diff --git a/server/authorization/address.go b/server/authorization/address.go new file mode 100644 index 0000000..ea0d4a4 --- /dev/null +++ b/server/authorization/address.go @@ -0,0 +1,51 @@ +package authorization + +import ( + + "bitbucket.org/nemt/nemt-portal-api/application/viewmodel" +) + +func CanCreateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool { + //TODO : implement checking + + userRole, err := grabProfileFromUser(user) + if err != nil { + return false + } + + /*Admin Provider Manage all Organizations */ + if userRole.Key == providerAdmin{ + return true + } + + /* Admin BCBSI Manage all Organizations */ + if userRole.Key == bcbsiAdmin{ + return true + } + + /* Admin Technical Support Manage all Organizations */ + if userRole.Key == brighterDevAdmin{ + return true + } + + /* Admin Plan + Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/ + if userRole.Key == planAdmin { + return true + } + + /* Super Admin Technical Support Manage all Organizations*/ + if userRole.Key == superAdmin { + return true + } + + return false +} + +func CanUpdateAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool { + return CanCreateAddress(user, address) +} + +func CanDeleteAddress(user viewmodel.User, address viewmodel.OrganizationAddress) bool { + return CanCreateAddress(user, address) +} \ No newline at end of file diff --git a/server/authorization/contact.go b/server/authorization/contact.go new file mode 100644 index 0000000..13ade04 --- /dev/null +++ b/server/authorization/contact.go @@ -0,0 +1,51 @@ +package authorization + +import ( + + "bitbucket.org/nemt/nemt-portal-api/application/viewmodel" +) + +func CanCreateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool { + //TODO : implement checking + + userRole, err := grabProfileFromUser(user) + if err != nil { + return false + } + + /*Admin Provider Manage all Organizations */ + if userRole.Key == providerAdmin{ + return true + } + + /* Admin BCBSI Manage all Organizations */ + if userRole.Key == bcbsiAdmin{ + return true + } + + /* Admin Technical Support Manage all Organizations */ + if userRole.Key == brighterDevAdmin{ + return true + } + + /* Admin Plan + Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/ + if userRole.Key == planAdmin { + return true + } + + /* Super Admin Technical Support Manage all Organizations*/ + if userRole.Key == superAdmin { + return true + } + + return false +} + +func CanUpdateContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool { + return CanCreateContact(user, contact) +} + +func CanDeleteContact(user viewmodel.User, contact viewmodel.OrganizationContact) bool { + return CanCreateContact(user, contact) +} \ No newline at end of file diff --git a/server/authorization/organization.go b/server/authorization/organization.go index 7b42fa6..d6229e5 100644 --- a/server/authorization/organization.go +++ b/server/authorization/organization.go @@ -26,3 +26,44 @@ func grabOrgFromUser(user viewmodel.User) (viewmodel.Organization, error) { return user.Organizations[0], nil } + +func CanCreateOrganization(user viewmodel.User, organization viewmodel.Organization ) bool { + //TODO : implement checking + + userRole, err := grabProfileFromUser(user) + if err != nil { + return false + } + + /*Admin Provider Manage all Organizations */ + if userRole.Key == providerAdmin{ + return true + } + + /* Admin BCBSI Manage all Organizations */ + if userRole.Key == bcbsiAdmin{ + return true + } + + /* Admin Technical Support Manage all Organizations */ + if userRole.Key == brighterDevAdmin{ + return true + } + + /* Admin Plan + Manage the authenticated Authorized User's Plan (Organization) and children of this Plan*/ + if userRole.Key == planAdmin { + return true + } + + /* Super Admin Technical Support Manage all Organizations*/ + if userRole.Key == superAdmin { + return true + } + + return false +} + +func CanUpdateOrganization(user viewmodel.User, organization viewmodel.Organization) bool { + return CanCreateOrganization(user,organization) +} diff --git a/server/router/organizationroute/controller.go b/server/router/organizationroute/controller.go index 682a896..a1816f1 100644 --- a/server/router/organizationroute/controller.go +++ b/server/router/organizationroute/controller.go @@ -10,6 +10,7 @@ import ( "bitbucket.org/nemt/nemt-portal-api/infra/cache" "bitbucket.org/nemt/nemt-portal-api/infra/config" "bitbucket.org/nemt/nemt-portal-api/server/router/routeutils" + "bitbucket.org/nemt/nemt-portal-api/server/authorization" "github.com/labstack/echo" ) @@ -64,6 +65,11 @@ func (c *controller) handleAddOrganization(ctx echo.Context) error { if err != nil { return routeutils.HandleAPIError(ctx, err) } + + if !authorization.CanCreateOrganization(authUser, org) { + return routeutils.ResponseAPIAuthorizationError(ctx) + } + org.Author.ID = authUser.ID org.LastEditor.ID = authUser.ID @@ -215,6 +221,10 @@ func (c *controller) handleRemoveAddress(ctx echo.Context) error { return routeutils.HandleAPIError(ctx, err) } + if !authorization.CanDeleteAddress(authUser, address) { + return routeutils.ResponseAPIAuthorizationError(ctx) + } + address.UpdatedUser.ID = authUser.ID err = c.svc.Organization.InactivateOrganizationAddress(orgUUID, address, authUser) @@ -246,6 +256,11 @@ func (c *controller) handleAddAddress(ctx echo.Context) error { if err != nil { return routeutils.HandleAPIError(ctx, err) } + + if !authorization.CanCreateAddress(authUser, address) { + return routeutils.ResponseAPIAuthorizationError(ctx) + } + address.CreatedUser.ID = authUser.ID address.UpdatedUser.ID = authUser.ID @@ -278,6 +293,11 @@ func (c *controller) handleRemoveContact(ctx echo.Context) error { if err != nil { return routeutils.HandleAPIError(ctx, err) } + + if !authorization.CanDeleteContact(authUser, contact) { + return routeutils.ResponseAPIAuthorizationError(ctx) + } + contact.UpdatedUser.ID = authUser.ID err = c.svc.Organization.InactivateOrganizationContact(orgUUID, contact, authUser) @@ -309,6 +329,11 @@ func (c *controller) handleAddContact(ctx echo.Context) error { if err != nil { return routeutils.HandleAPIError(ctx, err) } + + if !authorization.CanCreateContact(authUser, contact) { + return routeutils.ResponseAPIAuthorizationError(ctx) + } + contact.CreatedUser.ID = authUser.ID contact.UpdatedUser.ID = authUser.ID