From 4bf0eb3799cfcaf2e2f49d31ad86d23bfa508798 Mon Sep 17 00:00:00 2001 From: 1998-felix Date: Wed, 28 Aug 2024 14:16:37 +0300 Subject: [PATCH] feat: add policy CRUD warpper Signed-off-by: 1998-felix --- bootstrap/events/producer/streams_test.go | 5 +- bootstrap/service.go | 9 +- bootstrap/service_test.go | 49 +-- cmd/bootstrap/main.go | 5 +- cmd/things/main.go | 7 +- cmd/users/main.go | 18 +- internal/groups/service.go | 29 +- internal/groups/service_test.go | 372 ++++++++------------- internal/policy/service.go | 127 ++++++++ pkg/policy/doc.go | 5 + pkg/policy/mocks/service.go | 377 ++++++++++++++++++++++ pkg/policy/policy.go | 53 +++ things/service.go | 27 +- things/service_test.go | 191 +++++------ users/delete_handler.go | 11 +- users/service.go | 31 +- users/service_test.go | 157 +++++---- 17 files changed, 958 insertions(+), 515 deletions(-) create mode 100644 internal/policy/service.go create mode 100644 pkg/policy/doc.go create mode 100644 pkg/policy/mocks/service.go create mode 100644 pkg/policy/policy.go diff --git a/bootstrap/events/producer/streams_test.go b/bootstrap/events/producer/streams_test.go index cfb2e5618e..09db942e89 100644 --- a/bootstrap/events/producer/streams_test.go +++ b/bootstrap/events/producer/streams_test.go @@ -21,6 +21,7 @@ import ( "github.com/absmach/magistrala/pkg/errors" svcerr "github.com/absmach/magistrala/pkg/errors/service" "github.com/absmach/magistrala/pkg/events/store" + policymocks "github.com/absmach/magistrala/pkg/policy/mocks" mgsdk "github.com/absmach/magistrala/pkg/sdk/go" sdkmocks "github.com/absmach/magistrala/pkg/sdk/mocks" "github.com/absmach/magistrala/pkg/uuid" @@ -88,14 +89,14 @@ type testVariable struct { svc bootstrap.Service boot *mocks.ConfigRepository auth *authmocks.AuthServiceClient - policy *authmocks.PolicyServiceClient + policy *policymocks.PolicyService sdk *sdkmocks.SDK } func newTestVariable(t *testing.T, redisURL string) testVariable { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) diff --git a/bootstrap/service.go b/bootstrap/service.go index fa512288d9..3934c78fa9 100644 --- a/bootstrap/service.go +++ b/bootstrap/service.go @@ -15,6 +15,7 @@ import ( "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" + "github.com/absmach/magistrala/pkg/policy" mgsdk "github.com/absmach/magistrala/pkg/sdk/go" ) @@ -120,7 +121,7 @@ type ConfigReader interface { type bootstrapService struct { auth magistrala.AuthServiceClient - policy magistrala.PolicyServiceClient + policy policy.PolicyService configs ConfigRepository sdk mgsdk.SDK encKey []byte @@ -128,12 +129,12 @@ type bootstrapService struct { } // New returns new Bootstrap service. -func New(auth magistrala.AuthServiceClient, policy magistrala.PolicyServiceClient, configs ConfigRepository, sdk mgsdk.SDK, encKey []byte, idp magistrala.IDProvider) Service { +func New(auth magistrala.AuthServiceClient, policyService policy.PolicyService, configs ConfigRepository, sdk mgsdk.SDK, encKey []byte, idp magistrala.IDProvider) Service { return &bootstrapService{ configs: configs, sdk: sdk, auth: auth, - policy: policy, + policy: policyService, encKey: encKey, idProvider: idp, } @@ -313,7 +314,7 @@ func (bs bootstrapService) listClientIDs(ctx context.Context, userID string) ([] if err != nil { return nil, errors.Wrap(svcerr.ErrNotFound, err) } - return tids.Policies, nil + return tids, nil } func (bs bootstrapService) checkSuperAdmin(ctx context.Context, userID string) error { diff --git a/bootstrap/service_test.go b/bootstrap/service_test.go index 445e006f65..d98f59d90a 100644 --- a/bootstrap/service_test.go +++ b/bootstrap/service_test.go @@ -22,6 +22,7 @@ import ( "github.com/absmach/magistrala/internal/testsutil" "github.com/absmach/magistrala/pkg/errors" svcerr "github.com/absmach/magistrala/pkg/errors/service" + policymocks "github.com/absmach/magistrala/pkg/policy/mocks" mgsdk "github.com/absmach/magistrala/pkg/sdk/go" sdkmocks "github.com/absmach/magistrala/pkg/sdk/mocks" "github.com/absmach/magistrala/pkg/uuid" @@ -77,7 +78,7 @@ func enc(in []byte) ([]byte, error) { func TestAdd(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -213,7 +214,7 @@ func TestAdd(t *testing.T) { func TestView(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -312,7 +313,7 @@ func TestView(t *testing.T) { func TestUpdate(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -404,7 +405,7 @@ func TestUpdate(t *testing.T) { func TestUpdateCert(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -520,7 +521,7 @@ func TestUpdateCert(t *testing.T) { func TestUpdateConnections(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -640,7 +641,7 @@ func TestUpdateConnections(t *testing.T) { func TestList(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -670,7 +671,7 @@ func TestList(t *testing.T) { domainAdminAuthRes *magistrala.AuthorizeRes superAdmiAuthErr error domainAdmiAuthErr error - listObjectsResponse *magistrala.ListObjectsRes + listObjectsResponse []string authorizeErr error identifyErr error listObjectsErr error @@ -690,7 +691,7 @@ func TestList(t *testing.T) { userID: validID, domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, offset: 0, limit: 10, err: nil, @@ -703,7 +704,7 @@ func TestList(t *testing.T) { userID: validID, domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, offset: 0, limit: 10, err: nil, @@ -722,7 +723,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, offset: 0, limit: 10, err: nil, @@ -736,7 +737,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, offset: 0, limit: 10, err: nil, @@ -755,7 +756,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{Policies: []string{"test", "test"}}, + listObjectsResponse: []string{"test", "test"}, offset: 0, limit: 10, err: nil, @@ -809,7 +810,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{Policies: []string{"test", "test"}}, + listObjectsResponse: []string{"test", "test"}, offset: 0, limit: 100, err: nil, @@ -890,7 +891,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{Policies: []string{"test", "test"}}, + listObjectsResponse: []string{"test", "test"}, offset: 95, limit: 10, err: nil, @@ -945,7 +946,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{Policies: []string{"test", "test"}}, + listObjectsResponse: []string{"test", "test"}, offset: 35, limit: 20, err: nil, @@ -961,7 +962,7 @@ func TestList(t *testing.T) { domainID: domainID, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, domainAdminAuthRes: &magistrala.AuthorizeRes{Authorized: false}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, listObjectsErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, }, @@ -1007,7 +1008,7 @@ func TestList(t *testing.T) { func TestRemove(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1096,7 +1097,7 @@ func TestRemove(t *testing.T) { func TestBootstrap(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1169,7 +1170,7 @@ func TestBootstrap(t *testing.T) { func TestChangeState(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1275,7 +1276,7 @@ func TestChangeState(t *testing.T) { func TestUpdateChannelHandler(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1314,7 +1315,7 @@ func TestUpdateChannelHandler(t *testing.T) { func TestRemoveChannelHandler(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1347,7 +1348,7 @@ func TestRemoveChannelHandler(t *testing.T) { func TestRemoveConfigHandler(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1380,7 +1381,7 @@ func TestRemoveConfigHandler(t *testing.T) { func TestConnectThingsHandler(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) @@ -1416,7 +1417,7 @@ func TestConnectThingsHandler(t *testing.T) { func TestDisconnectThingsHandler(t *testing.T) { boot := new(mocks.ConfigRepository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) sdk := new(sdkmocks.SDK) idp := uuid.NewMock() svc := bootstrap.New(auth, policy, boot, sdk, encKey, idp) diff --git a/cmd/bootstrap/main.go b/cmd/bootstrap/main.go index ef81a6fa82..af690d3681 100644 --- a/cmd/bootstrap/main.go +++ b/cmd/bootstrap/main.go @@ -20,6 +20,7 @@ import ( "github.com/absmach/magistrala/bootstrap/events/producer" bootstrappg "github.com/absmach/magistrala/bootstrap/postgres" "github.com/absmach/magistrala/bootstrap/tracing" + mgpolicy "github.com/absmach/magistrala/internal/policy" mglog "github.com/absmach/magistrala/logger" "github.com/absmach/magistrala/pkg/events" "github.com/absmach/magistrala/pkg/events/store" @@ -192,7 +193,9 @@ func newService(ctx context.Context, authClient magistrala.AuthServiceClient, po sdk := mgsdk.NewSDK(config) idp := uuid.New() - svc := bootstrap.New(authClient, policyClient, repoConfig, sdk, []byte(cfg.EncKey), idp) + policyService := mgpolicy.NewService(policyClient) + + svc := bootstrap.New(authClient, policyService, repoConfig, sdk, []byte(cfg.EncKey), idp) publisher, err := store.NewPublisher(ctx, cfg.ESURL, streamID) if err != nil { diff --git a/cmd/things/main.go b/cmd/things/main.go index 64753db6b8..133ee5fb96 100644 --- a/cmd/things/main.go +++ b/cmd/things/main.go @@ -21,6 +21,7 @@ import ( gevents "github.com/absmach/magistrala/internal/groups/events" gpostgres "github.com/absmach/magistrala/internal/groups/postgres" gtracing "github.com/absmach/magistrala/internal/groups/tracing" + mgpolicy "github.com/absmach/magistrala/internal/policy" mglog "github.com/absmach/magistrala/logger" "github.com/absmach/magistrala/pkg/groups" "github.com/absmach/magistrala/pkg/grpcclient" @@ -242,8 +243,10 @@ func newService(ctx context.Context, db *sqlx.DB, dbConfig pgclient.Config, auth thingCache := thcache.NewCache(cacheClient, keyDuration) - csvc := things.NewService(authClient, policyClient, cRepo, gRepo, thingCache, idp) - gsvc := mggroups.NewService(gRepo, idp, authClient, policyClient) + policyService := mgpolicy.NewService(policyClient) + + csvc := things.NewService(authClient, policyService, cRepo, gRepo, thingCache, idp) + gsvc := mggroups.NewService(gRepo, idp, authClient, policyService) csvc, err := thevents.NewEventStoreMiddleware(ctx, csvc, esURL) if err != nil { diff --git a/cmd/users/main.go b/cmd/users/main.go index 0c05cb956d..acd5a38565 100644 --- a/cmd/users/main.go +++ b/cmd/users/main.go @@ -23,6 +23,7 @@ import ( gevents "github.com/absmach/magistrala/internal/groups/events" gpostgres "github.com/absmach/magistrala/internal/groups/postgres" gtracing "github.com/absmach/magistrala/internal/groups/tracing" + mgpolicy "github.com/absmach/magistrala/internal/policy" mglog "github.com/absmach/magistrala/logger" mgclients "github.com/absmach/magistrala/pkg/clients" svcerr "github.com/absmach/magistrala/pkg/errors/service" @@ -31,6 +32,7 @@ import ( jaegerclient "github.com/absmach/magistrala/pkg/jaeger" "github.com/absmach/magistrala/pkg/oauth2" googleoauth "github.com/absmach/magistrala/pkg/oauth2/google" + "github.com/absmach/magistrala/pkg/policy" "github.com/absmach/magistrala/pkg/postgres" pgclient "github.com/absmach/magistrala/pkg/postgres" "github.com/absmach/magistrala/pkg/prometheus" @@ -230,8 +232,10 @@ func newService(ctx context.Context, authClient magistrala.AuthServiceClient, po logger.Error(fmt.Sprintf("failed to configure e-mailing util: %s", err.Error())) } - csvc := users.NewService(cRepo, authClient, policyClient, emailerClient, hsr, idp, c.SelfRegister) - gsvc := mggroups.NewService(gRepo, idp, authClient, policyClient) + policyService := mgpolicy.NewService(policyClient) + + csvc := users.NewService(cRepo, authClient, policyService, emailerClient, hsr, idp, c.SelfRegister) + gsvc := mggroups.NewService(gRepo, idp, authClient, policyService) csvc, err = uevents.NewEventStoreMiddleware(ctx, csvc, c.ESURL) if err != nil { @@ -256,11 +260,11 @@ func newService(ctx context.Context, authClient magistrala.AuthServiceClient, po if err != nil { logger.Error(fmt.Sprintf("failed to create admin client: %s", err)) } - if err := createAdminPolicy(ctx, clientID, authClient, policyClient); err != nil { + if err := createAdminPolicy(ctx, clientID, authClient, policyService); err != nil { return nil, nil, err } - users.NewDeleteHandler(ctx, cRepo, policyClient, c.DeleteInterval, c.DeleteAfter, logger) + users.NewDeleteHandler(ctx, cRepo, policyService, c.DeleteInterval, c.DeleteAfter, logger) return csvc, gsvc, err } @@ -305,7 +309,7 @@ func createAdmin(ctx context.Context, c config, crepo clientspg.Repository, hsr return client.ID, nil } -func createAdminPolicy(ctx context.Context, clientID string, authClient magistrala.AuthServiceClient, policyClient magistrala.PolicyServiceClient) error { +func createAdminPolicy(ctx context.Context, clientID string, authClient magistrala.AuthServiceClient, policyService policy.PolicyService) error { res, err := authClient.Authorize(ctx, &magistrala.AuthorizeReq{ SubjectType: authSvc.UserType, Subject: clientID, @@ -314,7 +318,7 @@ func createAdminPolicy(ctx context.Context, clientID string, authClient magistra ObjectType: authSvc.PlatformType, }) if err != nil || !res.Authorized { - addPolicyRes, err := policyClient.AddPolicy(ctx, &magistrala.AddPolicyReq{ + addPolicyRes, err := policyService.AddPolicy(ctx, &magistrala.AddPolicyReq{ SubjectType: authSvc.UserType, Subject: clientID, Relation: authSvc.AdministratorRelation, @@ -324,7 +328,7 @@ func createAdminPolicy(ctx context.Context, clientID string, authClient magistra if err != nil { return err } - if !addPolicyRes.Added { + if !addPolicyRes { return svcerr.ErrAuthorization } } diff --git a/internal/groups/service.go b/internal/groups/service.go index b893f4b4fc..3496f872c0 100644 --- a/internal/groups/service.go +++ b/internal/groups/service.go @@ -15,6 +15,7 @@ import ( "github.com/absmach/magistrala/pkg/errors" svcerr "github.com/absmach/magistrala/pkg/errors/service" "github.com/absmach/magistrala/pkg/groups" + "github.com/absmach/magistrala/pkg/policy" "golang.org/x/sync/errgroup" ) @@ -27,17 +28,17 @@ var ( type service struct { groups groups.Repository auth magistrala.AuthServiceClient - policy magistrala.PolicyServiceClient + policy policy.PolicyService idProvider magistrala.IDProvider } // NewService returns a new Clients service implementation. -func NewService(g groups.Repository, idp magistrala.IDProvider, authClient magistrala.AuthServiceClient, policyClient magistrala.PolicyServiceClient) groups.Service { +func NewService(g groups.Repository, idp magistrala.IDProvider, authClient magistrala.AuthServiceClient, policyService policy.PolicyService) groups.Service { return service{ groups: g, idProvider: idp, auth: authClient, - policy: policyClient, + policy: policyService, } } @@ -130,7 +131,7 @@ func (svc service) ListGroups(ctx context.Context, token, memberKind, memberID s if err != nil { return groups.Page{}, err } - ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, cids.Policies) + ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, cids) if err != nil { return groups.Page{}, err } @@ -148,7 +149,7 @@ func (svc service) ListGroups(ctx context.Context, token, memberKind, memberID s if err != nil { return groups.Page{}, err } - ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, gids.Policies) + ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, gids) if err != nil { return groups.Page{}, err } @@ -166,7 +167,7 @@ func (svc service) ListGroups(ctx context.Context, token, memberKind, memberID s return groups.Page{}, err } - ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, gids.Policies) + ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, gids) if err != nil { return groups.Page{}, err } @@ -185,7 +186,7 @@ func (svc service) ListGroups(ctx context.Context, token, memberKind, memberID s if err != nil { return groups.Page{}, err } - ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, gids.Policies) + ids, err = svc.filterAllowedGroupIDsOfUserID(ctx, res.GetId(), gm.Permission, gids) if err != nil { return groups.Page{}, err } @@ -241,7 +242,7 @@ func (svc service) retrievePermissions(ctx context.Context, userID string, group } func (svc service) listUserGroupPermission(ctx context.Context, userID, groupID string) ([]string, error) { - lp, err := svc.policy.ListPermissions(ctx, &magistrala.ListPermissionsReq{ + permissions, err := svc.policy.ListPermissions(ctx, &magistrala.ListPermissionsReq{ SubjectType: auth.UserType, Subject: userID, Object: groupID, @@ -250,10 +251,10 @@ func (svc service) listUserGroupPermission(ctx context.Context, userID, groupID if err != nil { return []string{}, err } - if len(lp.GetPermissions()) == 0 { + if len(permissions) == 0 { return []string{}, svcerr.ErrAuthorization } - return lp.GetPermissions(), nil + return permissions, nil } func (svc service) checkSuperAdmin(ctx context.Context, userID string) error { @@ -293,7 +294,7 @@ func (svc service) ListMembers(ctx context.Context, token, groupID, permission, members := []groups.Member{} - for _, id := range tids.Policies { + for _, id := range tids { members = append(members, groups.Member{ ID: id, Type: auth.ThingType, @@ -318,7 +319,7 @@ func (svc service) ListMembers(ctx context.Context, token, groupID, permission, members := []groups.Member{} - for _, id := range uids.Policies { + for _, id := range uids { members = append(members, groups.Member{ ID: id, Type: auth.UserType, @@ -598,7 +599,7 @@ func (svc service) DeleteGroup(ctx context.Context, token, id string) error { if err != nil { return errors.Wrap(svcerr.ErrDeletePolicies, err) } - if !deleteRes.Deleted { + if !deleteRes { return svcerr.ErrAuthorization } @@ -636,7 +637,7 @@ func (svc service) listAllGroupsOfUserID(ctx context.Context, userID, permission if err != nil { return []string{}, err } - return allowedIDs.Policies, nil + return allowedIDs, nil } func (svc service) changeGroupStatus(ctx context.Context, token string, group groups.Group) (groups.Group, error) { diff --git a/internal/groups/service_test.go b/internal/groups/service_test.go index 4b39460248..f001d896a2 100644 --- a/internal/groups/service_test.go +++ b/internal/groups/service_test.go @@ -22,6 +22,7 @@ import ( svcerr "github.com/absmach/magistrala/pkg/errors/service" mggroups "github.com/absmach/magistrala/pkg/groups" "github.com/absmach/magistrala/pkg/groups/mocks" + policymocks "github.com/absmach/magistrala/pkg/policy/mocks" "github.com/absmach/magistrala/pkg/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" @@ -49,7 +50,7 @@ var ( func TestCreateGroup(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -65,9 +66,9 @@ func TestCreateGroup(t *testing.T) { authzTknErr error repoResp mggroups.Group repoErr error - addPolResp *magistrala.AddPoliciesRes + addPolResp bool addPolErr error - deletePolResp *magistrala.DeletePolicyRes + deletePolResp bool deletePolErr error err error }{ @@ -91,9 +92,7 @@ func TestCreateGroup(t *testing.T) { CreatedAt: time.Now(), Domain: testsutil.GenerateUUID(t), }, - addPolResp: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPolResp: true, }, { desc: "with invalid token", @@ -186,9 +185,7 @@ func TestCreateGroup(t *testing.T) { Domain: testsutil.GenerateUUID(t), Parent: testsutil.GenerateUUID(t), }, - addPolResp: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPolResp: true, }, { desc: "unsuccessfully with parent due to authorization error", @@ -213,10 +210,8 @@ func TestCreateGroup(t *testing.T) { ID: testsutil.GenerateUUID(t), Parent: testsutil.GenerateUUID(t), }, - addPolResp: &magistrala.AddPoliciesRes{ - Added: true, - }, - err: svcerr.ErrAuthorization, + addPolResp: true, + err: svcerr.ErrAuthorization, }, { desc: "with repo error", @@ -255,7 +250,7 @@ func TestCreateGroup(t *testing.T) { repoResp: mggroups.Group{ ID: testsutil.GenerateUUID(t), }, - addPolResp: &magistrala.AddPoliciesRes{}, + addPolResp: false, addPolErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -280,7 +275,7 @@ func TestCreateGroup(t *testing.T) { Authorized: true, }, repoErr: errors.ErrMalformedEntity, - addPolResp: &magistrala.AddPoliciesRes{Added: true}, + addPolResp: true, deletePolErr: svcerr.ErrAuthorization, err: errors.ErrMalformedEntity, }, @@ -331,7 +326,7 @@ func TestCreateGroup(t *testing.T) { func TestViewGroup(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -402,7 +397,7 @@ func TestViewGroup(t *testing.T) { func TestViewGroupPerms(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -411,7 +406,7 @@ func TestViewGroupPerms(t *testing.T) { id string idResp *magistrala.IdentityRes idErr error - listResp *magistrala.ListPermissionsRes + listResp []string listErr error err error }{ @@ -423,11 +418,9 @@ func TestViewGroupPerms(t *testing.T) { Id: testsutil.GenerateUUID(t), DomainId: testsutil.GenerateUUID(t), }, - listResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -457,10 +450,8 @@ func TestViewGroupPerms(t *testing.T) { Id: testsutil.GenerateUUID(t), DomainId: testsutil.GenerateUUID(t), }, - listResp: &magistrala.ListPermissionsRes{ - Permissions: []string{}, - }, - err: svcerr.ErrAuthorization, + listResp: []string{}, + err: svcerr.ErrAuthorization, }, } @@ -476,7 +467,7 @@ func TestViewGroupPerms(t *testing.T) { got, err := svc.ViewGroupPerms(context.Background(), tc.token, tc.id) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("expected error %v to contain %v", err, tc.err)) if err == nil { - assert.Equal(t, tc.listResp.Permissions, got) + assert.Equal(t, tc.listResp, got) } authCall.Unset() authCall1.Unset() @@ -487,7 +478,7 @@ func TestViewGroupPerms(t *testing.T) { func TestUpdateGroup(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -567,7 +558,7 @@ func TestUpdateGroup(t *testing.T) { func TestEnableGroup(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -668,7 +659,7 @@ func TestEnableGroup(t *testing.T) { func TestDisableGroup(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -769,7 +760,7 @@ func TestDisableGroup(t *testing.T) { func TestListMembers(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -780,9 +771,9 @@ func TestListMembers(t *testing.T) { memberKind string authzResp *magistrala.AuthorizeRes authzErr error - listSubjectResp *magistrala.ListSubjectsRes + listSubjectResp []string listSubjectErr error - listObjectResp *magistrala.ListObjectsRes + listObjectResp []string listObjectErr error err error }{ @@ -794,12 +785,10 @@ func TestListMembers(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: []string{ - testsutil.GenerateUUID(t), - testsutil.GenerateUUID(t), - testsutil.GenerateUUID(t), - }, + listObjectResp: []string{ + testsutil.GenerateUUID(t), + testsutil.GenerateUUID(t), + testsutil.GenerateUUID(t), }, }, { @@ -811,12 +800,10 @@ func TestListMembers(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: []string{ - testsutil.GenerateUUID(t), - testsutil.GenerateUUID(t), - testsutil.GenerateUUID(t), - }, + listSubjectResp: []string{ + testsutil.GenerateUUID(t), + testsutil.GenerateUUID(t), + testsutil.GenerateUUID(t), }, }, { @@ -846,11 +833,9 @@ func TestListMembers(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: []string{}, - }, - listObjectErr: svcerr.ErrAuthorization, - err: svcerr.ErrAuthorization, + listObjectResp: []string{}, + listObjectErr: svcerr.ErrAuthorization, + err: svcerr.ErrAuthorization, }, { desc: "failed to list subjects with users kind", @@ -861,11 +846,9 @@ func TestListMembers(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: []string{}, - }, - listSubjectErr: svcerr.ErrAuthorization, - err: svcerr.ErrAuthorization, + listSubjectResp: []string{}, + listSubjectErr: svcerr.ErrAuthorization, + err: svcerr.ErrAuthorization, }, } @@ -906,7 +889,7 @@ func TestListMembers(t *testing.T) { func TestListGroups(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -919,17 +902,17 @@ func TestListGroups(t *testing.T) { idErr error authzResp *magistrala.AuthorizeRes authzErr error - listSubjectResp *magistrala.ListSubjectsRes + listSubjectResp []string listSubjectErr error - listObjectResp *magistrala.ListObjectsRes + listObjectResp []string listObjectErr error - listObjectFilterResp *magistrala.ListObjectsRes + listObjectFilterResp []string listObjectFilterErr error authSuperAdminResp *magistrala.AuthorizeRes authSuperAdminErr error repoResp mggroups.Page repoErr error - listPermResp *magistrala.ListPermissionsRes + listPermResp []string listPermErr error err error }{ @@ -949,12 +932,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listSubjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -962,11 +941,9 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listPermResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -985,12 +962,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listObjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -998,11 +971,9 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listPermResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -1021,12 +992,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listSubjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -1034,11 +1001,9 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listPermResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -1057,12 +1022,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listObjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -1070,11 +1031,9 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listPermResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -1093,12 +1052,9 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listObjectResp: allowedIDs, + + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -1106,11 +1062,9 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listPermResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -1185,7 +1139,7 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{}, + listSubjectResp: []string{}, listSubjectErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1205,10 +1159,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{}, + listSubjectResp: allowedIDs, + listObjectFilterResp: []string{}, listObjectFilterErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1247,7 +1199,7 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{}, + listObjectResp: []string{}, listObjectErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1267,10 +1219,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{}, + listObjectResp: allowedIDs, + listObjectFilterResp: []string{}, listObjectFilterErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1309,7 +1259,7 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{}, + listSubjectResp: []string{}, listSubjectErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1329,10 +1279,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{}, + listSubjectResp: allowedIDs, + listObjectFilterResp: []string{}, listObjectFilterErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1371,7 +1319,7 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{}, + listObjectResp: []string{}, listObjectErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1391,10 +1339,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{}, + listObjectResp: allowedIDs, + listObjectFilterResp: []string{}, listObjectFilterErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1414,12 +1360,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listObjectResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listObjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -1427,11 +1369,9 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{ - Permissions: []string{ - auth.ViewPermission, - auth.EditPermission, - }, + listPermResp: []string{ + auth.ViewPermission, + auth.EditPermission, }, }, { @@ -1465,15 +1405,11 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, - repoResp: mggroups.Page{}, - repoErr: repoerr.ErrViewEntity, - err: repoerr.ErrViewEntity, + listSubjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, + repoResp: mggroups.Page{}, + repoErr: repoerr.ErrViewEntity, + err: repoerr.ErrViewEntity, }, { desc: "unsuccessfully with things kind due to failed to list permissions", @@ -1491,12 +1427,8 @@ func TestListGroups(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - listSubjectResp: &magistrala.ListSubjectsRes{ - Policies: allowedIDs, - }, - listObjectFilterResp: &magistrala.ListObjectsRes{ - Policies: allowedIDs, - }, + listSubjectResp: allowedIDs, + listObjectFilterResp: allowedIDs, repoResp: mggroups.Page{ Groups: []mggroups.Group{ validGroup, @@ -1504,7 +1436,7 @@ func TestListGroups(t *testing.T) { validGroup, }, }, - listPermResp: &magistrala.ListPermissionsRes{}, + listPermResp: []string{}, listPermErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1659,7 +1591,7 @@ func TestListGroups(t *testing.T) { func TestAssign(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -1673,13 +1605,13 @@ func TestAssign(t *testing.T) { idErr error authzResp *magistrala.AuthorizeRes authzErr error - addPoliciesRes *magistrala.AddPoliciesRes + addPoliciesRes bool addPoliciesErr error repoResp mggroups.Page repoErr error - addParentPoliciesRes *magistrala.AddPoliciesRes + addParentPoliciesRes bool addParentPoliciesErr error - deleteParentPoliciesRes *magistrala.DeletePolicyRes + deleteParentPoliciesRes bool deleteParentPoliciesErr error repoParentGroupErr error err error @@ -1698,9 +1630,7 @@ func TestAssign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPoliciesRes: true, }, { desc: "successfully with channels kind", @@ -1716,9 +1646,7 @@ func TestAssign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPoliciesRes: true, }, { desc: "successfully with groups kind", @@ -1741,9 +1669,7 @@ func TestAssign(t *testing.T) { validGroup, }, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPoliciesRes: true, repoParentGroupErr: nil, }, { @@ -1760,9 +1686,7 @@ func TestAssign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPoliciesRes: true, }, { desc: "unsuccessfully with groups kind due to repo err", @@ -1846,9 +1770,7 @@ func TestAssign(t *testing.T) { validGroup, }, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: false, - }, + addPoliciesRes: false, addPoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1873,9 +1795,7 @@ func TestAssign(t *testing.T) { validGroup, }, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPoliciesRes: true, repoParentGroupErr: repoerr.ErrConflict, err: repoerr.ErrConflict, }, @@ -1900,12 +1820,8 @@ func TestAssign(t *testing.T) { validGroup, }, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: true, - }, - deleteParentPoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: false, - }, + addPoliciesRes: true, + deleteParentPoliciesRes: false, deleteParentPoliciesErr: svcerr.ErrAuthorization, repoParentGroupErr: repoerr.ErrConflict, err: apiutil.ErrRollbackTx, @@ -1968,9 +1884,7 @@ func TestAssign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - addPoliciesRes: &magistrala.AddPoliciesRes{ - Added: false, - }, + addPoliciesRes: false, addPoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -2069,7 +1983,7 @@ func TestAssign(t *testing.T) { func TestUnassign(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -2083,13 +1997,13 @@ func TestUnassign(t *testing.T) { idErr error authzResp *magistrala.AuthorizeRes authzErr error - deletePoliciesRes *magistrala.DeletePolicyRes + deletePoliciesRes bool deletePoliciesErr error repoResp mggroups.Page repoErr error - addParentPoliciesRes *magistrala.AddPoliciesRes + addParentPoliciesRes bool addParentPoliciesErr error - deleteParentPoliciesRes *magistrala.DeletePolicyRes + deleteParentPoliciesRes bool deleteParentPoliciesErr error repoParentGroupErr error err error @@ -2108,9 +2022,7 @@ func TestUnassign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, + deletePoliciesRes: true, }, { desc: "successfully with channels kind", @@ -2126,9 +2038,7 @@ func TestUnassign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, + deletePoliciesRes: true, }, { desc: "successfully with groups kind", @@ -2151,9 +2061,7 @@ func TestUnassign(t *testing.T) { validGroup, }, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, + deletePoliciesRes: true, repoParentGroupErr: nil, }, { @@ -2170,9 +2078,7 @@ func TestUnassign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, + deletePoliciesRes: true, }, { desc: "unsuccessfully with groups kind due to repo err", @@ -2256,9 +2162,7 @@ func TestUnassign(t *testing.T) { validGroup, }, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: false, - }, + deletePoliciesRes: false, deletePoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -2283,9 +2187,7 @@ func TestUnassign(t *testing.T) { validGroup, }, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, + deletePoliciesRes: true, repoParentGroupErr: repoerr.ErrConflict, err: repoerr.ErrConflict, }, @@ -2310,13 +2212,9 @@ func TestUnassign(t *testing.T) { validGroup, }, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, - repoParentGroupErr: repoerr.ErrConflict, - addParentPoliciesRes: &magistrala.AddPoliciesRes{ - Added: false, - }, + deletePoliciesRes: true, + repoParentGroupErr: repoerr.ErrConflict, + addParentPoliciesRes: false, addParentPoliciesErr: svcerr.ErrAuthorization, err: repoerr.ErrConflict, }, @@ -2378,9 +2276,7 @@ func TestUnassign(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: false, - }, + deletePoliciesRes: false, deletePoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -2479,7 +2375,7 @@ func TestUnassign(t *testing.T) { func TestDeleteGroup(t *testing.T) { repo := new(mocks.Repository) authsvc := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) svc := groups.NewService(repo, idProvider, authsvc, policy) cases := []struct { @@ -2490,7 +2386,7 @@ func TestDeleteGroup(t *testing.T) { idErr error authzResp *magistrala.AuthorizeRes authzErr error - deletePoliciesRes *magistrala.DeletePolicyRes + deletePoliciesRes bool deletePoliciesErr error repoErr error err error @@ -2506,16 +2402,14 @@ func TestDeleteGroup(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, + deletePoliciesRes: true, }, { desc: "unsuccessfully with invalid token", token: token, groupID: testsutil.GenerateUUID(t), idResp: &magistrala.IdentityRes{}, - deletePoliciesRes: &magistrala.DeletePolicyRes{}, + deletePoliciesRes: false, idErr: svcerr.ErrAuthentication, err: svcerr.ErrAuthentication, }, @@ -2530,7 +2424,7 @@ func TestDeleteGroup(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: false, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{}, + deletePoliciesRes: false, authzErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -2545,9 +2439,7 @@ func TestDeleteGroup(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: false, - }, + deletePoliciesRes: false, deletePoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -2562,11 +2454,9 @@ func TestDeleteGroup(t *testing.T) { authzResp: &magistrala.AuthorizeRes{ Authorized: true, }, - deletePoliciesRes: &magistrala.DeletePolicyRes{ - Deleted: true, - }, - repoErr: repoerr.ErrNotFound, - err: repoerr.ErrNotFound, + deletePoliciesRes: true, + repoErr: repoerr.ErrNotFound, + err: repoerr.ErrNotFound, }, } diff --git a/internal/policy/service.go b/internal/policy/service.go new file mode 100644 index 0000000000..894f86f25f --- /dev/null +++ b/internal/policy/service.go @@ -0,0 +1,127 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package policy + +import ( + "context" + + "github.com/absmach/magistrala" + "github.com/absmach/magistrala/pkg/policy" +) + +type service struct { + policy magistrala.PolicyServiceClient +} + +func NewService(policyClient magistrala.PolicyServiceClient) policy.PolicyService { + return &service{ + policy: policyClient, + } +} + +func (s *service) AddPolicy(ctx context.Context, req *magistrala.AddPolicyReq) (bool, error) { + res, err := s.policy.AddPolicy(ctx, req) + if err != nil { + return false, err + } + + return res.GetAdded(), nil +} + +func (svc *service) AddPolicies(ctx context.Context, req *magistrala.AddPoliciesReq) (bool, error) { + res, err := svc.policy.AddPolicies(ctx, req) + if err != nil { + return false, err + } + + return res.GetAdded(), nil +} + +func (s *service) DeletePolicyFilter(ctx context.Context, req *magistrala.DeletePolicyFilterReq) (bool, error) { + res, err := s.policy.DeletePolicyFilter(ctx, req) + if err != nil { + return false, err + } + return res.GetDeleted(), nil +} + +func (s *service) DeletePolicies(ctx context.Context, req *magistrala.DeletePoliciesReq) (bool, error) { + res, err := s.policy.DeletePolicies(ctx, req) + if err != nil { + return false, err + } + return res.GetDeleted(), nil +} + +func (s *service) ListObjects(ctx context.Context, req *magistrala.ListObjectsReq) ([]string, error) { + res, err := s.policy.ListObjects(ctx, req) + if err != nil { + return nil, err + } + + return res.Policies, nil +} + +func (s *service) ListAllObjects(ctx context.Context, req *magistrala.ListObjectsReq) ([]string, error) { + res, err := s.policy.ListAllObjects(ctx, req) + if err != nil { + return nil, err + } + + return res.Policies, nil +} + +func (s *service) CountObjects(ctx context.Context, req *magistrala.CountObjectsReq) (uint64, error) { + res, err := s.policy.CountObjects(ctx, req) + if err != nil { + return 0, err + } + + return res.Count, nil +} + +func (s *service) ListSubjects(ctx context.Context, req *magistrala.ListSubjectsReq) ([]string, error) { + res, err := s.policy.ListSubjects(ctx, req) + if err != nil { + return nil, err + } + + return res.Policies, nil +} + +func (s *service) ListAllSubjects(ctx context.Context, req *magistrala.ListSubjectsReq) ([]string, error) { + res, err := s.policy.ListAllSubjects(ctx, req) + if err != nil { + return nil, err + } + + return res.Policies, nil +} + +func (s *service) CountSubjects(ctx context.Context, req *magistrala.CountSubjectsReq) (uint64, error) { + res, err := s.policy.CountSubjects(ctx, req) + if err != nil { + return 0, err + } + + return res.Count, nil +} + +func (s *service) ListPermissions(ctx context.Context, req *magistrala.ListPermissionsReq) ([]string, error) { + res, err := s.policy.ListPermissions(ctx, req) + if err != nil { + return nil, err + } + + return res.GetPermissions(), nil +} + +func (s *service) DeleteEntityPolicies(ctx context.Context, req *magistrala.DeleteEntityPoliciesReq) (bool, error) { + res, err := s.policy.DeleteEntityPolicies(ctx, req) + if err != nil { + return false, err + } + + return res.GetDeleted(), nil +} diff --git a/pkg/policy/doc.go b/pkg/policy/doc.go new file mode 100644 index 0000000000..588c3d3dbf --- /dev/null +++ b/pkg/policy/doc.go @@ -0,0 +1,5 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +// Package policy contains Magistrala policy definitions. +package policy diff --git a/pkg/policy/mocks/service.go b/pkg/policy/mocks/service.go new file mode 100644 index 0000000000..03729648fc --- /dev/null +++ b/pkg/policy/mocks/service.go @@ -0,0 +1,377 @@ +// Code generated by mockery v2.43.2. DO NOT EDIT. + +// Copyright (c) Abstract Machines + +package mocks + +import ( + context "context" + + magistrala "github.com/absmach/magistrala" + mock "github.com/stretchr/testify/mock" +) + +// PolicyService is an autogenerated mock type for the PolicyService type +type PolicyService struct { + mock.Mock +} + +// AddPolicies provides a mock function with given fields: ctx, req +func (_m *PolicyService) AddPolicies(ctx context.Context, req *magistrala.AddPoliciesReq) (bool, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for AddPolicies") + } + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.AddPoliciesReq) (bool, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.AddPoliciesReq) bool); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.AddPoliciesReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// AddPolicy provides a mock function with given fields: ctx, req +func (_m *PolicyService) AddPolicy(ctx context.Context, req *magistrala.AddPolicyReq) (bool, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for AddPolicy") + } + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.AddPolicyReq) (bool, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.AddPolicyReq) bool); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.AddPolicyReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CountObjects provides a mock function with given fields: ctx, req +func (_m *PolicyService) CountObjects(ctx context.Context, req *magistrala.CountObjectsReq) (uint64, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for CountObjects") + } + + var r0 uint64 + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.CountObjectsReq) (uint64, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.CountObjectsReq) uint64); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(uint64) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.CountObjectsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CountSubjects provides a mock function with given fields: ctx, req +func (_m *PolicyService) CountSubjects(ctx context.Context, req *magistrala.CountSubjectsReq) (uint64, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for CountSubjects") + } + + var r0 uint64 + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.CountSubjectsReq) (uint64, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.CountSubjectsReq) uint64); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(uint64) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.CountSubjectsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeleteEntityPolicies provides a mock function with given fields: ctx, req +func (_m *PolicyService) DeleteEntityPolicies(ctx context.Context, req *magistrala.DeleteEntityPoliciesReq) (bool, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for DeleteEntityPolicies") + } + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.DeleteEntityPoliciesReq) (bool, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.DeleteEntityPoliciesReq) bool); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.DeleteEntityPoliciesReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeletePolicies provides a mock function with given fields: ctx, req +func (_m *PolicyService) DeletePolicies(ctx context.Context, req *magistrala.DeletePoliciesReq) (bool, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for DeletePolicies") + } + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.DeletePoliciesReq) (bool, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.DeletePoliciesReq) bool); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.DeletePoliciesReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// DeletePolicyFilter provides a mock function with given fields: ctx, req +func (_m *PolicyService) DeletePolicyFilter(ctx context.Context, req *magistrala.DeletePolicyFilterReq) (bool, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for DeletePolicyFilter") + } + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.DeletePolicyFilterReq) (bool, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.DeletePolicyFilterReq) bool); ok { + r0 = rf(ctx, req) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.DeletePolicyFilterReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListAllObjects provides a mock function with given fields: ctx, req +func (_m *PolicyService) ListAllObjects(ctx context.Context, req *magistrala.ListObjectsReq) ([]string, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for ListAllObjects") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListObjectsReq) ([]string, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListObjectsReq) []string); ok { + r0 = rf(ctx, req) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.ListObjectsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListAllSubjects provides a mock function with given fields: ctx, req +func (_m *PolicyService) ListAllSubjects(ctx context.Context, req *magistrala.ListSubjectsReq) ([]string, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for ListAllSubjects") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListSubjectsReq) ([]string, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListSubjectsReq) []string); ok { + r0 = rf(ctx, req) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.ListSubjectsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListObjects provides a mock function with given fields: ctx, req +func (_m *PolicyService) ListObjects(ctx context.Context, req *magistrala.ListObjectsReq) ([]string, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for ListObjects") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListObjectsReq) ([]string, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListObjectsReq) []string); ok { + r0 = rf(ctx, req) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.ListObjectsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListPermissions provides a mock function with given fields: ctx, req +func (_m *PolicyService) ListPermissions(ctx context.Context, req *magistrala.ListPermissionsReq) ([]string, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for ListPermissions") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListPermissionsReq) ([]string, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListPermissionsReq) []string); ok { + r0 = rf(ctx, req) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.ListPermissionsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// ListSubjects provides a mock function with given fields: ctx, req +func (_m *PolicyService) ListSubjects(ctx context.Context, req *magistrala.ListSubjectsReq) ([]string, error) { + ret := _m.Called(ctx, req) + + if len(ret) == 0 { + panic("no return value specified for ListSubjects") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListSubjectsReq) ([]string, error)); ok { + return rf(ctx, req) + } + if rf, ok := ret.Get(0).(func(context.Context, *magistrala.ListSubjectsReq) []string); ok { + r0 = rf(ctx, req) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *magistrala.ListSubjectsReq) error); ok { + r1 = rf(ctx, req) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// NewPolicyService creates a new instance of PolicyService. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewPolicyService(t interface { + mock.TestingT + Cleanup(func()) +}) *PolicyService { + mock := &PolicyService{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/pkg/policy/policy.go b/pkg/policy/policy.go new file mode 100644 index 0000000000..4bbd8cdfa4 --- /dev/null +++ b/pkg/policy/policy.go @@ -0,0 +1,53 @@ +// Copyright (c) Abstract Machines +// SPDX-License-Identifier: Apache-2.0 + +package policy + +import ( + "context" + + "github.com/absmach/magistrala" +) + +//go:generate mockery --name PolicyService --filename service.go --quiet --note "Copyright (c) Abstract Machines" +type PolicyService interface { + // AddPolicy creates a policy for the given subject, so that, after + // AddPolicy, `subject` has a `relation` on `object`. Returns a non-nil + // error in case of failures. + AddPolicy(ctx context.Context, req *magistrala.AddPolicyReq) (bool, error) + + // AddPolicies adds new policies for given subjects. This method is + // only allowed to use as an admin. + AddPolicies(ctx context.Context, req *magistrala.AddPoliciesReq) (bool, error) + + // DeletePolicyFilter removes policy for given policy filter request. + DeletePolicyFilter(ctx context.Context, req *magistrala.DeletePolicyFilterReq) (bool, error) + + // DeletePolicies deletes policies for given subjects. This method is + // only allowed to use as an admin. + DeletePolicies(ctx context.Context, req *magistrala.DeletePoliciesReq) (bool, error) + + // ListObjects lists policies based on the given PolicyReq structure. + ListObjects(ctx context.Context, req *magistrala.ListObjectsReq) ([]string, error) + + // ListAllObjects lists all policies based on the given PolicyReq structure. + ListAllObjects(ctx context.Context, req *magistrala.ListObjectsReq) ([]string, error) + + // CountObjects count policies based on the given PolicyReq structure. + CountObjects(ctx context.Context, req *magistrala.CountObjectsReq) (uint64, error) + + // ListSubjects lists subjects based on the given PolicyReq structure. + ListSubjects(ctx context.Context, req *magistrala.ListSubjectsReq) ([]string, error) + + // ListAllSubjects lists all subjects based on the given PolicyReq structure. + ListAllSubjects(ctx context.Context, req *magistrala.ListSubjectsReq) ([]string, error) + + // CountSubjects count policies based on the given PolicyReq structure. + CountSubjects(ctx context.Context, req *magistrala.CountSubjectsReq) (uint64, error) + + // ListPermissions lists permission betweeen given subject and object . + ListPermissions(ctx context.Context, req *magistrala.ListPermissionsReq) ([]string, error) + + // DeleteEntityPolicies deletes all policies for the given entity. + DeleteEntityPolicies(ctx context.Context, req *magistrala.DeleteEntityPoliciesReq) (bool, error) +} diff --git a/things/service.go b/things/service.go index 033d1d28db..143f222d22 100644 --- a/things/service.go +++ b/things/service.go @@ -12,13 +12,14 @@ import ( "github.com/absmach/magistrala/pkg/errors" svcerr "github.com/absmach/magistrala/pkg/errors/service" mggroups "github.com/absmach/magistrala/pkg/groups" + mgpolicy "github.com/absmach/magistrala/pkg/policy" "github.com/absmach/magistrala/things/postgres" "golang.org/x/sync/errgroup" ) type service struct { auth magistrala.AuthServiceClient - policy magistrala.PolicyServiceClient + policy mgpolicy.PolicyService clients postgres.Repository clientCache Cache idProvider magistrala.IDProvider @@ -26,7 +27,7 @@ type service struct { } // NewService returns a new Clients service implementation. -func NewService(auth magistrala.AuthServiceClient, policy magistrala.PolicyServiceClient, c postgres.Repository, grepo mggroups.Repository, tcache Cache, idp magistrala.IDProvider) Service { +func NewService(auth magistrala.AuthServiceClient, policy mgpolicy.PolicyService, c postgres.Repository, grepo mggroups.Repository, tcache Cache, idp magistrala.IDProvider) Service { return service{ auth: auth, policy: policy, @@ -219,7 +220,7 @@ func (svc service) retrievePermissions(ctx context.Context, userID string, clien } func (svc service) listUserThingPermission(ctx context.Context, userID, thingID string) ([]string, error) { - lp, err := svc.policy.ListPermissions(ctx, &magistrala.ListPermissionsReq{ + permissions, err := svc.policy.ListPermissions(ctx, &magistrala.ListPermissionsReq{ SubjectType: auth.UserType, Subject: userID, Object: thingID, @@ -228,7 +229,7 @@ func (svc service) listUserThingPermission(ctx context.Context, userID, thingID if err != nil { return []string{}, errors.Wrap(svcerr.ErrAuthorization, err) } - return lp.GetPermissions(), nil + return permissions, nil } func (svc service) listClientIDs(ctx context.Context, userID, permission string) ([]string, error) { @@ -241,7 +242,7 @@ func (svc service) listClientIDs(ctx context.Context, userID, permission string) if err != nil { return nil, errors.Wrap(svcerr.ErrNotFound, err) } - return tids.Policies, nil + return tids, nil } func (svc service) filterAllowedThingIDs(ctx context.Context, userID, permission string, thingIDs []string) ([]string, error) { @@ -256,7 +257,7 @@ func (svc service) filterAllowedThingIDs(ctx context.Context, userID, permission return nil, errors.Wrap(svcerr.ErrNotFound, err) } for _, thingID := range thingIDs { - for _, tid := range tids.Policies { + for _, tid := range tids { if thingID == tid { ids = append(ids, thingID) } @@ -394,11 +395,11 @@ func (svc service) Share(ctx context.Context, token, id, relation string, userid Object: id, }) } - res, err := svc.policy.AddPolicies(ctx, &policies) + added, err := svc.policy.AddPolicies(ctx, &policies) if err != nil { return errors.Wrap(svcerr.ErrUpdateEntity, err) } - if !res.Added { + if !added { return errors.Wrap(svcerr.ErrUpdateEntity, err) } return nil @@ -423,11 +424,11 @@ func (svc service) Unshare(ctx context.Context, token, id, relation string, user Object: id, }) } - res, err := svc.policy.DeletePolicies(ctx, &policies) + deleted, err := svc.policy.DeletePolicies(ctx, &policies) if err != nil { return errors.Wrap(svcerr.ErrUpdateEntity, err) } - if !res.Deleted { + if !deleted { return err } return nil @@ -446,14 +447,14 @@ func (svc service) DeleteClient(ctx context.Context, token, id string) error { return errors.Wrap(svcerr.ErrRemoveEntity, err) } - deleteRes, err := svc.policy.DeleteEntityPolicies(ctx, &magistrala.DeleteEntityPoliciesReq{ + deleted, err := svc.policy.DeleteEntityPolicies(ctx, &magistrala.DeleteEntityPoliciesReq{ EntityType: auth.ThingType, Id: id, }) if err != nil { return errors.Wrap(svcerr.ErrRemoveEntity, err) } - if !deleteRes.Deleted { + if !deleted { return svcerr.ErrAuthorization } @@ -505,7 +506,7 @@ func (svc service) ListClientsByGroup(ctx context.Context, token, groupID string return mgclients.MembersPage{}, errors.Wrap(svcerr.ErrNotFound, err) } - pm.IDs = tids.Policies + pm.IDs = tids cp, err := svc.clients.RetrieveAllByIDs(ctx, pm) if err != nil { diff --git a/things/service_test.go b/things/service_test.go index d1717825f3..b4845e7261 100644 --- a/things/service_test.go +++ b/things/service_test.go @@ -17,6 +17,7 @@ import ( repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" gmocks "github.com/absmach/magistrala/pkg/groups/mocks" + policymocks "github.com/absmach/magistrala/pkg/policy/mocks" "github.com/absmach/magistrala/pkg/uuid" "github.com/absmach/magistrala/things" "github.com/absmach/magistrala/things/mocks" @@ -46,9 +47,9 @@ var ( errRemovePolicies = errors.New("failed to delete policies") ) -func newService() (things.Service, *mocks.Repository, *authmocks.AuthServiceClient, *authmocks.PolicyServiceClient, *mocks.Cache) { +func newService() (things.Service, *mocks.Repository, *authmocks.AuthServiceClient, *policymocks.PolicyService, *mocks.Cache) { auth := new(authmocks.AuthServiceClient) - policyClient := new(authmocks.PolicyServiceClient) + policyClient := new(policymocks.PolicyService) thingCache := new(mocks.Cache) idProvider := uuid.NewMock() cRepo := new(mocks.Repository) @@ -65,8 +66,8 @@ func TestCreateThings(t *testing.T) { thing mgclients.Client token string authResponse *magistrala.AuthorizeRes - addPolicyResponse *magistrala.AddPoliciesRes - deletePolicyRes *magistrala.DeletePolicyRes + addPolicyResponse bool + deletePolicyRes bool authorizeErr error identifyErr error addPolicyErr error @@ -100,7 +101,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -114,7 +115,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -129,7 +130,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, @@ -143,7 +144,7 @@ func TestCreateThings(t *testing.T) { }, }, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, token: validToken, err: nil, }, @@ -158,7 +159,7 @@ func TestCreateThings(t *testing.T) { Status: mgclients.EnabledStatus, }, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, token: validToken, err: nil, }, @@ -174,7 +175,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -189,7 +190,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -203,7 +204,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -216,7 +217,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -230,7 +231,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -249,7 +250,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: nil, }, { @@ -263,7 +264,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, err: svcerr.ErrInvalidStatus, }, { @@ -304,7 +305,7 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: false}, + addPolicyResponse: false, addPolicyErr: svcerr.ErrInvalidPolicy, err: svcerr.ErrInvalidPolicy, }, @@ -319,9 +320,9 @@ func TestCreateThings(t *testing.T) { }, token: validToken, authResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPoliciesRes{Added: true}, + addPolicyResponse: true, saveErr: repoerr.ErrConflict, - deletePolicyRes: &magistrala.DeletePolicyRes{Deleted: false}, + deletePolicyRes: false, deletePolicyErr: svcerr.ErrInvalidPolicy, err: repoerr.ErrConflict, }, @@ -430,10 +431,10 @@ func TestListClients(t *testing.T) { authorizeResponse *magistrala.AuthorizeRes authorizeResponse1 *magistrala.AuthorizeRes authorizeResponse2 *magistrala.AuthorizeRes - listObjectsResponse *magistrala.ListObjectsRes - listObjectsResponse1 *magistrala.ListObjectsRes + listObjectsResponse []string + listObjectsResponse1 []string retrieveAllResponse mgclients.ClientsPage - listPermissionsResponse *magistrala.ListPermissionsRes + listPermissionsResponse []string response mgclients.ClientsPage id string size uint64 @@ -459,7 +460,7 @@ func TestListClients(t *testing.T) { identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, authorizeResponse2: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 2, @@ -468,9 +469,7 @@ func TestListClients(t *testing.T) { }, Clients: []mgclients.Client{client, client}, }, - listPermissionsResponse: &magistrala.ListPermissionsRes{ - Permissions: []string{"read", "write"}, - }, + listPermissionsResponse: []string{"read", "write"}, response: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 2, @@ -546,7 +545,7 @@ func TestListClients(t *testing.T) { }, Clients: []mgclients.Client{client, client}, }, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listPermissionsResponse: []string{}, response: mgclients.ClientsPage{}, listPermissionsErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, @@ -565,7 +564,7 @@ func TestListClients(t *testing.T) { authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, authorizeResponse1: &magistrala.AuthorizeRes{Authorized: true}, response: mgclients.ClientsPage{}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, err: nil, }, { @@ -582,7 +581,7 @@ func TestListClients(t *testing.T) { authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, authorizeResponse1: &magistrala.AuthorizeRes{Authorized: false}, response: mgclients.ClientsPage{}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, err: svcerr.ErrAuthorization, }, { @@ -599,7 +598,7 @@ func TestListClients(t *testing.T) { authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, authorizeResponse1: &magistrala.AuthorizeRes{Authorized: true}, response: mgclients.ClientsPage{}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, listObjectsErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, }, @@ -645,17 +644,15 @@ func TestListClients(t *testing.T) { page mgclients.Page identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - listObjectsResponse *magistrala.ListObjectsRes - listObjectsResponse1 *magistrala.ListObjectsRes + listObjectsResponse []string retrieveAllResponse mgclients.ClientsPage - listPermissionsResponse *magistrala.ListPermissionsRes + listPermissionsResponse []string response mgclients.ClientsPage id string size uint64 identifyErr error authorizeErr error listObjectsErr error - listObjectsErr1 error retrieveAllErr error listPermissionsErr error err error @@ -671,10 +668,9 @@ func TestListClients(t *testing.T) { ListPerms: true, Domain: domainID, }, - identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{Policies: []string{"test", "test"}}, - listObjectsResponse1: &magistrala.ListObjectsRes{Policies: []string{"test", "test"}}, + identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listObjectsResponse: []string{"test", "test"}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 2, @@ -683,9 +679,7 @@ func TestListClients(t *testing.T) { }, Clients: []mgclients.Client{client, client}, }, - listPermissionsResponse: &magistrala.ListPermissionsRes{ - Permissions: []string{"read", "write"}, - }, + listPermissionsResponse: []string{"read", "write"}, response: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 2, @@ -722,13 +716,12 @@ func TestListClients(t *testing.T) { ListPerms: true, Domain: domainID, }, - identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listObjectsResponse1: &magistrala.ListObjectsRes{}, - retrieveAllResponse: mgclients.ClientsPage{}, - retrieveAllErr: repoerr.ErrNotFound, - err: svcerr.ErrNotFound, + identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listObjectsResponse: []string{}, + retrieveAllResponse: mgclients.ClientsPage{}, + retrieveAllErr: repoerr.ErrNotFound, + err: svcerr.ErrNotFound, }, { desc: "list all clients as admin with failed to list permissions", @@ -741,10 +734,9 @@ func TestListClients(t *testing.T) { ListPerms: true, Domain: domainID, }, - identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listObjectsResponse1: &magistrala.ListObjectsRes{}, + identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listObjectsResponse: []string{}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 2, @@ -753,7 +745,7 @@ func TestListClients(t *testing.T) { }, Clients: []mgclients.Client{client, client}, }, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listPermissionsResponse: []string{}, listPermissionsErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, }, @@ -768,12 +760,11 @@ func TestListClients(t *testing.T) { ListPerms: true, Domain: domainID, }, - identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listObjectsResponse1: &magistrala.ListObjectsRes{}, - listObjectsErr: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, + identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listObjectsResponse: []string{}, + listObjectsErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, }, { desc: "list all clients as admin with failed to list things", @@ -786,12 +777,11 @@ func TestListClients(t *testing.T) { ListPerms: true, Domain: domainID, }, - identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listObjectsResponse1: &magistrala.ListObjectsRes{}, - listObjectsErr1: svcerr.ErrNotFound, - err: svcerr.ErrNotFound, + identifyResponse: &magistrala.IdentityRes{Id: nonAdminID, UserId: nonAdminID, DomainId: domainID}, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listObjectsResponse: []string{}, + listObjectsErr: svcerr.ErrNotFound, + err: svcerr.ErrNotFound, }, } @@ -809,7 +799,7 @@ func TestListClients(t *testing.T) { Subject: tc.identifyResponse.Id, Permission: "", ObjectType: authsvc.ThingType, - }).Return(tc.listObjectsResponse1, tc.listObjectsErr1) + }).Return(tc.listObjectsResponse, tc.listObjectsErr) retrieveAllCall := cRepo.On("SearchClients", mock.Anything, mock.Anything).Return(tc.retrieveAllResponse, tc.retrieveAllErr) listPermissionsCall := policy.On("ListPermissions", mock.Anything, mock.Anything).Return(tc.listPermissionsResponse, tc.listPermissionsErr) @@ -1416,8 +1406,8 @@ func TestListMembers(t *testing.T) { page mgclients.Page identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - listObjectsResponse *magistrala.ListObjectsRes - listPermissionsResponse *magistrala.ListPermissionsRes + listObjectsResponse []string + listPermissionsResponse []string retreiveAllByIDsResponse mgclients.ClientsPage response mgclients.MembersPage identifyErr error @@ -1433,8 +1423,8 @@ func TestListMembers(t *testing.T) { groupID: testsutil.GenerateUUID(t), identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listObjectsResponse: []string{}, + listPermissionsResponse: []string{}, retreiveAllByIDsResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 0, @@ -1464,8 +1454,8 @@ func TestListMembers(t *testing.T) { }, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listObjectsResponse: []string{}, + listPermissionsResponse: []string{}, retreiveAllByIDsResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: nClients - 6 - 1, @@ -1501,8 +1491,8 @@ func TestListMembers(t *testing.T) { groupID: wrongID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listObjectsResponse: []string{}, + listPermissionsResponse: []string{}, retreiveAllByIDsResponse: mgclients.ClientsPage{}, response: mgclients.MembersPage{ Page: mgclients.Page{ @@ -1523,8 +1513,8 @@ func TestListMembers(t *testing.T) { }, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listPermissionsResponse: &magistrala.ListPermissionsRes{Permissions: []string{"admin"}}, + listObjectsResponse: []string{}, + listPermissionsResponse: []string{"admin"}, retreiveAllByIDsResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 1, @@ -1560,7 +1550,7 @@ func TestListMembers(t *testing.T) { }, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, + listObjectsResponse: []string{}, listObjectsErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, }, @@ -1580,8 +1570,8 @@ func TestListMembers(t *testing.T) { response: mgclients.MembersPage{}, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listObjectsResponse: &magistrala.ListObjectsRes{}, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listObjectsResponse: []string{}, + listPermissionsResponse: []string{}, listPermissionsErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, }, @@ -1591,7 +1581,7 @@ func TestListMembers(t *testing.T) { repoCall := auth.On("Identify", mock.Anything, &magistrala.IdentityReq{Token: tc.token}).Return(tc.identifyResponse, tc.identifyErr) repoCall1 := auth.On("Authorize", mock.Anything, mock.Anything).Return(tc.authorizeResponse, tc.authorizeErr) repoCall2 := policy.On("ListAllObjects", mock.Anything, mock.Anything).Return(tc.listObjectsResponse, tc.listObjectsErr) - repoCall3 := cRepo.On("RetrieveAllByIDs", context.Background(), tc.page).Return(tc.retreiveAllByIDsResponse, tc.retreiveAllByIDsErr) + repoCall3 := cRepo.On("RetrieveAllByIDs", context.Background(), mock.Anything).Return(tc.retreiveAllByIDsResponse, tc.retreiveAllByIDsErr) repoCall4 := policy.On("ListPermissions", mock.Anything, mock.Anything).Return(tc.listPermissionsResponse, tc.listPermissionsErr) page, err := svc.ListClientsByGroup(context.Background(), tc.token, tc.groupID, tc.page) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) @@ -1616,7 +1606,7 @@ func TestDeleteClient(t *testing.T) { token string identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - deletePolicyResponse *magistrala.DeletePolicyRes + deletePolicyResponse bool clientID string identifyErr error authorizeErr error @@ -1631,7 +1621,7 @@ func TestDeleteClient(t *testing.T) { clientID: client.ID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - deletePolicyResponse: &magistrala.DeletePolicyRes{Deleted: true}, + deletePolicyResponse: true, err: nil, }, { @@ -1657,7 +1647,7 @@ func TestDeleteClient(t *testing.T) { clientID: client.ID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - deletePolicyResponse: &magistrala.DeletePolicyRes{Deleted: true}, + deletePolicyResponse: true, deleteErr: repoerr.ErrRemoveEntity, err: repoerr.ErrRemoveEntity, }, @@ -1676,7 +1666,7 @@ func TestDeleteClient(t *testing.T) { clientID: client.ID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - deletePolicyResponse: &magistrala.DeletePolicyRes{Deleted: false}, + deletePolicyResponse: false, deletePolicyErr: errRemovePolicies, err: errRemovePolicies, }, @@ -1714,7 +1704,7 @@ func TestShare(t *testing.T) { userID string identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - addPoliciesResponse *magistrala.AddPoliciesRes + addPoliciesResponse bool identifyErr error authorizeErr error addPoliciesErr error @@ -1726,7 +1716,7 @@ func TestShare(t *testing.T) { clientID: clientID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, err: nil, }, { @@ -1752,7 +1742,7 @@ func TestShare(t *testing.T) { clientID: clientID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPoliciesResponse: &magistrala.AddPoliciesRes{}, + addPoliciesResponse: false, addPoliciesErr: svcerr.ErrInvalidPolicy, err: svcerr.ErrInvalidPolicy, }, @@ -1762,7 +1752,7 @@ func TestShare(t *testing.T) { clientID: clientID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: false}, + addPoliciesResponse: false, err: svcerr.ErrUpdateEntity, }, } @@ -1792,7 +1782,7 @@ func TestUnShare(t *testing.T) { userID string identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - deletePoliciesResponse *magistrala.DeletePolicyRes + deletePoliciesResponse bool identifyErr error authorizeErr error deletePoliciesErr error @@ -1804,7 +1794,7 @@ func TestUnShare(t *testing.T) { clientID: clientID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + deletePoliciesResponse: true, err: nil, }, { @@ -1830,7 +1820,7 @@ func TestUnShare(t *testing.T) { clientID: clientID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{}, + deletePoliciesResponse: false, deletePoliciesErr: svcerr.ErrInvalidPolicy, err: svcerr.ErrInvalidPolicy, }, @@ -1840,7 +1830,7 @@ func TestUnShare(t *testing.T) { clientID: clientID, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: false}, + deletePoliciesResponse: false, err: nil, }, } @@ -1866,10 +1856,9 @@ func TestViewClientPerms(t *testing.T) { desc string token string thingID string - permissions []string identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - listPermResponse *magistrala.ListPermissionsRes + listPermResponse []string identifyErr error authorizeErr error listPermErr error @@ -1879,17 +1868,15 @@ func TestViewClientPerms(t *testing.T) { desc: "view client permissions successfully", token: validToken, thingID: validID, - permissions: []string{"admin"}, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listPermResponse: &magistrala.ListPermissionsRes{Permissions: []string{"admin"}}, + listPermResponse: []string{"admin"}, err: nil, }, { desc: "view client permissions with invalid token", token: inValidToken, thingID: validID, - permissions: []string{"admin"}, identifyResponse: &magistrala.IdentityRes{}, identifyErr: svcerr.ErrAuthentication, err: svcerr.ErrAuthentication, @@ -1897,8 +1884,6 @@ func TestViewClientPerms(t *testing.T) { { desc: "view client permissions with invalid ID", token: validToken, - thingID: inValidToken, - permissions: []string{}, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, authorizeErr: svcerr.ErrAuthorization, @@ -1908,10 +1893,9 @@ func TestViewClientPerms(t *testing.T) { desc: "view permissions with failed retrieve list permissions response", token: validToken, thingID: validID, - permissions: []string{}, identifyResponse: &magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listPermResponse: &magistrala.ListPermissionsRes{}, + listPermResponse: []string{}, listPermErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -1921,8 +1905,11 @@ func TestViewClientPerms(t *testing.T) { repoCall := auth.On("Identify", mock.Anything, &magistrala.IdentityReq{Token: tc.token}).Return(tc.identifyResponse, tc.identifyErr) repoCall1 := auth.On("Authorize", mock.Anything, mock.Anything).Return(tc.authorizeResponse, tc.authorizeErr) repoCall2 := policy.On("ListPermissions", mock.Anything, mock.Anything).Return(tc.listPermResponse, tc.listPermErr) - _, err := svc.ViewClientPerms(context.Background(), tc.token, tc.thingID) + res, err := svc.ViewClientPerms(context.Background(), tc.token, tc.thingID) assert.True(t, errors.Contains(err, tc.err), fmt.Sprintf("%s: expected %s got %s\n", tc.desc, tc.err, err)) + if tc.err == nil { + assert.Equal(t, tc.listPermResponse, res, fmt.Sprintf("%s: expected %v got %v\n", tc.desc, tc.listPermResponse, res)) + } repoCall.Unset() repoCall1.Unset() repoCall2.Unset() diff --git a/users/delete_handler.go b/users/delete_handler.go index 6b8bc1fe58..c6b02fd895 100644 --- a/users/delete_handler.go +++ b/users/delete_handler.go @@ -18,6 +18,7 @@ import ( "github.com/absmach/magistrala/auth" mgclients "github.com/absmach/magistrala/pkg/clients" svcerr "github.com/absmach/magistrala/pkg/errors/service" + "github.com/absmach/magistrala/pkg/policy" "github.com/absmach/magistrala/users/postgres" ) @@ -25,16 +26,16 @@ const defLimit = uint64(100) type handler struct { clients postgres.Repository - policy magistrala.PolicyServiceClient + policy policy.PolicyService checkInterval time.Duration deleteAfter time.Duration logger *slog.Logger } -func NewDeleteHandler(ctx context.Context, clients postgres.Repository, policyClient magistrala.PolicyServiceClient, defCheckInterval, deleteAfter time.Duration, logger *slog.Logger) { +func NewDeleteHandler(ctx context.Context, clients postgres.Repository, policyService policy.PolicyService, defCheckInterval, deleteAfter time.Duration, logger *slog.Logger) { handler := &handler{ clients: clients, - policy: policyClient, + policy: policyService, checkInterval: defCheckInterval, deleteAfter: deleteAfter, logger: logger, @@ -73,7 +74,7 @@ func (h *handler) handle(ctx context.Context) { continue } - deleteRes, err := h.policy.DeleteEntityPolicies(ctx, &magistrala.DeleteEntityPoliciesReq{ + deleted, err := h.policy.DeleteEntityPolicies(ctx, &magistrala.DeleteEntityPoliciesReq{ Id: u.ID, EntityType: auth.UserType, }) @@ -81,7 +82,7 @@ func (h *handler) handle(ctx context.Context) { h.logger.Error("failed to delete user policies", slog.Any("error", err)) continue } - if !deleteRes.Deleted { + if !deleted { h.logger.Error("failed to delete user policies", slog.Any("error", svcerr.ErrAuthorization)) continue } diff --git a/users/service.go b/users/service.go index 383bcdf0c2..9ef9a38f30 100644 --- a/users/service.go +++ b/users/service.go @@ -13,6 +13,7 @@ import ( "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" + "github.com/absmach/magistrala/pkg/policy" "github.com/absmach/magistrala/users/postgres" "golang.org/x/sync/errgroup" ) @@ -28,18 +29,18 @@ type service struct { clients postgres.Repository idProvider magistrala.IDProvider auth magistrala.AuthServiceClient - policy magistrala.PolicyServiceClient + policy policy.PolicyService hasher Hasher email Emailer selfRegister bool } // NewService returns a new Users service implementation. -func NewService(crepo postgres.Repository, authClient magistrala.AuthServiceClient, policyClient magistrala.PolicyServiceClient, emailer Emailer, hasher Hasher, idp magistrala.IDProvider, selfRegister bool) Service { +func NewService(crepo postgres.Repository, authClient magistrala.AuthServiceClient, policyService policy.PolicyService, emailer Emailer, hasher Hasher, idp magistrala.IDProvider, selfRegister bool) Service { return service{ clients: crepo, auth: authClient, - policy: policyClient, + policy: policyService, hasher: hasher, email: emailer, idProvider: idp, @@ -511,7 +512,7 @@ func (svc service) ListMembers(ctx context.Context, token, objectKind, objectID if err != nil { return mgclients.MembersPage{}, errors.Wrap(svcerr.ErrNotFound, err) } - if len(duids.Policies) == 0 { + if len(duids) == 0 { return mgclients.MembersPage{ Page: mgclients.Page{Total: 0, Offset: pm.Offset, Limit: pm.Limit}, }, nil @@ -519,7 +520,7 @@ func (svc service) ListMembers(ctx context.Context, token, objectKind, objectID var userIDs []string - for _, domainUserID := range duids.Policies { + for _, domainUserID := range duids { _, userID := auth.DecodeDomainUserID(domainUserID) userIDs = append(userIDs, userID) } @@ -573,7 +574,7 @@ func (svc service) retrieveObjectUsersPermissions(ctx context.Context, domainID, } func (svc service) listObjectUserPermission(ctx context.Context, userID, objectType, objectID string) ([]string, error) { - lp, err := svc.policy.ListPermissions(ctx, &magistrala.ListPermissionsReq{ + permissions, err := svc.policy.ListPermissions(ctx, &magistrala.ListPermissionsReq{ SubjectType: auth.UserType, Subject: userID, Object: objectID, @@ -582,7 +583,7 @@ func (svc service) listObjectUserPermission(ctx context.Context, userID, objectT if err != nil { return []string{}, errors.Wrap(errFailedPermissionsList, err) } - return lp.GetPermissions(), nil + return permissions, nil } func (svc *service) checkSuperAdmin(ctx context.Context, adminID string) error { @@ -680,11 +681,11 @@ func (svc service) addClientPolicy(ctx context.Context, userID string, role mgcl Object: auth.MagistralaObject, }) } - resp, err := svc.policy.AddPolicies(ctx, &policies) + added, err := svc.policy.AddPolicies(ctx, &policies) if err != nil { return errors.Wrap(svcerr.ErrAddPolicies, err) } - if !resp.Added { + if !added { return svcerr.ErrAuthorization } return nil @@ -710,11 +711,11 @@ func (svc service) addClientPolicyRollback(ctx context.Context, userID string, r Object: auth.MagistralaObject, }) } - resp, err := svc.policy.DeletePolicies(ctx, &policies) + deleted, err := svc.policy.DeletePolicies(ctx, &policies) if err != nil { return errors.Wrap(svcerr.ErrDeletePolicies, err) } - if !resp.Deleted { + if !deleted { return svcerr.ErrAuthorization } return nil @@ -723,7 +724,7 @@ func (svc service) addClientPolicyRollback(ctx context.Context, userID string, r func (svc service) updateClientPolicy(ctx context.Context, userID string, role mgclients.Role) error { switch role { case mgclients.AdminRole: - resp, err := svc.policy.AddPolicy(ctx, &magistrala.AddPolicyReq{ + added, err := svc.policy.AddPolicy(ctx, &magistrala.AddPolicyReq{ SubjectType: auth.UserType, Subject: userID, Relation: auth.AdministratorRelation, @@ -733,14 +734,14 @@ func (svc service) updateClientPolicy(ctx context.Context, userID string, role m if err != nil { return errors.Wrap(svcerr.ErrAddPolicies, err) } - if !resp.Added { + if !added { return svcerr.ErrAuthorization } return nil case mgclients.UserRole: fallthrough default: - resp, err := svc.policy.DeletePolicyFilter(ctx, &magistrala.DeletePolicyFilterReq{ + deleted, err := svc.policy.DeletePolicyFilter(ctx, &magistrala.DeletePolicyFilterReq{ SubjectType: auth.UserType, Subject: userID, Relation: auth.AdministratorRelation, @@ -750,7 +751,7 @@ func (svc service) updateClientPolicy(ctx context.Context, userID string, role m if err != nil { return errors.Wrap(svcerr.ErrDeletePolicies, err) } - if !resp.Deleted { + if !deleted { return svcerr.ErrAuthorization } return nil diff --git a/users/service_test.go b/users/service_test.go index 382c863094..40b79a80db 100644 --- a/users/service_test.go +++ b/users/service_test.go @@ -17,6 +17,7 @@ import ( "github.com/absmach/magistrala/pkg/errors" repoerr "github.com/absmach/magistrala/pkg/errors/repository" svcerr "github.com/absmach/magistrala/pkg/errors/service" + policymocks "github.com/absmach/magistrala/pkg/policy/mocks" "github.com/absmach/magistrala/pkg/uuid" "github.com/absmach/magistrala/users" "github.com/absmach/magistrala/users/hasher" @@ -50,10 +51,10 @@ var ( errHashPassword = errors.New("generate hash from password failed") ) -func newService(selfRegister bool) (users.Service, *mocks.Repository, *authmocks.AuthServiceClient, *authmocks.PolicyServiceClient, *mocks.Emailer) { +func newService(selfRegister bool) (users.Service, *mocks.Repository, *authmocks.AuthServiceClient, *policymocks.PolicyService, *mocks.Emailer) { cRepo := new(mocks.Repository) auth := new(authmocks.AuthServiceClient) - policy := new(authmocks.PolicyServiceClient) + policy := new(policymocks.PolicyService) e := new(mocks.Emailer) return users.NewService(cRepo, auth, policy, e, phasher, idProvider, selfRegister), cRepo, auth, policy, e } @@ -65,8 +66,8 @@ func TestRegisterClient(t *testing.T) { desc string client mgclients.Client identifyResponse *magistrala.IdentityRes - addPoliciesResponse *magistrala.AddPoliciesRes - deletePoliciesResponse *magistrala.DeletePolicyRes + addPoliciesResponse bool + deletePoliciesResponse bool token string identifyErr error addPoliciesResponseErr error @@ -77,15 +78,15 @@ func TestRegisterClient(t *testing.T) { { desc: "register new client successfully", client: client, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, token: validToken, err: nil, }, { desc: "register existing client", client: client, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPoliciesResponse: true, + deletePoliciesResponse: true, token: validToken, saveErr: repoerr.ErrConflict, err: repoerr.ErrConflict, @@ -100,7 +101,7 @@ func TestRegisterClient(t *testing.T) { }, Status: mgclients.EnabledStatus, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, err: nil, token: validToken, }, @@ -113,7 +114,7 @@ func TestRegisterClient(t *testing.T) { Secret: secret, }, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, err: nil, token: validToken, }, @@ -131,7 +132,7 @@ func TestRegisterClient(t *testing.T) { }, Status: mgclients.EnabledStatus, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, err: nil, token: validToken, }, @@ -143,8 +144,8 @@ func TestRegisterClient(t *testing.T) { Secret: secret, }, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPoliciesResponse: true, + deletePoliciesResponse: true, saveErr: errors.ErrMalformedEntity, err: errors.ErrMalformedEntity, token: validToken, @@ -158,8 +159,8 @@ func TestRegisterClient(t *testing.T) { Secret: "", }, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPoliciesResponse: true, + deletePoliciesResponse: true, err: nil, }, { @@ -171,8 +172,8 @@ func TestRegisterClient(t *testing.T) { Secret: strings.Repeat("a", 73), }, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPoliciesResponse: true, + deletePoliciesResponse: true, err: repoerr.ErrMalformedEntity, }, { @@ -185,8 +186,8 @@ func TestRegisterClient(t *testing.T) { }, Status: mgclients.AllStatus, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPoliciesResponse: true, + deletePoliciesResponse: true, err: svcerr.ErrInvalidStatus, }, { @@ -199,8 +200,8 @@ func TestRegisterClient(t *testing.T) { }, Role: 2, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPoliciesResponse: true, + deletePoliciesResponse: true, err: svcerr.ErrInvalidRole, }, { @@ -213,7 +214,7 @@ func TestRegisterClient(t *testing.T) { }, Role: mgclients.AdminRole, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: false}, + addPoliciesResponse: false, err: svcerr.ErrAuthorization, }, { @@ -226,7 +227,7 @@ func TestRegisterClient(t *testing.T) { }, Role: mgclients.AdminRole, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, addPoliciesResponseErr: svcerr.ErrAddPolicies, err: svcerr.ErrAddPolicies, }, @@ -240,8 +241,8 @@ func TestRegisterClient(t *testing.T) { }, Role: mgclients.AdminRole, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: false}, + addPoliciesResponse: true, + deletePoliciesResponse: false, deletePoliciesResponseErr: svcerr.ErrConflict, saveErr: repoerr.ErrConflict, err: svcerr.ErrConflict, @@ -256,8 +257,8 @@ func TestRegisterClient(t *testing.T) { }, Role: mgclients.AdminRole, }, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, - deletePoliciesResponse: &magistrala.DeletePolicyRes{Deleted: false}, + addPoliciesResponse: true, + deletePoliciesResponse: false, saveErr: repoerr.ErrConflict, err: svcerr.ErrConflict, }, @@ -291,8 +292,8 @@ func TestRegisterClient(t *testing.T) { client mgclients.Client identifyResponse *magistrala.IdentityRes authorizeResponse *magistrala.AuthorizeRes - addPoliciesResponse *magistrala.AddPoliciesRes - deletePoliciesResponse *magistrala.DeletePolicyRes + addPoliciesResponse bool + deletePoliciesResponse bool token string identifyErr error authorizeErr error @@ -307,7 +308,7 @@ func TestRegisterClient(t *testing.T) { client: client, identifyResponse: &magistrala.IdentityRes{UserId: validID}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, token: validToken, err: nil, }, @@ -1068,8 +1069,8 @@ func TestUpdateClientRole(t *testing.T) { membershipAuthReq *magistrala.AuthorizeReq superAdminAuthRes *magistrala.AuthorizeRes membershipAuthRes *magistrala.AuthorizeRes - deletePolicyFilterResponse *magistrala.DeletePolicyRes - addPolicyResponse *magistrala.AddPolicyRes + deletePolicyFilterResponse bool + addPolicyResponse bool updateRoleResponse mgclients.Client token string identifyErr error @@ -1089,7 +1090,7 @@ func TestUpdateClientRole(t *testing.T) { membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPolicyRes{Added: true}, + addPolicyResponse: true, updateRoleResponse: client, token: validToken, err: nil, @@ -1132,7 +1133,7 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPolicyRes{Added: false}, + addPolicyResponse: false, token: validToken, authorizeErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, @@ -1145,7 +1146,7 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPolicyRes{}, + addPolicyResponse: false, token: validToken, addPolicyErr: errors.ErrMalformedEntity, err: svcerr.ErrAddPolicies, @@ -1158,7 +1159,7 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - deletePolicyFilterResponse: &magistrala.DeletePolicyRes{Deleted: true}, + deletePolicyFilterResponse: true, updateRoleResponse: client2, token: validToken, err: nil, @@ -1171,7 +1172,7 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - deletePolicyFilterResponse: &magistrala.DeletePolicyRes{Deleted: false}, + deletePolicyFilterResponse: false, updateRoleResponse: mgclients.Client{}, token: validToken, deletePolicyErr: svcerr.ErrAuthorization, @@ -1185,7 +1186,7 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - deletePolicyFilterResponse: &magistrala.DeletePolicyRes{Deleted: false}, + deletePolicyFilterResponse: false, updateRoleResponse: mgclients.Client{}, token: validToken, deletePolicyErr: svcerr.ErrMalformedEntity, @@ -1199,8 +1200,8 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPolicyRes{Added: true}, - deletePolicyFilterResponse: &magistrala.DeletePolicyRes{Deleted: true}, + addPolicyResponse: true, + deletePolicyFilterResponse: true, updateRoleResponse: mgclients.Client{}, token: validToken, updateRoleErr: svcerr.ErrAuthentication, @@ -1214,8 +1215,8 @@ func TestUpdateClientRole(t *testing.T) { superAdminAuthRes: &magistrala.AuthorizeRes{Authorized: true}, membershipAuthReq: membershipAuthReq, membershipAuthRes: &magistrala.AuthorizeRes{Authorized: true}, - addPolicyResponse: &magistrala.AddPolicyRes{Added: true}, - deletePolicyFilterResponse: &magistrala.DeletePolicyRes{Deleted: false}, + addPolicyResponse: true, + deletePolicyFilterResponse: false, updateRoleResponse: mgclients.Client{}, token: validToken, updateRoleErr: svcerr.ErrAuthentication, @@ -1780,9 +1781,9 @@ func TestListMembers(t *testing.T) { authorizeReq *magistrala.AuthorizeReq listAllSubjectsReq *magistrala.ListSubjectsReq authorizeResponse *magistrala.AuthorizeRes - listAllSubjectsResponse *magistrala.ListSubjectsRes + listAllSubjectsResponse []string retrieveAllResponse mgclients.ClientsPage - listPermissionsResponse *magistrala.ListPermissionsRes + listPermissionsResponse []string response mgclients.MembersPage authorizeErr error listAllSubjectsErr error @@ -1799,7 +1800,7 @@ func TestListMembers(t *testing.T) { objectID: validID, page: mgclients.Page{Offset: 0, Limit: 100, Permission: "read"}, identifyResponse: &magistrala.IdentityRes{UserId: client.ID}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{}, + listAllSubjectsResponse: []string{}, authorizeReq: &magistrala.AuthorizeReq{ SubjectType: authsvc.UserType, SubjectKind: authsvc.TokenKind, @@ -1846,10 +1847,8 @@ func TestListMembers(t *testing.T) { Object: validID, ObjectType: authsvc.ThingType, }, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{ - Policies: []string{validPolicy}, - }, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listAllSubjectsResponse: []string{validPolicy}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 1, @@ -1890,10 +1889,8 @@ func TestListMembers(t *testing.T) { Object: validID, ObjectType: authsvc.ThingType, }, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{ - Policies: []string{validPolicy}, - }, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listAllSubjectsResponse: []string{validPolicy}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 1, @@ -1902,7 +1899,7 @@ func TestListMembers(t *testing.T) { }, Clients: []mgclients.Client{basicClient}, }, - listPermissionsResponse: &magistrala.ListPermissionsRes{Permissions: []string{"read"}}, + listPermissionsResponse: []string{"read"}, response: mgclients.MembersPage{ Page: mgclients.Page{ Total: 1, @@ -1935,10 +1932,8 @@ func TestListMembers(t *testing.T) { Object: validID, ObjectType: authsvc.ThingType, }, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{ - Policies: []string{validPolicy}, - }, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listAllSubjectsResponse: []string{validPolicy}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 1, @@ -1947,7 +1942,7 @@ func TestListMembers(t *testing.T) { }, Clients: []mgclients.Client{client}, }, - listPermissionsResponse: &magistrala.ListPermissionsRes{}, + listPermissionsResponse: []string{}, response: mgclients.MembersPage{}, listPermissionErr: svcerr.ErrNotFound, err: svcerr.ErrNotFound, @@ -1995,7 +1990,7 @@ func TestListMembers(t *testing.T) { }, authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, listAllSubjectsErr: repoerr.ErrNotFound, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{}, + listAllSubjectsResponse: []string{}, err: repoerr.ErrNotFound, }, { @@ -2020,14 +2015,12 @@ func TestListMembers(t *testing.T) { Object: validID, ObjectType: authsvc.ThingType, }, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{ - Policies: []string{validPolicy}, - }, - retrieveAllResponse: mgclients.ClientsPage{}, - response: mgclients.MembersPage{}, - retrieveAllErr: repoerr.ErrNotFound, - err: repoerr.ErrNotFound, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listAllSubjectsResponse: []string{validPolicy}, + retrieveAllResponse: mgclients.ClientsPage{}, + response: mgclients.MembersPage{}, + retrieveAllErr: repoerr.ErrNotFound, + err: repoerr.ErrNotFound, }, { desc: "list members with no policies successfully of the domain kind", @@ -2037,7 +2030,7 @@ func TestListMembers(t *testing.T) { objectID: validID, page: mgclients.Page{Offset: 0, Limit: 100, Permission: "read"}, identifyResponse: &magistrala.IdentityRes{UserId: client.ID}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{}, + listAllSubjectsResponse: []string{}, authorizeReq: &magistrala.AuthorizeReq{ SubjectType: authsvc.UserType, SubjectKind: authsvc.TokenKind, @@ -2084,10 +2077,8 @@ func TestListMembers(t *testing.T) { Object: validID, ObjectType: authsvc.DomainType, }, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{ - Policies: []string{validPolicy}, - }, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listAllSubjectsResponse: []string{validPolicy}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 1, @@ -2133,7 +2124,7 @@ func TestListMembers(t *testing.T) { objectID: validID, page: mgclients.Page{Offset: 0, Limit: 100, Permission: "read"}, identifyResponse: &magistrala.IdentityRes{UserId: client.ID}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{}, + listAllSubjectsResponse: []string{}, authorizeReq: &magistrala.AuthorizeReq{ SubjectType: authsvc.UserType, SubjectKind: authsvc.TokenKind, @@ -2180,10 +2171,8 @@ func TestListMembers(t *testing.T) { Object: validID, ObjectType: authsvc.GroupType, }, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, - listAllSubjectsResponse: &magistrala.ListSubjectsRes{ - Policies: []string{validPolicy}, - }, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: true}, + listAllSubjectsResponse: []string{validPolicy}, retrieveAllResponse: mgclients.ClientsPage{ Page: mgclients.Page{ Total: 1, @@ -2650,11 +2639,11 @@ func TestOAuthCallback(t *testing.T) { client mgclients.Client retrieveByIdentityResponse mgclients.Client retrieveByIdentityErr error - addPoliciesResponse *magistrala.AddPoliciesRes + addPoliciesResponse bool addPoliciesErr error saveResponse mgclients.Client saveErr error - deletePoliciesResponse *magistrala.DeletePolicyRes + deletePoliciesResponse bool deletePoliciesErr error authorizeResponse *magistrala.AuthorizeRes authorizeErr error @@ -2689,9 +2678,7 @@ func TestOAuthCallback(t *testing.T) { }, }, retrieveByIdentityErr: repoerr.ErrNotFound, - addPoliciesResponse: &magistrala.AddPoliciesRes{ - Added: true, - }, + addPoliciesResponse: true, saveResponse: mgclients.Client{ ID: testsutil.GenerateUUID(t), Role: mgclients.UserRole, @@ -2721,7 +2708,7 @@ func TestOAuthCallback(t *testing.T) { }, }, retrieveByIdentityErr: repoerr.ErrNotFound, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: false}, + addPoliciesResponse: false, addPoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, }, @@ -2738,7 +2725,7 @@ func TestOAuthCallback(t *testing.T) { }, authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, authorizeErr: svcerr.ErrAuthorization, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: true}, + addPoliciesResponse: true, issueResponse: &magistrala.Token{ AccessToken: strings.Repeat("a", 10), RefreshToken: &validToken, @@ -2759,7 +2746,7 @@ func TestOAuthCallback(t *testing.T) { }, authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, authorizeErr: svcerr.ErrAuthorization, - addPoliciesResponse: &magistrala.AddPoliciesRes{Added: false}, + addPoliciesResponse: false, addPoliciesErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, },