Address comments

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Address comments

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Address comments

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Address comments

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Address comments

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor error

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Fix CI

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Update domains/service.go

Co-authored-by: Arvindh <30824765+arvindh123@users.noreply.github.com>

Fix CI

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Update error

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Update error

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

UFix CI

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Fix CI

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Refactor

Signed-off-by: JeffMboya <jangina.mboya@gmail.com>

Author: JeffMboya

api/http/common.go

@@ -233,7 +233,8 @@ func EncodeError(_ context.Context, err error, w http.ResponseWriter) {
 		errors.Contains(err, apiutil.ErrMissingRoleMembers),
 		errors.Contains(err, apiutil.ErrMissingDescription),
 		errors.Contains(err, apiutil.ErrMissingEntityID),
-		errors.Contains(err, apiutil.ErrInvalidRouteFormat):
+		errors.Contains(err, apiutil.ErrInvalidRouteFormat),
+		errors.Contains(err, svcerr.ErrRetainOneMember):
 		err = unwrap(err)
 		w.WriteHeader(http.StatusBadRequest)
 

domains/service.go

@@ -5,7 +5,6 @@ package domains
 
 import (
 	"context"
-	"fmt"
 	"time"
 
 	"github.com/absmach/supermq"
@@ -317,7 +316,7 @@ func (svc *service) RejectInvitation(ctx context.Context, session authn.Session,
 func (svc *service) DeleteInvitation(ctx context.Context, session authn.Session, inviteeUserID, domainID string) error {
 	if session.UserID == inviteeUserID {
 		if err := svc.repo.DeleteInvitation(ctx, inviteeUserID, domainID); err != nil {
-			return errors.Wrap(svcerr.ErrRemoveEntity, err)
+			return err
 		}
 		return nil
 	}
@@ -353,34 +352,24 @@ func (svc *service) RemoveEntityMembers(ctx context.Context, session authn.Sessi
 }
 
 func (svc *service) RoleRemoveMembers(ctx context.Context, session authn.Session, entityID, roleID string, members []string) error {
-	if len(members) == 0 {
-		return svcerr.ErrMalformedEntity
-	}
-
 	ro, err := svc.repo.RetrieveEntityRole(ctx, entityID, roleID)
 	if err != nil {
-		return errors.Wrap(svcerr.ErrViewEntity, fmt.Errorf("failed to retrieve role '%s' for entity '%s': %w", roleID, entityID, err))
-	}
-
-	isBuiltInRole := false
-	if _, ok := svc.ProvisionManageService.BuiltInRoles[roles.BuiltInRoleName(ro.Name)]; ok {
-		isBuiltInRole = true
+		return errors.Wrap(svcerr.ErrViewEntity, err)
 	}
 
-	if isBuiltInRole {
-		membersPage, listErr := svc.repo.RoleListMembers(ctx, ro.ID, 0, 0)
-		if listErr != nil {
-			return errors.Wrap(svcerr.ErrViewEntity, fmt.Errorf("failed to list members for built-in role '%s' to check count: %w", ro.Name, listErr))
+	if _, err := svc.ProvisionManageService.BuiltInRoleActions(roles.BuiltInRoleName(ro.Name)); err == nil {
+		membersPage, err := svc.repo.RoleListMembers(ctx, ro.ID, 0, 0)
+		if err != nil {
+			return errors.Wrap(svcerr.ErrViewEntity, err)
 		}
-
 		if membersPage.Total <= uint64(len(members)) {
-			return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("built-in role '%s' must retain at least one member. Attempting to remove %d member(s) from %d would leave too few.", ro.Name, len(members), membersPage.Total))
+			return svcerr.ErrRetainOneMember
 		}
 	}
 
 	for _, memberID := range members {
 		if err := svc.repo.DeleteInvitation(ctx, memberID, entityID); err != nil && err != repoerr.ErrNotFound {
-			return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("failed to delete invitation for member '%s' in domain '%s' from role '%s': %w", memberID, entityID, ro.Name, err))
+			return svcerr.ErrRetainOneMember
 		}
 	}
 
@@ -390,37 +379,12 @@ func (svc *service) RoleRemoveMembers(ctx context.Context, session authn.Session
 func (svc *service) RoleRemoveAllMembers(ctx context.Context, session authn.Session, entityID, roleID string) error {
 	ro, err := svc.repo.RetrieveEntityRole(ctx, entityID, roleID)
 	if err != nil {
-		return errors.Wrap(svcerr.ErrViewEntity, fmt.Errorf("failed to retrieve role '%s' for entity '%s': %w", roleID, entityID, err))
+		return errors.Wrap(svcerr.ErrViewEntity, err)
 	}
 
-	isBuiltInRole := false
-	if _, ok := svc.ProvisionManageService.BuiltInRoles[roles.BuiltInRoleName(ro.Name)]; ok {
-		isBuiltInRole = true
+	if _, err := svc.ProvisionManageService.BuiltInRoleActions(roles.BuiltInRoleName(ro.Name)); err == nil {
+		return svcerr.ErrRetainOneMember
 	}
 
-	if isBuiltInRole {
-		membersPage, listErr := svc.repo.RoleListMembers(ctx, ro.ID, 0, 0)
-		if listErr != nil {
-			return errors.Wrap(svcerr.ErrViewEntity, fmt.Errorf("failed to list members for built-in role '%s' to check count: %w", ro.Name, listErr))
-		}
-
-		if membersPage.Total > 0 {
-			return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("built-in role '%s' must retain at least one member and cannot have all members removed", ro.Name))
-		}
-	}
-
-	currentMembersPage, listErr := svc.repo.RoleListMembers(ctx, ro.ID, 0, 0)
-	if listErr != nil {
-		return errors.Wrap(svcerr.ErrViewEntity, fmt.Errorf("failed to list members of role '%s' for invitation cleanup: %w", ro.Name, listErr))
-	}
-
-	if len(currentMembersPage.Members) > 0 {
-		for _, member := range currentMembersPage.Members {
-			memberID := string(member)
-			if err := svc.repo.DeleteInvitation(ctx, memberID, entityID); err != nil && err != repoerr.ErrNotFound {
-				return errors.Wrap(svcerr.ErrRemoveEntity, fmt.Errorf("failed to delete invitation for member '%s' in domain '%s' from role '%s': %w", memberID, entityID, ro.Name, err))
-			}
-		}
-	}
 	return svc.ProvisionManageService.RoleRemoveAllMembers(ctx, session, entityID, roleID)
 }

pkg/errors/service/types.go

@@ -87,4 +87,7 @@ var (
 
 	// ErrUnauthorizedPAT indicates failure occurred while authorizing PAT.
 	ErrUnauthorizedPAT = errors.New("failed to authorize PAT")
+
+	// ErrRetainOneMember indicates that at least one owner must be retained in the entity.
+	ErrRetainOneMember = errors.New("must retain at least one member")
 )

pkg/roles/provisionmanage.go

@@ -34,7 +34,7 @@ type ProvisionManageService struct {
 	sidProvider  supermq.IDProvider
 	policy       policies.Service
 	actions      []Action
-	BuiltInRoles map[BuiltInRoleName][]Action
+	builtInRoles map[BuiltInRoleName][]Action
 }
 
 func NewProvisionManageService(entityType string, repo Repository, policy policies.Service, sidProvider supermq.IDProvider, actions []Action, builtInRoles map[BuiltInRoleName][]Action) (ProvisionManageService, error) {
@@ -44,11 +44,19 @@ func NewProvisionManageService(entityType string, repo Repository, policy polici
 		sidProvider:  sidProvider,
 		policy:       policy,
 		actions:      actions,
-		BuiltInRoles: builtInRoles,
+		builtInRoles: builtInRoles,
 	}
 	return rm, nil
 }
 
+func (pms ProvisionManageService) BuiltInRoleActions(name BuiltInRoleName) ([]Action, error) {
+	actions, ok := pms.builtInRoles[name]
+	if !ok {
+		return nil, errors.Wrap(svcerr.ErrNotFound, fmt.Errorf("role %s not found", name))
+	}
+	return actions, nil
+}
+
 func toRolesActions(actions []string) []Action {
 	roActions := []Action{}
 	for _, action := range actions {
@@ -143,7 +151,7 @@ func (r ProvisionManageService) AddNewEntitiesRoles(ctx context.Context, domainI
 
 	for _, entityID := range entityIDs {
 		for defaultRole, defaultRoleMembers := range newBuiltInRoleMembers {
-			actions, ok := r.BuiltInRoles[defaultRole]
+			actions, ok := r.builtInRoles[defaultRole]
 			if !ok {
 				return []RoleProvision{}, fmt.Errorf("default role %s not found in in-built roles", defaultRole)
 			}