Update pkg structure for authorization (#344)

* updated pkg structure

* group constants

* rename repository

* fix tests

* add doc + comments

* remove doc files

* fix doc

account/identity.go

@@ -8,7 +8,7 @@ import (
 	"time"
 
 	"github.com/fabric8-services/fabric8-auth/application/repository"
-	"github.com/fabric8-services/fabric8-auth/authorization/resource"
+	resource "github.com/fabric8-services/fabric8-auth/authorization/resource/repository"
 	"github.com/fabric8-services/fabric8-auth/errors"
 	"github.com/fabric8-services/fabric8-auth/gormsupport"
 	"github.com/fabric8-services/fabric8-auth/log"

application/application.go

@@ -3,8 +3,11 @@ package application
 import (
 	"github.com/fabric8-services/fabric8-auth/account"
 	"github.com/fabric8-services/fabric8-auth/auth"
-	"github.com/fabric8-services/fabric8-auth/authorization/resource"
-	"github.com/fabric8-services/fabric8-auth/authorization/role"
+	resource "github.com/fabric8-services/fabric8-auth/authorization/resource/repository"
+	resourcetype "github.com/fabric8-services/fabric8-auth/authorization/resourcetype/repository"
+	scope "github.com/fabric8-services/fabric8-auth/authorization/resourcetype/scope/repository"
+	identityrole "github.com/fabric8-services/fabric8-auth/authorization/role/identityrole/repository"
+	role "github.com/fabric8-services/fabric8-auth/authorization/role/repository"
 	"github.com/fabric8-services/fabric8-auth/space"
 	"github.com/fabric8-services/fabric8-auth/token/provider"
 )
@@ -18,9 +21,9 @@ type Application interface {
 	ExternalTokens() provider.ExternalTokenRepository
 	VerificationCodes() account.VerificationCodeRepository
 	ResourceRepository() resource.ResourceRepository
-	ResourceTypeRepository() resource.ResourceTypeRepository
-	ResourceTypeScopeRepository() resource.ResourceTypeScopeRepository
-	IdentityRoleRepository() role.IdentityRoleRepository
+	ResourceTypeRepository() resourcetype.ResourceTypeRepository
+	ResourceTypeScopeRepository() scope.ResourceTypeScopeRepository
+	IdentityRoleRepository() identityrole.IdentityRoleRepository
 	RoleRepository() role.RoleRepository
 }
 

authorization/authorization.go

@@ -0,0 +1,15 @@
+package authorization
+
+const (
+	// IdentityResourceTypeOrganization defines the string constant to be used for denoting an organization managed by the authorization framework
+	IdentityResourceTypeOrganization = "identity/organization"
+
+	// IdentityResourceTypeTeam defines the string constant to be used for denoting a team managed by the authorization framework
+	IdentityResourceTypeTeam = "identity/team"
+
+	// IdentityResourceTypeGroup defines the string constant to be used for denoting a group managed by the authorization framework
+	IdentityResourceTypeGroup = "identity/group"
+
+	// IdentityResourceTypeUser defines the string constant to be used for denoting a user managed by the authorization framework
+	IdentityResourceTypeUser = "identity/user"
+)

authorization/doc.go

@@ -0,0 +1,2 @@
+// Package authorization provides the APIs for all available authorization concepts.
+package authorization

authorization/group/doc.go

@@ -0,0 +1,2 @@
+// Package group provides APIs for managing groups.
+package group

authorization/organization/doc.go

@@ -0,0 +1,2 @@
+// Package organization provides the service, model and repository APIs for managing organizations.
+package organization

authorization/organization/model/doc.go

@@ -0,0 +1,2 @@
+// Package model provides the code which encapsulates complex database interactions for managing organizations
+package model

authorization/models/organization_model_service.go → authorization/organization/model/organization_model_service.go

@@ -1,13 +1,16 @@
-package models
+package model
 
 import (
 	"context"
 	"fmt"
 	"github.com/fabric8-services/fabric8-auth/account"
-	"github.com/fabric8-services/fabric8-auth/authorization/common"
-	"github.com/fabric8-services/fabric8-auth/authorization/repositories"
-	"github.com/fabric8-services/fabric8-auth/authorization/resource"
-	"github.com/fabric8-services/fabric8-auth/authorization/role"
+	"github.com/fabric8-services/fabric8-auth/authorization"
+	organization "github.com/fabric8-services/fabric8-auth/authorization/organization"
+
+	"github.com/fabric8-services/fabric8-auth/authorization/repository"
+
+	resource "github.com/fabric8-services/fabric8-auth/authorization/resource/repository"
+	identityrole "github.com/fabric8-services/fabric8-auth/authorization/role/identityrole/repository"
 	"github.com/fabric8-services/fabric8-auth/errors"
 	"github.com/fabric8-services/fabric8-auth/log"
 	"github.com/jinzhu/gorm"
@@ -16,18 +19,18 @@ import (
 
 type OrganizationModelService interface {
 	CreateOrganization(ctx context.Context, identityID uuid.UUID, organizationName string) (*uuid.UUID, error)
-	ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]common.IdentityOrganization, error)
+	ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]organization.IdentityOrganization, error)
 }
 
 // GormOrganizationModelService is the implementation of the interface for
 // OrganizationService. IMPORTANT NOTE: Transaction control is not provided by this service
 type GormOrganizationModelService struct {
 	db   *gorm.DB
-	repo repositories.Repositories
+	repo repository.Repositories
 }
 
 // NewOrganizationModelService creates a new service.
-func NewOrganizationModelService(db *gorm.DB, repo repositories.Repositories) OrganizationModelService {
+func NewOrganizationModelService(db *gorm.DB, repo repository.Repositories) OrganizationModelService {
 	return &GormOrganizationModelService{
 		db:   db,
 		repo: repo,
@@ -46,7 +49,7 @@ func (s *GormOrganizationModelService) CreateOrganization(ctx context.Context, i
 	}
 
 	// Lookup the organization resource type
-	resourceType, err := s.repo.ResourceTypeRepository().Lookup(ctx, common.IdentityResourceTypeOrganization)
+	resourceType, err := s.repo.ResourceTypeRepository().Lookup(ctx, authorization.IdentityResourceTypeOrganization)
 	if err != nil {
 		return nil, err
 	}
@@ -76,14 +79,14 @@ func (s *GormOrganizationModelService) CreateOrganization(ctx context.Context, i
 	organizationId = orgIdentity.ID
 
 	// Lookup the identity/organization owner role
-	ownerRole, err := s.repo.RoleRepository().Lookup(ctx, common.OrganizationOwnerRole, common.IdentityResourceTypeOrganization)
+	ownerRole, err := s.repo.RoleRepository().Lookup(ctx, organization.OrganizationOwnerRole, authorization.IdentityResourceTypeOrganization)
 
 	if err != nil {
 		return nil, errors.NewInternalErrorFromString(ctx, "Error looking up owner role for 'identity/organization' resource type")
 	}
 
 	// Assign the owner role for the new organization to the current user
-	identityRole := &role.IdentityRole{
+	identityRole := &identityrole.IdentityRole{
 		IdentityID: userIdentity.ID,
 		ResourceID: res.ResourceID,
 		RoleID:     ownerRole.RoleID,
@@ -102,11 +105,11 @@ func (s *GormOrganizationModelService) CreateOrganization(ctx context.Context, i
 }
 
 // Returns an array of all organizations in which the specified user is a member or is assigned a role
-func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]common.IdentityOrganization, error) {
+func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]organization.IdentityOrganization, error) {
 
 	db := s.db.Model(&account.Identity{})
 
-	findOrganization := func(orgs []common.IdentityOrganization, id uuid.UUID) int {
+	findOrganization := func(orgs []organization.IdentityOrganization, id uuid.UUID) int {
 		for i, org := range orgs {
 			if org.OrganizationID == id {
 				return i
@@ -115,7 +118,7 @@ func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, id
 		return -1
 	}
 
-	results := []common.IdentityOrganization{}
+	results := []organization.IdentityOrganization{}
 
 	// query for organizations in which the user is a member
 	rows, err := db.Unscoped().Raw(`SELECT 
@@ -148,7 +151,7 @@ func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, id
         ) 
         select member_of from m
       ))`,
-		common.IdentityResourceTypeOrganization, identityID, identityID).Rows()
+		authorization.IdentityResourceTypeOrganization, identityID, identityID).Rows()
 
 	if err != nil {
 		return nil, err
@@ -166,7 +169,7 @@ func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, id
 
 		idx := findOrganization(results, organizationId)
 		if idx == -1 {
-			results = append(results, common.IdentityOrganization{
+			results = append(results, organization.IdentityOrganization{
 				OrganizationID: organizationId,
 				Name:           name,
 				Member:         true,
@@ -215,7 +218,7 @@ func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, id
         )
 		    select member_id from m
       ))`,
-		common.IdentityResourceTypeOrganization, identityID, identityID).Rows()
+		authorization.IdentityResourceTypeOrganization, identityID, identityID).Rows()
 
 	if err != nil {
 		return nil, err
@@ -234,7 +237,7 @@ func (s *GormOrganizationModelService) ListOrganizations(ctx context.Context, id
 
 		idx := findOrganization(results, organizationId)
 		if idx == -1 {
-			results = append(results, common.IdentityOrganization{
+			results = append(results, organization.IdentityOrganization{
 				OrganizationID: organizationId,
 				Name:           name,
 				Member:         false,

authorization/models/organization_model_service_blackbox_test.go → authorization/organization/model/organization_model_service_blackbox_test.go

@@ -1,13 +1,14 @@
-package models_test
+package model_test
 
 import (
 	"testing"
 
 	"github.com/fabric8-services/fabric8-auth/account"
-	"github.com/fabric8-services/fabric8-auth/authorization/common"
-	"github.com/fabric8-services/fabric8-auth/authorization/models"
-	"github.com/fabric8-services/fabric8-auth/authorization/resource"
-	"github.com/fabric8-services/fabric8-auth/authorization/role"
+	"github.com/fabric8-services/fabric8-auth/authorization"
+	"github.com/fabric8-services/fabric8-auth/authorization/organization"
+	organizationModelService "github.com/fabric8-services/fabric8-auth/authorization/organization/model"
+	resource "github.com/fabric8-services/fabric8-auth/authorization/resource/repository"
+	identityrole "github.com/fabric8-services/fabric8-auth/authorization/role/identityrole/repository"
 	"github.com/fabric8-services/fabric8-auth/gormtestsupport"
 	"github.com/fabric8-services/fabric8-auth/test"
 
@@ -18,13 +19,10 @@ import (
 
 type organizationModelServiceBlackBoxTest struct {
 	gormtestsupport.DBTestSuite
-	repo             resource.ResourceRepository
 	identityRepo     account.IdentityRepository
-	identityRoleRepo role.IdentityRoleRepository
+	identityRoleRepo identityrole.IdentityRoleRepository
 	resourceRepo     resource.ResourceRepository
-	resourceTypeRepo resource.ResourceTypeRepository
-	roleRepo         role.RoleRepository
-	orgModelService  models.OrganizationModelService
+	orgModelService  organizationModelService.OrganizationModelService
 }
 
 func TestRunOrganizationModelServiceBlackBoxTest(t *testing.T) {
@@ -33,14 +31,11 @@ func TestRunOrganizationModelServiceBlackBoxTest(t *testing.T) {
 
 func (s *organizationModelServiceBlackBoxTest) SetupTest() {
 	s.DBTestSuite.SetupTest()
-	s.repo = resource.NewResourceRepository(s.DB)
 	s.identityRepo = account.NewIdentityRepository(s.DB)
-	s.identityRoleRepo = role.NewIdentityRoleRepository(s.DB)
+	s.identityRoleRepo = identityrole.NewIdentityRoleRepository(s.DB)
 	s.resourceRepo = resource.NewResourceRepository(s.DB)
-	s.resourceTypeRepo = resource.NewResourceTypeRepository(s.DB)
-	s.roleRepo = role.NewRoleRepository(s.DB)
 
-	s.orgModelService = models.NewOrganizationModelService(s.DB, s.Application)
+	s.orgModelService = organizationModelService.NewOrganizationModelService(s.DB, s.Application)
 }
 
 func (s *organizationModelServiceBlackBoxTest) TestCreateOrganization() {
@@ -62,7 +57,7 @@ func (s *organizationModelServiceBlackBoxTest) TestCreateOrganization() {
 	orgResource, err := s.resourceRepo.Load(s.Ctx, *orgIdentity.IdentityResourceID)
 	require.Nil(s.T(), err, "Could not load the organization's resource")
 
-	require.Equal(s.T(), common.IdentityResourceTypeOrganization, orgResource.ResourceType.Name, "Organization resource type is invalid")
+	require.Equal(s.T(), authorization.IdentityResourceTypeOrganization, orgResource.ResourceType.Name, "Organization resource type is invalid")
 
 	require.Equal(s.T(), orgResource.Name, "Test Organization ZXYAAA")
 
@@ -73,7 +68,7 @@ func (s *organizationModelServiceBlackBoxTest) TestCreateOrganization() {
 		var roleName string
 		rows.Scan(&roleName)
 
-		require.Equal(s.T(), common.OrganizationOwnerRole, roleName, "Only 'owner' role should be assigned during organization creation")
+		require.Equal(s.T(), organization.OrganizationOwnerRole, roleName, "Only 'owner' role should be assigned during organization creation")
 		roleCount++
 	}
 
@@ -108,7 +103,7 @@ func (s *organizationModelServiceBlackBoxTest) TestListOrganization() {
 	s.equalOrganization(*orgId2, "One More Test Organization MMMYYY", s.findOrganizationWithID(*orgId2, orgs))
 }
 
-func (s *organizationModelServiceBlackBoxTest) findOrganizationWithID(orgId uuid.UUID, orgs []common.IdentityOrganization) *common.IdentityOrganization {
+func (s *organizationModelServiceBlackBoxTest) findOrganizationWithID(orgId uuid.UUID, orgs []organization.IdentityOrganization) *organization.IdentityOrganization {
 	for _, org := range orgs {
 		if org.OrganizationID == orgId {
 			return &org
@@ -117,11 +112,11 @@ func (s *organizationModelServiceBlackBoxTest) findOrganizationWithID(orgId uuid
 	return nil
 }
 
-func (s *organizationModelServiceBlackBoxTest) equalOrganization(expectedOrgID uuid.UUID, expectedOrgName string, actualOrg *common.IdentityOrganization) {
+func (s *organizationModelServiceBlackBoxTest) equalOrganization(expectedOrgID uuid.UUID, expectedOrgName string, actualOrg *organization.IdentityOrganization) {
 	require.NotNil(s.T(), actualOrg, "Organization is nil")
 	require.Equal(s.T(), expectedOrgID, actualOrg.OrganizationID, "Organization ID is different")
 	require.Equal(s.T(), false, actualOrg.Member, "User should not be a member of newly created organization")
 	require.Equal(s.T(), expectedOrgName, actualOrg.Name, "Organization name is different")
 	require.Equal(s.T(), 1, len(actualOrg.Roles), "New organization should have assigned exactly 1 role")
-	require.Equal(s.T(), common.OrganizationOwnerRole, actualOrg.Roles[0], "New organization should have assigned owner role")
+	require.Equal(s.T(), organization.OrganizationOwnerRole, actualOrg.Roles[0], "New organization should have assigned owner role")
 }

authorization/organization/organization.go

@@ -0,0 +1,18 @@
+package organization
+
+import (
+	uuid "github.com/satori/go.uuid"
+)
+
+const (
+	// OrganizationOwnerRole is the constant used to denotee the name of the owner's role
+	OrganizationOwnerRole = "owner"
+)
+
+// IdentityOrganization is used to return the Organizations for which an Identity is associated
+type IdentityOrganization struct {
+	OrganizationID uuid.UUID
+	Name           string
+	Member         bool
+	Roles          []string
+}

authorization/organization/service/doc.go

@@ -0,0 +1,2 @@
+// Package service provides the code which handles the business logic for managing organizations
+package service

authorization/organization_service.go → authorization/organization/service/organization_service.go

@@ -1,24 +1,24 @@
-package authorization
+package service
 
 import (
 	"context"
 	"github.com/fabric8-services/fabric8-auth/application"
-	"github.com/fabric8-services/fabric8-auth/authorization/common"
-	"github.com/fabric8-services/fabric8-auth/authorization/models"
+	organization "github.com/fabric8-services/fabric8-auth/authorization/organization"
+	organizationModel "github.com/fabric8-services/fabric8-auth/authorization/organization/model"
 	uuid "github.com/satori/go.uuid"
 )
 
 type OrganizationService interface {
 	CreateOrganization(ctx context.Context, identityID uuid.UUID, organizationName string) (*uuid.UUID, error)
-	ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]common.IdentityOrganization, error)
+	ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]organization.IdentityOrganization, error)
 }
 
 type OrganizationServiceImpl struct {
-	modelService models.OrganizationModelService
+	modelService organizationModel.OrganizationModelService
 	db           application.DB
 }
 
-func NewOrganizationService(modelService models.OrganizationModelService, db application.DB) OrganizationService {
+func NewOrganizationService(modelService organizationModel.OrganizationModelService, db application.DB) OrganizationService {
 	return &OrganizationServiceImpl{modelService: modelService, db: db}
 }
 
@@ -35,8 +35,8 @@ func (s *OrganizationServiceImpl) CreateOrganization(ctx context.Context, identi
 	return organizationId, err
 }
 
-func (s *OrganizationServiceImpl) ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]common.IdentityOrganization, error) {
-	var orgs []common.IdentityOrganization
+func (s *OrganizationServiceImpl) ListOrganizations(ctx context.Context, identityID uuid.UUID) ([]organization.IdentityOrganization, error) {
+	var orgs []organization.IdentityOrganization
 	var err error
 	err = application.Transactional(s.db, func(appl application.Application) error {
 		orgs, err = s.modelService.ListOrganizations(ctx, identityID)