feat: Ability to relate private documents to actors

[shahzadlone]

Relevant issue(s)

Resolves #2762

Description

This PR introduces the ability to make use of the relations defined within a policy to create relationships between an actor and a document within a collection. For users sake, I have made the clients (http, and cli) not consume the policyID and resource name but instead a docID and collection name, since the collection will have the policy and resource information available we can fetch that and make lives easier for the users.

This PR also makes use of the manages feature we have had in our policy. The manages essentially defines who can make the relationship manipulation requests.

There are a lot of tests in this PR due to a lot of edge cases I wanted to have tested specific to manger, and ensuring write and read permissions don't leak (i.e. are accidently granted).

CLI Demo

The following lets the target actor be able to now read the private document:

defradb client acp relationship add \
--collection Users \
--docID bae-ff3ceb1c-b5c0-5e86-a024-dd1b16a4261c \
--relation reader \
--actor did:key:z7r8os2G88XXBNBTLj3kFR5rzUJ4VAesbX7PgsA68ak9B5RYcXF5EZEmjRzzinZndPSSwujXb4XKHG6vmKEFG6ZfsfcQn \
--identity e3b722906ee4e56368f581cd8b18ab0f48af1ea53e635e3f7b8acd076676f6ac

Result:

{
  "ExistedAlready": false // <-------------- Indicates a new relationship was formed
}

Future (out-of-scope of this PR):

• Most of write tests will split into delete and update in Split ACP write perm into delete and update #2905
• Ability to revoke or delete relation coming in Revoke or unshare a document previously created a relation for #2906
• Decide on the can't write if no read permission in An actor granted a write permission still can't write unless also given read permission #2992
• Move acp logic to a shared repo: Move ACP testing and extra non-defra specific logic to an other shared repo #2980

How has this been tested?

• Integration tests

Specify the platform(s) on which this was tested:

• Manjaro WSL2

[codecov]

Codecov Report

Attention: Patch coverage is 93.13725% with 21 lines in your changes missing coverage. Please review.

Project coverage is 79.70%. Comparing base (3101c61) to head (5c05eeb).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
acp/acp_source_hub.go	74.19%	4 Missing and 4 partials ⚠️
http/handler_acp.go	82.35%	4 Missing and 2 partials ⚠️
http/client_acp.go	83.33%	2 Missing and 2 partials ⚠️
internal/db/db.go	86.96%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #2907      +/-   ##
===========================================
+ Coverage    79.42%   79.70%   +0.28%     
===========================================
  Files          346      348       +2     
  Lines        26715    27014     +299     
===========================================
+ Hits         21217    21530     +313     
+ Misses        3964     3957       -7     
+ Partials      1534     1527       -7     

Flag	Coverage Δ
all-tests	79.70% <93.14%> (+0.28%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
acp/acp_local.go	97.56% <100.00%> (+0.29%)	⬆️
acp/errors.go	88.07% <100.00%> (+3.02%)	⬆️
acp/source_hub_client.go	91.15% <100.00%> (+2.95%)	⬆️
cli/acp_relationship.go	100.00% <100.00%> (ø)
cli/acp_relationship_add.go	100.00% <100.00%> (ø)
cli/cli.go	100.00% <100.00%> (ø)
client/db.go	91.30% <ø> (ø)
client/errors.go	59.72% <ø> (ø)
internal/db/permission/check.go	85.19% <100.00%> (ø)
internal/db/permission/permission.go	100.00% <100.00%> (ø)
... and 5 more

... and 21 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3101c61...5c05eeb. Read the comment docs.

[shahzadlone]

discussion: I understand if people prefer having DocIDIndex and DocID to test these edge cases rather than -1 to test empty/invalid DocID input. I don't have any strong preferences here, happy to follow consensus.

Same for other -1 inputs as well uses as well.

[islamaliev]

it sort of breaks consistency with immutable.Option, but I see how it simplifies test cases. I also don't have strong preference.

[shahzadlone]

immutable.Option is for optional fields. This is not an optional field, it's more to test invalid input of that field. Is why I was wondering if others prefer non-index input as well (i.e. DocIDIndex for normal cases and DocID for actual invalid testing).

[shahzadlone]

discussion: Since in these tests writer won't get read permission, even if a relation is made to make an actor a writer, they won't be able to write because the policy doesn't model ability to read. This behavior we can try manipulate on defradb level to change (however not in this PR), but opening this here to start a discussion.

[islamaliev]

Good work so far. I'm just not sure why it's still in Draft state.
There are a lot of tests here, but I'm not sure if all them are necessary.
A lot of repetitive code in tests, which makes it hard to read every detail.

[islamaliev]

praise: thanks for examples

[islamaliev]

it sort of breaks consistency with immutable.Option, but I see how it simplifies test cases. I also don't have strong preference.

[islamaliev]

Approving assuming tests will be moved as discussed

[AndrewSisley]

LGTM, thanks Shahzad!