Organizations update

application/applicationservice/organization.go

@@ -35,37 +35,42 @@ func (s *organizationService) GetAllTypes() ([]viewmodel.OrganizationType, error
 	return s.mapEntity.Organization.ToOrganizationTypeModelSlice(result), nil
 }
 
-func (s *organizationService) GetByType(organizationTypeKey string) ([]viewmodel.Organization, error) {
+func (s *organizationService) GetByType(organizationTypeKey string, user viewmodel.User) ([]viewmodel.Organization, error) {
-	result, err := s.svc.Organization.GetByType(organizationTypeKey)
+	userEntity := s.mapEntity.User.ToUserEntity(user)
+	result, err := s.svc.Organization.GetByType(organizationTypeKey, userEntity)
 	if err != nil {
 		return nil, err
 	}
+
 	return s.mapEntity.Organization.ToOrganizationModelSlice(result), nil
 }
 
-func (s *organizationService) GetByUUID(organizationUUID string) (viewmodel.Organization, error) {
+func (s *organizationService) GetByUUID(organizationUUID string, user viewmodel.User) (viewmodel.Organization, error) {
-	result, err := s.svc.Organization.GetByUUID(organizationUUID)
+	userEntity := s.mapEntity.User.ToUserEntity(user)
+	result, err := s.svc.Organization.GetByUUID(organizationUUID, userEntity)
 	if err != nil {
 		return viewmodel.Organization{}, err
 	}
 	return s.mapEntity.Organization.ToOrganizationModel(result), nil
 }
 
-func (s *organizationService) GetByName(name string, searchType string) ([]viewmodel.Organization, error) {
+func (s *organizationService) GetByName(name string, searchType string, user viewmodel.User) ([]viewmodel.Organization, error) {
-	result, err := s.svc.Organization.GetByName(name, searchType)
+	userEntity := s.mapEntity.User.ToUserEntity(user)
+	result, err := s.svc.Organization.GetByName(name, searchType, userEntity)
 	if err != nil {
 		return nil, err
 	}
 	return s.mapEntity.Organization.ToOrganizationModelSlice(result), nil
 }
 
-func (s *organizationService) SetParentOrganization(organizationUUID string, parentOrganizationUUID string) (viewmodel.Organization, error) {
+func (s *organizationService) SetParentOrganization(organizationUUID string, parentOrganizationUUID string, user viewmodel.User) (viewmodel.Organization, error) {
-	child, err := s.svc.Organization.GetByUUID(organizationUUID)
+	userEntity := s.mapEntity.User.ToUserEntity(user)
+	child, err := s.svc.Organization.GetByUUID(organizationUUID, userEntity)
 	if err != nil {
 		return viewmodel.Organization{}, err
 	}
 
-	parent, err := s.svc.Organization.GetByUUID(parentOrganizationUUID)
+	parent, err := s.svc.Organization.GetByUUID(parentOrganizationUUID, userEntity)
 	if err != nil {
 		return viewmodel.Organization{}, err
 	}
@@ -74,10 +79,11 @@ func (s *organizationService) SetParentOrganization(organizationUUID string, par
 		return viewmodel.Organization{}, err
 	}
 
-	return s.GetByUUID(organizationUUID)
+	return s.GetByUUID(organizationUUID, user)
 }
 
-func (s *organizationService) InactivateOrganizationAddress(organizationUUID string, address viewmodel.OrganizationAddress) error {
+func (s *organizationService) InactivateOrganizationAddress(organizationUUID string, address viewmodel.OrganizationAddress, userView viewmodel.User) error {
+	userEntity := s.mapEntity.User.ToUserEntity(userView)
 	entityAddress := s.mapEntity.Organization.ToOrganizationAddressEntity(address)
 	entityAddress.Organization = &entity.Organization{
 		UUID: organizationUUID,
@@ -89,14 +95,15 @@ func (s *organizationService) InactivateOrganizationAddress(organizationUUID str
 	}
 	entityAddress.UpdatedUser = user
 
-	if err := s.svc.Organization.InactivateOrganizationAddress(entityAddress); err != nil {
+	if err := s.svc.Organization.InactivateOrganizationAddress(entityAddress, userEntity); err != nil {
 		return err
 	} else {
 		return nil
 	}
 }
 
-func (s *organizationService) SetOrganizationAddress(organizationUUID string, address viewmodel.OrganizationAddress) (viewmodel.OrganizationAddress, error) {
+func (s *organizationService) SetOrganizationAddress(organizationUUID string, address viewmodel.OrganizationAddress, userView viewmodel.User) (viewmodel.OrganizationAddress, error) {
+	userEntity := s.mapEntity.User.ToUserEntity(userView)
 	entityAddress := s.mapEntity.Organization.ToOrganizationAddressEntity(address)
 	entityAddress.Organization = &entity.Organization{
 		UUID: organizationUUID,
@@ -110,7 +117,7 @@ func (s *organizationService) SetOrganizationAddress(organizationUUID string, ad
 	entityAddress.CreatedUser = user
 	entityAddress.UpdatedUser = user
 
-	entityAddress, err = s.svc.Organization.SetOrganizationAddress(entityAddress)
+	entityAddress, err = s.svc.Organization.SetOrganizationAddress(entityAddress, userEntity)
 	if err != nil {
 		return viewmodel.OrganizationAddress{}, err
 	}
@@ -118,7 +125,8 @@ func (s *organizationService) SetOrganizationAddress(organizationUUID string, ad
 	return s.mapEntity.Organization.ToOrganizationAddressModel(entityAddress), nil
 }
 
-func (s *organizationService) InactivateOrganizationContact(organizationUUID string, contact viewmodel.OrganizationContact) error {
+func (s *organizationService) InactivateOrganizationContact(organizationUUID string, contact viewmodel.OrganizationContact, userView viewmodel.User) error {
+	userEntity := s.mapEntity.User.ToUserEntity(userView)
 	entityContact := s.mapEntity.Organization.ToOrganizationContactEntity(contact)
 	entityContact.Organization = &entity.Organization{
 		UUID: organizationUUID,
@@ -130,14 +138,15 @@ func (s *organizationService) InactivateOrganizationContact(organizationUUID str
 	}
 	entityContact.UpdatedUser = user
 
-	if err := s.svc.Organization.InactivateOrganizationContact(entityContact); err != nil {
+	if err := s.svc.Organization.InactivateOrganizationContact(entityContact, userEntity); err != nil {
 		return err
 	} else {
 		return nil
 	}
 }
 
-func (s *organizationService) SetOrganizationContact(organizationUUID string, contact viewmodel.OrganizationContact) (viewmodel.OrganizationContact, error) {
+func (s *organizationService) SetOrganizationContact(organizationUUID string, contact viewmodel.OrganizationContact, userView viewmodel.User) (viewmodel.OrganizationContact, error) {
+	userEntity := s.mapEntity.User.ToUserEntity(userView)
 	entityContact := s.mapEntity.Organization.ToOrganizationContactEntity(contact)
 	entityContact.Organization = &entity.Organization{
 		UUID: organizationUUID,
@@ -151,7 +160,7 @@ func (s *organizationService) SetOrganizationContact(organizationUUID string, co
 	entityContact.CreatedUser = user
 	entityContact.UpdatedUser = user
 
-	entityContact, err = s.svc.Organization.SetOrganizationContact(entityContact)
+	entityContact, err = s.svc.Organization.SetOrganizationContact(entityContact, userEntity)
 	if err != nil {
 		return viewmodel.OrganizationContact{}, err
 	}
@@ -221,10 +230,10 @@ func (s *organizationService) AddOrganization(organization viewmodel.Organizatio
 		}
 	}
 
-	enOrg, err = s.svc.Organization.AddOrganization(enOrg)
+	enOrg, err = s.svc.Organization.AddOrganization(enOrg, enUser)
 	if err != nil {
 		return viewmodel.Organization{}, nil
 	}
 
-	return s.GetByUUID(enOrg.UUID)
+	return s.GetByUUID(enOrg.UUID, user)
 }

application/applicationservice/user.go

@@ -71,11 +71,12 @@ func (s *userService) Login(email string, pass string) (retVal viewmodel.User, e
 	return s.mapEntity.User.ToUserModel(user), nil
 }
 
-func (s *userService) Create(user viewmodel.User) (retVal viewmodel.User, err error) {
+func (s *userService) Create(user viewmodel.User, author viewmodel.User) (retVal viewmodel.User, err error) {
 	entity := s.mapEntity.User.ToUserEntity(user)
+	enAuthor := s.mapEntity.User.ToUserEntity(author)
 
 	for i, _ := range entity.Organizations {
-		entity.Organizations[i], err = s.svc.Organization.GetByUUID(entity.Organizations[i].UUID)
+		entity.Organizations[i], err = s.svc.Organization.GetByUUID(entity.Organizations[i].UUID, enAuthor)
 		if err != nil {
 			return retVal, err
 		}
@@ -89,13 +90,14 @@ func (s *userService) Create(user viewmodel.User) (retVal viewmodel.User, err er
 	return s.mapEntity.User.ToUserModel(entity), nil
 }
 
-func (s *userService) CreateBulk(users []viewmodel.User) (retVal []viewmodel.User, err error) {
+func (s *userService) CreateBulk(users []viewmodel.User, author viewmodel.User) (retVal []viewmodel.User, err error) {
 	entities := s.mapEntity.User.ToUserEntitySlice(users)
+	enAuthor := s.mapEntity.User.ToUserEntity(author)
 	organizations := make([]entity.Organization, 0)
 	for i, _ := range entities {
 		if i == 0 {
 			for o, _ := range entities[i].Organizations {
-				org, err := s.svc.Organization.GetByUUID(entities[i].Organizations[o].UUID)
+				org, err := s.svc.Organization.GetByUUID(entities[i].Organizations[o].UUID, enAuthor)
 				if err != nil {
 					return nil, err
 				}

authorization_model.conf

@@ -1,11 +1,11 @@
 [request_definition]
-r = role, objectsRole, orgRelation, objectsRelation, obj, act
+r = role, objectsRole, orgType, objectsOrgType, orgRelation, objectsRelation, obj, act
 
 [policy_definition]
-p = role, objectsRole, orgRelation, objectsRelation, obj, act
+p = role, objectsRole, orgType, objectsOrgType, orgRelation, objectsRelation, obj, act
 
 [policy_effect]
 e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
 
 [matchers]
-m = keyMatch(r.role, p.role) && keyMatch(r.objectsRole, p.objectsRole) && keyMatch(r.objectsRelation, p.objectsRelation) && keyMatch(r.orgRelation, p.orgRelation) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*")
+m = keyMatch(r.role, p.role) && keyMatch(r.objectsRole, p.objectsRole) && keyMatch(r.orgType, p.orgType) && keyMatch(r.objectsOrgType, p.objectsOrgType) && keyMatch(r.objectsRelation, p.objectsRelation) && keyMatch(r.orgRelation, p.orgRelation) && keyMatch(r.obj, p.obj) && (r.act == p.act || p.act == "*")

authorization_policy.csv

@@ -1,27 +1,92 @@
-p, *, *, *, *, /v1/authenticate/portal, POST
+p, AD, *, *, *, *, *, *, *
-p, *, *, *, *, /health/, GET
+p, *, *, *, *, *, *, /v1/authenticate/portal, POST
-p, *, *, *, [self], /v1/users/*/, GET
+p, *, *, *, *, *, *, /health/, GET
-p, *, *, *, [self], /v1/users/portal/*, DELETE
+p, *, *, *, *, *, [self], /v1/nemt/nemt/users/*/, GET
-p, *, *, *, [self], /v1/users/portal/*, POST
+p, *, *, *, *, *, [self], /v1/nemt/users/portal/*, DELETE
-p, *, *, *, [self], /v1/users/portal/*, GET
+p, *, *, *, *, *, [self], /v1/nemt/users/portal/*, POST
-p, *AD, *, *, *, /v1/users/, GET
+p, *, *, *, *, *, [self], /v1/nemt/users/portal/*, GET
-p, BDCAD, BCBSIAD, *, [other], /v1/users/*/, GET
+p, *AD, *, *, *, *, *, /v1/nemt/users/, GET
-p, BDCAD, BCBSIAD, *, [other], /v1/users/portal/*, DELETE
+p, BDCAD, SP, *, *, *, [other], /v1/nemt/users/*/, GET
-p, BDCAD, BCBSIAD, *, [other], /v1/users/portal/*, POST
+p, BDCAD, SP, *, *, *, [other], /v1/nemt/users/portal/*, DELETE
-p, BDCAD, BCBSIAD, *, [other], /v1/users/portal/*, GET
+p, BDCAD, SP, *, *, *, [other], /v1/nemt/users/portal/*, POST
-p, BDCAD, PLANAD, *, [other], /v1/users/*/, GET
+p, BDCAD, SP, *, *, *, [other], /v1/nemt/users/portal/*, GET
-p, BDCAD, PLANAD, *, [other], /v1/users/portal/*, DELETE
+p, BDCAD, SPT, *, *, *, [other], /v1/nemt/users/*/, GET
-p, BDCAD, PLANAD, *, [other], /v1/users/portal/*, POST
+p, BDCAD, SPT, *, *, *, [other], /v1/nemt/users/portal/*, DELETE
-p, BDCAD, PLANAD, *, [other], /v1/users/portal/*, GET
+p, BDCAD, SPT, *, *, *, [other], /v1/nemt/users/portal/*, POST
-p, BCBSIAD, SP, *, [other], /v1/users/*/, GET
+p, BDCAD, SPT, *, *, *, [other], /v1/nemt/users/portal/*, GET
-p, BCBSIAD, SP, *, [other], /v1/users/portal/*, DELETE
+p, BDCAD, US, *, *, *, [other], /v1/nemt/users/*/, GET
-p, BCBSIAD, SP, *, [other], /v1/users/portal/*, POST
+p, BDCAD, US, *, *, *, [other], /v1/nemt/users/portal/*, DELETE
-p, BCBSIAD, SP, *, [other], /v1/users/portal/*, GET
+p, BDCAD, US, *, *, *, [other], /v1/nemt/users/portal/*, POST
-p, BCBSIAD, US, *, [other], /v1/users/*/, GET
+p, BDCAD, US, *, *, *, [other], /v1/nemt/users/portal/*, GET
-p, BCBSIAD, US, *, [other], /v1/users/portal/*, DELETE
+p, BCBSIAD, SP, *, *, *, [other], /v1/nemt/users/*/, GET
-p, BCBSIAD, US, *, [other], /v1/users/portal/*, POST
+p, BCBSIAD, SP, *, *, *, [other], /v1/nemt/users/portal/*, DELETE
-p, BCBSIAD, US, *, [other], /v1/users/portal/*, GET
+p, BCBSIAD, SP, *, *, *, [other], /v1/nemt/users/portal/*, POST
-p, PLANAD, US, [equal], [other], /v1/users/*/, GET
+p, BCBSIAD, SP, *, *, *, [other], /v1/nemt/users/portal/*, GET
-p, PLANAD, US, [equal], [other], /v1/users/portal/*, DELETE
+p, BCBSIAD, US, *, *, *, [other], /v1/nemt/users/*/, GET
-p, PLANAD, US, [equal], [other], /v1/users/portal/*, POST
+p, BCBSIAD, US, *, *, *, [other], /v1/nemt/users/portal/*, DELETE
-p, PLANAD, US, [equal], [other], /v1/users/portal/*, GET
+p, BCBSIAD, US, *, *, *, [other], /v1/nemt/users/portal/*, POST
+p, BCBSIAD, US, *, *, *, [other], /v1/nemt/users/portal/*, GET
+p, BCBSIAD, SPT, *, *, *, [other], /v1/nemt/users/*/, GET
+p, BCBSIAD, SPT, *, *, *, [other], /v1/nemt/users/portal/*, DELETE
+p, BCBSIAD, SPT, *, *, *, [other], /v1/nemt/users/portal/*, POST
+p, BCBSIAD, SPT, *, *, *, [other], /v1/nemt/users/portal/*, GET
+p, PLANAD, SPT, *, *, [equal], [other], /v1/nemt/users/*/, GET
+p, PLANAD, SPT, *, *, [equal], [other], /v1/nemt/users/portal/*, DELETE
+p, PLANAD, SPT, *, *, [equal], [other], /v1/nemt/users/portal/*, POST
+p, PLANAD, SPT, *, *, [equal], [other], /v1/nemt/users/portal/*, GET
+p, PLANAD, US, *, *, [equal], [other], /v1/nemt/users/*/, GET
+p, PLANAD, US, *, *, [equal], [other], /v1/nemt/users/portal/*, DELETE
+p, PLANAD, US, *, *, [equal], [other], /v1/nemt/users/portal/*, POST
+p, PLANAD, US, *, *, [equal], [other], /v1/nemt/users/portal/*, GET
+p, PLANAD, SP, *, *, [equal], [other], /v1/nemt/users/*/, GET
+p, PLANAD, SP, *, *, [equal], [other], /v1/nemt/users/portal/*, DELETE
+p, PLANAD, SP, *, *, [equal], [other], /v1/nemt/users/portal/*, POST
+p, PLANAD, SP, *, *, [equal], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, US, *, *, [parent], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, US, *, *, [parent], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, US, *, *, [parent], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, US, *, *, [parent], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, SP, *, *, [parent], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, SP, *, *, [parent], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, SP, *, *, [parent], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, SP, *, *, [parent], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, SPT, *, *, [parent], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, SPT, *, *, [parent], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, SPT, *, *, [parent], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, SPT, *, *, [parent], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, SP, *, *, [equal*], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, SP, *, *, [equal*], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, SP, *, *, [equal*], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, SP, *, *, [equal*], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, US, *, *, [equal*], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, US, *, *, [equal*], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, US, *, *, [equal*], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, US, *, *, [equal*], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, SPT, *, *, [equal*], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, SPT, *, *, [equal*], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, SPT, *, *, [equal*], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, SPT, *, *, [equal*], [other], /v1/nemt/users/portal/*, GET
+p, SCHDAD, SCHDAD, *, *, [equal*], [other], /v1/nemt/users/*/, GET
+p, SCHDAD, SCHDAD, *, *, [equal*], [other], /v1/nemt/users/portal/*, DELETE
+p, SCHDAD, SCHDAD, *, *, [equal*], [other], /v1/nemt/users/portal/*, POST
+p, SCHDAD, SCHDAD, *, *, [equal*], [other], /v1/nemt/users/portal/*, GET
+p, SPT, *, programsupport, *, *, [other], /v1/nemt/users/, GET
+p, SPT, *, programsupport, *, *, [other], /v1/nemt/users/*, GET
+p, AD, *, *, *, *, *, /v1/nemt/organization/*, GET
+p, AD, *, *, *, *, *, /v1/nemt/organization/*, POST
+p, AD, *, *, *, *, *, /v1/nemt/organization/*, PUT
+p, SCHDAD, *, *, *, [equal*], *, /v1/nemt/organization/*, GET
+p, SCHDAD, *, *, *, [equal*], *, /v1/nemt/organization/*, POST
+p, SCHDAD, *, *, *, [equal*], *, /v1/nemt/organization/*, PUT
+p, PLANAD, *, *, *, [equal*], *, /v1/nemt/organization/*, GET
+p, PLANAD, *, *, *, [equal*], *, /v1/nemt/organization/*, POST
+p, PLANAD, *, *, *, [equal*], *, /v1/nemt/organization/*, PUT
+p, BDCAD, *, *, *, *, *, /v1/nemt/organization/*, GET
+p, BDCAD, *, *, *, *, *, /v1/nemt/organization/*, POST
+p, BDCAD, *, *, *, *, *, /v1/nemt/organization/*, PUT
+p, BCBSIAD, *, *, *, *, *, /v1/nemt/organization/*, GET
+p, BCBSIAD, *, *, *, *, *, /v1/nemt/organization/*, POST
+p, BCBSIAD, *, *, *, *, *, /v1/nemt/organization/*, PUT
+p, SPT, *, programsupport, *, *, *, /v1/nemt/organization/*, GET
+
+

data/datamysql/organization.go

@@ -20,6 +20,63 @@ func newOrganizationRepo(conn executor) *organizationRepo {
 	}
 }
 
+func (c *organizationRepo) getProfileQuery(user entity.User) (query string, where string, err error) {
+	if len(user.Profiles) > 0 {
+		for _, p := range user.Profiles {
+			switch p.Key {
+			case "AD", "BCBSIAD", "BDCAD", "PLANAD":
+				switch p.Organization.Type.Key {
+				case "techsupport", "bcbsi", "bcbsa":
+					return
+				case "plan":
+					query = ` INNER JOIN       tab_provider                            e
+                                ON                  e.provider_id                   =       a.organization_reference_id
+                               AND                  b.organization_type_key         =       'plan'
+                         LEFT JOIN       tab_organization                        f
+                                ON                  f.organization_id               =       a.organization_parent_id `
+					where = fmt.Sprintf(`	AND (a.organization_uuid = '%s' OR f.organization_uuid = '%s') `, p.Organization.UUID, p.Organization.UUID)
+				case "provider":
+					query = ` INNER JOIN       tab_provider                            e
+                                ON                  e.provider_id                   =       a.organization_reference_id
+                               AND                  b.organization_type_key         =       'provider'
+                         LEFT JOIN       tab_organization                        f
+                                ON                  f.organization_id               =       a.organization_parent_id `
+					where = fmt.Sprintf(`	AND (a.organization_uuid = '%s' OR f.organization_uuid = '%s') `, p.Organization.UUID, p.Organization.UUID)
+					return
+				}
+			case "SP", "SPT":
+				switch p.Organization.Type.Key {
+				case "techsupport", "bcbsi", "bcbsa":
+					return
+				case "plan":
+					query = ` INNER JOIN       tab_provider                            e
+                                ON                  e.provider_id                   =       a.organization_reference_id
+                               AND                  b.organization_type_key         =       'plan'
+                         LEFT JOIN       tab_organization                        f
+                                ON                  f.organization_id               =       a.organization_parent_id `
+					where = fmt.Sprintf(`	AND (a.organization_uuid = '%s' OR f.organization_uuid = '%s') `, p.Organization.UUID, p.Organization.UUID)
+				case "provider":
+					query = ` INNER JOIN       tab_provider                            e
+                                ON                  e.provider_id                   =       a.organization_reference_id
+                               AND                  b.organization_type_key         =       'provider'
+                         LEFT JOIN       tab_organization                        f
+                                ON                  f.organization_id               =       a.organization_parent_id `
+					where = fmt.Sprintf(`	AND (a.organization_uuid = '%s' OR f.organization_uuid = '%s') `, p.Organization.UUID, p.Organization.UUID)
+					return
+				}
+			}
+		}
+
+		if query == "" && where == "" {
+			return "", "", fmt.Errorf("Invalid Query")
+		} else {
+			return
+		}
+	} else {
+		return "", "", fmt.Errorf("User has no profile to search")
+	}
+}
+
 func (c *organizationRepo) getQuery() string {
 	const (
 		query = `SELECT 
@@ -237,42 +294,73 @@ func (c *organizationRepo) GetAllTypes() ([]entity.OrganizationType, error) {
 }
 
 func (c *organizationRepo) GetTypeByKey(key string) (entity.OrganizationType, error) {
-	return c.parseTypeEntity(c.conn.QueryRow(c.getTypeQuery()+" WHERE organization_type_key=?", key))
+	return c.parseTypeEntity(c.conn.QueryRow(c.getTypeQuery()+" WHERE b.organization_type_key=?", key))
 }
 
-func (c *organizationRepo) GetByType(organizationTypeKey string) ([]entity.Organization, error) {
+func (c *organizationRepo) GetByType(organizationTypeKey string, user entity.User) ([]entity.Organization, error) {
+	query, where, err := c.getProfileQuery(user)
+	if err != nil {
+		return nil, err
+	}
+
 	if organizationTypeKey == "" {
-		return c.parseSet(c.conn.Query(c.getQuery()))
+		return c.parseSet(c.conn.Query(c.getQuery() + query + " WHERE 1 = 1 " + where))
 	} else {
-		return c.parseSet(c.conn.Query(c.getQuery()+" WHERE b.organization_type_key = ? ", organizationTypeKey))
+		return c.parseSet(c.conn.Query(c.getQuery()+query+" WHERE b.organization_type_key = ? "+where, organizationTypeKey))
 	}
 }
 
-func (c *organizationRepo) GetByName(name string, searchType string) ([]entity.Organization, error) {
+func (c *organizationRepo) GetByName(name string, searchType string, user entity.User) ([]entity.Organization, error) {
-	finalQuery := c.getQuery() + " WHERE a.organization_name LIKE ?"
+	query, where, err := c.getProfileQuery(user)
+	if err != nil {
+		return nil, err
+	}
+
+	finalQuery := c.getQuery() + query + " WHERE a.organization_name LIKE ? "
 	switch searchType {
 	case "parent":
-		finalQuery += " AND a.organization_parent_id > 0; "
+		finalQuery += " AND a.organization_parent_id > 0 "
 	case "child":
-		finalQuery += " AND a.organization_parent_id = 0; "
+		finalQuery += " AND a.organization_parent_id = 0 "
 	}
-	name = "%" + name + "%"
 
-	fmt.Println(finalQuery)
+	finalQuery += where
+	name = "%" + name + "%"
 
 	return c.parseSet(c.conn.Query(finalQuery, name))
 }
 
-func (c *organizationRepo) GetByUUID(organizationUUID string) (entity.Organization, error) {
+func (c *organizationRepo) GetByUUID(organizationUUID string, user entity.User) (entity.Organization, error) {
-	return c.parseEntity(c.conn.QueryRow(c.getQuery()+" WHERE a.organization_uuid = ? ", organizationUUID))
+	query, where, err := c.getProfileQuery(user)
+	if err != nil {
+		return entity.Organization{}, err
+	}
+
+	query = c.getQuery() + query + " WHERE a.organization_uuid = ? " + where
+
+	return c.parseEntity(c.conn.QueryRow(query, organizationUUID))
 }
 
-func (c *organizationRepo) GetByID(organizationID int64) (entity.Organization, error) {
+func (c *organizationRepo) GetByID(organizationID int64, user entity.User) (entity.Organization, error) {
-	return c.parseEntity(c.conn.QueryRow(c.getQuery()+" WHERE a.organization_id = ? ", organizationID))
+	query, where, err := c.getProfileQuery(user)
+	if err != nil {
+		return entity.Organization{}, err
+	}
+
+	query = c.getQuery() + query + " WHERE a.organization_id = ? " + where
+
+	return c.parseEntity(c.conn.QueryRow(query, organizationID))
 }
 
-func (c *organizationRepo) GetChildsByID(organizationID int64) ([]entity.Organization, error) {
+func (c *organizationRepo) GetChildsByID(organizationID int64, user entity.User) ([]entity.Organization, error) {
-	return c.parseSet(c.conn.Query(c.getQuery()+" WHERE a.organization_parent_id = ? ", organizationID))
+	query, where, err := c.getProfileQuery(user)
+	if err != nil {
+		return nil, err
+	}
+
+	query = c.getQuery() + query + " WHERE a.organization_parent_id = ? " + where
+
+	return c.parseSet(c.conn.Query(query, organizationID))
 }
 
 func (c *organizationRepo) GetContactsByOrganizationUUID(organizationUUID string) ([]entity.OrganizationContact, error) {
@@ -312,7 +400,7 @@ func (c *organizationRepo) SetParentOrganization(organizationID int64, parentOrg
 	}
 }
 
-func (c *organizationRepo) InactivateOrganizationAddress(address entity.OrganizationAddress) error {
+func (c *organizationRepo) InactivateOrganizationAddress(address entity.OrganizationAddress, user entity.User) error {
 	const (
 		query = "UPDATE tab_organization_address SET active = 0, updated = CURRENT_TIMESTAMP, updated_user_id = ? WHERE organization_id = ? and organization_address_uuid = ?"
 	)
@@ -321,7 +409,7 @@ func (c *organizationRepo) InactivateOrganizationAddress(address entity.Organiza
 		return errors.NewNotFoundError()
 	}
 
-	organization, err := c.GetByUUID(address.Organization.UUID)
+	organization, err := c.GetByUUID(address.Organization.UUID, user)
 	if err != nil {
 		return err
 	}
@@ -334,7 +422,7 @@ func (c *organizationRepo) InactivateOrganizationAddress(address entity.Organiza
 	}
 }
 
-func (c *organizationRepo) SetOrganizationAddress(address entity.OrganizationAddress) (entity.OrganizationAddress, error) {
+func (c *organizationRepo) SetOrganizationAddress(address entity.OrganizationAddress, user entity.User) (entity.OrganizationAddress, error) {
 	const (
 		query = "INSERT INTO tab_organization_address(organization_address_uuid, organization_id, internal_id, `name`, address, `desc`, lat, `long`, created_user_id, updated_user_id) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?);"
 	)
@@ -343,7 +431,7 @@ func (c *organizationRepo) SetOrganizationAddress(address entity.OrganizationAdd
 		return entity.OrganizationAddress{}, errors.NewNotFoundError()
 	}
 
-	organization, err := c.GetByUUID(address.Organization.UUID)
+	organization, err := c.GetByUUID(address.Organization.UUID, user)
 	if err != nil {
 		return entity.OrganizationAddress{}, err
 	}
@@ -362,7 +450,7 @@ func (c *organizationRepo) SetOrganizationAddress(address entity.OrganizationAdd
 	return address, nil
 }
 
-func (c *organizationRepo) InactivateOrganizationContact(contact entity.OrganizationContact) error {
+func (c *organizationRepo) InactivateOrganizationContact(contact entity.OrganizationContact, user entity.User) error {
 	const (
 		query = "UPDATE tab_organization_contact SET active = 0, updated = CURRENT_TIMESTAMP, updated_user_id = ? WHERE organization_id = ? and organization_contact_uuid = ?"
 	)
@@ -371,7 +459,7 @@ func (c *organizationRepo) InactivateOrganizationContact(contact entity.Organiza
 		return errors.NewNotFoundError()
 	}
 
-	organization, err := c.GetByUUID(contact.Organization.UUID)
+	organization, err := c.GetByUUID(contact.Organization.UUID, user)
 	if err != nil {
 		return err
 	}
@@ -384,7 +472,7 @@ func (c *organizationRepo) InactivateOrganizationContact(contact entity.Organiza
 	}
 }
 
-func (c *organizationRepo) SetOrganizationContact(contact entity.OrganizationContact) (entity.OrganizationContact, error) {
+func (c *organizationRepo) SetOrganizationContact(contact entity.OrganizationContact, user entity.User) (entity.OrganizationContact, error) {
 	const (
 		selectQuery = "SELECT a.contact_type_id, a.name, a.key FROM tab_contact_type a WHERE a.key = ?"
 		query       = "INSERT INTO tab_organization_contact(organization_contact_uuid, organization_id, contact_type_id, contact, contact_name, contact_desc, created_user_id, updated_user_id) VALUES(?, ?, ?, ?, ?, ?, ?, ?);"
@@ -394,7 +482,7 @@ func (c *organizationRepo) SetOrganizationContact(contact entity.OrganizationCon
 		return entity.OrganizationContact{}, errors.NewNotFoundError()
 	}
 
-	organization, err := c.GetByUUID(contact.Organization.UUID)
+	organization, err := c.GetByUUID(contact.Organization.UUID, user)
 	if err != nil {
 		return entity.OrganizationContact{}, err
 	}
@@ -419,7 +507,7 @@ func (c *organizationRepo) SetOrganizationContact(contact entity.OrganizationCon
 	return contact, nil
 }
 
-func (c *organizationRepo) AddOrganization(organization entity.Organization) (entity.Organization, error) {
+func (c *organizationRepo) AddOrganization(organization entity.Organization, user entity.User) (entity.Organization, error) {
 	const (
 		queryOrgType   = "SELECT a.organization_type_id FROM tab_organization_type a WHERE a.organization_type_key = ?;"
 		queryParentOrg = "SELECT a.organization_id FROM tab_organization a WHERE a.organization_uuid = ?;"
@@ -457,7 +545,7 @@ func (c *organizationRepo) AddOrganization(organization entity.Organization) (en
 	if len(organization.Addresses) > 0 {
 		for i, a := range organization.Addresses {
 			a.Organization = &organization
-			address, err := c.SetOrganizationAddress(a)
+			address, err := c.SetOrganizationAddress(a, user)
 			if err != nil {
 				fmt.Println("Error to save addresses")
 				return entity.Organization{}, err
@@ -469,7 +557,7 @@ func (c *organizationRepo) AddOrganization(organization entity.Organization) (en
 	if len(organization.Contacts) > 0 {
 		for i, ct := range organization.Contacts {
 			ct.Organization = &organization
-			contact, err := c.SetOrganizationContact(ct)
+			contact, err := c.SetOrganizationContact(ct, user)
 			if err != nil {
 				fmt.Println("Error to save contacts")
 				return entity.Organization{}, err

domain/contract/repo.go

@@ -68,23 +68,23 @@ type NotificationRepo interface {
 // ProviderRepo defines the data set for Rides
 type OrganizationRepo interface {
 	GetAllTypes() ([]entity.OrganizationType, error)
-	GetByType(organizationTypeKey string) ([]entity.Organization, error)
+	GetByType(organizationTypeKey string, user entity.User) ([]entity.Organization, error)
-	GetByUUID(organizationUUID string) (entity.Organization, error)
+	GetByUUID(organizationUUID string, user entity.User) (entity.Organization, error)
 	GetContactsByOrganizationUUID(organizationUUID string) ([]entity.OrganizationContact, error)
 	GetContactsByOrganizationID(organizationID int64) ([]entity.OrganizationContact, error)
 	GetContactsByUUID(contactUUID string) (entity.OrganizationContact, error)
 	GetAddressByOrganizationUUID(organizationUUID string) ([]entity.OrganizationAddress, error)
 	GetAddressByOrganizationID(organizationID int64) ([]entity.OrganizationAddress, error)
 	GetAddressByUUID(contactUUID string) (entity.OrganizationAddress, error)
-	GetByID(organizationID int64) (entity.Organization, error)
+	GetByID(organizationID int64, user entity.User) (entity.Organization, error)
-	GetChildsByID(organizationID int64) ([]entity.Organization, error)
+	GetChildsByID(organizationID int64, user entity.User) ([]entity.Organization, error)
-	GetByName(name string, searchType string) ([]entity.Organization, error)
+	GetByName(name string, searchType string, user entity.User) ([]entity.Organization, error)
 	SetParentOrganization(organizationID int64, parentOrganizationID int64) error
-	InactivateOrganizationAddress(address entity.OrganizationAddress) error
+	InactivateOrganizationAddress(address entity.OrganizationAddress, user entity.User) error
-	SetOrganizationAddress(address entity.OrganizationAddress) (entity.OrganizationAddress, error)
+	SetOrganizationAddress(address entity.OrganizationAddress, user entity.User) (entity.OrganizationAddress, error)
-	InactivateOrganizationContact(contact entity.OrganizationContact) error
+	InactivateOrganizationContact(contact entity.OrganizationContact, user entity.User) error
-	SetOrganizationContact(contact entity.OrganizationContact) (entity.OrganizationContact, error)
+	SetOrganizationContact(contact entity.OrganizationContact, user entity.User) (entity.OrganizationContact, error)
-	AddOrganization(organization entity.Organization) (entity.Organization, error)
+	AddOrganization(organization entity.Organization, user entity.User) (entity.Organization, error)
 	GetTypeByKey(key string) (entity.OrganizationType, error)
 }
 

domain/service/organization.go

@@ -20,16 +20,16 @@ func (s *organizationService) GetAllTypes() ([]entity.OrganizationType, error) {
 	return s.svc.db.Organization().GetAllTypes()
 }
 
-func (s *organizationService) GetByType(organizationTypeKey string) ([]entity.Organization, error) {
+func (s *organizationService) GetByType(organizationTypeKey string, user entity.User) ([]entity.Organization, error) {
-	return s.svc.db.Organization().GetByType(organizationTypeKey)
+	return s.svc.db.Organization().GetByType(organizationTypeKey, user)
 }
 
-func (s *organizationService) GetByName(name string, searchType string) ([]entity.Organization, error) {
+func (s *organizationService) GetByName(name string, searchType string, user entity.User) ([]entity.Organization, error) {
-	return s.svc.db.Organization().GetByName(name, searchType)
+	return s.svc.db.Organization().GetByName(name, searchType, user)
 }
 
-func (s *organizationService) GetByUUID(organizationUUID string) (entity.Organization, error) {
+func (s *organizationService) GetByUUID(organizationUUID string, user entity.User) (entity.Organization, error) {
-	organization, err := s.svc.db.Organization().GetByUUID(organizationUUID)
+	organization, err := s.svc.db.Organization().GetByUUID(organizationUUID, user)
 	if err != nil {
 		return organization, err
 	}
@@ -44,13 +44,13 @@ func (s *organizationService) GetByUUID(organizationUUID string) (entity.Organiz
 		return organization, err
 	}
 
-	organization.ChildOrgs, err = s.svc.db.Organization().GetChildsByID(organization.ID)
+	organization.ChildOrgs, err = s.svc.db.Organization().GetChildsByID(organization.ID, user)
 	if err != nil {
 		return organization, err
 	}
 
 	if organization.ParentID > 0 {
-		parent, err := s.svc.db.Organization().GetByID(organization.ParentID)
+		parent, err := s.svc.db.Organization().GetByID(organization.ParentID, user)
 		if err != nil {
 			return organization, err
 		}
@@ -88,24 +88,24 @@ func (s *organizationService) GetAddressByUUID(contactUUID string) (entity.Organ
 	return s.svc.db.Organization().GetAddressByUUID(contactUUID)
 }
 
-func (s *organizationService) InactivateOrganizationAddress(address entity.OrganizationAddress) error {
+func (s *organizationService) InactivateOrganizationAddress(address entity.OrganizationAddress, user entity.User) error {
-	return s.svc.db.Organization().InactivateOrganizationAddress(address)
+	return s.svc.db.Organization().InactivateOrganizationAddress(address, user)
 }
 
-func (s *organizationService) SetOrganizationAddress(address entity.OrganizationAddress) (entity.OrganizationAddress, error) {
+func (s *organizationService) SetOrganizationAddress(address entity.OrganizationAddress, user entity.User) (entity.OrganizationAddress, error) {
-	return s.svc.db.Organization().SetOrganizationAddress(address)
+	return s.svc.db.Organization().SetOrganizationAddress(address, user)
 }
 
-func (s *organizationService) InactivateOrganizationContact(contact entity.OrganizationContact) error {
+func (s *organizationService) InactivateOrganizationContact(contact entity.OrganizationContact, user entity.User) error {
-	return s.svc.db.Organization().InactivateOrganizationContact(contact)
+	return s.svc.db.Organization().InactivateOrganizationContact(contact, user)
 }
 
-func (s *organizationService) SetOrganizationContact(contact entity.OrganizationContact) (entity.OrganizationContact, error) {
+func (s *organizationService) SetOrganizationContact(contact entity.OrganizationContact, user entity.User) (entity.OrganizationContact, error) {
-	return s.svc.db.Organization().SetOrganizationContact(contact)
+	return s.svc.db.Organization().SetOrganizationContact(contact, user)
 }
 
-func (s *organizationService) AddOrganization(organization entity.Organization) (entity.Organization, error) {
+func (s *organizationService) AddOrganization(organization entity.Organization, user entity.User) (entity.Organization, error) {
-	return s.svc.db.Organization().AddOrganization(organization)
+	return s.svc.db.Organization().AddOrganization(organization, user)
 }
 
 func (s *organizationService) GetTypeByKey(key string) (entity.OrganizationType, error) {

ecs.prd.json

@@ -16,17 +16,8 @@
       },
       "portMappings": [
         {
-          "containerPort": 5100
+          "containerPort": 5100,
-        }
+          "hostPort": 5100
-      ],
-      "environment": [
-        {
-          "name": "SERVICE_5100_NAME",
-          "value": "portal-api"
-        },
-        {
-          "name": "SERVICE_5100_TAGS",
-          "value": "api"
         }
       ]
     }

ecs.stg.json

@@ -1,7 +1,7 @@
 {
   "containerDefinitions": [
     {
-      "name": "portal-api-dev",
+      "name": "portal-api",
       "image": "105690980714.dkr.ecr.us-east-2.amazonaws.com/nemt-portal-api:dev",
       "cpu": 128,
       "memory": 128,
@@ -16,17 +16,8 @@
       },
       "portMappings": [
         {
-          "containerPort": 5100
+          "containerPort": 5100,
-        }
+          "hostPort": 5100
-      ],
-      "environment": [
-        {
-          "name": "SERVICE_5100_NAME",
-          "value": "portal-api"
-        },
-        {
-          "name": "SERVICE_5100_TAGS",
-          "value": "api"
         }
       ]
     }

server/router/organizationroute/controller.go

@@ -78,7 +78,12 @@ func (c *controller) handleAddOrganization(ctx echo.Context) error {
 func (c *controller) handle(ctx echo.Context) error {
 	orgType, _ := routeutils.GetAndValidateStringQueryParam(ctx, "type", "Type is mandatory")
 
-	resp, err := c.svc.Organization.GetByType(orgType)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	resp, err := c.svc.Organization.GetByType(orgType, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -92,7 +97,12 @@ func (c *controller) handleDetail(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.GetByUUID(orgUUID)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	resp, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -112,7 +122,12 @@ func (c *controller) handleParent(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.SetParentOrganization(orgUUID, parent.UUID)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	resp, err := c.svc.Organization.SetParentOrganization(orgUUID, parent.UUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -132,12 +147,17 @@ func (c *controller) handleChild(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	_, err = c.svc.Organization.SetParentOrganization(child.UUID, orgUUID)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.GetByUUID(orgUUID)
+	_, err = c.svc.Organization.SetParentOrganization(child.UUID, orgUUID, authUser)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	resp, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -151,11 +171,16 @@ func (c *controller) handleNameSearch(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
 	searchType := ""
 	searchType, _ = routeutils.GetAndValidateStringQueryParam(ctx, "type", "Type is mandatory")
 
 	cache := cache.Instance(c.cfg)
-	cacheKey := ctx.Request().Method + ctx.Request().URL.RawPath + ctx.Request().URL.RawQuery
+	cacheKey := ctx.Request().Method + ctx.Request().URL.RawPath + ctx.Request().URL.RawQuery + authUser.ID
 
 	resp := []viewmodel.Organization{}
 	err = cache.GetStruct(cacheKey, &resp)
@@ -163,7 +188,7 @@ func (c *controller) handleNameSearch(ctx echo.Context) error {
 		if err != domain.ErrCacheMiss {
 			ctx.Logger().Errorf(domain.LogProblemGettingFromCache, err)
 		}
-		resp, err = c.svc.Organization.GetByName(name, searchType)
+		resp, err = c.svc.Organization.GetByName(name, searchType, authUser)
 		if err != nil {
 			return routeutils.HandleAPIError(ctx, err)
 		}
@@ -180,24 +205,24 @@ func (c *controller) handleRemoveAddress(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
 	orgUUID, err := routeutils.GetAndValidateStringParam(ctx, "org_uuid", "Org ID is mandatory")
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	uInt, err := auth.GetTokenDetail(ctx, c.cfg)
+	address.UpdatedUser.ID = authUser.ID
-	if err != nil {
-		return routeutils.HandleAPIError(ctx, err)
-	}
-	createdUser := uInt.(map[string]interface{})
-	address.UpdatedUser.ID = createdUser["useruuid"].(string)
 
-	err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address)
+	err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.GetByUUID(orgUUID)
+	resp, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -217,20 +242,19 @@ func (c *controller) handleAddAddress(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	uInt, err := auth.GetTokenDetail(ctx, c.cfg)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
-	createdUser := uInt.(map[string]interface{})
+	address.CreatedUser.ID = authUser.ID
-	address.CreatedUser.ID = createdUser["useruuid"].(string)
+	address.UpdatedUser.ID = authUser.ID
-	address.UpdatedUser.ID = address.CreatedUser.ID
 
-	_, err = c.svc.Organization.SetOrganizationAddress(orgUUID, address)
+	_, err = c.svc.Organization.SetOrganizationAddress(orgUUID, address, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.GetByUUID(orgUUID)
+	resp, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -250,19 +274,18 @@ func (c *controller) handleRemoveContact(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	uInt, err := auth.GetTokenDetail(ctx, c.cfg)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
-	createdUser := uInt.(map[string]interface{})
+	contact.UpdatedUser.ID = authUser.ID
-	contact.UpdatedUser.ID = createdUser["useruuid"].(string)
 
-	err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact)
+	err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.GetByUUID(orgUUID)
+	resp, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -282,20 +305,19 @@ func (c *controller) handleAddContact(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	uInt, err := auth.GetTokenDetail(ctx, c.cfg)
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
-	createdUser := uInt.(map[string]interface{})
+	contact.CreatedUser.ID = authUser.ID
-	contact.CreatedUser.ID = createdUser["useruuid"].(string)
+	contact.UpdatedUser.ID = authUser.ID
-	contact.UpdatedUser.ID = contact.CreatedUser.ID
 
-	_, err = c.svc.Organization.SetOrganizationContact(orgUUID, contact)
+	_, err = c.svc.Organization.SetOrganizationContact(orgUUID, contact, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	resp, err := c.svc.Organization.GetByUUID(orgUUID)
+	resp, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}

server/router/usersroute/controller.go

@@ -274,6 +274,11 @@ func (c *controller) handleMember(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
 	if user.PhoneNumber == nil && user.Email == nil || len(*user.PhoneNumber) == 0 && len(*user.Email) == 0 {
 		return routeutils.ResponseAPIAuthError(ctx, "phonenumber or email is required", false)
 	}
@@ -314,7 +319,7 @@ func (c *controller) handleMember(ctx echo.Context) error {
 	}
 	user.Profiles = append(user.Profiles, profile)
 
-	user, err = c.svc.Users.Create(user)
+	user, err = c.svc.Users.Create(user, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -328,6 +333,11 @@ func (c *controller) handleBulkPortal(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
 	for i, _ := range users {
 		if len(users[i].Profiles) == 0 {
 			return routeutils.ResponseAPIAuthError(ctx, "profile is required", false)
@@ -360,7 +370,7 @@ func (c *controller) handleBulkPortal(ctx echo.Context) error {
 		}
 	}
 
-	returnUser, err := c.svc.Users.CreateBulk(users)
+	returnUser, err := c.svc.Users.CreateBulk(users, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
@@ -374,6 +384,11 @@ func (c *controller) handlePortal(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	authUser, err := auth.GetUserDetail(ctx, c.cfg)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
 	if len(user.Profiles) == 0 {
 		return routeutils.ResponseAPIAuthError(ctx, "profile is required", false)
 	}
@@ -404,7 +419,7 @@ func (c *controller) handlePortal(ctx echo.Context) error {
 		user.Name = fmt.Sprintf("%s %s", user.First, user.Last)
 	}
 
-	user, err = c.svc.Users.Create(user)
+	user, err = c.svc.Users.Create(user, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}

server/serverconfig/authorization.go

@@ -1,8 +1,6 @@
 package serverconfig
 
 import (
-	"fmt"
-
 	"bitbucket.org/nemt/nemt-portal-api/application/applicationservice"
 	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
 	"bitbucket.org/nemt/nemt-portal-api/infra/auth"
@@ -77,8 +75,8 @@ func (a *Config) CheckPermission(c echo.Context) bool {
 	}
 	method := c.Request().Method
 	path := c.Request().URL.Path
-	objectOrganization := a.organizationGoverningObject(c, user)
+
-	objectRole := a.roleGoverningObject(c, user)
+	objectsRole, objectsOrganization, objectsOrganizationType, object := a.policyObjectAttributes(c, user)
 
 	currentUsersOrganization := viewmodel.Organization{}
 	if len(user.Organizations) > 0 {
@@ -89,49 +87,74 @@ func (a *Config) CheckPermission(c echo.Context) bool {
 	if len(user.Profiles) > 0 {
 		currentUsersRole = user.Profiles[0]
 	}
-	orgRelation := organizationsRelation(currentUsersOrganization, objectOrganization)
-	objRelation := a.objectRelation(c, user)
 
-	// parameters to Enforce must match the request section of the authorization model
+	currentUsersOrganizationType := ""
-	return a.Enforcer.Enforce(currentUsersRole.Key, objectRole.Key, orgRelation, objRelation, path, method)
+	if len(user.Profiles) > 0 {
+		currentUsersOrganizationType = user.Profiles[0].Organization.Type.Key
+	}
+
+	orgRelation := organizationsRelation(currentUsersOrganization, objectsOrganization)
+	objRelation := a.objectRelation(object, user)
+
+	// parameters to Enforce must match the request section of the authorization_model.conf
+	return a.Enforcer.Enforce(currentUsersRole.Key,
+		objectsRole.Key,
+		objectsOrganizationType,
+		currentUsersOrganizationType,
+		orgRelation,
+		objRelation,
+		path,
+		method)
 
 }
 
-// organizationGoverningObject returns the organization that is the owner of the object that is being accessed
+// policyObjectAttributes returns all information about the object being accessed for the policy
-// in case object exists and returns users role if it is a new object
+// in case object exists and returns users information if it is a new object
-func (a *Config) organizationGoverningObject(c echo.Context, userDetails viewmodel.User) (result viewmodel.Organization) {
+func (a *Config) policyObjectAttributes(c echo.Context, userDetails viewmodel.User) (viewmodel.Profile, viewmodel.Organization, string, interface{}) {
 
-	fmt.Println("***************")
+	var object interface{}
-	fmt.Println(c.ParamValues())
+
-	fmt.Println("***************")
+	objectIsNew := len(c.ParamValues()) <= 1
-	existingUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) > 1
+	objectIsExisting := len(c.ParamValues()) > 1
-	newUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) <= 1
+
+	existingUser := strings.Contains(c.Request().URL.Path, "/users") && objectIsNew
+	newUser := strings.Contains(c.Request().URL.Path, "/users") && objectIsExisting
+
+	existingOrganization := strings.Contains(c.Request().URL.Path, "/organization") && objectIsExisting
+	newOrganization := strings.Contains(c.Request().URL.Path, "/organization") && objectIsNew
 
 	switch {
 	case existingUser:
-		user, _ := a.Svc.Users.GetByUUID(c.ParamValues()[1], "")
+		object, _ = a.Svc.Users.GetByUUID(c.ParamValues()[1], "")
-		result = user.Organizations[0]
 	case newUser && len(userDetails.Organizations) > 0:
-		result = userDetails.Organizations[0]
+		object = userDetails
+	case existingOrganization:
+		object, _ = a.Svc.Organization.GetByUUID(c.ParamValues()[1], userDetails)
+	case newOrganization:
+		object = viewmodel.Organization{}
 	}
-	return
-}
 
-// organizationGoverningObject returns the role that is the owner of the object that is being accessed
+	objectsRole := viewmodel.Profile{}
-// in case object exists and returns users role if it is a new object
+	switch obj := object.(type) {
-func (a *Config) roleGoverningObject(c echo.Context, userDetails viewmodel.User) (result viewmodel.Profile) {
+	case viewmodel.User:
-
+		if len(obj.Profiles) > 0 {
-	existingUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) > 1
+			objectsRole = obj.Profiles[0]
-	newUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) <= 1
-
-	switch {
-	case existingUser:
-		user, _ := a.Svc.Users.GetByUUID(c.ParamValues()[1], "")
-		result = user.Profiles[0]
-	case newUser && len(userDetails.Organizations) > 0:
-		result = userDetails.Profiles[0]
 		}
-	return
+	}
+
+	objectsOrganization := viewmodel.Organization{}
+	switch obj := object.(type) {
+	case viewmodel.User:
+		if len(obj.Profiles) > 0 {
+			objectsOrganization = obj.Profiles[0].Organization
+		}
+	case viewmodel.Organization:
+		objectsOrganization = obj
+	}
+
+	objectsOrganizationType := objectsOrganization.Type.Key
+
+	return objectsRole, objectsOrganization, objectsOrganizationType, object
 }
 
 func organizationsRelation(requestOrganization, currentUsersOrganization viewmodel.Organization) string {
@@ -156,15 +179,14 @@ func organizationsRelation(requestOrganization, currentUsersOrganization viewmod
 
 // organizationGoverningObject returns the role that is the owner of the object that is being accessed
 // in case object exists and returns users role if it is a new object
-func (a *Config) objectRelation(c echo.Context, userDetails viewmodel.User) string {
+func (a *Config) objectRelation(object interface{}, currentUser viewmodel.User) string {
 
-	existingUser := strings.Contains(c.Request().URL.Path, "/users") && len(c.ParamValues()) > 1
+	switch obj := object.(type) {
-
+	case viewmodel.User:
-	switch {
+		if obj.ID == currentUser.ID {
-	case existingUser:
-		user, _ := a.Svc.Users.GetByUUID(c.ParamValues()[1], "")
-		if user.ID == userDetails.ID {
 			return "[self]"
+		} else {
+			return "[other]"
 		}
 	}
 	return "[other]"