senaduka/old-svijetlastrana
1
0
Fork 0
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

implement rules checking for orgnz, addr and contact creation and update

Browse Source
This commit is contained in:
GotPPay
2018-05-04 16:36:51 +02:00
parent ef783567b9
commit d820d47fcd
4 changed files with 66 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
server/authorization/address.go
View File

@@ -5,47 +5,11 @@ import (
"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
)
func CanCreateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
//TODO : implement checking
userRole, err := grabProfileFromUser(user)
if err != nil {
return false
}
/*Admin Provider Manage all Organizations */
if userRole.Key == providerAdmin{
return true
}
/* Admin BCBSI Manage all Organizations */
if userRole.Key == bcbsiAdmin{
return true
}
/* Admin Technical Support Manage all Organizations */
if userRole.Key == brighterDevAdmin{
return true
}
/* Admin Plan
Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
if userRole.Key == planAdmin {
return true
}
/* Super Admin Technical Support Manage all Organizations*/
if userRole.Key == superAdmin {
return true
}
return false
func CanCreateAddress(user viewmodel.User, organization viewmodel.Organization) bool {
//rules are the same for address creation and for organization creation
return CanCreateOrganization(user, organization)
}
func CanUpdateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
return CanCreateAddress(user, address)
}
func CanDeleteAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
return CanCreateAddress(user, address)
func CanUpdateAddress(user viewmodel.User, organization viewmodel.Organization) bool {
return CanCreateAddress(user, organization)
}

46
server/authorization/contact.go
View File

@@ -5,47 +5,11 @@ import (
"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
)
func CanCreateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
//TODO : implement checking
userRole, err := grabProfileFromUser(user)
if err != nil {
return false
}
/*Admin Provider Manage all Organizations */
if userRole.Key == providerAdmin{
return true
}
/* Admin BCBSI Manage all Organizations */
if userRole.Key == bcbsiAdmin{
return true
}
/* Admin Technical Support Manage all Organizations */
if userRole.Key == brighterDevAdmin{
return true
}
/* Admin Plan
Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
if userRole.Key == planAdmin {
return true
}
/* Super Admin Technical Support Manage all Organizations*/
if userRole.Key == superAdmin {
return true
}
return false
func CanCreateContact(user viewmodel.User, organization viewmodel.Organization) bool {
//rules are the same for contact creation and for organization creation
return CanCreateOrganization(user, organization)
}
func CanUpdateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
return CanCreateContact(user, contact)
}
func CanDeleteContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
return CanCreateContact(user, contact)
func CanUpdateContact(user viewmodel.User, organization viewmodel.Organization) bool {
return CanCreateAddress(user, organization)
}

49
server/authorization/organization.go
View File

@@ -28,42 +28,41 @@ func grabOrgFromUser(user viewmodel.User) (viewmodel.Organization, error) {
}
func CanCreateOrganization(user viewmodel.User, organization viewmodel.Organization ) bool {
//TODO : implement checking
userRole, err := grabProfileFromUser(user)
if err != nil {
return false
}
/*Admin Provider Manage all Organizations */
if userRole.Key == providerAdmin{
/*
Admin BCBSI
Admin Technical Support
Super Admin Technical Support
Manage all Organizations*/
if userRole.Key == bcbsiAdmin || userRole.Key == brighterDevAdmin || userRole.Key == superAdmin{
return true
}
/* Admin BCBSI Manage all Organizations */
if userRole.Key == bcbsiAdmin{
return true
userOrg, err := grabOrgFromUser(user)
if err != nil{
return false
}
/* Admin Technical Support Manage all Organizations */
if userRole.Key == brighterDevAdmin{
return true
}
/* Admin Plan
Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
if userRole.Key == planAdmin {
return true
}
/* Super Admin Technical Support Manage all Organizations*/
if userRole.Key == superAdmin {
return true
/*
Admin Provider
Admin Plan
Manage the authenticated Authorized User's Organization and child Organizations */
if userRole.Key == providerAdmin || userRole.Key == planAdmin{
if isSameOrganization(userOrg, organization) || isAChildOrganization(userOrg, organization) {
return true
}
return false
}
return false
}
func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool {
return CanCreateOrganization(user,organization)
}
func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool{
return CanCreateOrganization(user, organization)
}

42
server/router/organizationroute/controller.go
View File

@@ -133,6 +133,15 @@ func (c *controller) handleParent(ctx echo.Context) error {
return routeutils.HandleAPIError(ctx, err)
}
organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
if err != nil {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanUpdateOrganization(authUser, organization){
return routeutils.ResponseAPIAuthorizationError(ctx)
}
resp, err := c.svc.Organization.SetParentOrganization(orgUUID, parent.UUID, authUser)
if err != nil {
return routeutils.HandleAPIError(ctx, err)
@@ -158,6 +167,15 @@ func (c *controller) handleChild(ctx echo.Context) error {
return routeutils.HandleAPIError(ctx, err)
}
organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
if err != nil {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanUpdateOrganization(authUser, organization){
return routeutils.ResponseAPIAuthorizationError(ctx)
}
_, err = c.svc.Organization.SetParentOrganization(child.UUID, orgUUID, authUser)
if err != nil {
return routeutils.HandleAPIError(ctx, err)
@@ -221,10 +239,6 @@ func (c *controller) handleRemoveAddress(ctx echo.Context) error {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanDeleteAddress(authUser, address) {
return routeutils.ResponseAPIAuthorizationError(ctx)
}
address.UpdatedUser.ID = authUser.ID
err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address, authUser)
@@ -257,10 +271,17 @@ func (c *controller) handleAddAddress(ctx echo.Context) error {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanCreateAddress(authUser, address) {
organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
if err != nil {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanCreateAddress(authUser, organization) {
return routeutils.ResponseAPIAuthorizationError(ctx)
}
return routeutils.ResponseAPIAuthorizationError(ctx)
address.CreatedUser.ID = authUser.ID
address.UpdatedUser.ID = authUser.ID
@@ -294,10 +315,6 @@ func (c *controller) handleRemoveContact(ctx echo.Context) error {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanDeleteContact(authUser, contact) {
return routeutils.ResponseAPIAuthorizationError(ctx)
}
contact.UpdatedUser.ID = authUser.ID
err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact, authUser)
@@ -330,7 +347,12 @@ func (c *controller) handleAddContact(ctx echo.Context) error {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanCreateContact(authUser, contact) {
organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
if err != nil {
return routeutils.HandleAPIError(ctx, err)
}
if !authorization.CanCreateContact(authUser, organization) {
return routeutils.ResponseAPIAuthorizationError(ctx)
}