NOISSUE - Check For Subject During Policy Addition

[rodneyosodo]

Signed-off-by: rodneyosodo blackd0t@protonmail.com

What does this do?

On things services check if the subject is a thing or a user.

1. If the subject is a thing, check the following:

• The user adding the policy is the owner of the thing
• The user adding the policy has c_share action on the thing

2. If the subject is a user, check the following:

• The user adding the policy is the owner of the user
• The user adding the policy has c_share action on the user

Which issue(s) does this PR fix/relate to?

No issue

List any changes that modify/break current functionality

• Ensures that the object column in the policies table references the id column of the groups table.
• Check for subject in addition to checking for object

Have you included tests for your changes?

Yes

Did you document any new/modified functionality?

No

Notes

To be merged after https://github.com/mainflux/mainflux/pull/1825

[codecov]

Codecov Report

Merging #1826 (ceeaa85) into master (8c17841) will decrease coverage by 0.04%.
The diff coverage is 56.25%.

@@            Coverage Diff             @@
##           master    #1826      +/-   ##
==========================================
- Coverage   67.44%   67.40%   -0.04%     
==========================================
  Files         118      118              
  Lines        9470     9483      +13     
==========================================
+ Hits         6387     6392       +5     
- Misses       2404     2408       +4     
- Partials      679      683       +4     

Files Changed	Coverage Δ
things/groups/service.go	74.57% <ø> (ø)
things/policies/policies.go	77.27% <ø> (ø)
users/groups/service.go	67.96% <ø> (ø)
things/clients/service.go	73.82% <50.00%> (ø)
users/clients/service.go	59.84% <50.00%> (ø)
things/policies/service.go	53.43% <55.55%> (-1.65%)	⬇️
users/policies/policies.go	88.63% <100.00%> (ø)
users/policies/service.go	65.06% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[dborovcanin]

Please resolve conflicts and remove duplicate APIs (ShareClient = AddPolicy). Don't forget to update API docs accordingly.

[rodneyosodo]

Please resolve conflicts and remove duplicate APIs (ShareClient = AddPolicy). Don't forget to update API docs accordingly.

That is done at https://github.com/mainflux/mainflux/pull/1825

[dborovcanin]

Let's make the client param bool flag external. At the moment, external indicates anything that's not a Thing, and later we'll add verification if it's a user.

[dborovcanin]

Don't forget to document this param, it's very important.

[dborovcanin]

Extract the error to a new exported var.

[dborovcanin]

Elaborate: Allowed to add members of the group to the other groups.

[arvindh123]

LGTM

[SammyOina]

Tested, LGTM

[dborovcanin]

Separate logically.

[dborovcanin]

Is there a reason to export this (except for tests)? If not, please don't export.

[dborovcanin]

Comment exported vars. Also, rename to AdminRelationKeys.

[dborovcanin]

Suggested change

	switch external {
	case false:
	ar := AccessRequest{Subject: userID, Object: p.Subject, Action: sharePolicyAction}
	if _, err := svc.policies.EvaluateThingAccess(ctx, ar); err != nil {
	return err
	}
	case true:
	if err := svc.usersAuthorize(ctx, userID, p.Subject, sharePolicyAction, ClientEntityType); err != nil {
	return err
	}
	}
	return nil
	switch {
	case external:
	ar := AccessRequest{Subject: userID, Object: p.Subject, Action: sharePolicyAction}
	if _, err := svc.policies.EvaluateThingAccess(ctx, ar); err != nil {
	return err
	}
	default:
	if err := svc.usersAuthorize(ctx, userID, p.Subject, sharePolicyAction, ClientEntityType); err != nil {
	return err
	}
	}
	return nil

This looks a little bit more elegant. Or use simple if instead.

[dborovcanin]

Same as previous Things remarks.

[drasko]

LGTM