Add a check to access the organization * Revert error check for cache method SaveRole * Revert whitespace * Unify mock sorting methods * Remove blank lines
MainfluxLabs · Nov 19, 2024 · 7069293 · 7069293
1 parent ea22dec
commit 7069293
Show file tree

Hide file tree

Showing 31 changed files with 571 additions and 518 deletions.
diff --git a/auth/service_test.go b/auth/service_test.go
@@ -69,7 +69,6 @@ func createGroups() map[string]things.Group {
 		groupId := fmt.Sprintf(id+"-%d", i)
 		groups[groupId] = things.Group{
 			ID:          groupId,
-			OwnerID:     ownerID,
 			Name:        fmt.Sprintf(name+"-%d", i),
 			Description: fmt.Sprintf(description+"-%d", i),
 			Metadata:    map[string]interface{}{"meta": "data"},

diff --git a/pkg/mocks/auth.go b/pkg/mocks/auth.go
@@ -28,6 +28,7 @@ func NewAuthService(adminID string, userList []users.User) protomfx.AuthServiceC
 
 	for _, user := range userList {
 		usersByEmail[user.Email] = user
+		roles[user.Role] = user.ID
 	}
 
 	return &authServiceMock{
@@ -64,13 +65,48 @@ func (svc authServiceMock) Authorize(_ context.Context, req *protomfx.AuthorizeR
 		if svc.roles[auth.RootSub] != u.ID {
 			return &empty.Empty{}, errors.ErrAuthorization
 		}
+	case auth.OrgSub:
+		if err := svc.canAccessOrg(u.ID, req.Action); err != nil {
+			return &empty.Empty{}, err
+		}
 	default:
 		return &empty.Empty{}, errors.ErrAuthorization
 	}
 
 	return &empty.Empty{}, nil
 }
 
+func (svc authServiceMock) canAccessOrg(userID, action string) error {
+	isOwner := svc.roles[auth.RootSub] == userID || svc.roles[auth.Owner] == userID
+	isEditor := isOwner || svc.roles[auth.Editor] == userID
+	isViewer := isEditor || svc.roles[auth.Viewer] == userID
+
+	switch action {
+	case auth.RootSub:
+		if svc.roles[auth.RootSub] != userID {
+			return errors.ErrAuthorization
+		}
+		return nil
+	case auth.Owner:
+		if !isOwner {
+			return errors.ErrAuthorization
+		}
+		return nil
+	case auth.Editor:
+		if !isEditor {
+			return errors.ErrAuthorization
+		}
+		return nil
+	case auth.Viewer:
+		if !isViewer {
+			return errors.ErrAuthorization
+		}
+		return nil
+	default:
+		return errors.ErrAuthorization
+	}
+}
+
 func (svc authServiceMock) AssignRole(_ context.Context, in *protomfx.AssignRoleReq, _ ...grpc.CallOption) (r *empty.Empty, err error) {
 	panic("not implemented")
 }

diff --git a/pkg/mocks/thingsauth.go b/pkg/mocks/thingsauth.go
@@ -92,7 +92,7 @@ func (svc thingsServiceMock) GetGroupsByIDs(_ context.Context, req *protomfx.Gro
 	var groups []*protomfx.Group
 	for _, id := range req.Ids {
 		if group, ok := svc.groups[id]; ok {
-			groups = append(groups, &protomfx.Group{Id: group.ID, OwnerID: group.OwnerID, Name: group.Name, Description: group.Description})
+			groups = append(groups, &protomfx.Group{Id: group.ID, Name: group.Name, Description: group.Description})
 		}
 	}
 

diff --git a/pkg/proto/mfx.pb.go b/pkg/proto/mfx.pb.go
diff --git a/pkg/proto/mfx.proto b/pkg/proto/mfx.proto
@@ -60,9 +60,9 @@ message Profile {
 
 message Transformer {
     repeated string valuesFilter = 1;
-    string timeField            = 2;
-    string timeFormat           = 3;
-    string timeLocation         = 4;
+    string timeField             = 2;
+    string timeFormat            = 3;
+    string timeLocation          = 4;
 }
 
 message ProfileByThingIDRes{
@@ -126,7 +126,7 @@ message UsersRes {
 
 message Group {
     string id          = 1;
-    string ownerID     = 2;
+    string orgID       = 2;
     string name        = 3;
     string description = 4;
 }
@@ -140,7 +140,7 @@ message GroupsRes {
 }
 
 message AssignRoleReq {
-    string id = 1;
+    string id   = 1;
     string role = 2;
 }
 

diff --git a/pkg/sdk/go/channels_test.go b/pkg/sdk/go/channels_test.go
@@ -16,7 +16,7 @@ import (
 
 const (
 	name    = "name"
-	groupID = "1"
+	groupID = "371106m2-131g-5286-2mc1-540295c29f95"
 )
 
 var (
@@ -95,7 +95,7 @@ func TestCreateChannel(t *testing.T) {
 	}
 
 	for _, tc := range cases {
-		loc, err := mainfluxSDK.CreateChannel(tc.channel, groupID, tc.token)
+		loc, err := mainfluxSDK.CreateChannel(tc.channel, grID, tc.token)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected error %s, got %s", tc.desc, tc.err, err))
 		assert.Equal(t, tc.empty, loc == emptyValue, fmt.Sprintf("%s: expected empty result location, got: %s", tc.desc, loc))
 	}
@@ -114,7 +114,7 @@ func TestCreateChannels(t *testing.T) {
 
 	mainfluxSDK := sdk.NewSDK(sdkConf)
 
-	_, err := mainfluxSDK.CreateGroup(group, orgID, token)
+	grID, err := mainfluxSDK.CreateGroup(group, orgID, token)
 	require.Nil(t, err, fmt.Sprintf("unexpected error: %s", err))
 
 	channels := []sdk.Channel{
@@ -159,7 +159,7 @@ func TestCreateChannels(t *testing.T) {
 		},
 	}
 	for _, tc := range cases {
-		res, err := mainfluxSDK.CreateChannels(tc.channels, groupID, tc.token)
+		res, err := mainfluxSDK.CreateChannels(tc.channels, grID, tc.token)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected error %s, got %s", tc.desc, tc.err, err))
 
 		for idx := range tc.res {

diff --git a/pkg/sdk/go/things_test.go b/pkg/sdk/go/things_test.go
@@ -30,7 +30,7 @@ const (
 	token       = email
 	otherToken  = otherEmail
 	wrongValue  = "wrong_value"
-	orgID       = "1"
+	orgID       = "374106f7-030e-4881-8ab0-151195c29f92"
 	wrongID     = "999"
 	badKey      = "999"
 	emptyValue  = ""
@@ -207,7 +207,7 @@ func TestCreateThings(t *testing.T) {
 		},
 	}
 	for _, tc := range cases {
-		res, err := mainfluxSDK.CreateThings(tc.things, groupID, tc.token)
+		res, err := mainfluxSDK.CreateThings(tc.things, grID, tc.token)
 		assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected error %s, got %s", tc.desc, tc.err, err))
 
 		for idx := range tc.res {