diff --git a/auth/events/streams.go b/auth/events/streams.go index 4839ad6463..52da7bf715 100644 --- a/auth/events/streams.go +++ b/auth/events/streams.go @@ -227,6 +227,10 @@ func (es *eventStore) DeletePolicyFilter(ctx context.Context, pr auth.PolicyReq) return es.svc.DeletePolicyFilter(ctx, pr) } +func (es *eventStore) DeleteEntityPolicies(ctx context.Context, entityType, id string) error { + return es.svc.DeleteEntityPolicies(ctx, entityType, id) +} + func (es *eventStore) DeletePolicies(ctx context.Context, prs []auth.PolicyReq) error { return es.svc.DeletePolicies(ctx, prs) } diff --git a/pkg/sdk/go/setup_test.go b/pkg/sdk/go/setup_test.go index 7ddff4c237..a3859540f4 100644 --- a/pkg/sdk/go/setup_test.go +++ b/pkg/sdk/go/setup_test.go @@ -65,12 +65,6 @@ func generateUUID(t *testing.T) string { return ulid } -func convertClientsPage(cp sdk.UsersPage) mgclients.ClientsPage { - return mgclients.ClientsPage{ - Clients: convertClients(cp.Users), - } -} - func convertThingsPage(cp sdk.ThingsPage) mgclients.ClientsPage { return mgclients.ClientsPage{ Clients: convertThings(cp.Things...), diff --git a/pkg/sdk/go/users_test.go b/pkg/sdk/go/users_test.go index 3a855a0837..57ae018bc2 100644 --- a/pkg/sdk/go/users_test.go +++ b/pkg/sdk/go/users_test.go @@ -1051,59 +1051,6 @@ func TestEnableClient(t *testing.T) { repoCall2.Unset() repoCall3.Unset() } - - cases2 := []struct { - desc string - token string - status string - metadata sdk.Metadata - response sdk.UsersPage - size uint64 - }{ - { - desc: "list enabled clients", - status: mgclients.EnabledStatus.String(), - size: 2, - response: sdk.UsersPage{ - Users: []sdk.User{enabledClient1, endisabledClient1}, - }, - }, - { - desc: "list disabled clients", - status: mgclients.DisabledStatus.String(), - size: 1, - response: sdk.UsersPage{ - Users: []sdk.User{disabledClient1}, - }, - }, - { - desc: "list enabled and disabled clients", - status: mgclients.AllStatus.String(), - size: 3, - response: sdk.UsersPage{ - Users: []sdk.User{enabledClient1, disabledClient1, endisabledClient1}, - }, - }, - } - - for _, tc := range cases2 { - pm := sdk.PageMetadata{ - Total: 100, - Offset: 0, - Limit: 100, - Status: tc.status, - } - repoCall := auth.On("Identify", mock.Anything, &magistrala.IdentityReq{Token: validToken}).Return(&magistrala.IdentityRes{UserId: validID}, nil) - repoCall1 := auth.On("Authorize", mock.Anything, mock.Anything).Return(&magistrala.AuthorizeRes{Authorized: true}, nil) - repoCall2 := crepo.On("RetrieveAll", mock.Anything, mock.Anything).Return(convertClientsPage(tc.response), nil) - clientsPage, err := mgsdk.Users(pm, validToken) - assert.Nil(t, err, fmt.Sprintf("unexpected error: %s", err)) - size := uint64(len(clientsPage.Users)) - assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected size %d got %d\n", tc.desc, tc.size, size)) - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() - } } func TestDisableClient(t *testing.T) { @@ -1180,93 +1127,79 @@ func TestDisableClient(t *testing.T) { repoCall2.Unset() repoCall3.Unset() } +} + +func TestDeleteUser(t *testing.T) { + ts, crepo, _, auth := setupUsers() + defer ts.Close() + + conf := sdk.Config{ + UsersURL: ts.URL, + } + mgsdk := sdk.NewSDK(conf) - cases2 := []struct { + enabledClient1 := sdk.User{ID: testsutil.GenerateUUID(t), Credentials: sdk.Credentials{Identity: "client1@example.com", Secret: "password"}, Status: mgclients.EnabledStatus.String()} + deletedClient1 := sdk.User{ID: testsutil.GenerateUUID(t), Credentials: sdk.Credentials{Identity: "client3@example.com", Secret: "password"}, Status: mgclients.DeletedStatus.String()} + deletedenabledClient1 := enabledClient1 + deletedenabledClient1.Status = mgclients.DisabledStatus.String() + deletedenabledClient1.ID = testsutil.GenerateUUID(t) + + cases := []struct { desc string + id string token string - status string - metadata sdk.Metadata - response sdk.UsersPage - size uint64 + client sdk.User + response sdk.User + repoErr error + err errors.SDKError }{ { - desc: "list enabled clients", - status: mgclients.EnabledStatus.String(), - size: 2, - response: sdk.UsersPage{ - Users: []sdk.User{enabledClient1, disenabledClient1}, - }, + desc: "delete enabled client", + id: enabledClient1.ID, + token: validToken, + client: enabledClient1, + response: deletedenabledClient1, + err: nil, + repoErr: nil, }, { - desc: "list disabled clients", - status: mgclients.DisabledStatus.String(), - size: 1, - response: sdk.UsersPage{ - Users: []sdk.User{disabledClient1}, - }, + desc: "delete disabled client", + id: deletedClient1.ID, + token: validToken, + client: deletedClient1, + response: sdk.User{}, + repoErr: sdk.ErrFailedDisable, + err: errors.NewSDKErrorWithStatus(svcerr.ErrViewEntity, http.StatusBadRequest), }, { - desc: "list enabled and disabled clients", - status: mgclients.AllStatus.String(), - size: 3, - response: sdk.UsersPage{ - Users: []sdk.User{enabledClient1, disabledClient1, disenabledClient1}, - }, + desc: "delete non-existing client", + id: wrongID, + client: sdk.User{}, + token: validToken, + response: sdk.User{}, + repoErr: sdk.ErrFailedDisable, + err: errors.NewSDKErrorWithStatus(svcerr.ErrViewEntity, http.StatusBadRequest), }, } - for _, tc := range cases2 { - pm := sdk.PageMetadata{ - Total: 100, - Offset: 0, - Limit: 100, - Status: tc.status, - } + for _, tc := range cases { repoCall := auth.On("Identify", mock.Anything, &magistrala.IdentityReq{Token: validToken}).Return(&magistrala.IdentityRes{UserId: validID}, nil) repoCall1 := auth.On("Authorize", mock.Anything, mock.Anything).Return(&magistrala.AuthorizeRes{Authorized: true}, nil) - repoCall2 := crepo.On("RetrieveAll", mock.Anything, mock.Anything).Return(convertClientsPage(tc.response), nil) - page, err := mgsdk.Users(pm, validToken) - assert.Nil(t, err, fmt.Sprintf("unexpected error: %s", err)) - size := uint64(len(page.Users)) - assert.Equal(t, tc.size, size, fmt.Sprintf("%s: expected size %d got %d\n", tc.desc, tc.size, size)) + repoCall2 := crepo.On("RetrieveByID", mock.Anything, tc.id).Return(convertClient(tc.client), tc.repoErr) + repoCall3 := crepo.On("ChangeStatus", mock.Anything, mock.Anything).Return(convertClient(tc.response), tc.repoErr) + err := mgsdk.DeleteUser(tc.id, tc.token) + assert.Equal(t, tc.err, err, fmt.Sprintf("%s: expected error %s, got %s", tc.desc, tc.err, err)) + if tc.err == nil { + ok := repoCall.Parent.AssertCalled(t, "Identify", mock.Anything, mock.Anything) + assert.True(t, ok, fmt.Sprintf("Identify was not called on %s", tc.desc)) + ok = repoCall2.Parent.AssertCalled(t, "RetrieveByID", mock.Anything, tc.id) + assert.True(t, ok, fmt.Sprintf("RetrieveByID was not called on %s", tc.desc)) + ok = repoCall3.Parent.AssertCalled(t, "ChangeStatus", mock.Anything, mock.Anything) + assert.True(t, ok, fmt.Sprintf("ChangeStatus was not called on %s", tc.desc)) + } repoCall.Unset() repoCall1.Unset() repoCall2.Unset() + repoCall3.Unset() } } - -func TestDeleteUser(t *testing.T) { - ts, crepo, _, auth := setupUsers() - defer ts.Close() - - conf := sdk.Config{ - UsersURL: ts.URL, - } - mgsdk := sdk.NewSDK(conf) - - repoCall := auth.On("Identify", mock.Anything, &magistrala.IdentityReq{Token: validToken}).Return(&magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, nil) - repoCall1 := auth.On("Authorize", mock.Anything, mock.Anything).Return(&magistrala.AuthorizeRes{Authorized: false}, nil) - repoCall2 := crepo.On("CheckSuperAdmin", mock.Anything, mock.Anything).Return(nil) - repoCall3 := crepo.On("Delete", mock.Anything, mock.Anything).Return(nil) - err := mgsdk.DeleteUser("wrongID", validToken) - assert.Equal(t, err, errors.NewSDKErrorWithStatus(svcerr.ErrAuthorization, http.StatusForbidden), fmt.Sprintf("Delete user with wrong id: expected %v got %v", svcerr.ErrNotFound, err)) - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() - repoCall3.Unset() - - repoCall = auth.On("DeleteEntityPolicies", mock.Anything, mock.Anything, mock.Anything).Return(&magistrala.DeletePolicyRes{Deleted: true}, nil) - repoCall1 = auth.On("Identify", mock.Anything, &magistrala.IdentityReq{Token: validToken}).Return(&magistrala.IdentityRes{Id: validID, DomainId: testsutil.GenerateUUID(t)}, nil) - repoCall2 = auth.On("Authorize", mock.Anything, mock.Anything).Return(&magistrala.AuthorizeRes{Authorized: true}, nil) - repoCall3 = crepo.On("CheckSuperAdmin", mock.Anything, mock.Anything).Return(nil) - repoCall4 := crepo.On("Delete", mock.Anything, mock.Anything).Return(nil) - err = mgsdk.DeleteUser(validID, validToken) - assert.Nil(t, err, fmt.Sprintf("Delete user with correct id: expected %v got %v", nil, err)) - ok := repoCall4.Parent.AssertCalled(t, "Delete", mock.Anything, mock.Anything) - assert.True(t, ok, "Delete was not called on deleting user with correct id") - repoCall.Unset() - repoCall1.Unset() - repoCall2.Unset() - repoCall3.Unset() - repoCall4.Unset() -} diff --git a/users/service.go b/users/service.go index 918a7b90fb..9f1b1d1f5b 100644 --- a/users/service.go +++ b/users/service.go @@ -435,8 +435,10 @@ func (svc service) changeClientStatus(ctx context.Context, token string, client if err != nil { return mgclients.Client{}, err } - if err := svc.checkSuperAdmin(ctx, tokenUserID); err != nil { - return mgclients.Client{}, err + if tokenUserID != client.ID { + if err := svc.checkSuperAdmin(ctx, tokenUserID); err != nil { + return mgclients.Client{}, err + } } dbClient, err := svc.clients.RetrieveByID(ctx, client.ID) if err != nil { diff --git a/users/service_test.go b/users/service_test.go index 95ef36f7c4..183464510c 100644 --- a/users/service_test.go +++ b/users/service_test.go @@ -1374,17 +1374,14 @@ func TestEnableClient(t *testing.T) { err: svcerr.ErrAuthentication, }, { - desc: "enable disabled client with failed to authorize", - id: disabledClient1.ID, - token: validToken, - client: disabledClient1, - identifyResponse: &magistrala.IdentityRes{UserId: disabledClient1.ID}, - authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, - retrieveByIDResponse: mgclients.Client{}, - changeStatusResponse: mgclients.Client{}, - response: mgclients.Client{}, - identifyErr: svcerr.ErrAuthorization, - err: svcerr.ErrAuthorization, + desc: "enable disabled client with failed to authorize", + id: disabledClient1.ID, + token: validToken, + client: disabledClient1, + identifyResponse: &magistrala.IdentityRes{UserId: disabledClient1.ID}, + authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, + identifyErr: svcerr.ErrAuthorization, + err: svcerr.ErrAuthorization, }, { desc: "enable disabled client with normal user token", @@ -1515,7 +1512,7 @@ func TestDisableClient(t *testing.T) { id: enabledClient1.ID, token: validToken, client: enabledClient1, - identifyResponse: &magistrala.IdentityRes{UserId: enabledClient1.ID}, + identifyResponse: &magistrala.IdentityRes{UserId: validID}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, checkSuperAdminErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization, @@ -1638,7 +1635,7 @@ func TestDeleteClient(t *testing.T) { id: enabledClient1.ID, token: validToken, client: enabledClient1, - identifyResponse: &magistrala.IdentityRes{UserId: enabledClient1.ID}, + identifyResponse: &magistrala.IdentityRes{UserId: validID}, authorizeResponse: &magistrala.AuthorizeRes{Authorized: false}, checkSuperAdminErr: svcerr.ErrAuthorization, err: svcerr.ErrAuthorization,