diff --git a/dao/event.go b/dao/event.go index 42b35f9..81632ba 100644 --- a/dao/event.go +++ b/dao/event.go @@ -17,20 +17,9 @@ func EventInsert(ctx context.Context, i *models.EventCreate, token *models.Acces return } event := i.EventDatabase(token) - - if token.Roles.Validate("admin;employee;pool_employee") { - if i.CrewID != "" { - crew := new(models.Crew) - if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil { - return - } - event.OrganisationID = crew.OrganisationID - } else { - event.OrganisationID = i.OrganisationID - } - } else { + if !token.Roles.Validate("admin;employee;pool_employee") { crew := new(models.Crew) - if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: token.CrewID}, token); err != nil { + if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil { return } event.OrganisationID = crew.OrganisationID @@ -180,17 +169,7 @@ func EventUpdate(ctx context.Context, i *models.EventUpdate, token *models.Acces if err = EventCollection.AggregateOne(ctx, models.EventPipelinePublic().Match(filter).Pipe, event); err != nil { return } - if token.Roles.Validate("admin;employee;pool_employee") { - if i.CrewID != "" { - crew := new(models.Crew) - if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: i.CrewID}, token); err != nil { - return - } - i.OrganisationID = crew.OrganisationID - } else { - i.OrganisationID = i.OrganisationID - } - } else { + if !token.Roles.Validate("admin;employee;pool_employee") { crew := new(models.Crew) if crew, err = CrewGetByID(ctx, &models.CrewParam{ID: token.CrewID}, token); err != nil { return diff --git a/dao/organisation.go b/dao/organisation.go index f5e145d..1abad09 100644 --- a/dao/organisation.go +++ b/dao/organisation.go @@ -8,7 +8,7 @@ import ( ) func OrganisationInsert(ctx context.Context, i *models.OrganisationCreate, token *models.AccessToken) (result *models.Organisation, err error) { - if err = models.OrganisationPermission(token); err != nil { + if err = token.AccessPermission(); err != nil { return } result = i.Organisation() @@ -36,7 +36,7 @@ func OrganisationGetByID(ctx context.Context, i *models.OrganisationParam) (resu } func OrganisationUpdate(ctx context.Context, i *models.OrganisationUpdate, token *models.AccessToken) (result *models.Organisation, err error) { - if err = models.OrganisationPermission(token); err != nil { + if err = token.AccessPermission(); err != nil { return } filter := i.Match() @@ -47,7 +47,7 @@ func OrganisationUpdate(ctx context.Context, i *models.OrganisationUpdate, token } func OrganisationDelete(ctx context.Context, i *models.OrganisationParam, token *models.AccessToken) (err error) { - if err = models.OrganisationPermission(token); err != nil { + if err = token.AccessPermission(); err != nil { return } filter := i.Match() diff --git a/dao/updates.go b/dao/updates.go index 3bcd298..5e34a81 100644 --- a/dao/updates.go +++ b/dao/updates.go @@ -99,6 +99,10 @@ func UpdateDatabase() { UpdateDepositUnitNorms(ctx) InsertUpdate(ctx, "update_deposit_units_1") } + if !CheckUpdated(ctx, "publish_roles_init") { + PublishRoles() + InsertUpdate(ctx, "publish_roles_init") + } } func UpdateCrewMaibox(ctx context.Context) { diff --git a/dao/users.go b/dao/users.go index 957b80b..93acc5f 100644 --- a/dao/users.go +++ b/dao/users.go @@ -165,7 +165,7 @@ func UserSync(ctx context.Context, i *models.ProfileParam, token *models.AccessT } func UserOrganisationUpdate(ctx context.Context, i *models.UserOrganisationUpdate, token *models.AccessToken) (result *models.User, err error) { - if err = models.OrganisationPermission(token); err != nil { + if err = token.AccessPermission(); err != nil { return } if err = UserCollection.UpdateOne( diff --git a/models/access_token.go b/models/access_token.go new file mode 100644 index 0000000..5c8208d --- /dev/null +++ b/models/access_token.go @@ -0,0 +1,43 @@ +package models + +import ( + "github.com/Viva-con-Agua/vcago" + "github.com/Viva-con-Agua/vcago/vmod" + "github.com/golang-jwt/jwt" +) + +type AccessToken struct { + ID string `json:"id,omitempty" bson:"_id"` + Email string `json:"email" bson:"email" validate:"required,email"` + FirstName string `bson:"first_name" json:"first_name" validate:"required"` + LastName string `bson:"last_name" json:"last_name" validate:"required"` + FullName string `bson:"full_name" json:"full_name"` + DisplayName string `bson:"display_name" json:"display_name"` + Roles vmod.RoleListCookie `json:"system_roles" bson:"system_roles"` + Country string `bson:"country" json:"country"` + PrivacyPolicy bool `bson:"privacy_policy" json:"privacy_policy"` + Confirmd bool `bson:"confirmed" json:"confirmed"` + LastUpdate string `bson:"last_update" json:"last_update"` + Phone string `json:"phone"` + Gender string `json:"gender"` + Birthdate int64 `json:"birthdate"` + CrewName string `json:"crew_name"` + CrewID string `json:"crew_id"` + OrganisationID string `json:"organisation_id"` + CrewEmail string `json:"crew_email"` + AddressID string `json:"address_id"` + PoolRoles vmod.RoleListCookie `json:"pool_roles"` + ActiveState string `json:"active_state"` + NVMState string `json:"nvm_state"` + AvatarID string `json:"avatar_id"` + MailboxID string `json:"mailbox_id"` + Modified vmod.Modified `json:"modified"` + jwt.StandardClaims +} + +func (token *AccessToken) AccessPermission() (err error) { + if !token.Roles.Validate("admin") { + return vcago.NewPermissionDenied(OrganisationCollection) + } + return +} diff --git a/models/event.go b/models/event.go index 4ba4317..6ffada8 100644 --- a/models/event.go +++ b/models/event.go @@ -112,6 +112,7 @@ type ( Artists []Artist `json:"artists" bson:"artists"` OrganizerID string `json:"organizer_id" bson:"organizer_id"` Organizer Organizer `json:"organizer" bson:"organizer"` + Organisation Organisation `json:"organisation" bson:"organisation"` StartAt int64 `json:"start_at" bson:"start_at"` EndAt int64 `json:"end_at" bson:"end_at"` CrewID string `json:"crew_id" bson:"crew_id"` @@ -133,6 +134,7 @@ type ( Artists []Artist `json:"artists" bson:"artists"` OrganizerID string `json:"organizer_id" bson:"organizer_id"` Organizer Organizer `json:"organizer" bson:"organizer"` + Organisation Organisation `json:"organisation" bson:"organisation"` StartAt int64 `json:"start_at" bson:"start_at"` EndAt int64 `json:"end_at" bson:"end_at"` CrewID string `json:"crew_id" bson:"crew_id"` @@ -444,6 +446,7 @@ func EventPipelinePublic() (pipe *vmdb.Pipeline) { pipe.LookupUnwind(OrganizerCollection, "organizer_id", "_id", "organizer") pipe.LookupList(ArtistCollection, "artist_ids", "_id", "artists") pipe.LookupUnwind(CrewCollection, "crew_id", "_id", "crew") + pipe.LookupUnwind(OrganisationCollection, "organisation_id", "_id", "organisation") return } @@ -611,7 +614,7 @@ func (i *EventQuery) PermittedFilter(token *AccessToken) bson.D { filter.EqualString("event_asp_id", i.EventASPID) filter.EqualStringList("event_state.state", i.EventState) filter.EqualString("crew_id", i.CrewID) - filter.EqualStringList("crew.organisation_id", i.OrganisationId) + filter.EqualStringList("organisation_id", i.OrganisationId) filter.GteInt64("modified.updated", i.UpdatedFrom) filter.GteInt64("modified.created", i.CreatedFrom) filter.LteInt64("modified.updated", i.UpdatedTo) diff --git a/models/organisation.go b/models/organisation.go index 4bda3be..804e35d 100644 --- a/models/organisation.go +++ b/models/organisation.go @@ -1,7 +1,6 @@ package models import ( - "github.com/Viva-con-Agua/vcago" "github.com/Viva-con-Agua/vcago/vmdb" "github.com/Viva-con-Agua/vcago/vmod" "github.com/google/uuid" @@ -44,13 +43,6 @@ type ( var OrganisationCollection = "organisations" -func OrganisationPermission(token *AccessToken) (err error) { - if !token.Roles.Validate("admin") { - return vcago.NewPermissionDenied(OrganisationCollection) - } - return -} - func (i *OrganisationCreate) Organisation() *Organisation { return &Organisation{ ID: uuid.NewString(), diff --git a/models/user.go b/models/user.go index 841ffee..156b3e5 100644 --- a/models/user.go +++ b/models/user.go @@ -12,35 +12,6 @@ import ( ) type ( - AccessToken struct { - ID string `json:"id,omitempty" bson:"_id"` - Email string `json:"email" bson:"email" validate:"required,email"` - FirstName string `bson:"first_name" json:"first_name" validate:"required"` - LastName string `bson:"last_name" json:"last_name" validate:"required"` - FullName string `bson:"full_name" json:"full_name"` - DisplayName string `bson:"display_name" json:"display_name"` - Roles vmod.RoleListCookie `json:"system_roles" bson:"system_roles"` - Country string `bson:"country" json:"country"` - PrivacyPolicy bool `bson:"privacy_policy" json:"privacy_policy"` - Confirmd bool `bson:"confirmed" json:"confirmed"` - LastUpdate string `bson:"last_update" json:"last_update"` - Phone string `json:"phone"` - Gender string `json:"gender"` - Birthdate int64 `json:"birthdate"` - CrewName string `json:"crew_name"` - CrewID string `json:"crew_id"` - OrganisationID string `json:"organisation_id"` - CrewEmail string `json:"crew_email"` - AddressID string `json:"address_id"` - PoolRoles vmod.RoleListCookie `json:"pool_roles"` - ActiveState string `json:"active_state"` - NVMState string `json:"nvm_state"` - AvatarID string `json:"avatar_id"` - MailboxID string `json:"mailbox_id"` - Modified vmod.Modified `json:"modified"` - jwt.StandardClaims - } - UserEmail struct { Email string `json:"email"` } diff --git a/server.go b/server.go index 16ffef4..7648612 100644 --- a/server.go +++ b/server.go @@ -18,7 +18,6 @@ func main() { dao.FixDatabase() dao.UpdateDatabase() dao.UpdateTicker() - dao.PublishRoles() //dao.ReloadDatabase() //login routes api := e.Group("/v1")