create structure for rules checking

server/authorization/address.go

@@ -0,0 +1,51 @@
+package authorization
+
+import (
+
+	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
+)
+
+func CanCreateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
+	//TODO : implement checking 
+
+	userRole, err := grabProfileFromUser(user)
+	if err != nil {
+		return false
+	}
+
+	/*Admin		Provider	Manage all Organizations */
+	if userRole.Key == providerAdmin{
+		return true
+	}
+
+	/* Admin	BCBSI		Manage all Organizations */
+	if userRole.Key == bcbsiAdmin{
+		return true
+	}
+
+	/* Admin	Technical Support		Manage all Organizations */
+	if userRole.Key == brighterDevAdmin{
+		return true
+	}
+
+	/* Admin	Plan	
+	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
+	if userRole.Key == planAdmin {
+		return true
+	}
+
+	/* Super Admin 		Technical Support		Manage all Organizations*/
+	if userRole.Key == superAdmin {
+		return true
+	}
+	
+	return false
+}
+
+func CanUpdateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
+	return CanCreateAddress(user, address)
+}
+
+func CanDeleteAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool {
+	return CanCreateAddress(user, address)
+}

server/authorization/contact.go

@@ -0,0 +1,51 @@
+package authorization
+
+import (
+
+	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
+)
+
+func CanCreateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
+	//TODO : implement checking 
+
+	userRole, err := grabProfileFromUser(user)
+	if err != nil {
+		return false
+	}
+
+	/*Admin		Provider	Manage all Organizations */
+	if userRole.Key == providerAdmin{
+		return true
+	}
+
+	/* Admin	BCBSI		Manage all Organizations */
+	if userRole.Key == bcbsiAdmin{
+		return true
+	}
+
+	/* Admin	Technical Support		Manage all Organizations */
+	if userRole.Key == brighterDevAdmin{
+		return true
+	}
+
+	/* Admin	Plan	
+	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
+	if userRole.Key == planAdmin {
+		return true
+	}
+
+	/* Super Admin 		Technical Support		Manage all Organizations*/
+	if userRole.Key == superAdmin {
+		return true
+	}
+	
+	return false
+}
+
+func CanUpdateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
+	return CanCreateContact(user, contact)
+}
+
+func CanDeleteContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool {
+	return CanCreateContact(user, contact)
+}

server/authorization/organization.go

@@ -26,3 +26,44 @@ func grabOrgFromUser(user viewmodel.User) (viewmodel.Organization, error) {
 
 	return user.Organizations[0], nil
 }
+
+func CanCreateOrganization(user viewmodel.User, organization viewmodel.Organization ) bool {
+	//TODO : implement checking 
+
+	userRole, err := grabProfileFromUser(user)
+	if err != nil {
+		return false
+	}
+
+	/*Admin		Provider	Manage all Organizations */
+	if userRole.Key == providerAdmin{
+		return true
+	}
+
+	/* Admin	BCBSI		Manage all Organizations */
+	if userRole.Key == bcbsiAdmin{
+		return true
+	}
+
+	/* Admin	Technical Support		Manage all Organizations */
+	if userRole.Key == brighterDevAdmin{
+		return true
+	}
+
+	/* Admin	Plan	
+	Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/
+	if userRole.Key == planAdmin {
+		return true
+	}
+
+	/* Super Admin 		Technical Support		Manage all Organizations*/
+	if userRole.Key == superAdmin {
+		return true
+	}
+	
+	return false
+}
+
+func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool {
+	return CanCreateOrganization(user,organization)
+}

server/router/organizationroute/controller.go

@@ -10,6 +10,7 @@ import (
 	"bitbucket.org/nemt/nemt-portal-api/infra/cache"
 	"bitbucket.org/nemt/nemt-portal-api/infra/config"
 	"bitbucket.org/nemt/nemt-portal-api/server/router/routeutils"
+	"bitbucket.org/nemt/nemt-portal-api/server/authorization"
 	"github.com/labstack/echo"
 )
 
@@ -64,6 +65,11 @@ func (c *controller) handleAddOrganization(ctx echo.Context) error {
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
+
+	if !authorization.CanCreateOrganization(authUser, org) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	org.Author.ID = authUser.ID
 	org.LastEditor.ID = authUser.ID
 
@@ -215,6 +221,10 @@ func (c *controller) handleRemoveAddress(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
+	if !authorization.CanDeleteAddress(authUser, address) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	address.UpdatedUser.ID = authUser.ID
 
 	err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address, authUser)
@@ -246,6 +256,11 @@ func (c *controller) handleAddAddress(ctx echo.Context) error {
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
+
+	if !authorization.CanCreateAddress(authUser, address) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	address.CreatedUser.ID = authUser.ID
 	address.UpdatedUser.ID = authUser.ID
 
@@ -278,6 +293,11 @@ func (c *controller) handleRemoveContact(ctx echo.Context) error {
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
+
+	if !authorization.CanDeleteContact(authUser, contact) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	contact.UpdatedUser.ID = authUser.ID
 
 	err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact, authUser)
@@ -309,6 +329,11 @@ func (c *controller) handleAddContact(ctx echo.Context) error {
 	if err != nil {
 		return routeutils.HandleAPIError(ctx, err)
 	}
+
+	if !authorization.CanCreateContact(authUser, contact) {
+		return routeutils.ResponseAPIAuthorizationError(ctx)
+	}
+
 	contact.CreatedUser.ID = authUser.ID
 	contact.UpdatedUser.ID = authUser.ID