feat: Review role permissions (#139)

* feat: Review role permissions * feat: Provide access to GetAuthorizedResources to all users
hackersuite · Oct 20, 2020 · 73f7359 · 73f7359
1 parent 3d70819
commit 73f7359
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 11 deletions.
diff --git a/config/role/role.yaml b/config/role/role.yaml
@@ -1,21 +1,24 @@
 role:
-  # TODO: review permissions for roles after Auth System V2 is finished (https://github.com/unicsmcr/hs_auth/issues/81)
   unverified:
     - "hs:hs_auth:frontend:EmailUnverifiedPage"
     - "hs:hs_auth:frontend:EmailUnverifiedPageComponents"
     - "hs:hs_auth:frontend:VerifyEmailResend"
+    - "hs:hs_auth:api:v2:ResendEmailVerification?path_id=me"
+    - "hs:hs_auth:api:v2:GetAuthorizedResources"
   applicant:
     - "hs:hs_auth:frontend:ProfilePage"
     - "hs:hs_auth:frontend:ProfilePageComponents:Default"
     - "hs:hs_auth:frontend:ProfilePageComponents:TeamPanel"
     - "hs:hs_auth:frontend:CreateTeam"
     - "hs:hs_auth:frontend:JoinTeam"
     - "hs:hs_auth:frontend:LeaveTeam"
-    - "hs:hs_auth:api:v2:Register"
     - "hs:hs_auth:api:v2:GetUser?path_id=me"
-    - "hs:hs_auth:api:v2:Login"
+    - "hs:hs_auth:api:v2:GetUsers?query_team=me"
     - "hs:hs_auth:api:v2:CreateTeam"
+    - "hs:hs_auth:api:v2:SetTeam?path_id=me"
+    - "hs:hs_auth:api:v2:RemoveFromTeam?path_id=me"
     - "hs:hs_auth:api:v2:GetTeam?path_id=me"
+    - "hs:hs_auth:api:v2:GetAuthorizedResources"
     - "hs:hs_apply:apply"
   attendee:
     - "hs:hs_auth:frontend:ProfilePage"
@@ -24,21 +27,22 @@ role:
     - "hs:hs_auth:frontend:CreateTeam"
     - "hs:hs_auth:frontend:JoinTeam"
     - "hs:hs_auth:frontend:LeaveTeam"
-    - "hs:hs_auth:api:v2:Register"
     - "hs:hs_auth:api:v2:GetUser?path_id=me"
-    - "hs:hs_auth:api:v2:Login"
+    - "hs:hs_auth:api:v2:GetUsers?query_team=me"
     - "hs:hs_auth:api:v2:CreateTeam"
+    - "hs:hs_auth:api:v2:SetTeam?path_id=me"
+    - "hs:hs_auth:api:v2:RemoveFromTeam?path_id=me"
     - "hs:hs_auth:api:v2:GetTeam?path_id=me"
+    - "hs:hs_auth:api:v2:GetAuthorizedResources"
     - "hs:hs_apply:apply"
     - "hs:hs_hub"
   volunteer:
     - "hs:hs_auth:frontend:ProfilePage"
     - "hs:hs_auth:frontend:ProfilePageComponents:Default"
-    - "hs:hs_auth:api:v2:Register"
-    - "hs:hs_auth:api:v2:GetUser?path_id=me"
-    - "hs:hs_auth:api:v2:Login"
-    - "hs:hs_auth:api:v2:CreateTeam"
-    - "hs:hs_auth:api:v2:GetTeam?path_id=me"
+    - "hs:hs_auth:api:v2:GetUser"
+    - "hs:hs_auth:api:v2:GetUsers"
+    - "hs:hs_auth:api:v2:GetTeams"
+    - "hs:hs_auth:api:v2:GetAuthorizedResources"
     - "hs:hs_apply:apply"
     - "hs:hs_hub"
     - "hs:hs_apply:review"

diff --git a/routers/api/v2/router.go b/routers/api/v2/router.go
@@ -77,7 +77,7 @@ func (r *apiV2Router) RegisterRoutes(routerGroup *gin.RouterGroup) {
 	usersGroup.PUT("/:id/role", r.authorizer.WithAuthMiddleware(r, r.SetRole))
 	usersGroup.PUT("/:id/permissions", r.authorizer.WithAuthMiddleware(r, r.SetSpecialPermissions))
 	usersGroup.PUT("/:id/password", r.authorizer.WithAuthMiddleware(r, r.SetPassword))
-	usersGroup.GET("/:id/password/resetEmail", r.authorizer.WithAuthMiddleware(r, r.GetPasswordResetEmail))
+	usersGroup.GET("/:id/password/resetEmail", r.GetPasswordResetEmail)
 	usersGroup.PUT("/:id/email/verify", r.authorizer.WithAuthMiddleware(r, r.VerifyEmail))
 	usersGroup.GET("/:id/email/verify", r.authorizer.WithAuthMiddleware(r, r.ResendEmailVerification))