add authorization to create middleware

Signed-off-by: nyagamunene <[email protected]>

channels/middleware/authorization.go

@@ -97,6 +97,10 @@ func (am *authorizationMiddleware) CreateChannels(ctx context.Context, session a
 		}
 	}
 
+	if err := am.RoleManagerAuthorizationMiddleware.AuthorizeMembers(ctx, session, []string{session.UserID}); err != nil {
+		return []channels.Channel{}, []roles.RoleProvision{}, errors.Wrap(svcerr.ErrAuthorization, err)
+	}
+
 	if err := am.extAuthorize(ctx, channels.DomainOpCreateChannel, smqauthz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,

clients/middleware/authorization.go

@@ -89,6 +89,10 @@ func (am *authorizationMiddleware) CreateClients(ctx context.Context, session au
 		}
 	}
 
+	if err := am.RoleManagerAuthorizationMiddleware.AuthorizeMembers(ctx, session, []string{session.UserID}); err != nil {
+		return []clients.Client{}, []roles.RoleProvision{}, errors.Wrap(svcerr.ErrAuthorization, err)
+	}
+
 	if err := am.extAuthorize(ctx, clients.DomainOpCreateClient, smqauthz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,

domains/middleware/authorization.go

@@ -10,6 +10,8 @@ import (
 	"github.com/absmach/supermq/pkg/authn"
 	"github.com/absmach/supermq/pkg/authz"
 	smqauthz "github.com/absmach/supermq/pkg/authz"
+	"github.com/absmach/supermq/pkg/errors"
+	svcerr "github.com/absmach/supermq/pkg/errors/service"
 	"github.com/absmach/supermq/pkg/policies"
 	"github.com/absmach/supermq/pkg/roles"
 	rmMW "github.com/absmach/supermq/pkg/roles/rolemanager/middleware"
@@ -48,6 +50,9 @@ func AuthorizationMiddleware(entityType string, svc domains.Service, authz smqau
 }
 
 func (am *authorizationMiddleware) CreateDomain(ctx context.Context, session authn.Session, d domains.Domain) (domains.Domain, []roles.RoleProvision, error) {
+	if err := am.RoleManagerAuthorizationMiddleware.AuthorizeMembers(ctx, session, []string{session.UserID}); err != nil {
+		return domains.Domain{}, []roles.RoleProvision{}, errors.Wrap(svcerr.ErrAuthorization, err)
+	}
 	return am.svc.CreateDomain(ctx, session, d)
 }
 

groups/middleware/authorization.go

@@ -95,6 +95,11 @@ func (am *authorizationMiddleware) CreateGroup(ctx context.Context, session auth
 			return groups.Group{}, []roles.RoleProvision{}, errors.Wrap(svcerr.ErrUnauthorizedPAT, err)
 		}
 	}
+
+	if err := am.RoleManagerAuthorizationMiddleware.AuthorizeMembers(ctx, session, []string{session.UserID}); err != nil {
+		return groups.Group{}, []roles.RoleProvision{}, errors.Wrap(svcerr.ErrAuthorization, err)
+	}
+
 	if err := am.extAuthorize(ctx, groups.DomainOpCreateGroup, smqauthz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,

pkg/roles/rolemanager/middleware/authoirzation.go

@@ -211,7 +211,7 @@ func (ram RoleManagerAuthorizationMiddleware) RoleAddMembers(ctx context.Context
 		return []string{}, err
 	}
 
-	if err := ram.authorizeMembers(ctx, session, members); err != nil {
+	if err := ram.AuthorizeMembers(ctx, session, members); err != nil {
 		return []string{}, err
 	}
 	return ram.svc.RoleAddMembers(ctx, session, entityID, roleID, members)
@@ -320,7 +320,7 @@ func (ram RoleManagerAuthorizationMiddleware) RemoveMemberFromAllRoles(ctx conte
 	return ram.svc.RemoveMemberFromAllRoles(ctx, session, memberID)
 }
 
-func (ram RoleManagerAuthorizationMiddleware) authorizeMembers(ctx context.Context, session authn.Session, members []string) error {
+func (ram RoleManagerAuthorizationMiddleware) AuthorizeMembers(ctx context.Context, session authn.Session, members []string) error {
 	switch ram.entityType {
 	case policies.DomainType:
 		for _, member := range members {