Upstream sync

config.dev.toml

@@ -37,6 +37,7 @@ db = 0
 pass = "3rdaP3KL2x%V"
 prefix = "nemt-portal-api-dev"
 default-expiration = "5m"
+master-name = "devmaster01"
 
 [log]
 log-to-file = false

config.prd.toml

@@ -37,6 +37,7 @@ db = 0
 pass = "3rdaP3KL2x%V"
 prefix = "portal-api-prod"
 default-expiration = "5m"
+master-name = "master01"
 
 [log]
 log-to-file = false

config.stg.toml

@@ -37,6 +37,7 @@ db = 0
 pass = "3rdaP3KL2x%V"
 prefix = "portal-api-test"
 default-expiration = "5m"
+master-name = "devmaster01"
 
 [log]
 log-to-file = false

data/datamysql/notification.go

@@ -80,7 +80,9 @@ func (c *notificationRepo) getQuery() string {
  INNER JOIN			tab_login								e
 		ON					c.user_id								=		e.user_id
  INNER JOIN			tab_login								f
- 		ON					d.user_id								=		f.user_id`
+		 ON					d.user_id								=		f.user_id
+ INNER JOIN			tab_ride								g
+ 		 ON					g.ride_id							  =		a.ride_id `
 }
 
 func (c *notificationRepo) GetLastNotificationFromPhoneNumber(notificationType string, phoneNumber string, status string) (entity.Notification, error) {

data/datamysql/user.go

@@ -784,7 +784,7 @@ func (c *userRepo) getAddressSecondaryData(address entity.Address) (entity.Addre
 
 // GetAll returns a list of all active cards
 func (c *userRepo) GetAll() (list []entity.User, err error) {
-	return c.parseSet(c.conn.Query(c.getQuery() + " AND a.active = 1 "))
+	return c.parseSet(c.conn.Query(c.getQuery() + " WHERE a.active = 1 "))
 }
 
 // GetByID returns a single card data by its ID

infra/cache/cache.go

@@ -31,10 +31,11 @@ type RedisCache struct {
 func Instance(cfg *config.Config) contract.CacheManager {
 	once.Do(func() {
 		client := redis.NewFailoverClient(&redis.FailoverOptions{
-			MasterName:    "master01",
+			MasterName:    cfg.Cache.Master,
 			SentinelAddrs: []string{fmt.Sprintf("%s:%v", cfg.Cache.Server, cfg.Cache.Port)},
 			Password:      cfg.Cache.Pass,
 			DB:            cfg.Cache.DB,
+			MaxRetries:    10,
 		})
 
 		instance = &RedisCache{cfg, client}

infra/config/config.go

@@ -119,6 +119,7 @@ type CacheConfig struct {
 	Pass              string
 	Prefix            string
 	DefaultExpiration time.Duration
+	Master            string
 }
 
 // CacheConfig represents the configuration values about the documentation config.
@@ -194,6 +195,7 @@ func Read() (*Config, error) {
 			Pass:              viper.GetString("cache.pass"),
 			Prefix:            viper.GetString("cache.prefix"),
 			DefaultExpiration: viper.GetDuration("cache.default-expiration"),
+			Master:            viper.GetString("cache.master-name"),
 		},
 		Lyft: LyftConfig{
 			Client:       viper.GetString("lyft.key"),

server/authorization/authorization.go

@@ -1 +0,0 @@
-package authorization

server/authorization/organization.go

@@ -1,28 +0,0 @@
-package authorization
-
-import (
-	"fmt"
-
-	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
-)
-
-func isAChildOrganization(potentialParent viewmodel.Organization, potentialChild viewmodel.Organization) bool {
-	for _, org := range potentialParent.ChildOrgs {
-		if potentialChild.UUID == org.UUID {
-			return true
-		}
-	}
-	return false
-}
-
-func isSameOrganization(organizationA viewmodel.Organization, organizationB viewmodel.Organization) bool {
-	return organizationA.UUID == organizationB.UUID
-}
-
-func grabOrgFromUser(user viewmodel.User) (viewmodel.Organization, error) {
-	if len(user.Organizations) < 1 {
-		return viewmodel.Organization{}, fmt.Errorf("User has no organizations %v", user)
-	}
-
-	return user.Organizations[0], nil
-}

server/authorization/profile.go

@@ -1,62 +0,0 @@
-package authorization
-
-import (
-	"fmt"
-
-	"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
-)
-
-const (
-	superAdmin       = "AD"
-	scheduler        = "SP"
-	support          = "SPT"
-	member           = "US"
-	brighterDevAdmin = "BDCAD"
-	bcbsiAdmin       = "BCBSIAD"
-	planAdmin        = "PLANAD"
-	providerAdmin    = "SCHDAD"
-)
-
-func grabProfileFromUser(user viewmodel.User) (viewmodel.Profile, error) {
-	if len(user.Profiles) < 1 {
-		return viewmodel.Profile{}, fmt.Errorf("User has no profiles %v", user)
-	}
-	return user.Profiles[0], nil
-}
-
-func morePrivileged(who viewmodel.Profile, towardsWhom viewmodel.Profile) bool {
-	order := []string{superAdmin, brighterDevAdmin, bcbsiAdmin, planAdmin, providerAdmin, support, scheduler, member}
-	for _, value := range order {
-		if value == who.Key {
-			return true
-		}
-
-		if value == towardsWhom.Key {
-			return false
-		}
-	}
-	// should hapen only in case profile key is empty
-	// and that's something fishy so let's deny!
-	return false
-}
-
-func equallyOrMorePrivileged(who viewmodel.Profile, towardsWhom viewmodel.Profile) bool {
-	if who.Key == towardsWhom.Key {
-		return true
-	}
-
-	return morePrivileged(who, towardsWhom)
-
-}
-
-func lessPrivilegedThanAdmin(who viewmodel.Profile) bool {
-	switch who.Key {
-	case member:
-		return true
-	case scheduler:
-		return true
-	case support:
-		return true
-	}
-	return false
-}

server/authorization/user.go

@@ -1,86 +0,0 @@
-package authorization
-
-import "bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
-
-/*
-CanCreateUser returns true if currentUser is allowed to create updatingUser according to
-authorization rules
-*/
-func CanCreateUser(currentUser viewmodel.User, updatingUser viewmodel.User) bool {
-
-	if len(currentUser.Profiles) < 1 {
-		return false
-	}
-
-	if len(updatingUser.Profiles) < 1 {
-		return false
-	}
-
-	currentUserOrganization, err := grabOrgFromUser(currentUser)
-	if err != nil {
-		return false
-	}
-
-	updatingUserOrganization, err := grabOrgFromUser(updatingUser)
-	if err != nil {
-		return false
-	}
-
-	currentUserRole, err := grabProfileFromUser(currentUser)
-	if err != nil {
-		return false
-	}
-
-	updatingUserRole, err := grabProfileFromUser(updatingUser)
-	if err != nil {
-		return false
-	}
-
-	/*
-		Admin	Provider
-		Manage all Authorized Users of the provider Organization or child organization
-
-		The (Provider) Admin can manage Authorized Users of their Parent/ Top-level Org , but not Admins
-	*/
-
-	currentUserHigherOrEqualOrg := isSameOrganization(currentUserOrganization, updatingUserOrganization) || isAChildOrganization(currentUserOrganization, updatingUserOrganization)
-	currentUserLowerOrg := isAChildOrganization(updatingUserOrganization, currentUserOrganization)
-	if currentUserRole.Key == providerAdmin && currentUserHigherOrEqualOrg && equallyOrMorePrivileged(currentUserRole, updatingUserRole) {
-		return true
-	}
-	if currentUserRole.Key == providerAdmin && currentUserLowerOrg && lessPrivilegedThanAdmin(updatingUserRole) {
-		return true
-	}
-
-	/* Admin	BCBSI
-	Manage all Authorized Users except Admins
-
-	return false
-	*/
-
-	if currentUserRole.Key == bcbsiAdmin && lessPrivilegedThanAdmin(updatingUserRole) {
-		return true
-	}
-
-	/* Admin	Technical Support	Manage all Authorized Users except Admins */
-
-	if currentUserRole.Key == brighterDevAdmin && lessPrivilegedThanAdmin(updatingUserRole) {
-		return true
-	}
-
-	/* Admin	Plan	Manage all Authorized Users of a single participating Plan except Admins */
-
-	if currentUserRole.Key == planAdmin && lessPrivilegedThanAdmin(updatingUserRole) && isSameOrganization(currentUserOrganization, updatingUserOrganization) {
-		return true
-	}
-
-	/* Super Admin	Technical Support
-	Manage all Members, INCLUDING Admins */
-
-	if currentUserRole.Key == superAdmin {
-		return true
-	}
-
-	return false
-
-}

server/router/routeutils/response.go

@@ -49,11 +49,6 @@ func ResponseAPIAuthError(c echo.Context, message string, redirect bool) error {
 	return ResponseAPIError(c, http.StatusUnauthorized, message, redirect)
 }
 
-// ResponseAPIAuthorizationError returns a standard API auth error to the response
-func ResponseAPIAuthorizationError(c echo.Context) error {
-	return ResponseAPIError(c, http.StatusForbidden, "Forbidden by controller", false)
-}
-
 // ResponseAPIServiceError returns a standard API service unavailable error to the response
 func ResponseAPIServiceError(c echo.Context, message string) error {
 	return ResponseAPIError(c, http.StatusServiceUnavailable, message, false)

server/router/usersroute/controller.go

@@ -13,7 +13,6 @@ import (
 	"bitbucket.org/nemt/nemt-portal-api/infra/auth"
 	"bitbucket.org/nemt/nemt-portal-api/infra/cache"
 	"bitbucket.org/nemt/nemt-portal-api/infra/config"
-	"bitbucket.org/nemt/nemt-portal-api/server/authorization"
 	"bitbucket.org/nemt/nemt-portal-api/server/router/routeutils"
 	"github.com/labstack/echo"
 )
@@ -390,10 +389,6 @@ func (c *controller) handlePortal(ctx echo.Context) error {
 		return routeutils.HandleAPIError(ctx, err)
 	}
 
-	if !authorization.CanCreateUser(authUser, user) {
-		return routeutils.ResponseAPIAuthorizationError(ctx)
-	}
-
 	if len(user.Profiles) == 0 {
 		return routeutils.ResponseAPIAuthError(ctx, "profile is required", false)
 	}

server/serverconfig/authorization.go

@@ -193,6 +193,8 @@ func (a *Config) objectRelation(object interface{}, currentUser viewmodel.User)
 	case viewmodel.User:
 		if obj.ID == currentUser.ID {
 			return "[self]"
+		} else {
+			return "[other]"
 		}
 	}
 	return "[other]"

server/serverconfig/serverconfig.go

@@ -18,7 +18,7 @@ func SetMiddlewares(server *echo.Echo, cfg *config.Config, log *logger.Logger, s
 	setCORSMiddleware(server, cfg)
 	setBodyLimitMiddleware(server)
 	setRateLimitMiddleware(server)
-	setAuthorizationMiddleware(server, log, cfg, appsvc)
+	//setAuthorizationMiddleware(server, log, cfg, appsvc)
 
 	err := setJWTMiddleware(server, cfg)
 	if err != nil {