add owner to tenant metadata

Author: nikhilsinhaparseable

src/handlers/http/modal/query/querier_rbac.rs

@@ -29,12 +29,13 @@ use crate::{
         modal::utils::rbac_utils::{get_metadata, put_metadata},
         rbac::{RBACError, UPDATE_LOCK},
     },
-    parseable::DEFAULT_TENANT,
+    parseable::{DEFAULT_TENANT, PARSEABLE},
     rbac::{
         Users,
         map::{roles, users, write_user_groups},
         user::{self, UserType},
     },
+    tenants::TENANT_METADATA,
     utils::{get_tenant_id_from_request, get_user_from_request},
     validator,
 };
@@ -292,6 +293,23 @@ pub async fn remove_roles_from_user(
         )));
     }
 
+    // In multi-tenant, prevent removing the admin role from the tenant owner
+    if PARSEABLE.options.is_multi_tenant()
+        && roles_to_remove.contains("admin")
+        && let Some(tid) = tenant_id.as_deref()
+    {
+        let is_owner = TENANT_METADATA
+            .get_tenant_meta(tid)
+            .and_then(|meta| meta.owner)
+            .map(|owner| owner == userid)
+            .unwrap_or(false);
+        if is_owner {
+            return Err(RBACError::InvalidDeletionRequest(
+                "Cannot remove the admin role from the tenant owner".to_string(),
+            ));
+        }
+    }
+
     // update parseable.json first
     let mut metadata = get_metadata(&tenant_id).await?;
     if let Some(user) = metadata

src/storage/store_metadata.rs

@@ -78,6 +78,8 @@ pub struct StorageMetadata {
     pub end_date: Option<String>,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub plan: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub owner: Option<String>,
 }
 
 impl Default for StorageMetadata {
@@ -100,6 +102,7 @@ impl Default for StorageMetadata {
             start_date: None,
             end_date: None,
             plan: None,
+            owner: None,
         }
     }
 }