SMQ-2609 - Enable superadmin to perform actions over entities

[felixgateru]

What type of PR is this?

This is a refactor as it remove DomainUserID encoding.

What does this do?

This pr removes DomainUserID encodinh and makes all authorization on entities to be performed with userID.

Which issue(s) does this PR fix/relate to?

• Related Issue #
• Resolves Bug: SuperAdmin could not perform actions over entities #2609

Have you included tests for your changes?

Yes, I have updated tests.

Did you document any new/modified feature?

No,

Notes

None

[codecov]

Codecov Report

Attention: Patch coverage is 47.27273% with 58 lines in your changes missing coverage. Please review.

Project coverage is 27.58%. Comparing base (a01d257) to head (98a06c0).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
auth/service.go	36.95%	27 Missing and 2 partials ⚠️
domains/middleware/authorization.go	0.00%	16 Missing ⚠️
auth/jwt/tokenizer.go	42.10%	7 Missing and 4 partials ⚠️
auth/keys.go	83.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2688      +/-   ##
==========================================
+ Coverage   27.53%   27.58%   +0.04%     
==========================================
  Files         351      219     -132     
  Lines       55379    44701   -10678     
==========================================
- Hits        15251    12332    -2919     
+ Misses      39372    31775    -7597     
+ Partials      756      594     -162     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[dborovcanin]

@arvindh123 @felixgateru What's the status of this PR?

[arvindh123]

Why Invitations related authz middleware functions are removed ?

[arvindh123]

In this PR, we are changing the format from <domain_id>_<user_id> to just <user_id> in Spice DB for subjects.

One side effect/bug that occurs due to this PR is as follows:
I created domain_1 with ID 88724ac6-a569-43c2-a895-d8d3e93ad3df and domain_2 with ID 716a571e-fbe7-4cd2-afdc-fa0780a24531.

Then, I created a client, client_1_of_domain_2, with ID 1729828a-3c3d-4917-8678-b76abd28576a, in domain_2 (ID 716a571e-fbe7-4cd2-afdc-fa0780a24531).

However, when I try to view client_1_of_domain_2 with domain_1 in the URL (e.g., http://localhost/domain_1/clients/client_1_of_domain_2),
it shows the details of client_1_of_domain_2 from domain_2. Ideally, I should see a "not found" message instead. (edited)

[arvindh123]

In this PR, we are changing the format from <domain_id>_<user_id> to just <user_id> in Spice DB for subjects.

One side effect/bug that occurs due to this PR is as follows: I created domain_1 with ID 88724ac6-a569-43c2-a895-d8d3e93ad3df and domain_2 with ID 716a571e-fbe7-4cd2-afdc-fa0780a24531.

Then, I created a client, client_1_of_domain_2, with ID 1729828a-3c3d-4917-8678-b76abd28576a, in domain_2 (ID 716a571e-fbe7-4cd2-afdc-fa0780a24531).

However, when I try to view client_1_of_domain_2 with domain_1 in the URL (e.g., http://localhost/domain_1/clients/client_1_of_domain_2), it shows the details of client_1_of_domain_2 from domain_2. Ideally, I should see a "not found" message instead. (edited)

I think we should find another way to solve the issue.

[arvindh123]

Why this was changed to Subject

[felixgateru]

I changed this to Subject as it can be just the userID or the domainUserId. Should I revert this?

[arvindh123]

DomainUserID means id of user within the domain, which is different from actual user id for platform ,
In each domain, user should have unquie id .
So just we are adding prefix domain_id to user id to get the unqiue user id for user per domain , which is called domain user id

[dborovcanin]

@arvindh123 Please re-review.

[arvindh123]

LGTM