63 lines
1.3 KiB
Go
63 lines
1.3 KiB
Go
package authorization
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"bitbucket.org/nemt/nemt-portal-api/application/viewmodel"
|
|
)
|
|
|
|
const (
|
|
superAdmin = "AD"
|
|
scheduler = "SP"
|
|
support = "SPT"
|
|
member = "US"
|
|
brighterDevAdmin = "BDCAD"
|
|
bcbsiAdmin = "BCBSIAD"
|
|
planAdmin = "PLANAD"
|
|
providerAdmin = "SCHDAD"
|
|
)
|
|
|
|
func grabProfileFromUser(user viewmodel.User) (viewmodel.Profile, error) {
|
|
if len(user.Profiles) < 1 {
|
|
return viewmodel.Profile{}, fmt.Errorf("User has no profiles %v", user)
|
|
}
|
|
return user.Profiles[0], nil
|
|
}
|
|
|
|
func morePrivileged(who viewmodel.Profile, towardsWhom viewmodel.Profile) bool {
|
|
order := []string{superAdmin, brighterDevAdmin, bcbsiAdmin, planAdmin, providerAdmin, support, scheduler, member}
|
|
for _, value := range order {
|
|
if value == who.Key {
|
|
return true
|
|
}
|
|
|
|
if value == towardsWhom.Key {
|
|
return false
|
|
}
|
|
}
|
|
// should hapen only in case profile key is empty
|
|
// and that's something fishy so let's deny!
|
|
return false
|
|
}
|
|
|
|
func equallyOrMorePrivileged(who viewmodel.Profile, towardsWhom viewmodel.Profile) bool {
|
|
if who.Key == towardsWhom.Key {
|
|
return true
|
|
}
|
|
|
|
return morePrivileged(who, towardsWhom)
|
|
|
|
}
|
|
|
|
func lessPrivilegedThanAdmin(who viewmodel.Profile) bool {
|
|
switch who.Key {
|
|
case member:
|
|
return true
|
|
case scheduler:
|
|
return true
|
|
case support:
|
|
return true
|
|
}
|
|
return false
|
|
}
|