NOISSUE - Refactor listing for rules and reports (#433)

* add access control to rules engine

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update authorization method

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* revert code

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* initial implementation

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove domain from method

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix failing linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix userid parameter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update checksuperadmin method

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* revert changes

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address comments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

---------

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

Author: nyagamunene

re/handlers.go

@@ -43,7 +43,7 @@ func (re *re) Handle(msg *messaging.Message) error {
 		Scheduled:    &scheduledFalse,
 	}
 	ctx := context.Background()
-	page, err := re.repo.ListRules(ctx, pm)
+	page, err := re.repo.ListAllRules(ctx, pm)
 	if err != nil {
 		return err
 	}
@@ -130,7 +130,7 @@ func (re *re) StartScheduler(ctx context.Context) error {
 				ScheduledBefore: &due,
 			}
 
-			page, err := re.repo.ListRules(ctx, pm)
+			page, err := re.repo.ListAllRules(ctx, pm)
 			if err != nil {
 				re.runInfo <- pkglog.RunInfo{
 					Level:   slog.LevelError,

re/middleware/authorization.go

@@ -11,6 +11,7 @@ import (
 	"github.com/absmach/supermq/pkg/authn"
 	smqauthz "github.com/absmach/supermq/pkg/authz"
 	"github.com/absmach/supermq/pkg/errors"
+	svcerr "github.com/absmach/supermq/pkg/errors/service"
 	"github.com/absmach/supermq/pkg/messaging"
 	"github.com/absmach/supermq/pkg/permissions"
 	"github.com/absmach/supermq/pkg/policies"
@@ -90,8 +91,12 @@ func (am *authorizationMiddleware) UpdateRuleSchedule(ctx context.Context, sessi
 }
 
 func (am *authorizationMiddleware) ListRules(ctx context.Context, session authn.Session, pm re.PageMeta) (re.Page, error) {
-	if err := am.authorize(ctx, operations.OpListRules, session, policies.DomainType, session.DomainID); err != nil {
-		return re.Page{}, errors.Wrap(errDomainViewRules, err)
+	switch err := am.checkSuperAdmin(ctx, session); {
+	case err == nil:
+		session.SuperAdmin = true
+	case errors.Contains(err, svcerr.ErrSuperAdminAction):
+	default:
+		return re.Page{}, err
 	}
 
 	return am.svc.ListRules(ctx, session, pm)
@@ -168,3 +173,19 @@ func (am *authorizationMiddleware) authorize(ctx context.Context, op permissions
 
 	return nil
 }
+
+func (am *authorizationMiddleware) checkSuperAdmin(ctx context.Context, session authn.Session) error {
+	if session.Role != authn.SuperAdminRole {
+		return svcerr.ErrSuperAdminAction
+	}
+	if err := am.authz.Authorize(ctx, smqauthz.PolicyReq{
+		SubjectType: policies.UserType,
+		Subject:     session.UserID,
+		Permission:  policies.AdminPermission,
+		ObjectType:  policies.PlatformType,
+		Object:      policies.SuperMQObject,
+	}, nil); err != nil {
+		return err
+	}
+	return nil
+}

re/mocks/repository.go

@@ -357,33 +357,10 @@ func (repo *PostgresRepository) RemoveRule(ctx context.Context, id string) error
 	return nil
 }
 
-func (repo *PostgresRepository) ListRules(ctx context.Context, pm re.PageMeta) (re.Page, error) {
-	pgData := ""
-	if pm.Limit != 0 {
-		pgData = "LIMIT :limit"
-	}
-	if pm.Offset != 0 {
-		pgData += " OFFSET :offset"
-	}
+func (repo *PostgresRepository) ListAllRules(ctx context.Context, pm re.PageMeta) (re.Page, error) {
 	pq := pageRulesQuery(pm)
-
-	dir := api.DescDir
-	if pm.Dir == api.AscDir {
-		dir = api.AscDir
-	}
-
-	orderClause := ""
-
-	switch pm.Order {
-	case api.NameKey:
-		orderClause = fmt.Sprintf("ORDER BY name %s, id %s", dir, dir)
-	case api.CreatedAtOrder:
-		orderClause = fmt.Sprintf("ORDER BY created_at %s, id %s", dir, dir)
-	case api.UpdatedAtOrder:
-		orderClause = fmt.Sprintf("ORDER BY COALESCE(updated_at, created_at) %s, id %s", dir, dir)
-	default:
-		orderClause = fmt.Sprintf("ORDER BY COALESCE(updated_at, created_at) %s, id %s", dir, dir)
-	}
+	orderClause := rulesOrderClause(pm)
+	pgData := rulesPageData(pm)
 
 	q := fmt.Sprintf(`
 		SELECT id, name, domain_id, tags, input_channel, input_topic, logic_type, logic_value, outputs,
@@ -425,6 +402,62 @@ func (repo *PostgresRepository) ListRules(ctx context.Context, pm re.PageMeta) (
 	return ret, nil
 }
 
+func (repo *PostgresRepository) ListUserRules(ctx context.Context, userID string, pm re.PageMeta) (re.Page, error) {
+	pm.UserID = userID
+	pq := pageRulesQuery(pm)
+	orderClause := rulesOrderClause(pm)
+	pgData := rulesPageData(pm)
+
+	userJoin := `
+		INNER JOIN rules_roles rr ON rr.entity_id = r.id
+		INNER JOIN rules_role_members rrm ON rrm.role_id = rr.id AND rrm.member_id = :user_id
+	`
+
+	innerQ := fmt.Sprintf(`
+		SELECT DISTINCT r.id, r.name, r.domain_id, r.tags, r.input_channel, r.input_topic, r.logic_type, r.logic_value, r.outputs,
+			r.start_datetime, r.time, r.recurring, r.recurring_period, r.created_at, r.created_by, r.updated_at, r.updated_by, r.status
+		FROM rules r
+		%s
+		%s
+	`, userJoin, pq)
+
+	q := fmt.Sprintf(`
+		SELECT * FROM (%s) AS sub %s %s;
+	`, innerQ, orderClause, pgData)
+
+	rows, err := repo.DB.NamedQueryContext(ctx, q, pm)
+	if err != nil {
+		return re.Page{}, err
+	}
+	defer rows.Close()
+
+	var rules []re.Rule
+	for rows.Next() {
+		var r dbRule
+		if err := rows.StructScan(&r); err != nil {
+			return re.Page{}, errors.Wrap(repoerr.ErrViewEntity, err)
+		}
+		ret, err := dbToRule(r)
+		if err != nil {
+			return re.Page{}, err
+		}
+		rules = append(rules, ret)
+	}
+
+	cq := fmt.Sprintf(`SELECT COUNT(*) FROM (%s) AS count_sub;`, innerQ)
+	total, err := postgres.Total(ctx, repo.DB, cq, pm)
+	if err != nil {
+		return re.Page{}, errors.Wrap(repoerr.ErrViewEntity, err)
+	}
+
+	return re.Page{
+		Total:  total,
+		Offset: pm.Offset,
+		Limit:  pm.Limit,
+		Rules:  rules,
+	}, nil
+}
+
 func (repo *PostgresRepository) UpdateRuleDue(ctx context.Context, id string, due time.Time) (re.Rule, error) {
 	q := `
 		UPDATE rules
@@ -460,6 +493,33 @@ func (repo *PostgresRepository) UpdateRuleDue(ctx context.Context, id string, du
 	return rule, nil
 }
 
+func rulesOrderClause(pm re.PageMeta) string {
+	dir := api.DescDir
+	if pm.Dir == api.AscDir {
+		dir = api.AscDir
+	}
+
+	switch pm.Order {
+	case api.NameKey:
+		return fmt.Sprintf("ORDER BY name %s, id %s", dir, dir)
+	case api.CreatedAtOrder:
+		return fmt.Sprintf("ORDER BY created_at %s, id %s", dir, dir)
+	default:
+		return fmt.Sprintf("ORDER BY COALESCE(updated_at, created_at) %s, id %s", dir, dir)
+	}
+}
+
+func rulesPageData(pm re.PageMeta) string {
+	pgData := ""
+	if pm.Limit != 0 {
+		pgData = "LIMIT :limit"
+	}
+	if pm.Offset != 0 {
+		pgData += " OFFSET :offset"
+	}
+	return pgData
+}
+
 func pageRulesQuery(pm re.PageMeta) string {
 	var query []string
 	if pm.InputChannel != "" {