Skip to content

Commit

Permalink
chore: remove legacy types in services
Browse files Browse the repository at this point in the history
  • Loading branch information
Nil20 committed Oct 28, 2024
1 parent 4fd6668 commit 4923318
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 29 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import fetch from '@gateway/fetch'
import { inScope } from '@gateway/features/user/utils'
import { GQLResolver } from '@gateway/graphql/schema'
import { USER_MANAGEMENT_URL } from '@gateway/constants'
import { SCOPES } from '@gateway/../../commons/build/dist/scopes'

export const resolvers: GQLResolver = {
Mutation: {
Expand All @@ -21,7 +22,12 @@ export const resolvers: GQLResolver = {
{ headers: authHeader }
) {
// Only registrar or registration agent should be able to search user
if (!inScope(authHeader, ['register', 'validate'])) {
if (
!inScope(authHeader, [
SCOPES.RECORD_REGISTER,
SCOPES.RECORD_SUBMIT_FOR_APPROVAL
])
) {
return await Promise.reject(
new Error(
'Advanced search is only allowed for registrar or registration agent'
Expand Down Expand Up @@ -54,7 +60,12 @@ export const resolvers: GQLResolver = {
{ headers: authHeader }
) {
// Only registrar or registration agent should be able to search user
if (!inScope(authHeader, ['register', 'validate'])) {
if (
!inScope(authHeader, [
SCOPES.RECORD_REGISTER,
SCOPES.RECORD_SUBMIT_FOR_APPROVAL
])
) {
return await Promise.reject(
new Error(
'Advanced search is only allowed for registrar or registration agent'
Expand Down
22 changes: 14 additions & 8 deletions packages/gateway/src/features/correction/root-resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import {
requestRegistrationCorrection
} from '@gateway/workflow'
import { UserInputError } from 'apollo-server-hapi'
import { SCOPES } from '@gateway/../../commons/build/dist/scopes'

export const resolvers: GQLResolver = {
Mutation: {
Expand All @@ -39,7 +40,12 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register', 'validate'])) {
if (
inScope(authHeader, [
SCOPES.RECORD_REGISTER,
SCOPES.RECORD_SUBMIT_FOR_APPROVAL
])
) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -56,7 +62,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -72,7 +78,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -92,7 +98,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -112,7 +118,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -132,7 +138,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -152,7 +158,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand All @@ -172,7 +178,7 @@ export const resolvers: GQLResolver = {
{ id, details },
{ headers: authHeader }
) {
if (inScope(authHeader, ['register'])) {
if (inScope(authHeader, [SCOPES.RECORD_REGISTER])) {
const hasAssignedToThisUser = await checkUserAssignment(id, authHeader)
if (!hasAssignedToThisUser) {
throw new UnassignError('User has been unassigned')
Expand Down
5 changes: 4 additions & 1 deletion packages/gateway/src/features/metrics/root-resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { GQLResolver } from '@gateway/graphql/schema'

import { inScope } from '@gateway/features/user/utils'
import { getMetrics } from './service'
import { SCOPES } from '@opencrvs/commons/authentication'

export interface IMetricsParam {
timeStart?: string
Expand Down Expand Up @@ -61,7 +62,9 @@ export const resolvers: GQLResolver = {
},
async getVSExports(_, variables, { headers: authHeader }) {
let results
if (inScope(authHeader, ['natlsysadmin', 'performance'])) {
if (
inScope(authHeader, [SCOPES.CONFIG_UPDATE_ALL, SCOPES.PERFORMANCE_READ])
) {
results = await getMetrics('/fetchVSExport', variables, authHeader)
return {
results
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export const resolvers: GQLResolver = {
{ subject, body, type, locale },
{ headers: authHeader }
) {
if (!inScope(authHeader, ['natlsysadmin'])) {
if (!inScope(authHeader, [SCOPES.CONFIG_UPDATE_ALL])) {
throw unauthorized(
'Sending mass notification is only allowed for national system admin'
)
Expand Down
25 changes: 12 additions & 13 deletions packages/gateway/src/features/systems/root-resolvers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,14 @@ import { GQLResolver } from '@gateway/graphql/schema'
import fetch from '@gateway/fetch'
import { USER_MANAGEMENT_URL, WEBHOOKS_URL } from '@gateway/constants'
import { getSystem, hasScope } from '@gateway/features/user/utils'
import { SCOPES } from '@opencrvs/commons/authentication'

export const resolvers: GQLResolver = {
Mutation: {
async reactivateSystem(_, { clientId }, { headers: authHeader }) {
if (!hasScope(authHeader, 'natlsysadmin')) {
if (!hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
return Promise.reject(
new Error('Activate user is only allowed for natlsysadmin')
new Error('Activate user is only allowed for this user')
)
}
const res = await fetch(`${USER_MANAGEMENT_URL}reactivateSystem`, {
Expand All @@ -38,9 +39,9 @@ export const resolvers: GQLResolver = {
return res.json()
},
async deactivateSystem(_, { clientId }, { headers: authHeader }) {
if (!hasScope(authHeader, 'natlsysadmin')) {
if (!hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
return await Promise.reject(
new Error('Deactivate user is only allowed for natlsysadmin')
new Error('Deactivate user is not allowed for this user')
)
}
const res = await fetch(`${USER_MANAGEMENT_URL}deactivateSystem`, {
Expand All @@ -62,10 +63,8 @@ export const resolvers: GQLResolver = {
return res.json()
},
async registerSystem(_, { system }, { headers: authHeader }) {
if (!hasScope(authHeader, 'natlsysadmin')) {
return Promise.reject(
new Error('Only natlsysadmin is allowed to create client')
)
if (!hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
return Promise.reject(new Error('User is not allowed to create client'))
}

const res = await fetch(`${USER_MANAGEMENT_URL}registerSystem`, {
Expand All @@ -87,7 +86,7 @@ export const resolvers: GQLResolver = {
return res.json()
},
async refreshSystemSecret(_, { clientId }, { headers: authHeader }) {
if (!hasScope(authHeader, 'natlsysadmin')) {
if (!hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
throw new Error('Only system user can update refresh client secret')
}
const res = await fetch(`${USER_MANAGEMENT_URL}refreshSystemSecret`, {
Expand All @@ -105,7 +104,7 @@ export const resolvers: GQLResolver = {
return res.json()
},
async updatePermissions(_, { setting }, { headers: authHeader }) {
if (!hasScope(authHeader, 'natlsysadmin')) {
if (!hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
throw new Error('Only system user can update refresh client secret')
}
const res = await fetch(`${USER_MANAGEMENT_URL}updatePermissions`, {
Expand All @@ -123,7 +122,7 @@ export const resolvers: GQLResolver = {
return res.json()
},
async deleteSystem(_, { clientId }, { headers: authHeader }) {
if (!hasScope(authHeader, 'natlsysadmin')) {
if (!hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
throw new Error('Only system user can delete the system')
}
const res = await fetch(`${USER_MANAGEMENT_URL}deleteSystem`, {
Expand Down Expand Up @@ -153,9 +152,9 @@ export const resolvers: GQLResolver = {

Query: {
async fetchSystem(_, { clientId }, { headers: authHeader }) {
if (authHeader && !hasScope(authHeader, 'natlsysadmin')) {
if (authHeader && !hasScope(authHeader, SCOPES.CONFIG_UPDATE_ALL)) {
return await Promise.reject(
new Error('Fetch integration is only allowed for natlsysadmin')
new Error('Fetch integration is not allowed for this user')
)
}

Expand Down
3 changes: 2 additions & 1 deletion packages/user-mgnt/src/features/updateUser/handler.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import * as Hapi from '@hapi/hapi'
import { logger } from '@opencrvs/commons'
import { Practitioner } from '@opencrvs/commons/types'
import { SCOPES } from '@opencrvs/commons/authentication'
import { postUserActionToMetrics } from '@user-mgnt/features/changePhone/handler'
import {
createFhirPractitioner,
Expand Down Expand Up @@ -71,7 +72,7 @@ export default async function updateUser(
existingUser.role = user.role

if (existingUser.primaryOfficeId !== user.primaryOfficeId) {
if (request.auth.credentials?.scope?.includes('natlsysadmin')) {
if (request.auth.credentials?.scope?.includes(SCOPES.CONFIG_UPDATE_ALL)) {
existingUser.primaryOfficeId = user.primaryOfficeId
} else {
throw new Error('Location can be changed only by National System Admin')
Expand Down
11 changes: 8 additions & 3 deletions packages/workflow/src/records/handler/download.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import { getValidRecordById } from '@workflow/records/index'
import { getToken } from '@workflow/utils/auth-utils'
import { IAuthHeader, logger } from '@opencrvs/commons'
import { toDownloaded } from '@workflow/records/state-transitions'
import { hasScope, inScope } from '@opencrvs/commons/authentication'
import { hasScope, inScope, SCOPES } from '@opencrvs/commons/authentication'
import { sendBundleToHearth } from '@workflow/records/fhir'
import { indexBundleToRoute } from '@workflow/records/search'
import { auditEvent } from '@workflow/records/audit'
Expand All @@ -32,8 +32,13 @@ function getDownloadedOrAssignedExtension(
status: TaskStatus
) {
if (
inScope(authHeader, ['declare', 'recordsearch']) ||
(hasScope(authHeader, 'validate') &&
inScope(authHeader, [
SCOPES.RECORD_DECLARE_BIRTH,
SCOPES.RECORD_DECLARE_DEATH,
SCOPES.RECORD_DECLARE_MARRIAGE,
SCOPES.RECORDSEARCH
]) ||
(hasScope(authHeader, SCOPES.RECORD_SUBMIT_FOR_APPROVAL) &&
['CORRECTION_REQUESTED', 'VALIDATED'].includes(status))
) {
return `http://opencrvs.org/specs/extension/regDownloaded` as const
Expand Down

0 comments on commit 4923318

Please sign in to comment.