NOISSUE - Enable superadmin listing resources by domains (absmach#105)

Signed-off-by: Arvindh <arvindh91@gmail.com>

internal/groups/postgres/groups.go

@@ -198,7 +198,7 @@ func (repo groupRepository) RetrieveAll(ctx context.Context, gm mggroups.Page) (
 
 func (repo groupRepository) RetrieveByIDs(ctx context.Context, gm mggroups.Page, ids ...string) (mggroups.Page, error) {
 	var q string
-	if len(ids) <= 0 {
+	if (len(ids) <= 0) && (gm.PageMeta.OwnerID == "") {
 		return mggroups.Page{}, repoerror.ErrNotFound
 	}
 	query, err := buildQuery(gm, ids...)
@@ -215,6 +215,8 @@ func (repo groupRepository) RetrieveByIDs(ctx context.Context, gm mggroups.Page,
 	}
 	q = fmt.Sprintf("%s %s ORDER BY g.updated_at LIMIT :limit OFFSET :offset;", q, query)
 
+	fmt.Println(q)
+	fmt.Printf("%+v\n", gm)
 	dbPage, err := toDBGroupPage(gm)
 	if err != nil {
 		return mggroups.Page{}, errors.Wrap(postgres.ErrFailedToRetrieveAll, err)
@@ -324,7 +326,9 @@ func buildHierachy(gm mggroups.Page) string {
 func buildQuery(gm mggroups.Page, ids ...string) (string, error) {
 	queries := []string{}
 
-	queries = append(queries, fmt.Sprintf(" id in ('%s') ", strings.Join(ids, "', '")))
+	if len(ids) > 0 {
+		queries = append(queries, fmt.Sprintf(" id in ('%s') ", strings.Join(ids, "', '")))
+	}
 	if gm.Name != "" {
 		queries = append(queries, "g.name = :name")
 	}

internal/groups/service.go

@@ -192,7 +192,8 @@ func (svc service) ListGroups(ctx context.Context, token, memberKind, memberID s
 			return groups.Page{}, err
 		}
 	case auth.UsersKind:
-		if memberID != "" && res.GetUserId() != memberID {
+		switch {
+		case memberID != "" && res.GetUserId() != memberID:
 			if _, err := svc.authorizeKind(ctx, auth.UserType, auth.UsersKind, res.GetId(), auth.AdminPermission, auth.DomainType, res.GetDomainId()); err != nil {
 				return groups.Page{}, err
 			}
@@ -209,21 +210,25 @@ func (svc service) ListGroups(ctx context.Context, token, memberKind, memberID s
 			if err != nil {
 				return groups.Page{}, err
 			}
-		} else {
-			ids, err = svc.listAllGroupsOfUserID(ctx, res.GetId(), gm.Permission)
-			if err != nil {
-				return groups.Page{}, err
+		default:
+			err := svc.checkSuperAdmin(ctx, res.GetUserId())
+			switch {
+			case err == nil:
+				if res.GetDomainId() == "" {
+					return groups.Page{}, errors.ErrMalformedEntity
+				}
+				gm.PageMeta.OwnerID = res.GetDomainId()
+			default:
+				ids, err = svc.listAllGroupsOfUserID(ctx, res.GetId(), gm.Permission)
+				if err != nil {
+					return groups.Page{}, err
+				}
 			}
 		}
 	default:
 		return groups.Page{}, errMemberKind
 	}
 
-	if len(ids) == 0 {
-		return groups.Page{
-			PageMeta: gm.PageMeta,
-		}, nil
-	}
 	gp, err := svc.groups.RetrieveByIDs(ctx, gm, ids...)
 	if err != nil {
 		return groups.Page{}, err
@@ -270,6 +275,23 @@ func (svc service) listUserGroupPermission(ctx context.Context, userID, groupID
 	return lp.GetPermissions(), nil
 }
 
+func (svc service) checkSuperAdmin(ctx context.Context, userID string) error {
+	res, err := svc.auth.Authorize(ctx, &magistrala.AuthorizeReq{
+		SubjectType: auth.UserType,
+		Subject:     userID,
+		Permission:  auth.AdminPermission,
+		ObjectType:  auth.PlatformType,
+		Object:      auth.MagistralaObject,
+	})
+	if err != nil {
+		return err
+	}
+	if !res.Authorized {
+		return errors.ErrAuthorization
+	}
+	return nil
+}
+
 // IMPROVEMENT NOTE: remove this function and all its related auxiliary function, ListMembers are moved to respective service.
 func (svc service) ListMembers(ctx context.Context, token, groupID, permission, memberKind string) (groups.MembersPage, error) {
 	_, err := svc.authorize(ctx, auth.UserType, token, auth.ViewPermission, auth.GroupType, groupID)

pkg/clients/postgres/clients.go

@@ -249,7 +249,7 @@ func (repo ClientRepository) RetrieveAllBasicInfo(ctx context.Context, pm client
 }
 
 func (repo ClientRepository) RetrieveAllByIDs(ctx context.Context, pm clients.Page) (clients.ClientsPage, error) {
-	if len(pm.IDs) <= 0 {
+	if (len(pm.IDs) <= 0) && (pm.Owner == "") {
 		return clients.ClientsPage{
 			Page: clients.Page{Total: pm.Total, Offset: pm.Offset, Limit: pm.Limit},
 		}, nil

things/service.go

@@ -174,18 +174,21 @@ func (svc service) ListClients(ctx context.Context, token string, reqUserID stri
 			return mgclients.ClientsPage{}, errors.Wrap(repoerr.ErrNotFound, err)
 		}
 	default:
-		ids, err = svc.listClientIDs(ctx, res.GetId(), pm.Permission)
-		if err != nil {
-			return mgclients.ClientsPage{}, errors.Wrap(repoerr.ErrNotFound, err)
+		err := svc.checkSuperAdmin(ctx, res.GetUserId())
+		switch {
+		case err == nil:
+			if res.GetDomainId() == "" {
+				return mgclients.ClientsPage{}, svcerr.ErrMalformedEntity
+			}
+			pm.Owner = res.GetDomainId()
+		default:
+			ids, err = svc.listClientIDs(ctx, res.GetId(), pm.Permission)
+			if err != nil {
+				return mgclients.ClientsPage{}, errors.Wrap(repoerr.ErrNotFound, err)
+			}
 		}
 	}
 
-	if len(ids) == 0 {
-		return mgclients.ClientsPage{
-			Page: mgclients.Page{Total: 0, Limit: pm.Limit, Offset: pm.Offset},
-		}, nil
-	}
-
 	pm.IDs = ids
 
 	tp, err := svc.clients.RetrieveAllByIDs(ctx, pm)
@@ -268,6 +271,23 @@ func (svc service) filterAllowedThingIDs(ctx context.Context, userID, permission
 	return ids, nil
 }
 
+func (svc service) checkSuperAdmin(ctx context.Context, userID string) error {
+	res, err := svc.auth.Authorize(ctx, &magistrala.AuthorizeReq{
+		SubjectType: auth.UserType,
+		Subject:     userID,
+		Permission:  auth.AdminPermission,
+		ObjectType:  auth.PlatformType,
+		Object:      auth.MagistralaObject,
+	})
+	if err != nil {
+		return err
+	}
+	if !res.Authorized {
+		return svcerr.ErrAuthorization
+	}
+	return nil
+}
+
 func (svc service) UpdateClient(ctx context.Context, token string, cli mgclients.Client) (mgclients.Client, error) {
 	userID, err := svc.authorize(ctx, auth.UserType, auth.TokenKind, token, auth.EditPermission, auth.ThingType, cli.ID)
 	if err != nil {