updated permissions and organisation

Viva-con-Agua · Sep 30, 2024 · 9b8bf8f · 9b8bf8f
1 parent 5783af4
commit 9b8bf8f
Show file tree

Hide file tree

Showing 27 changed files with 196 additions and 140 deletions.
diff --git a/dao/connection.go b/dao/connection.go
@@ -118,7 +118,7 @@ func InitialDatabase() {
 	MailboxCollection = Database.Collection(models.MailboxCollection)
 
 	MessageCollection = Database.Collection(models.MessageCollection).CreateIndex("user_id", false).CreateIndex("mailbox_id", false)
-	OrganisationCollection = Database.Collection(models.OrganisationCollection).CreateIndex("name", true)
+	OrganisationCollection = Database.Collection(models.OrganisationCollection).CreateIndex("name", true).CreateIndex("abbreviation", true)
 	ArtistCollection = Database.Collection(models.ArtistCollection).CreateIndex("name", true)
 	ParticipationCollection = Database.Collection(models.ParticipationCollection).CreateIndex("user_id", false).CreateMultiIndex(
 		bson.D{

diff --git a/dao/crew.go b/dao/crew.go
@@ -92,7 +92,7 @@ func CrewUpdate(ctx context.Context, i *models.CrewUpdate, token *vcapool.Access
 	if crew.AspSelection == "selected" && match < len(strings) && strings[match] == i.AspSelection {
 		RoleHistoryDelete(ctx, &models.RoleHistoryRequest{CrewID: i.ID, Confirmed: false}, token)
 	}
-	if !token.Roles.Validate("employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		if err = CrewsCollection.UpdateOne(ctx, filter, vmdb.UpdateSet(i.ToCrewUpdateASP()), &result); err != nil {
 			return
 		}
@@ -101,13 +101,12 @@ func CrewUpdate(ctx context.Context, i *models.CrewUpdate, token *vcapool.Access
 			return
 		}
 	}
-	if crew.Email != i.Email || crew.Name != i.Name {
+	if crew.Email != i.Email || crew.Name != i.Name || crew.OrganisationID != i.OrganisationID {
 		filter := bson.D{{Key: "crew_id", Value: i.ID}}
-		update := bson.D{{Key: "email", Value: i.Email}, {Key: "name", Value: i.Name}}
+		update := bson.D{{Key: "email", Value: i.Email}, {Key: "name", Value: i.Name}, {Key: "organisation_id", Value: i.OrganisationID}}
 		if err = UserCrewCollection.UpdateMany(ctx, filter, vmdb.UpdateSet(update)); err != nil {
 			return
 		}
-
 	}
 	return
 }

diff --git a/dao/deposit.go b/dao/deposit.go
@@ -25,7 +25,7 @@ func validateDepositUnits(ctx context.Context, takingID string, amount int64, cr
 	if amount > taking.Money.Amount {
 		return vcago.NewBadRequest(models.DepositCollection, "taking_amount_failure", nil)
 	}
-	if (!token.Roles.Validate("admin;employee") && crewID != token.CrewID) || taking.CrewID != crewID {
+	if (!token.Roles.Validate("admin;employee;pool_employee") && crewID != token.CrewID) || taking.CrewID != crewID {
 		return vcago.NewBadRequest(models.DepositCollection, "taking_crew_failure", nil)
 	}
 	return
@@ -74,7 +74,7 @@ func DepositUpdate(ctx context.Context, i *models.DepositUpdate, token *vcapool.
 		return
 	}
 	i.Money = deposit.Money
-	if deposit.Status == "confirmed" && !token.Roles.Validate("admin;employee") {
+	if deposit.Status == "confirmed" && !token.Roles.Validate("admin;employee;pool_employee") {
 		return nil, vcago.NewBadRequest("deposit", "deposit_confirmed_failure", nil)
 	}
 	depositUpdate, depositUnitCreate, depositUnitUpdate, depositUnitDelete := i.DepositDatabase(deposit)

diff --git a/dao/event.go b/dao/event.go
@@ -18,6 +18,24 @@ func EventInsert(ctx context.Context, i *models.EventCreate, token *vcapool.Acce
 		return
 	}
 	event := i.EventDatabase(token)
+
+	if token.Roles.Validate("admin;employee;pool_employee") {
+		if i.CrewID != "" {
+			crew := new(models.Crew)
+			if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil {
+				return
+			}
+			event.OrganisationID = crew.OrganisationID
+		} else {
+			event.OrganisationID = i.OrganisationID
+		}
+	} else {
+		crew := new(models.Crew)
+		if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: token.CrewID}, token); err != nil {
+			return
+		}
+		event.OrganisationID = crew.OrganisationID
+	}
 	taking := event.TakingDatabase()
 	event.TakingID = taking.ID
 	if err = EventCollection.InsertOne(ctx, event); err != nil {
@@ -163,6 +181,23 @@ func EventUpdate(ctx context.Context, i *models.EventUpdate, token *vcapool.Acce
 	if err = EventCollection.AggregateOne(ctx, models.EventPipelinePublic().Match(filter).Pipe, event); err != nil {
 		return
 	}
+	if token.Roles.Validate("admin;employee;pool_employee") {
+		if i.CrewID != "" {
+			crew := new(models.Crew)
+			if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil {
+				return
+			}
+			i.OrganisationID = crew.OrganisationID
+		} else {
+			i.OrganisationID = i.OrganisationID
+		}
+	} else {
+		crew := new(models.Crew)
+		if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: token.CrewID}, token); err != nil {
+			return
+		}
+		i.OrganisationID = crew.OrganisationID
+	}
 	taking := new(models.Taking)
 	if taking, err = TakingGetByIDSystem(ctx, event.TakingID); err != nil {
 		if !vmdb.ErrNoDocuments(err) {
@@ -288,6 +323,13 @@ func EventImport(ctx context.Context, i *models.EventImport) (result *models.Eve
 			return
 		}
 		event.EventASPID = aspRole.UserID
+
+		crew := new(models.Crew)
+		if err = CrewsCollection.FindOne(ctx, bson.D{{Key: "_id", Value: event.CrewID}}, &crew); err != nil {
+			return
+		}
+		event.OrganisationID = crew.OrganisationID
+
 	} else {
 		event.EventASPID = admin.ID
 	}

diff --git a/dao/newsletter.go b/dao/newsletter.go
@@ -12,7 +12,7 @@ import (
 
 func NewsletterCreate(ctx context.Context, i *models.NewsletterCreate, token *vcapool.AccessToken) (result *models.Newsletter, err error) {
 
-	if !token.Roles.Validate("employee;admin") || i.UserID == "" {
+	if !token.Roles.Validate("admin;employee;pool_employee") || i.UserID == "" {
 		if i.Value == "regional" && token.CrewID == "" {
 			return nil, vcago.NewBadRequest(models.NewsletterCollection, "not part of an crew", nil)
 		}

diff --git a/dao/participation.go b/dao/participation.go
@@ -11,6 +11,7 @@ import (
 )
 
 func ParticipationInsert(ctx context.Context, i *models.ParticipationCreate, token *vcapool.AccessToken) (result *models.Participation, err error) {
+
 	database := i.ParticipationDatabase(token)
 	if err = ParticipationCollection.InsertOne(ctx, database); err != nil {
 		return

diff --git a/dao/role_history.go b/dao/role_history.go
@@ -31,7 +31,7 @@ func RoleHistoryBulkInsert(ctx context.Context, i *models.RoleHistoryBulkRequest
 		return
 	}
 
-	if token.Roles.Validate("admin;employee") {
+	if token.Roles.Validate("admin;employee;pool_employee") {
 		RoleHistoryDelete(ctx, &models.RoleHistoryRequest{CrewID: i.CrewID, Confirmed: false}, token)
 	}
 	result = new(models.RoleBulkExport)

diff --git a/dao/updates.go b/dao/updates.go
@@ -87,11 +87,15 @@ func UpdateDatabase() {
 	if !CheckUpdated(ctx, "event_applications") {
 		UpdateEventApplications(ctx)
 		InsertUpdate(ctx, "event_applications")
-  }
+	}
 	if !CheckUpdated(ctx, "last_login_date_1") {
 		UpdateSetLastLoginDate(ctx)
 		InsertUpdate(ctx, "last_login_date_1")
 	}
+	if !CheckUpdated(ctx, "create_default_organisation") {
+		CreateDefaultOrganisation(ctx)
+		InsertUpdate(ctx, "create_default_organisation")
+	}
 }
 
 func UpdateCrewMaibox(ctx context.Context) {
@@ -255,3 +259,28 @@ func UpdateSetLastLoginDate(ctx context.Context) {
 		log.Print(err)
 	}
 }
+
+func CreateDefaultOrganisation(ctx context.Context) {
+	i := models.OrganisationCreate{
+		Name:         "Viva con Agua de Sankt Pauli e.V.",
+		Abbreviation: "VcA DE",
+		Email:        "pool@vivaconagua.org",
+	}
+	result := new(models.Organisation)
+	result = i.Organisation()
+	if err := OrganisationCollection.InsertOne(ctx, result); err != nil {
+		log.Print(err)
+	}
+	update := bson.D{{Key: "organisation_id", Value: result.ID}}
+	if err := CrewsCollection.UpdateMany(ctx, bson.D{}, vmdb.UpdateSet(update)); err != nil {
+		log.Print(err)
+	}
+	if err := UserCrewCollection.UpdateMany(ctx, bson.D{}, vmdb.UpdateSet(update)); err != nil {
+		log.Print(err)
+	}
+	filter := vmdb.NewFilter()
+	filter.ElemMatchList("system_roles", "name", []string{"employee", "pool_employee", "pool_finance"})
+	if err := UserCollection.UpdateMany(ctx, filter.Bson(), vmdb.UpdateSet(update)); err != nil {
+		log.Print(err)
+	}
+}
diff --git a/handlers/token/roles.go b/handlers/token/roles.go
@@ -69,7 +69,7 @@ func (i *RoleHandler) CreateBulk(cc echo.Context) (err error) {
 	if err = dao.RoleNotification(c.Ctx(), userRolesMap); err != nil {
 		return
 	}
-	if !token.Roles.Validate("employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		dao.RoleAdminNotification(c.Ctx(), &models.CrewParam{ID: body.CrewID})
 	}
 	return c.Created(result)

diff --git a/models/active.go b/models/active.go
@@ -78,7 +78,7 @@ func ActiveRequestPermission(token *vcapool.AccessToken) (err error) {
 }
 
 func ActivePermission(token *vcapool.AccessToken) (err error) {
-	if !token.Roles.Validate("employee;admin") && !token.PoolRoles.Validate("network;operation") {
+	if !token.Roles.Validate("admin;employee;pool_employee") && !token.PoolRoles.Validate("network;operation") {
 		return vcago.NewBadRequest(ActiveCollection, "permission denied")
 	}
 	return
@@ -87,7 +87,7 @@ func ActivePermission(token *vcapool.AccessToken) (err error) {
 func (i *ActiveParam) PermittedFilter(token *vcapool.AccessToken) bson.D {
 	filter := vmdb.NewFilter()
 	filter.EqualString("user_id", i.UserID)
-	if !token.Roles.Validate("employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		filter.EqualString("crew_id", token.CrewID)
 	}
 	return filter.Bson()

diff --git a/models/address.go b/models/address.go
@@ -131,7 +131,7 @@ func AddressPermission(token *vcapool.AccessToken) (err error) {
 
 func (i *AddressQuery) PermittedFilter(token *vcapool.AccessToken) bson.D {
 	filter := vmdb.NewFilter()
-	if token.Roles.Validate("employee;admin") {
+	if token.Roles.Validate("admin;employee;pool_employee") {
 		filter.EqualStringList("_id", i.ID)
 		filter.EqualStringList("crew_id", i.CrewID)
 		filter.EqualStringList("user_id", i.UserID)

diff --git a/models/artist.go b/models/artist.go
@@ -38,14 +38,14 @@ type (
 var ArtistCollection = "artists"
 
 func ArtistPermission(token *vcapool.AccessToken) (err error) {
-	if !(token.Roles.Validate("employee;admin") || token.PoolRoles.Validate(ASPEventRole)) {
+	if !(token.Roles.Validate("admin;employee;pool_employee") || token.PoolRoles.Validate(ASPEventRole)) {
 		return vcago.NewPermissionDenied(ArtistCollection)
 	}
 	return
 }
 
 func ArtistDeletePermission(token *vcapool.AccessToken) (err error) {
-	if !token.Roles.Validate("employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		return vcago.NewPermissionDenied(ArtistCollection)
 	}
 	return

diff --git a/models/crew.go b/models/crew.go
@@ -54,11 +54,12 @@ type (
 		Modified       vmod.Modified `json:"modified" bson:"modified"`
 	}
 	CrewPublic struct {
-		ID           string       `json:"id,omitempty" bson:"_id"`
-		Name         string       `json:"name" bson:"name"`
-		Cities       []City       `json:"cities" bson:"cities"`
-		Organisation Organisation `json:"organisation" bson:"organisation"`
-		Mattermost   string       `bson:"mattermost_username" json:"mattermost_username"`
+		ID             string       `json:"id,omitempty" bson:"_id"`
+		Name           string       `json:"name" bson:"name"`
+		Cities         []City       `json:"cities" bson:"cities"`
+		Organisation   Organisation `json:"organisation" bson:"organisation"`
+		OrganisationID string       `json:"organisation_id" bson:"organisation_id"`
+		Mattermost     string       `bson:"mattermost_username" json:"mattermost_username"`
 	}
 	CrewName struct {
 		ID   string `json:"id,omitempty" bson:"_id"`
@@ -77,7 +78,7 @@ type (
 		Name           string   `query:"name" qs:"name"`
 		Status         string   `json:"status" qs:"status"`
 		Organisation   string   `json:"organisation_name" qs:"organisation_name"`
-		OrganisationID string   `json:"organisation_id" qs:"organisation_id"`
+		OrganisationID []string `json:"organisation_id" qs:"organisation_id"`
 		Email          string   `query:"email" qs:"email"`
 	}
 	CrewSimple struct {
@@ -94,19 +95,19 @@ type (
 var CrewCollection = "crews"
 
 func CrewPermission(token *vcapool.AccessToken) (err error) {
-	if !token.Roles.Validate("pool_employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		return vcago.NewPermissionDenied(CrewCollection)
 	}
 	return
 }
 func CrewPipeline() *vmdb.Pipeline {
 	pipe := vmdb.NewPipeline()
-	pipe.LookupUnwind(OrganisationCollection, "organisation_id", "_id", "organisation	")
+	pipe.LookupUnwind(OrganisationCollection, "organisation_id", "_id", "organisation")
 	return pipe
 }
 
 func CrewUpdatePermission(token *vcapool.AccessToken) (err error) {
-	if !(token.Roles.Validate("pool_employee;admin") || token.PoolRoles.Validate(ASPRole)) {
+	if !(token.Roles.Validate("admin;employee;pool_employee") || token.PoolRoles.Validate(ASPRole)) {
 		return vcago.NewPermissionDenied(CrewCollection)
 	}
 	return
@@ -138,6 +139,7 @@ func (i *CrewUpdate) ToCrewUpdateASP() *CrewUpdateASP {
 func (i *CrewQuery) Filter() bson.D {
 	filter := vmdb.NewFilter()
 	filter.EqualStringList("_id", i.ID)
+	filter.EqualStringList("organisation_id", i.OrganisationID)
 	filter.LikeString("email", i.Email)
 	filter.LikeString("status", i.Status)
 	filter.LikeString("name", i.Name)
@@ -162,7 +164,7 @@ func (i *CrewQuery) PermittedFilter(token *vcapool.AccessToken) bson.D {
 
 func (i *CrewUpdate) PermittedFilter(token *vcapool.AccessToken) bson.D {
 	filter := vmdb.NewFilter()
-	if !token.Roles.Validate("pool_employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		filter.EqualString("_id", token.CrewID)
 	} else {
 		filter.EqualString("_id", i.ID)
@@ -172,7 +174,7 @@ func (i *CrewUpdate) PermittedFilter(token *vcapool.AccessToken) bson.D {
 
 func (i *CrewParam) PermittedFilter(token *vcapool.AccessToken) bson.D {
 	filter := vmdb.NewFilter()
-	if !token.Roles.Validate("pool_employee;admin") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		filter.EqualString("_id", token.CrewID)
 	} else {
 		filter.EqualString("_id", i.ID)

diff --git a/models/deposit.go b/models/deposit.go
@@ -87,7 +87,6 @@ type (
 	DepositQuery struct {
 		ID               []string `query:"id"`
 		Name             string   `query:"deposit_unit_name"`
-		Search           string   `query:"search"`
 		ReasonForPayment string   `query:"reason_for_payment"`
 		CrewID           []string `query:"crew_id"`
 		Status           []string `query:"deposit_status"`
@@ -98,8 +97,7 @@ type (
 		UpdatedFrom      string   `query:"updated_from" qs:"updated_from"`
 		CreatedTo        string   `query:"created_to" qs:"created_to"`
 		CreatedFrom      string   `query:"created_from" qs:"created_from"`
-		SortField        string   `query:"sort"`
-		SortDirection    string   `query:"sort_dir"`
+		vmdb.Query
 	}
 	DepositParam struct {
 		ID     string `param:"id"`
@@ -112,7 +110,7 @@ var DepositUnitCollection = "deposit_units"
 var DepositUnitTakingView = "deposit_unit_taking"
 
 func DepositPermission(token *vcapool.AccessToken) (err error) {
-	if !(token.Roles.Validate("admin;employee") || token.PoolRoles.Validate("finance")) {
+	if !(token.Roles.Validate("admin;employee;pool_employee") || token.PoolRoles.Validate("finance")) {
 		return vcago.NewPermissionDenied(DepositCollection)
 	}
 	return
@@ -239,7 +237,7 @@ func (i *DepositQuery) PermittedFilter(token *vcapool.AccessToken) bson.D {
 	filter := vmdb.NewFilter()
 	filter.EqualStringList("_id", i.ID)
 	filter.SearchString([]string{"deposit_units.taking.name", "reason_for_payment"}, i.Search)
-	if !token.Roles.Validate("admin;employee") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		filter.EqualString("crew_id", token.CrewID)
 	} else {
 		filter.EqualStringList("crew_id", i.CrewID)
@@ -254,7 +252,7 @@ func (i *DepositQuery) PermittedFilter(token *vcapool.AccessToken) bson.D {
 func (i *DepositParam) PermittedFilter(token *vcapool.AccessToken) bson.D {
 	filter := vmdb.NewFilter()
 	filter.EqualString("_id", i.ID)
-	if !token.Roles.Validate("admin;employee") {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		filter.EqualString("crew_id", token.CrewID)
 	}
 	return filter.Bson()