Wire up admin privilege grant and revoke (#2). Fixes #2872

[gunnaraasen]

This is an alternative to #3233 for setting the admin privilege on an existing user.

There does not seem to be a clean way to set/unset the admin privilege flag without making wider reaching changes to the way user privileges are stored. influxql.Privilege is used for per database privilege settings, e.g. map[string]Privilege so extending it with influxql.AdminPrivilege and influxql.NoAdminPrivilege to set an admin flag felt off.

With this change, the admin privilege is set when a setPrivilege is executed with influxql.AllPrivileges and no database name.

[otoolep]

I think the CHANGELOG needs updating too, right?

[gunnaraasen]

@otoolep thanks for the reminder. CHANGELOG has been updated.

[gunnaraasen]

@otoolep @toddboom This is ready for review. Turns out authorization on the query endpoint was not hooked up at all so the scope of this PR grew to fixing #3259.

[otoolep]

Is this correct? You need to be an admin to create an RP on a database?

[gunnaraasen]

I made any statement that previously required AllPrivileges a statement that requires admin access. My assumption was that no additional privileges should be granted for AllPrivileges that were not already allowed by the Read and Write privileges. Therefore, all statements that were previously AllPrivileges now require admin privilege.

RP creation seems like something that could only require the Write privilege, since there should be no way to delete or change existing data by creating a new RP.

[beckettsean]

Seems like a good default for now. Let's make a matrix of operations and permissions and see what shakes out.

[beckettsean]

Here's a proposal for permissions by GRANT type per opertation: https://docs.google.com/a/errplane.com/spreadsheets/d/1V1acjK8PS8QCQ3MagsvIMhT3giy8dJArzBOVanl_Vz0/edit?usp=sharing

[otoolep]

Makes general sense to me. You'll need to rebase.

[gunnaraasen]

Rebased onto master.

[otoolep]

+1 from me.

[toddboom]

+1