added access token

dao/event.go

@@ -17,20 +17,9 @@ func EventInsert(ctx context.Context, i *models.EventCreate, token *models.Acces
 		return
 	}
 	event := i.EventDatabase(token)
-
-	if token.Roles.Validate("admin;employee;pool_employee") {
-		if i.CrewID != "" {
-			crew := new(models.Crew)
-			if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil {
-				return
-			}
-			event.OrganisationID = crew.OrganisationID
-		} else {
-			event.OrganisationID = i.OrganisationID
-		}
-	} else {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		crew := new(models.Crew)
-		if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: token.CrewID}, token); err != nil {
+		if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil {
 			return
 		}
 		event.OrganisationID = crew.OrganisationID
@@ -180,17 +169,7 @@ func EventUpdate(ctx context.Context, i *models.EventUpdate, token *models.Acces
 	if err = EventCollection.AggregateOne(ctx, models.EventPipelinePublic().Match(filter).Pipe, event); err != nil {
 		return
 	}
-	if token.Roles.Validate("admin;employee;pool_employee") {
-		if i.CrewID != "" {
-			crew := new(models.Crew)
-			if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil {
-				return
-			}
-			i.OrganisationID = crew.OrganisationID
-		} else {
-			i.OrganisationID = i.OrganisationID
-		}
-	} else {
+	if !token.Roles.Validate("admin;employee;pool_employee") {
 		crew := new(models.Crew)
 		if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: token.CrewID}, token); err != nil {
 			return

dao/organisation.go

@@ -8,7 +8,7 @@ import (
 )
 
 func OrganisationInsert(ctx context.Context, i *models.OrganisationCreate, token *models.AccessToken) (result *models.Organisation, err error) {
-	if err = models.OrganisationPermission(token); err != nil {
+	if err = token.AccessPermission(); err != nil {
 		return
 	}
 	result = i.Organisation()
@@ -36,7 +36,7 @@ func OrganisationGetByID(ctx context.Context, i *models.OrganisationParam) (resu
 }
 
 func OrganisationUpdate(ctx context.Context, i *models.OrganisationUpdate, token *models.AccessToken) (result *models.Organisation, err error) {
-	if err = models.OrganisationPermission(token); err != nil {
+	if err = token.AccessPermission(); err != nil {
 		return
 	}
 	filter := i.Match()
@@ -47,7 +47,7 @@ func OrganisationUpdate(ctx context.Context, i *models.OrganisationUpdate, token
 }
 
 func OrganisationDelete(ctx context.Context, i *models.OrganisationParam, token *models.AccessToken) (err error) {
-	if err = models.OrganisationPermission(token); err != nil {
+	if err = token.AccessPermission(); err != nil {
 		return
 	}
 	filter := i.Match()

dao/updates.go

@@ -99,6 +99,10 @@ func UpdateDatabase() {
 		UpdateDepositUnitNorms(ctx)
 		InsertUpdate(ctx, "update_deposit_units_1")
 	}
+	if !CheckUpdated(ctx, "publish_roles_init") {
+		PublishRoles()
+		InsertUpdate(ctx, "publish_roles_init")
+	}
 }
 
 func UpdateCrewMaibox(ctx context.Context) {

dao/users.go

@@ -165,7 +165,7 @@ func UserSync(ctx context.Context, i *models.ProfileParam, token *models.AccessT
 }
 
 func UserOrganisationUpdate(ctx context.Context, i *models.UserOrganisationUpdate, token *models.AccessToken) (result *models.User, err error) {
-	if err = models.OrganisationPermission(token); err != nil {
+	if err = token.AccessPermission(); err != nil {
 		return
 	}
 	if err = UserCollection.UpdateOne(

models/access_token.go

@@ -0,0 +1,43 @@
+package models
+
+import (
+	"github.com/Viva-con-Agua/vcago"
+	"github.com/Viva-con-Agua/vcago/vmod"
+	"github.com/golang-jwt/jwt"
+)
+
+type AccessToken struct {
+	ID             string              `json:"id,omitempty" bson:"_id"`
+	Email          string              `json:"email" bson:"email" validate:"required,email"`
+	FirstName      string              `bson:"first_name" json:"first_name" validate:"required"`
+	LastName       string              `bson:"last_name" json:"last_name" validate:"required"`
+	FullName       string              `bson:"full_name" json:"full_name"`
+	DisplayName    string              `bson:"display_name" json:"display_name"`
+	Roles          vmod.RoleListCookie `json:"system_roles" bson:"system_roles"`
+	Country        string              `bson:"country" json:"country"`
+	PrivacyPolicy  bool                `bson:"privacy_policy" json:"privacy_policy"`
+	Confirmd       bool                `bson:"confirmed" json:"confirmed"`
+	LastUpdate     string              `bson:"last_update" json:"last_update"`
+	Phone          string              `json:"phone"`
+	Gender         string              `json:"gender"`
+	Birthdate      int64               `json:"birthdate"`
+	CrewName       string              `json:"crew_name"`
+	CrewID         string              `json:"crew_id"`
+	OrganisationID string              `json:"organisation_id"`
+	CrewEmail      string              `json:"crew_email"`
+	AddressID      string              `json:"address_id"`
+	PoolRoles      vmod.RoleListCookie `json:"pool_roles"`
+	ActiveState    string              `json:"active_state"`
+	NVMState       string              `json:"nvm_state"`
+	AvatarID       string              `json:"avatar_id"`
+	MailboxID      string              `json:"mailbox_id"`
+	Modified       vmod.Modified       `json:"modified"`
+	jwt.StandardClaims
+}
+
+func (token *AccessToken) AccessPermission() (err error) {
+	if !token.Roles.Validate("admin") {
+		return vcago.NewPermissionDenied(OrganisationCollection)
+	}
+	return
+}

models/event.go

@@ -112,6 +112,7 @@ type (
 		Artists               []Artist         `json:"artists" bson:"artists"`
 		OrganizerID           string           `json:"organizer_id" bson:"organizer_id"`
 		Organizer             Organizer        `json:"organizer" bson:"organizer"`
+		Organisation          Organisation     `json:"organisation" bson:"organisation"`
 		StartAt               int64            `json:"start_at" bson:"start_at"`
 		EndAt                 int64            `json:"end_at" bson:"end_at"`
 		CrewID                string           `json:"crew_id" bson:"crew_id"`
@@ -133,6 +134,7 @@ type (
 		Artists               []Artist               `json:"artists" bson:"artists"`
 		OrganizerID           string                 `json:"organizer_id" bson:"organizer_id"`
 		Organizer             Organizer              `json:"organizer" bson:"organizer"`
+		Organisation          Organisation           `json:"organisation" bson:"organisation"`
 		StartAt               int64                  `json:"start_at" bson:"start_at"`
 		EndAt                 int64                  `json:"end_at" bson:"end_at"`
 		CrewID                string                 `json:"crew_id" bson:"crew_id"`
@@ -444,6 +446,7 @@ func EventPipelinePublic() (pipe *vmdb.Pipeline) {
 	pipe.LookupUnwind(OrganizerCollection, "organizer_id", "_id", "organizer")
 	pipe.LookupList(ArtistCollection, "artist_ids", "_id", "artists")
 	pipe.LookupUnwind(CrewCollection, "crew_id", "_id", "crew")
+	pipe.LookupUnwind(OrganisationCollection, "organisation_id", "_id", "organisation")
 	return
 }
 
@@ -611,7 +614,7 @@ func (i *EventQuery) PermittedFilter(token *AccessToken) bson.D {
 	filter.EqualString("event_asp_id", i.EventASPID)
 	filter.EqualStringList("event_state.state", i.EventState)
 	filter.EqualString("crew_id", i.CrewID)
-	filter.EqualStringList("crew.organisation_id", i.OrganisationId)
+	filter.EqualStringList("organisation_id", i.OrganisationId)
 	filter.GteInt64("modified.updated", i.UpdatedFrom)
 	filter.GteInt64("modified.created", i.CreatedFrom)
 	filter.LteInt64("modified.updated", i.UpdatedTo)

models/organisation.go

@@ -1,7 +1,6 @@
 package models
 
 import (
-	"github.com/Viva-con-Agua/vcago"
 	"github.com/Viva-con-Agua/vcago/vmdb"
 	"github.com/Viva-con-Agua/vcago/vmod"
 	"github.com/google/uuid"
@@ -44,13 +43,6 @@ type (
 
 var OrganisationCollection = "organisations"
 
-func OrganisationPermission(token *AccessToken) (err error) {
-	if !token.Roles.Validate("admin") {
-		return vcago.NewPermissionDenied(OrganisationCollection)
-	}
-	return
-}
-
 func (i *OrganisationCreate) Organisation() *Organisation {
 	return &Organisation{
 		ID:           uuid.NewString(),

models/user.go

@@ -12,35 +12,6 @@ import (
 )
 
 type (
-	AccessToken struct {
-		ID             string              `json:"id,omitempty" bson:"_id"`
-		Email          string              `json:"email" bson:"email" validate:"required,email"`
-		FirstName      string              `bson:"first_name" json:"first_name" validate:"required"`
-		LastName       string              `bson:"last_name" json:"last_name" validate:"required"`
-		FullName       string              `bson:"full_name" json:"full_name"`
-		DisplayName    string              `bson:"display_name" json:"display_name"`
-		Roles          vmod.RoleListCookie `json:"system_roles" bson:"system_roles"`
-		Country        string              `bson:"country" json:"country"`
-		PrivacyPolicy  bool                `bson:"privacy_policy" json:"privacy_policy"`
-		Confirmd       bool                `bson:"confirmed" json:"confirmed"`
-		LastUpdate     string              `bson:"last_update" json:"last_update"`
-		Phone          string              `json:"phone"`
-		Gender         string              `json:"gender"`
-		Birthdate      int64               `json:"birthdate"`
-		CrewName       string              `json:"crew_name"`
-		CrewID         string              `json:"crew_id"`
-		OrganisationID string              `json:"organisation_id"`
-		CrewEmail      string              `json:"crew_email"`
-		AddressID      string              `json:"address_id"`
-		PoolRoles      vmod.RoleListCookie `json:"pool_roles"`
-		ActiveState    string              `json:"active_state"`
-		NVMState       string              `json:"nvm_state"`
-		AvatarID       string              `json:"avatar_id"`
-		MailboxID      string              `json:"mailbox_id"`
-		Modified       vmod.Modified       `json:"modified"`
-		jwt.StandardClaims
-	}
-
 	UserEmail struct {
 		Email string `json:"email"`
 	}

server.go

@@ -18,7 +18,6 @@ func main() {
 	dao.FixDatabase()
 	dao.UpdateDatabase()
 	dao.UpdateTicker()
-	dao.PublishRoles()
 	//dao.ReloadDatabase()
 	//login routes
 	api := e.Group("/v1")