Delete data part 1 (#360)

pkg/auth/auth.go

@@ -0,0 +1,34 @@
+package auth
+
+import (
+	"context"
+
+	"github.com/micro/micro/v3/service/auth"
+	"github.com/micro/micro/v3/service/errors"
+)
+
+func VerifyMicroAdmin(ctx context.Context, method string) (*auth.Account, error) {
+	acc, ok := auth.AccountFromContext(ctx)
+	if !ok {
+		return nil, errors.Unauthorized(method, "Unauthorized")
+	}
+	if err := doVerifyMicroAdmin(acc, method); err != nil {
+		return nil, err
+	}
+	return acc, nil
+}
+
+func doVerifyMicroAdmin(acc *auth.Account, method string) error {
+	errForbid := errors.Forbidden(method, "Forbidden")
+	if acc.Issuer != "micro" {
+		return errForbid
+	}
+
+	for _, s := range acc.Scopes {
+		if (s == "admin" && acc.Type == "user") || (s == "service" && acc.Type == "service") {
+			return nil
+		}
+	}
+	return errForbid
+
+}

pkg/tenant/tenant.go

@@ -8,6 +8,10 @@ import (
 	"github.com/micro/micro/v3/service/auth"
 )
 
+const (
+	metaOwner = "apikey_owner"
+)
+
 // FromContext returns a tenant from the context
 func FromContext(ctx context.Context) (string, bool) {
 	acc, ok := auth.AccountFromContext(ctx)
@@ -21,7 +25,7 @@ func FromContext(ctx context.Context) (string, bool) {
 func FromAccount(acc *auth.Account) string {
 	id := acc.ID
 	issuer := acc.Issuer
-	owner := acc.Metadata["apikey_owner"]
+	owner := acc.Metadata[metaOwner]
 
 	if len(id) == 0 {
 		id = "micro"
@@ -47,3 +51,14 @@ func CreateKey(ctx context.Context, key string) string {
 	// return a tenant prefixed key e.g micro/asim/foobar
 	return fmt.Sprintf("%s/%s", t, key)
 }
+
+// NewContext returns a context that will encapsulate the given tenant
+func NewContext(id, issuer, owner string) context.Context {
+	return auth.ContextWithAccount(context.Background(), &auth.Account{
+		ID:     id,
+		Issuer: issuer,
+		Metadata: map[string]string{
+			metaOwner: owner,
+		},
+	})
+}