SMQ-2609 - Enable superadmin to perform actions over entities (#2688)

Signed-off-by: Felix Gateru <felix.gateru@gmail.com>

api/grpc/auth/v1/auth.pb.go

@@ -70,9 +70,9 @@ func (x *AuthNReq) GetToken() string {
 
 type AuthNRes struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
-	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`                             // id
-	UserId        string                 `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`       // user id
-	DomainId      string                 `protobuf:"bytes,3,opt,name=domain_id,json=domainId,proto3" json:"domain_id,omitempty"` // domain id
+	Id            string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`                              // token id
+	UserId        string                 `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`        // user id
+	UserRole      uint32                 `protobuf:"varint,3,opt,name=user_role,json=userRole,proto3" json:"user_role,omitempty"` // user role
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
 }
@@ -121,11 +121,11 @@ func (x *AuthNRes) GetUserId() string {
 	return ""
 }
 
-func (x *AuthNRes) GetDomainId() string {
+func (x *AuthNRes) GetUserRole() uint32 {
 	if x != nil {
-		return x.DomainId
+		return x.UserRole
 	}
-	return ""
+	return 0
 }
 
 type AuthZReq struct {
@@ -382,7 +382,7 @@ const file_auth_v1_auth_proto_rawDesc = "" +
 	"\bAuthNRes\x12\x0e\n" +
 	"\x02id\x18\x01 \x01(\tR\x02id\x12\x17\n" +
 	"\auser_id\x18\x02 \x01(\tR\x06userId\x12\x1b\n" +
-	"\tdomain_id\x18\x03 \x01(\tR\bdomainId\"\xa2\x02\n" +
+	"\tuser_role\x18\x03 \x01(\rR\buserRole\"\xa2\x02\n" +
 	"\bAuthZReq\x12\x16\n" +
 	"\x06domain\x18\x01 \x01(\tR\x06domain\x12!\n" +
 	"\fsubject_type\x18\x02 \x01(\tR\vsubjectType\x12!\n" +

api/grpc/token/v1/token.pb.go

@@ -27,6 +27,7 @@ const (
 type IssueReq struct {
 	state         protoimpl.MessageState `protogen:"open.v1"`
 	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	UserRole      uint32                 `protobuf:"varint,2,opt,name=user_role,json=userRole,proto3" json:"user_role,omitempty"`
 	Type          uint32                 `protobuf:"varint,3,opt,name=type,proto3" json:"type,omitempty"`
 	unknownFields protoimpl.UnknownFields
 	sizeCache     protoimpl.SizeCache
@@ -69,6 +70,13 @@ func (x *IssueReq) GetUserId() string {
 	return ""
 }
 
+func (x *IssueReq) GetUserRole() uint32 {
+	if x != nil {
+		return x.UserRole
+	}
+	return 0
+}
+
 func (x *IssueReq) GetType() uint32 {
 	if x != nil {
 		return x.Type
@@ -187,9 +195,10 @@ var File_token_v1_token_proto protoreflect.FileDescriptor
 
 const file_token_v1_token_proto_rawDesc = "" +
 	"\n" +
-	"\x14token/v1/token.proto\x12\btoken.v1\"7\n" +
+	"\x14token/v1/token.proto\x12\btoken.v1\"T\n" +
 	"\bIssueReq\x12\x17\n" +
-	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x12\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x1b\n" +
+	"\tuser_role\x18\x02 \x01(\rR\buserRole\x12\x12\n" +
 	"\x04type\x18\x03 \x01(\rR\x04type\"1\n" +
 	"\n" +
 	"RefreshReq\x12#\n" +

api/http/authn.go

@@ -38,7 +38,12 @@ func AuthenticateMiddleware(authn smqauthn.Authentication, domainCheck bool) fun
 					return
 				}
 				resp.DomainID = domain
-				resp.DomainUserID = auth.EncodeDomainUserID(domain, resp.UserID)
+				switch resp.Role {
+				case smqauthn.AdminRole:
+					resp.DomainUserID = resp.UserID
+				case smqauthn.UserRole:
+					resp.DomainUserID = auth.EncodeDomainUserID(domain, resp.UserID)
+				}
 			}
 
 			ctx := context.WithValue(r.Context(), SessionKey, resp)