implement rules checking for orgnz, addr and contact creation and update

server/authorization/address.go

@@ -5,47 +5,11 @@ import (
 	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
 )
 
-func CanCreateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
+func CanCreateAddress(user viewmodel.User, organization viewmodel.Organization) bool {
-	//TODO : implement checking 
+	//rules are the same for address creation and for organization creation
-
+	return CanCreateOrganization(user, organization)
-	userRole, err := grabProfileFromUser(user)
-	if err != nil {
-		return false
-	}
-
-	/*Admin		Provider	Manage all Organizations */
-	if userRole.Key == providerAdmin{
-		return true
-	}
-
-	/* Admin	BCBSI		Manage all Organizations */
-	if userRole.Key == bcbsiAdmin{
-		return true
-	}
-
-	/* Admin	Technical Support		Manage all Organizations */
-	if userRole.Key == brighterDevAdmin{
-		return true
-	}
-
-	/* Admin	Plan	
-	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
-	if userRole.Key == planAdmin {
-		return true
-	}
-
-	/* Super Admin 		Technical Support		Manage all Organizations*/
-	if userRole.Key == superAdmin {
-		return true
-	}
-	
-	return false
 }
 
-func CanUpdateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
+func CanUpdateAddress(user viewmodel.User, organization viewmodel.Organization) bool {
-	return CanCreateAddress(user, address)
+	return CanCreateAddress(user, organization)
-}
-
-func CanDeleteAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
-	return CanCreateAddress(user, address)
 }

server/authorization/contact.go

@@ -5,47 +5,11 @@ import (
 	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
 )
 
-func CanCreateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
+func CanCreateContact(user viewmodel.User, organization viewmodel.Organization) bool {
-	//TODO : implement checking 
+	//rules are the same for contact creation and for organization creation
-
+	return CanCreateOrganization(user, organization)
-	userRole, err := grabProfileFromUser(user)
-	if err != nil {
-		return false
-	}
-
-	/*Admin		Provider	Manage all Organizations */
-	if userRole.Key == providerAdmin{
-		return true
-	}
-
-	/* Admin	BCBSI		Manage all Organizations */
-	if userRole.Key == bcbsiAdmin{
-		return true
-	}
-
-	/* Admin	Technical Support		Manage all Organizations */
-	if userRole.Key == brighterDevAdmin{
-		return true
-	}
-
-	/* Admin	Plan	
-	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
-	if userRole.Key == planAdmin {
-		return true
-	}
-
-	/* Super Admin 		Technical Support		Manage all Organizations*/
-	if userRole.Key == superAdmin {
-		return true
-	}
-	
-	return false
 }
 
-func CanUpdateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
+func CanUpdateContact(user viewmodel.User, organization viewmodel.Organization) bool {
-	return CanCreateContact(user, contact)
+	return CanCreateAddress(user, organization)
-}
-
-func CanDeleteContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
-	return CanCreateContact(user, contact)
 }

server/authorization/organization.go

@@ -28,42 +28,41 @@ func grabOrgFromUser(user viewmodel.User) (viewmodel.Organization, error) {
 }
 
 func CanCreateOrganization(user viewmodel.User, organization viewmodel.Organization ) bool {
-	//TODO : implement checking 
-
 	userRole, err := grabProfileFromUser(user)
 	if err != nil {
 		return false
 	}
 
-	/*Admin		Provider	Manage all Organizations */
+	/*
-	if userRole.Key == providerAdmin{
+	Admin			BCBSI 
+	Admin			Technical Support
+	Super Admin 	Technical Support
+	
+	Manage all Organizations*/
+	if userRole.Key == bcbsiAdmin || userRole.Key == brighterDevAdmin || userRole.Key == superAdmin{
 		return true
 	}
 
-	/* Admin	BCBSI		Manage all Organizations */
+	userOrg, err := grabOrgFromUser(user)
-	if userRole.Key == bcbsiAdmin{
+	if err != nil{
-		return true
+		return false
 	}
 	
-	/* Admin	Technical Support		Manage all Organizations */
+	/*
-	if userRole.Key == brighterDevAdmin{
+	Admin		Provider
-		return true
+	Admin		Plan
-	}
 	
-	/* Admin	Plan	
+	Manage the authenticated Authorized User's Organization and child Organizations */
-	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
+	if userRole.Key == providerAdmin || userRole.Key == planAdmin{
-	if userRole.Key == planAdmin {
+		if isSameOrganization(userOrg, organization) || isAChildOrganization(userOrg, organization) {
-		return true
+			return true
-	}
+		}
-
+		return false
-	/* Super Admin 		Technical Support		Manage all Organizations*/
-	if userRole.Key == superAdmin {
-		return true
 	}
 	
 	return false
 }
 
-func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool {
+func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool{
-	return CanCreateOrganization(user,organization)
+	return CanCreateOrganization(user, organization)
 }

server/router/organizationroute/controller.go

@@ -133,6 +133,15 @@ func (c *controller) handleParent(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	if !authorization.CanUpdateOrganization(authUser, organization){
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	resp, err := c.svc.Organization.SetParentOrganization(orgUUID, parent.UUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
@@ -158,6 +167,15 @@ func (c *controller) handleChild(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	if !authorization.CanUpdateOrganization(authUser, organization){
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	_, err = c.svc.Organization.SetParentOrganization(child.UUID, orgUUID, authUser)
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
@@ -221,10 +239,6 @@ func (c *controller) handleRemoveAddress(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	if !authorization.CanDeleteAddress(authUser, address) {
-		return routeutils.ResponseAPIAuthorizationError(ctx)
-	}
-
 	address.UpdatedUser.ID = authUser.ID
 
 	err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address, authUser)
@@ -257,10 +271,17 @@ func (c *controller) handleAddAddress(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	if !authorization.CanCreateAddress(authUser, address) {
+	organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	if !authorization.CanCreateAddress(authUser, organization) {
 		return routeutils.ResponseAPIAuthorizationError(ctx)
 	}
 
+	return routeutils.ResponseAPIAuthorizationError(ctx)
+
 	address.CreatedUser.ID = authUser.ID
 	address.UpdatedUser.ID = authUser.ID
 
@@ -294,10 +315,6 @@ func (c *controller) handleRemoveContact(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	if !authorization.CanDeleteContact(authUser, contact) {
-		return routeutils.ResponseAPIAuthorizationError(ctx)
-	}
-
 	contact.UpdatedUser.ID = authUser.ID
 
 	err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact, authUser)
@@ -330,7 +347,12 @@ func (c *controller) handleAddContact(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	if !authorization.CanCreateContact(authUser, contact) {
+	organization, err := c.svc.Organization.GetByUUID(orgUUID, authUser)
+	if err != nil {
+		return routeutils.HandleAPIError(ctx, err)
+	}
+
+	if !authorization.CanCreateContact(authUser, organization) {
 		return routeutils.ResponseAPIAuthorizationError(ctx)
 	}