implement rules checking for orgnz, addr and contact creation and update

server/authorization/organization.go

@@ -28,42 +28,41 @@ func grabOrgFromUser(user viewmodel.User) (viewmodel.Organization, error) {
 }
 
 func CanCreateOrganization(user viewmodel.User, organization viewmodel.Organization ) bool {
-	//TODO : implement checking 
-
 	userRole, err := grabProfileFromUser(user)
 	if err != nil {
 		return false
 	}
 
-	/*Admin		Provider	Manage all Organizations */
-	if userRole.Key == providerAdmin{
+	/*
+	Admin			BCBSI 
+	Admin			Technical Support
+	Super Admin 	Technical Support
+	
+	Manage all Organizations*/
+	if userRole.Key == bcbsiAdmin || userRole.Key == brighterDevAdmin || userRole.Key == superAdmin{
 		return true
 	}
 
-	/* Admin	BCBSI		Manage all Organizations */
-	if userRole.Key == bcbsiAdmin{
-		return true
+	userOrg, err := grabOrgFromUser(user)
+	if err != nil{
+		return false
 	}
-
-	/* Admin	Technical Support		Manage all Organizations */
-	if userRole.Key == brighterDevAdmin{
-		return true
-	}
-
-	/* Admin	Plan	
-	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
-	if userRole.Key == planAdmin {
-		return true
-	}
-
-	/* Super Admin 		Technical Support		Manage all Organizations*/
-	if userRole.Key == superAdmin {
-		return true
+	
+	/*
+	Admin		Provider
+	Admin		Plan
+	
+	Manage the authenticated Authorized User's Organization and child Organizations */
+	if userRole.Key == providerAdmin || userRole.Key == planAdmin{
+		if isSameOrganization(userOrg, organization) || isAChildOrganization(userOrg, organization) {
+			return true
+		}
+		return false
 	}
 	
 	return false
 }
 
-func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool {
-	return CanCreateOrganization(user,organization)
-}
+func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool{
+	return CanCreateOrganization(user, organization)
+}